11 replies to this topic

[Jackhole]

Apparently my PC has the Google Redirect Virus. So far I've run ad-aware, McAfee FreeScan, eTrust scan, and Norton AV scan. Those last two always crash before finishing a full scan. None of the tools has found a problem.

Thanks in advance for any help you can give.

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 2:46:29 PM, on 6/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\WINDOWS\system32\TpKmpSVC.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\tp4serv.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\MXOALDR.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\WINDOWS\system32\TpScrLk.exe
C:\Program Files\spyrus\Spex2Lib\SpyrusTray.exe
C:\Program Files\spyrus\Spex2Lib\rosreg.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Skype\Plugin Manager\SkypePM.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Christian\Desktop\HiJackThis_v2.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 9.8.7.6:8585
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: IE DOM Explorer - {CC7E636D-39AA-49b6-B511-65413DA137A1} - C:\Program Files\Internet Explorer Developer Toolbar\IEDevToolbar.dll
O3 - Toolbar: Developer Toolbar - {CC962137-2E78-4f94-975E-FC0C07DBD78F} - C:\Program Files\Internet Explorer Developer Toolbar\IEDevToolbar.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [TrackPointSrv] tp4serv.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [UC_Start] C:\Program Files\IBM\Updater\\ucstartup.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [MXOBG] C:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
O4 - HKLM\..\Run: [BMMMONWND] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor
O4 - HKLM\..\Run: [BLOG] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [TPKBDLED] C:\WINDOWS\system32\TpScrLk.exe
O4 - HKLM\..\Run: [SpyrusTray] C:\Program Files\spyrus\Spex2Lib\SpyrusTray.exe
O4 - HKLM\..\Run: [SpyrusReg] C:\Program Files\spyrus\Spex2Lib\rosreg.exe
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [PRONoMgrWired] C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [PrintServer Diagnostic] C:\Program Files\Print Server\PTP\PSDiagnostic.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-18\..\RunOnce: [configmsi] cmd /c "rmdir /q C:\config.msi" (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [supportdir] cmd /c "rmdir /q /s "C:\WINDOWS\TEMP\{BF90215F-2D7B-4C84-8A24-A03BC41B95DD}"" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [configmsi] cmd /c "rmdir /q C:\config.msi" (User 'Default user')
O4 - S-1-5-18 Startup: MailWasherPro.lnk = C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: MailWasherPro.lnk = C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe (User 'Default user')
O4 - Startup: MailWasherPro.lnk = C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Monitor Apache Servers.lnk = C:\Program Files\Apache Group\Apache2\bin\ApacheMonitor.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: IBM Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\ThinkPad\PkgMgr\\PkgMgr.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symant...ex/symdlmgr.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us...nfo/webscan.cab
O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} (HPObjectInstaller Class) - http://h30155.www3.hp.com/ediags/dd/instal...edsolutions.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://upload.smugmu...vex/XUpload.ocx
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...060/mcfscan.cab
O16 - DPF: {F2A84794-EE6D-447B-8C21-3BA1DC77C5B4} (SDKInstall Class) - file://C:\Documents and Settings\Christian\Desktop\Platform SDK\PLAT_SDK\controls\sdkinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2F5A9CD3-48B1-4091-A0DB-BB8B40AF9911}: NameServer = 85.255.113.206,85.255.112.76
O17 - HKLM\System\CCS\Services\Tcpip\..\{3343B40B-E18F-4FC6-90A0-8BD7E80CB77F}: NameServer = 85.255.113.206,85.255.112.76
O17 - HKLM\System\CCS\Services\Tcpip\..\{4061E4E8-F068-417D-AE9A-58B814E3EEAD}: NameServer = 85.255.113.206,85.255.112.76
O17 - HKLM\System\CCS\Services\Tcpip\..\{4DBFF830-BBCB-467E-BE02-6E388A406DB4}: NameServer = 85.255.113.206,85.255.112.76
O17 - HKLM\System\CCS\Services\Tcpip\..\{4F886B19-419B-4B05-94BB-61D9958A7A57}: NameServer = 85.255.113.206,85.255.112.76
O17 - HKLM\System\CCS\Services\Tcpip\..\{E8D82237-D1FA-4490-89F4-A1133EBBDFB5}: NameServer = 85.255.113.206,85.255.112.76
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = mis.gtech.com,gtk.gtech.com,gtech.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.206 85.255.112.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = mis.gtech.com,gtk.gtech.com,gtech.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.206 85.255.112.76
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Unknown owner - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: ACU Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Apache2 - Apache Software Foundation - C:\Program Files\Apache Group\Apache2\bin\Apache.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: SonicWall VPN Client Service (RampartSvc) - SonicWALL, Inc. - C:\Program Files\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exe
O23 - Service: Trusted Remote Log Receive Files (RemoteLogReceiveFiles) - Unknown owner - C:\Program Files\Szrek2Solutions\TrustedDraw\RemoteLog.exe
O23 - Service: Trusted Remote Log Send Archive (RemoteLogSendArchive) - Unknown owner - C:\Program Files\Szrek2Solutions\TrustedDraw\RemoteLog.exe
O23 - Service: Trusted Remote Log Audit (RemoteLogSendAudit) - Unknown owner - C:\Program Files\Szrek2Solutions\TrustedDraw\RemoteLog.exe
O23 - Service: Trusted Remote Log Send Graphics (RemoteLogSendGraphics) - Unknown owner - C:\Program Files\Szrek2Solutions\TrustedDraw\RemoteLog.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.EXE
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: Trusted Play Bets Extract (TrustedBetsExtract) - Unknown owner - C:\Program Files\Szrek2Solutions\TrustedDraw\TrustedBetsExtract.exe
O23 - Service: Trusted Play Extract (TrustedExtract) - Unknown owner - C:\Program Files\Szrek2Solutions\TrustedDraw\TrustedExtract.exe
O23 - Service: Trusted Play Maintenance (TrustedMaintenance) - Unknown owner - C:\Program Files\Szrek2Solutions\TrustedDraw\TrustedMaintenance.exe
O23 - Service: Trusted Play (TrustedPlay) - Unknown owner - C:\Program Files\Szrek2Solutions\TrustedDraw\TrustedPlay.exe
O23 - Service: Trusted Proxy (TrustedProxy) - Unknown owner - C:\Program Files\Szrek2Solutions\TrustedDraw\TrustedProxy.exe
O23 - Service: Trusted Play Winner Selection (TrustedWinsel) - Unknown owner - C:\Program Files\Szrek2Solutions\TrustedDraw\TrustedWinsel.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

--
End of file - 16503 bytes

[rridgely]

Welcome to the forum.

Open hijackthis and run a system scan. Then check off the following entries:

O17 - HKLM\System\CCS\Services\Tcpip\..\{2F5A9CD3-48B1-4091-A0DB-BB8B40AF9911}: NameServer = 85.255.113.206,85.255.112.76
O17 - HKLM\System\CCS\Services\Tcpip\..\{3343B40B-E18F-4FC6-90A0-8BD7E80CB77F}: NameServer = 85.255.113.206,85.255.112.76
O17 - HKLM\System\CCS\Services\Tcpip\..\{4061E4E8-F068-417D-AE9A-58B814E3EEAD}: NameServer = 85.255.113.206,85.255.112.76
O17 - HKLM\System\CCS\Services\Tcpip\..\{4DBFF830-BBCB-467E-BE02-6E388A406DB4}: NameServer = 85.255.113.206,85.255.112.76
O17 - HKLM\System\CCS\Services\Tcpip\..\{4F886B19-419B-4B05-94BB-61D9958A7A57}: NameServer = 85.255.113.206,85.255.112.76
O17 - HKLM\System\CCS\Services\Tcpip\..\{E8D82237-D1FA-4490-89F4-A1133EBBDFB5}: NameServer = 85.255.113.206,85.255.112.76
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = mis.gtech.com,gtk.gtech.com,gtech.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.206 85.255.112.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = mis.gtech.com,gtk.gtech.com,gtech.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.206 85.255.112.76

Then press "fix checked" and exit hijackthis.

---------------
You may want to print out these instructions for reference, since you will have to restart your computer during the fix.

Please download FixWareout from one of these sites:
http://downloads.sub.../Fixwareout.exe
http://www.bleepingc.../Fixwareout.exe

Save it to your desktop and run it. Click Next, then Install, make sure "Run fixit" is checked and click Finish.
The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.

Once the desktop loads please post the text that will open (report.txt) back into this thread.
Post a hijackthis log as well.

[Jackhole]

Fixwareout Last edited 6/27/2007
Post this report in the forums please
...
»»»»»Prerun check
HKLM\SOFTWARE\~\Winlogon\ "System"="kdgfu.exe"

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{2F5A9CD3-48B1-4091-A0DB-BB8B40AF9911}
"DhcpNameServer"="85.255.113.206,85.255.112.76" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{4DBFF830-BBCB-467E-BE02-6E388A406DB4}
"DhcpNameServer"="85.255.113.206,85.255.112.76" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{4F886B19-419B-4B05-94BB-61D9958A7A57}
"DhcpNameServer"="85.255.113.206,85.255.112.76" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{DDF7E513-2118-4416-99CF-FDAF7E58C5E2}
"DhcpNameServer"="85.255.113.206,85.255.112.76" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{E8D82237-D1FA-4490-89F4-A1133EBBDFB5}
"DhcpNameServer"="85.255.113.206,85.255.112.76" <Value cleared.

Successfully flushed the DNS Resolver Cache.


System was rebooted successfully.

»»»»» Postrun check
HKLM\SOFTWARE\~\Winlogon\ "system"=""
....
....
»»»»» Misc files.
....
»»»»» Checking for older varients.
....
»»»»» Other
C:\WINDOWS\Temp\kdgfu.ren 66611 08/04/2004
»»»»» Current runs (hklm hkcu "run" Keys Only)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TrackPointSrv"="tp4serv.exe"
"IgfxTray"="C:\\WINDOWS\\system32\\igfxtray.exe"
"HotKeysCmds"="C:\\WINDOWS\\system32\\hkcmd.exe"
"TPKMAPHELPER"="C:\\Program Files\\ThinkPad\\Utilities\\TpKmapAp.exe -helper"
"TpShocks"="TpShocks.exe"
"TPHOTKEY"="C:\\PROGRA~1\\ThinkPad\\PkgMgr\\HOTKEY\\TPHKMGR.exe"
"TP4EX"="tp4ex.exe"
"EZEJMNAP"="C:\\PROGRA~1\\ThinkPad\\UTILIT~1\\EzEjMnAp.Exe"
"UC_Start"="C:\\Program Files\\IBM\\Updater\\\\ucstartup.exe"
"UC_SMB"=""
"dla"="C:\\WINDOWS\\system32\\dla\\tfswctrl.exe"
"MXOBG"="C:\\WINDOWS\\MXOALDR.EXE"
"BMMLREF"="C:\\Program Files\\ThinkPad\\Utilities\\BMMLREF.EXE"
"BMMMONWND"="rundll32.exe C:\\PROGRA~1\\ThinkPad\\UTILIT~1\\BatInfEx.dll,BMMAutonomicMonitor"
"BLOG"="rundll32.exe C:\\PROGRA~1\\ThinkPad\\UTILIT~1\\BatLogEx.DLL,StartBattLog"
"SoundMAXPnP"="C:\\Program Files\\Analog Devices\\SoundMAX\\SMax4PNP.exe"
"SoundMAX"="\"C:\\Program Files\\Analog Devices\\SoundMAX\\Smax4.exe\" /tray"
"TPKBDLED"="C:\\WINDOWS\\system32\\TpScrLk.exe"
"SpyrusTray"="C:\\Program Files\\spyrus\\Spex2Lib\\SpyrusTray.exe"
"SpyrusReg"="C:\\Program Files\\spyrus\\Spex2Lib\\rosreg.exe"
"BMMGAG"="RunDll32 C:\\PROGRA~1\\ThinkPad\\UTILIT~1\\pwrmonit.dll,StartPwrMonitor"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"BluetoothAuthenticationAgent"="rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent"
"ISUSPM"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\ISUSPM.exe\" -scheduler"
"ACTray"="C:\\Program Files\\ThinkPad\\ConnectUtilities\\ACTray.exe"
"ACWLIcon"="C:\\Program Files\\ThinkPad\\ConnectUtilities\\ACWLIcon.exe"
"PRONoMgrWired"="C:\\Program Files\\Intel\\PROSetWired\\NCS\\PROSet\\PRONoMgr.exe"
"PrintServer Diagnostic"="C:\\Program Files\\Print Server\\PTP\\PSDiagnostic.exe"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"
"SUPERAntiSpyware"="C:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"
....
Hosts file was reset, If you use a custom hosts file please replace it
»»»»» End report »»»»»

[Jackhole]

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 6:33:27 AM, on 6/28/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\WINDOWS\system32\TpKmpSVC.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\tp4serv.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\TpShocks.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\MXOALDR.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\WINDOWS\system32\TpScrLk.exe
C:\Program Files\spyrus\Spex2Lib\SpyrusTray.exe
C:\Program Files\spyrus\Spex2Lib\rosreg.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
C:\Program Files\Print Server\PTP\PSDiagnostic.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Apache Group\Apache2\bin\ApacheMonitor.exe
C:\Program Files\Skype\Plugin Manager\SkypePM.exe
C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Christian\Desktop\HiJackThis_v2.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 9.8.7.6:8585
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: IE DOM Explorer - {CC7E636D-39AA-49b6-B511-65413DA137A1} - C:\Program Files\Internet Explorer Developer Toolbar\IEDevToolbar.dll
O3 - Toolbar: Developer Toolbar - {CC962137-2E78-4f94-975E-FC0C07DBD78F} - C:\Program Files\Internet Explorer Developer Toolbar\IEDevToolbar.dll
O4 - HKLM\..\Run: [TrackPointSrv] tp4serv.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [UC_Start] C:\Program Files\IBM\Updater\\ucstartup.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [MXOBG] C:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
O4 - HKLM\..\Run: [BMMMONWND] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor
O4 - HKLM\..\Run: [BLOG] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [TPKBDLED] C:\WINDOWS\system32\TpScrLk.exe
O4 - HKLM\..\Run: [SpyrusTray] C:\Program Files\spyrus\Spex2Lib\SpyrusTray.exe
O4 - HKLM\..\Run: [SpyrusReg] C:\Program Files\spyrus\Spex2Lib\rosreg.exe
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [PRONoMgrWired] C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [PrintServer Diagnostic] C:\Program Files\Print Server\PTP\PSDiagnostic.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [configmsi] cmd /c "rmdir /q C:\config.msi" (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [supportdir] cmd /c "rmdir /q /s "C:\WINDOWS\TEMP\{BF90215F-2D7B-4C84-8A24-A03BC41B95DD}"" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [configmsi] cmd /c "rmdir /q C:\config.msi" (User 'Default user')
O4 - Startup: MailWasherPro.lnk = C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Monitor Apache Servers.lnk = C:\Program Files\Apache Group\Apache2\bin\ApacheMonitor.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: IBM Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\ThinkPad\PkgMgr\\PkgMgr.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symant...ex/symdlmgr.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us...nfo/webscan.cab
O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} (HPObjectInstaller Class) - http://h30155.www3.hp.com/ediags/dd/instal...edsolutions.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://upload.smugmu...vex/XUpload.ocx
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...060/mcfscan.cab
O16 - DPF: {F2A84794-EE6D-447B-8C21-3BA1DC77C5B4} (SDKInstall Class) - file://C:\Documents and Settings\Christian\Desktop\Platform SDK\PLAT_SDK\controls\sdkinst.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Unknown owner - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: ACU Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Apache2 - Apache Software Foundation - C:\Program Files\Apache Group\Apache2\bin\Apache.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: SonicWall VPN Client Service (RampartSvc) - SonicWALL, Inc. - C:\Program Files\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exe
O23 - Service: Trusted Remote Log Receive Files (RemoteLogReceiveFiles) - Unknown owner - C:\Program Files\Szrek2Solutions\TrustedDraw\RemoteLog.exe
O23 - Service: Trusted Remote Log Send Archive (RemoteLogSendArchive) - Unknown owner - C:\Program Files\Szrek2Solutions\TrustedDraw\RemoteLog.exe
O23 - Service: Trusted Remote Log Audit (RemoteLogSendAudit) - Unknown owner - C:\Program Files\Szrek2Solutions\TrustedDraw\RemoteLog.exe
O23 - Service: Trusted Remote Log Send Graphics (RemoteLogSendGraphics) - Unknown owner - C:\Program Files\Szrek2Solutions\TrustedDraw\RemoteLog.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.EXE
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: Trusted Play Bets Extract (TrustedBetsExtract) - Unknown owner - C:\Program Files\Szrek2Solutions\TrustedDraw\TrustedBetsExtract.exe
O23 - Service: Trusted Play Extract (TrustedExtract) - Unknown owner - C:\Program Files\Szrek2Solutions\TrustedDraw\TrustedExtract.exe
O23 - Service: Trusted Play Maintenance (TrustedMaintenance) - Unknown owner - C:\Program Files\Szrek2Solutions\TrustedDraw\TrustedMaintenance.exe
O23 - Service: Trusted Play (TrustedPlay) - Unknown owner - C:\Program Files\Szrek2Solutions\TrustedDraw\TrustedPlay.exe
O23 - Service: Trusted Proxy (TrustedProxy) - Unknown owner - C:\Program Files\Szrek2Solutions\TrustedDraw\TrustedProxy.exe
O23 - Service: Trusted Play Winner Selection (TrustedWinsel) - Unknown owner - C:\Program Files\Szrek2Solutions\TrustedDraw\TrustedWinsel.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

--
End of file - 12487 bytes

[Jackhole]

Thanks again for the help. Yesterday I attempted to follow your "Spyware Removal Guide", but both BitDefender and AVG Anti-spyware crashed before completing a full scan. Together with eTrust and Norton AV, that's four virus scanners that crash before completing. In all four cases, the UI window remained on the screen, updating the time until I acknowledged the exception message box. Could this be a virus, or is it more likely some common component that is failing? AVG Anti-spyware generates error logs and dump files, I'll probably contact them about it.

[rridgely]

I don't see an antivirus on this computer. Do you have one installed?
If you do not have a Antivirus program then please download Active Virus Shield (Powered by Kaspersky) and save it to your desktop.

• Please remember to register for your Activation Code using a legitimate email address.
  
• Double-click avs.msi to run the installer, but please uncheck "Install Security Toolbar" during the installation process:
  
  
  
  
• Then please update the program and run a scan on "My Computer". Allow it to neutralize all that it finds.
  
• When done, launch Active Virus Shield's main window.
  
  
  
  
• Click the "Scan" button on the left, and then click "Detected".
  
  
  
  
• In the next window, click the "Save As" button to save a copy of the log.
  
• Copy and paste that log in your next reply.

Post the AOL AVS log and a new hijackthis log.

[Jackhole]

Protection
----------
Total scanned: 1308480
Detected: 36
Untreated: 0
Start time: 6/29/2007 8:16:38 PM
Duration: 13:56:16


Detected
--------
Status Object
------ ------
deleted: Trojan program Trojan.Win32.DNSChanger.iu File: C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP560\A0055283.exe
disinfected: virus Email-Worm.Win32.Magistr.a Mail attachment: Outlook\Personal Folders\Top of Personal Folders\Brian\[From:Brian][Subject:Message is infected : among us-deep, rich chocolate ][Time:2001/07/05 19:34:32]\imagemap.exe
deleted: virus Email-Worm.Win32.Bagle.at Mail attachment: Outlook\Personal Folders\Top of Personal Folders\Deleted Items\[From:Andrei.leo][Subject:Message is infected : Re: Hi][Time:2004/10/31 16:22:06]\price.cpl
deleted: virus Email-Worm.Win32.Bagle.bq Mail attachment: Outlook\Personal Folders\Top of Personal Folders\Deleted Items\[From:Colsen][Subject:Message is infected : The picture is sent on SMS][Time:2005/06/26 18:46:07]\In_park.zip\f22-013.exe
deleted: virus Worm.Win32.Feebs.gen Mail attachment: Outlook\Personal Folders\Top of Personal Folders\Deleted Items\[From:id34834@aol.com][Subject:Message is infected : Encrypted Message][Time:2006/01/25 13:57:45]\message.zip
disinfected: virus Virus.MSWord.Class.fm Mail attachment: Outlook\Personal Folders\Top of Personal Folders\Inbox\[From:Mike Morrison][Subject:Message is infected : Here, damn it][Time:1999/02/12 18:22:39]\OSMSdbSpec_v12.doc
disinfected: virus Virus.MSWord.Class.fm Mail attachment: Outlook\Personal Folders\Top of Personal Folders\Joni\[From:Chris Olsen][Subject:Message is infected : Thoughts][Time:1999/09/08 13:48:49]\THOUGHTS.DOC
disinfected: virus Virus.MSWord.Class.fm Mail attachment: Outlook\Personal Folders\Top of Personal Folders\Joni\[From:Chris Olsen][Subject:Message is infected : ][Time:1999/09/21 01:11:26]\joni.doc
deleted: Trojan program Trojan.Win32.CokeGift Mail attachment: Outlook\Personal Folders\Top of Personal Folders\Microsoft\[From:Brian D. Field][Subject:Message is infected : Fw: Microsoft offers users free cup holder (fwd)][Time:1998/07/29 15:09:35]\cupholde.exe
deleted: virus Email-Worm.Win32.Tanatos.a Mail attachment: Outlook\Personal Folders\Top of Personal Folders\Microsoft\[From:postmaster@microsoft.com][Subject:Delivery Status Notification (Failure)][Time:2002/10/03 09:31:48]\ cruz iz a lesbian, check it out inside!!!! (57.1 KB)\Anderson,Joni.ClubResignation.doc.scr/UPX
disinfected: virus Virus.MSWord.Class.fm Mail attachment: Outlook\Personal Folders\Top of Personal Folders\Sent Items\[From:Chris Olsen][Subject:Message is infected : FW: GET HER!][Time:1999/03/18 20:01:59]\GEther.doc
disinfected: virus Virus.MSWord.Class.fm Mail attachment: Outlook\Personal Folders\Top of Personal Folders\Sent Items\[From:Chris Olsen][Subject:Message is infected : RE: Transactive Y2K][Time:1999/08/27 10:14:52]\CBICY2K.doc
disinfected: virus Virus.MSWord.Class.fm Mail attachment: Outlook\Personal Folders\Top of Personal Folders\Sent Items\[From:Chris Olsen][Subject:Message is infected : Thoughts][Time:1999/09/08 13:48:49]\THOUGHTS.DOC
disinfected: virus Virus.MSWord.Class.fm Mail attachment: Outlook\Personal Folders\Top of Personal Folders\Sent Items\[From:Chris Olsen][Subject:Message is infected : ][Time:1999/09/21 01:11:26]\joni.doc
disinfected: virus Virus.MSWord.Class.fm Mail attachment: Christian Olsen\Local Folders\Inbox\[From:"Mike Morrison" <mike@simpleminded.com>][Subject:Message is infected : Here, damn it][Time:1999/02/12 17:22:39]\OSMSdbSpec_v12.doc
deleted: virus Email-Worm.Win32.Klez.h Mail attachment: Christian Olsen\Local Folders\Inbox\[From:"levinepj" <levinepj@worldnet.att.net>][Subject:Message is infected : Worm Klez.E immunity][Time:2002/07/08 08:37:20]\p34-43 Co-Dependency.scr
deleted: Trojan program Trojan-Spy.HTML.Paylap.ev Mail body: Christian Olsen\Local Folders\Inbox\[From:"PayPal" <billing@paypal.com>][Subject:Message is infected : New Security Requirements][Time:2005/06/24 21:14:45]\text/html
deleted: virus Email-Worm.Win32.Bagle.at Mail attachment: Christian Olsen\Local Folders\Inbox\[From:"Andrei.leo" <andrei.leo@gtech.com>][Subject:Message is infected : Re: Hi][Time:2004/10/31 16:22:40]\price.cpl
disinfected: virus Virus.MSWord.Class.fm Mail attachment: Christian Olsen\Local Folders\Sent Items\[From:"Chris Olsen" <colsen@velosoft.com>][Subject:Message is infected : FW: GET HER!][Time:1999/03/18 20:01:59]\GEther.doc
disinfected: virus Virus.MSWord.Class.fm Mail attachment: Christian Olsen\Local Folders\Sent Items\[From:"Chris Olsen" <colsen@velosoft.com>][Subject:Message is infected : RE: Transactive Y2K][Time:1999/08/27 10:14:52]\CBICY2K.doc
disinfected: virus Virus.MSWord.Class.fm Mail attachment: Christian Olsen\Local Folders\Sent Items\[From:"Chris Olsen" <colsen@velosoft.com>][Subject:Message is infected : Thoughts][Time:1999/09/08 13:48:49]\THOUGHTS.DOC
disinfected: virus Virus.MSWord.Class.fm Mail attachment: Christian Olsen\Local Folders\Sent Items\[From:"Chris Olsen" <colsen@velosoft.com>][Subject:Message is infected : ][Time:1999/09/21 01:11:26]\joni.doc
disinfected: virus Email-Worm.Win32.Bagle.bq Mail attachment: Christian Olsen\Local Folders\Deleted Items\[From:"Colsen" <colsen@vascularsolutions.com>][Subject:Message is infected : The picture is sent on SMS][Time:2005/06/26 18:47:10]\In_park.zip
disinfected: virus Email-Worm.Win32.Bagle.bq Mail attachment: Christian Olsen\Local Folders\Deleted Items\[From:"Colsen" <colsen@vascularsolutions.com>][Subject:The picture is sent on SMS][Time:2005/06/26 18:47:10]\In_park.zip\f22-013.exe
deleted: virus Worm.Win32.Feebs.gen Mail attachment: Christian Olsen\Local Folders\Deleted Items\[From:<id34834@aol.com>][Subject:Message is infected : Encrypted Message][Time:2006/01/25 12:56:17]\message.zip
deleted: Trojan program Trojan-Spy.HTML.Bankfraud.ri Mail attachment: Christian Olsen\Local Folders\Deleted Items\[From:"BB&T" <refnumber_5317014048ib@bbt.com>][Subject:Message is infected : [Virus-Removed] confirm your account details [Mon, 02 Apr 2007 21:21:24 -0800]][Time:2007/04/03 00:26:07]\dennis.gif
disinfected: virus Email-Worm.Win32.Magistr.a Mail attachment: Christian Olsen\Local Folders\Brian\[From:"Brian" <bfield@velosoft.com>][Subject:Message is infected : among us-deep, rich chocolate ][Time:2001/07/05 19:34:32]\imagemap.exe
disinfected: virus Virus.MSWord.Class.fm Mail attachment: Christian Olsen\Local Folders\Joni\[From:"Chris Olsen" <colsen@velosoft.com>][Subject:Message is infected : Thoughts][Time:1999/09/08 13:48:49]\THOUGHTS.DOC
disinfected: virus Virus.MSWord.Class.fm Mail attachment: Christian Olsen\Local Folders\Joni\[From:"Chris Olsen" <colsen@velosoft.com>][Subject:Message is infected : ][Time:1999/09/21 01:11:26]\joni.doc
deleted: Trojan program Trojan.Win32.CokeGift Mail attachment: Christian Olsen\Local Folders\Microsoft\[From:"Brian D. Field" <bfield@velosoft.com>][Subject:Message is infected : Fw: Microsoft offers users free cup holder (fwd)][Time:1998/07/29 15:09:35]\cupholde.exe
deleted: virus Email-Worm.Win32.Tanatos.a Mail attachment: Christian Olsen\Local Folders\Microsoft\[From:<postmaster@microsoft.com>][Subject:Delivery Status Notification (Failure)][Time:2002/10/03 09:32:01]\message/rfc822\Anderson,Joni.ClubResignation.doc.scr/UPX
deleted: Trojan program Trojan.Win32.DNSChanger.jb File: C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\45C66D91.EXE/CryptFF/stream/Script
deleted: Trojan program Trojan-Clicker.HTML.Agent.a Mail message: C:\Documents and Settings\Christian\Local Settings\Temp\Temporary Internet Files\Content.IE5\8HINWT6B\popup[1].htm
deleted: Trojan program Trojan.Win32.DNSChanger.jb Mail message: C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP563\A0055426.EXE/CryptFF
deleted: Trojan program Trojan.Win32.DNSChanger.jb File: C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP563\A0055426.EXE/CryptFF/stream/Script
deleted: Trojan program Trojan.Win32.DNSChanger.iu Mail message: C:\WINDOWS\Temp\kdgfu.ren


Events
------
Time Event
---- -----
6/29/2007 2:41:41 PM A full computer scan has never been performed. Please complete a full scan as soon as possible. The initial scan may be time consuming, but you may pause and resume the scan at any time.
6/29/2007 8:07:02 PM A full computer scan has never been performed. Please complete a full scan as soon as possible. The initial scan may be time consuming, but you may pause and resume the scan at any time.
6/29/2007 8:07:39 PM Process (PID 1484) tried to access Active Virus Shield process (PID 1176), but it has been blocked. This is Self-Defense monitoring, and you do not need to do anything.
6/29/2007 8:08:55 PM Please restart your computer to complete the installation of new or updated protection components.
6/29/2007 8:09:18 PM Update completed successfully.
6/29/2007 8:11:20 PM Process (PID 1152) tried to access Active Virus Shield process (PID 1176), but it has been blocked. This is Self-Defense monitoring, and you do not need to do anything.
6/29/2007 8:11:20 PM Process (PID 1152) tried to access Active Virus Shield process (PID 2976), but it has been blocked. This is Self-Defense monitoring, and you do not need to do anything.
6/29/2007 8:16:30 PM A full computer scan has never been performed. Please complete a full scan as soon as possible. The initial scan may be time consuming, but you may pause and resume the scan at any time.
6/29/2007 8:17:09 PM Process (PID 1488) tried to access Active Virus Shield process (PID 1152), but it has been blocked. This is Self-Defense monitoring, and you do not need to do anything.
6/29/2007 9:25:26 PM Process (PID 1112) tried to access Active Virus Shield process (PID 1152), but it has been blocked. This is Self-Defense monitoring, and you do not need to do anything.
6/29/2007 9:25:26 PM Process (PID 1112) tried to access Active Virus Shield process (PID 3476), but it has been blocked. This is Self-Defense monitoring, and you do not need to do anything.
6/29/2007 10:08:46 PM File C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP560\A0055283.exe: detected Trojan program Trojan.Win32.DNSChanger.iu
6/29/2007 10:08:47 PM Security threats have been detected. You are advised to neutralize them immediately.
6/29/2007 10:08:47 PM File C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP560\A0055283.exe: is not disinfected, postponed
6/29/2007 10:12:43 PM Mail attachment Outlook\Personal Folders\Top of Personal Folders\Brian\[From:Brian][Subject:among us-deep, rich chocolate ][Time:2001/07/05 19:34:32]\imagemap.exe: detected virus Email-Worm.Win32.Magistr.a
6/29/2007 10:12:43 PM Mail attachment Outlook\Personal Folders\Top of Personal Folders\Brian\[From:Brian][Subject:among us-deep, rich chocolate ][Time:2001/07/05 19:34:32]\imagemap.exe: is not disinfected, postponed
6/29/2007 10:18:19 PM Update completed successfully.
6/29/2007 10:19:28 PM Mail attachment Outlook\Personal Folders\Top of Personal Folders\Deleted Items\[From:Andrei.leo][Subject:Re: Hi][Time:2004/10/31 16:22:06]\price.cpl: detected virus Email-Worm.Win32.Bagle.at
6/29/2007 10:19:28 PM Mail attachment Outlook\Personal Folders\Top of Personal Folders\Deleted Items\[From:Andrei.leo][Subject:Re: Hi][Time:2004/10/31 16:22:06]\price.cpl: is not disinfected, postponed
6/29/2007 10:19:36 PM Mail attachment Outlook\Personal Folders\Top of Personal Folders\Deleted Items\[From:Colsen][Subject:The picture is sent on SMS][Time:2005/06/26 18:46:07]\In_park.zip\f22-013.exe: detected virus Email-Worm.Win32.Bagle.bq
6/29/2007 10:19:36 PM Mail attachment Outlook\Personal Folders\Top of Personal Folders\Deleted Items\[From:Colsen][Subject:The picture is sent on SMS][Time:2005/06/26 18:46:07]\In_park.zip\f22-013.exe: is not disinfected, postponed
6/29/2007 10:19:54 PM Mail attachment Outlook\Personal Folders\Top of Personal Folders\Deleted Items\[From:id34834@aol.com][Subject:Encrypted Message][Time:2006/01/25 13:57:45]\message.zip: detected virus Worm.Win32.Feebs.gen
6/29/2007 10:19:54 PM Mail attachment Outlook\Personal Folders\Top of Personal Folders\Deleted Items\[From:id34834@aol.com][Subject:Encrypted Message][Time:2006/01/25 13:57:45]\message.zip: is not disinfected, postponed
6/29/2007 10:23:00 PM Mail attachment Outlook\Personal Folders\Top of Personal Folders\Inbox\[From:Mike Morrison][Subject:Here, damn it][Time:1999/02/12 18:22:39]\OSMSdbSpec_v12.doc: detected virus Virus.MSWord.Class.fm
6/29/2007 10:23:00 PM Mail attachment Outlook\Personal Folders\Top of Personal Folders\Inbox\[From:Mike Morrison][Subject:Here, damn it][Time:1999/02/12 18:22:39]\OSMSdbSpec_v12.doc: is not disinfected, postponed
6/29/2007 10:47:43 PM Mail attachment Outlook\Personal Folders\Top of Personal Folders\Joni\[From:Chris Olsen][Subject:Thoughts][Time:1999/09/08 13:48:49]\THOUGHTS.DOC: detected virus Virus.MSWord.Class.fm
6/29/2007 10:47:43 PM Mail attachment Outlook\Personal Folders\Top of Personal Folders\Joni\[From:Chris Olsen][Subject:Thoughts][Time:1999/09/08 13:48:49]\THOUGHTS.DOC: is not disinfected, postponed
6/29/2007 10:48:01 PM Mail attachment Outlook\Personal Folders\Top of Personal Folders\Joni\[From:Chris Olsen][Subject:][Time:1999/09/21 01:11:26]\joni.doc: detected virus Virus.MSWord.Class.fm
6/29/2007 10:48:01 PM Mail attachment Outlook\Personal Folders\Top of Personal Folders\Joni\[From:Chris Olsen][Subject:][Time:1999/09/21 01:11:26]\joni.doc: is not disinfected, postponed
6/29/2007 10:50:49 PM Mail attachment Outlook\Personal Folders\Top of Personal Folders\Microsoft\[From:Brian D. Field][Subject:Fw: Microsoft offers users free cup holder (fwd)][Time:1998/07/29 15:09:35]\cupholde.exe: detected Trojan program Trojan.Win32.CokeGift
6/29/2007 10:50:49 PM Mail attachment Outlook\Personal Folders\Top of Personal Folders\Microsoft\[From:Brian D. Field][Subject:Fw: Microsoft offers users free cup holder (fwd)][Time:1998/07/29 15:09:35]\cupholde.exe: is not disinfected, postponed
6/29/2007 10:50:55 PM Mail attachment Outlook\Personal Folders\Top of Personal Folders\Microsoft\[From:postmaster@microsoft.com][Subject:Delivery Status Notification (Failure)][Time:2002/10/03 09:31:48]\ cruz iz a lesbian, check it out inside!!!! (57.1 KB)\Anderson,Joni.ClubResignation.doc.scr/UPX: detected virus Email-Worm.Win32.Tanatos.a
6/29/2007 10:50:55 PM Mail attachment Outlook\Personal Folders\Top of Personal Folders\Microsoft\[From:postmaster@microsoft.com][Subject:Delivery Status Notification (Failure)][Time:2002/10/03 09:31:48]\ cruz iz a lesbian, check it out inside!!!! (57.1 KB)\Anderson,Joni.ClubResignation.doc.scr/UPX: is not disinfected, postponed
6/29/2007 10:54:06 PM Mail attachment Outlook\Personal Folders\Top of Personal Folders\Sent Items\[From:Chris Olsen][Subject:FW: GET HER!][Time:1999/03/18 20:01:59]\GEther.doc: detected virus Virus.MSWord.Class.fm
6/29/2007 10:54:06 PM Mail attachment Outlook\Personal Folders\Top of Personal Folders\Sent Items\[From:Chris Olsen][Subject:FW: GET HER!][Time:1999/03/18 20:01:59]\GEther.doc: is not disinfected, postponed
6/29/2007 10:54:29 PM Mail attachment Outlook\Personal Folders\Top of Personal Folders\Sent Items\[From:Chris Olsen][Subject:RE: Transactive Y2K][Time:1999/08/27 10:14:52]\CBICY2K.doc: detected virus Virus.MSWord.Class.fm
6/29/2007 10:54:29 PM Mail attachment Outlook\Personal Folders\Top of Personal Folders\Sent Items\[From:Chris Olsen][Subject:RE: Transactive Y2K][Time:1999/08/27 10:14:52]\CBICY2K.doc: is not disinfected, postponed
6/29/2007 10:54:30 PM Mail attachment Outlook\Personal Folders\Top of Personal Folders\Sent Items\[From:Chris Olsen][Subject:Thoughts][Time:1999/09/08 13:48:49]\THOUGHTS.DOC: detected virus Virus.MSWord.Class.fm
6/29/2007 10:54:30 PM Mail attachment Outlook\Personal Folders\Top of Personal Folders\Sent Items\[From:Chris Olsen][Subject:Thoughts][Time:1999/09/08 13:48:49]\THOUGHTS.DOC: is not disinfected, postponed
6/29/2007 10:54:30 PM Mail attachment Outlook\Personal Folders\Top of Personal Folders\Sent Items\[From:Chris Olsen][Subject:][Time:1999/09/21 01:11:26]\joni.doc: detected virus Virus.MSWord.Class.fm
6/29/2007 10:54:30 PM Mail attachment Outlook\Personal Folders\Top of Personal Folders\Sent Items\[From:Chris Olsen][Subject:][Time:1999/09/21 01:11:26]\joni.doc: is not disinfected, postponed
6/29/2007 10:58:36 PM Mail attachment Christian Olsen\Local Folders\Inbox\[From:"Mike Morrison" <mike@simpleminded.com>][Subject:Here, damn it][Time:1999/02/12 17:22:39]\OSMSdbSpec_v12.doc: detected virus Virus.MSWord.Class.fm
6/29/2007 10:58:36 PM Mail attachment Christian Olsen\Local Folders\Inbox\[From:"Mike Morrison" <mike@simpleminded.com>][Subject:Here, damn it][Time:1999/02/12 17:22:39]\OSMSdbSpec_v12.doc: is not disinfected, postponed
6/29/2007 11:01:54 PM Mail attachment Christian Olsen\Local Folders\Inbox\[From:"levinepj" <levinepj@worldnet.att.net>][Subject:Worm Klez.E immunity][Time:2002/07/08 08:37:20]\p34-43 Co-Dependency.scr: detected virus Email-Worm.Win32.Klez.h
6/29/2007 11:01:54 PM Mail attachment Christian Olsen\Local Folders\Inbox\[From:"levinepj" <levinepj@worldnet.att.net>][Subject:Worm Klez.E immunity][Time:2002/07/08 08:37:20]\p34-43 Co-Dependency.scr: is not disinfected, postponed
6/29/2007 11:07:08 PM Mail body Christian Olsen\Local Folders\Inbox\[From:"PayPal" <billing@paypal.com>][Subject:New Security Requirements][Time:2005/06/24 21:14:45]\text/html: detected Trojan program Trojan-Spy.HTML.Paylap.ev
6/29/2007 11:07:08 PM Mail body Christian Olsen\Local Folders\Inbox\[From:"PayPal" <billing@paypal.com>][Subject:New Security Requirements][Time:2005/06/24 21:14:45]\text/html: is not disinfected, postponed
6/29/2007 11:09:22 PM Mail attachment Christian Olsen\Local Folders\Inbox\[From:"Andrei.leo" <andrei.leo@gtech.com>][Subject:Re: Hi][Time:2004/10/31 16:22:40]\price.cpl: detected virus Email-Worm.Win32.Bagle.at
6/29/2007 11:09:22 PM Mail attachment Christian Olsen\Local Folders\Inbox\[From:"Andrei.leo" <andrei.leo@gtech.com>][Subject:Re: Hi][Time:2004/10/31 16:22:40]\price.cpl: is not disinfected, postponed
6/29/2007 11:12:59 PM Mail attachment Christian Olsen\Local Folders\Sent Items\[From:"Chris Olsen" <colsen@velosoft.com>][Subject:FW: GET HER!][Time:1999/03/18 20:01:59]\GEther.doc: detected virus Virus.MSWord.Class.fm
6/29/2007 11:12:59 PM Mail attachment Christian Olsen\Local Folders\Sent Items\[From:"Chris Olsen" <colsen@velosoft.com>][Subject:FW: GET HER!][Time:1999/03/18 20:01:59]\GEther.doc: is not disinfected, postponed
6/29/2007 11:13:06 PM Mail attachment Christian Olsen\Local Folders\Sent Items\[From:"Chris Olsen" <colsen@velosoft.com>][Subject:RE: Transactive Y2K][Time:1999/08/27 10:14:52]\CBICY2K.doc: detected virus Virus.MSWord.Class.fm
6/29/2007 11:13:06 PM Mail attachment Christian Olsen\Local Folders\Sent Items\[From:"Chris Olsen" <colsen@velosoft.com>][Subject:RE: Transactive Y2K][Time:1999/08/27 10:14:52]\CBICY2K.doc: is not disinfected, postponed
6/29/2007 11:13:07 PM Mail attachment Christian Olsen\Local Folders\Sent Items\[From:"Chris Olsen" <colsen@velosoft.com>][Subject:Thoughts][Time:1999/09/08 13:48:49]\THOUGHTS.DOC: detected virus Virus.MSWord.Class.fm
6/29/2007 11:13:07 PM Mail attachment Christian Olsen\Local Folders\Sent Items\[From:"Chris Olsen" <colsen@velosoft.com>][Subject:Thoughts][Time:1999/09/08 13:48:49]\THOUGHTS.DOC: is not disinfected, postponed
6/29/2007 11:13:07 PM Mail attachment Christian Olsen\Local Folders\Sent Items\[From:"Chris Olsen" <colsen@velosoft.com>][Subject:][Time:1999/09/21 01:11:26]\joni.doc: detected virus Virus.MSWord.Class.fm
6/29/2007 11:13:07 PM Mail attachment Christian Olsen\Local Folders\Sent Items\[From:"Chris Olsen" <colsen@velosoft.com>][Subject:][Time:1999/09/21 01:11:26]\joni.doc: is not disinfected, postponed
6/29/2007 11:24:40 PM Mail attachment Christian Olsen\Local Folders\Deleted Items\[From:"Colsen" <colsen@vascularsolutions.com>][Subject:The picture is sent on SMS][Time:2005/06/26 18:47:10]\In_park.zip\f22-013.exe: detected virus Email-Worm.Win32.Bagle.bq
6/29/2007 11:24:40 PM Mail attachment Christian Olsen\Local Folders\Deleted Items\[From:"Colsen" <colsen@vascularsolutions.com>][Subject:The picture is sent on SMS][Time:2005/06/26 18:47:10]\In_park.zip\f22-013.exe: is not disinfected, postponed
6/29/2007 11:25:04 PM Mail attachment Christian Olsen\Local Folders\Deleted Items\[From:<id34834@aol.com>][Subject:Encrypted Message][Time:2006/01/25 12:56:17]\message.zip: detected virus Worm.Win32.Feebs.gen
6/29/2007 11:25:04 PM Mail attachment Christian Olsen\Local Folders\Deleted Items\[From:<id34834@aol.com>][Subject:Encrypted Message][Time:2006/01/25 12:56:17]\message.zip: is not disinfected, postponed
6/29/2007 11:25:29 PM Mail attachment Christian Olsen\Local Folders\Deleted Items\[From:"BB&T" <refnumber_5317014048ib@bbt.com>][Subject:[Virus-Removed] confirm your account details [Mon, 02 Apr 2007 21:21:24 -0800]][Time:2007/04/03 00:26:07]\dennis.gif: detected Trojan program Trojan-Spy.HTML.Bankfraud.ri
6/29/2007 11:25:29 PM Mail attachment Christian Olsen\Local Folders\Deleted Items\[From:"BB&T" <refnumber_5317014048ib@bbt.com>][Subject:[Virus-Removed] confirm your account details [Mon, 02 Apr 2007 21:21:24 -0800]][Time:2007/04/03 00:26:07]\dennis.gif: is not disinfected, postponed
6/29/2007 11:27:02 PM Mail attachment Christian Olsen\Local Folders\Brian\[From:"Brian" <bfield@velosoft.com>][Subject:among us-deep, rich chocolate ][Time:2001/07/05 19:34:32]\imagemap.exe: detected virus Email-Worm.Win32.Magistr.a
6/29/2007 11:27:02 PM Mail attachment Christian Olsen\Local Folders\Brian\[From:"Brian" <bfield@velosoft.com>][Subject:among us-deep, rich chocolate ][Time:2001/07/05 19:34:32]\imagemap.exe: is not disinfected, postponed
6/29/2007 11:31:07 PM Mail attachment Christian Olsen\Local Folders\Joni\[From:"Chris Olsen" <colsen@velosoft.com>][Subject:Thoughts][Time:1999/09/08 13:48:49]\THOUGHTS.DOC: detected virus Virus.MSWord.Class.fm
6/29/2007 11:31:07 PM Mail attachment Christian Olsen\Local Folders\Joni\[From:"Chris Olsen" <colsen@velosoft.com>][Subject:Thoughts][Time:1999/09/08 13:48:49]\THOUGHTS.DOC: is not disinfected, postponed
6/29/2007 11:31:07 PM Mail attachment Christian Olsen\Local Folders\Joni\[From:"Chris Olsen" <colsen@velosoft.com>][Subject:][Time:1999/09/21 01:11:26]\joni.doc: detected virus Virus.MSWord.Class.fm
6/29/2007 11:31:07 PM Mail attachment Christian Olsen\Local Folders\Joni\[From:"Chris Olsen" <colsen@velosoft.com>][Subject:][Time:1999/09/21 01:11:26]\joni.doc: is not disinfected, postponed
6/29/2007 11:32:46 PM Mail attachment Christian Olsen\Local Folders\Microsoft\[From:"Brian D. Field" <bfield@velosoft.com>][Subject:Fw: Microsoft offers users free cup holder (fwd)][Time:1998/07/29 15:09:35]\cupholde.exe: detected Trojan program Trojan.Win32.CokeGift
6/29/2007 11:32:46 PM Mail attachment Christian Olsen\Local Folders\Microsoft\[From:"Brian D. Field" <bfield@velosoft.com>][Subject:Fw: Microsoft offers users free cup holder (fwd)][Time:1998/07/29 15:09:35]\cupholde.exe: is not disinfected, postponed
6/29/2007 11:32:49 PM Mail attachment Christian Olsen\Local Folders\Microsoft\[From:<postmaster@microsoft.com>][Subject:Delivery Status Notification (Failure)][Time:2002/10/03 09:32:01]\message/rfc822\Anderson,Joni.ClubResignation.doc.scr/UPX: detected virus Email-Worm.Win32.Tanatos.a
6/29/2007 11:32:49 PM Mail attachment Christian Olsen\Local Folders\Microsoft\[From:<postmaster@microsoft.com>][Subject:Delivery Status Notification (Failure)][Time:2002/10/03 09:32:01]\message/rfc822\Anderson,Joni.ClubResignation.doc.scr/UPX: is not disinfected, postponed
6/29/2007 11:50:50 PM File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\45C66D91.EXE/CryptFF/stream/Script: detected Trojan program Trojan.Win32.DNSChanger.jb
6/29/2007 11:50:51 PM File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\45C66D91.EXE/CryptFF/stream/Script: is not disinfected, postponed
6/30/2007 12:19:09 AM Update completed successfully.
6/30/2007 12:34:37 AM File C:\Documents and Settings\Christian\Local Settings\Temp\Temporary Internet Files\Content.IE5\8HINWT6B\popup[1].htm: detected Trojan program Trojan-Clicker.HTML.Agent.a
6/30/2007 12:34:37 AM File C:\Documents and Settings\Christian\Local Settings\Temp\Temporary Internet Files\Content.IE5\8HINWT6B\popup[1].htm: is not disinfected, postponed
6/30/2007 2:20:41 AM Update completed successfully.
6/30/2007 4:08:03 AM File C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP560\A0055283.exe: detected Trojan program Trojan.Win32.DNSChanger.iu
6/30/2007 4:08:03 AM File C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP560\A0055283.exe: is not disinfected, postponed
6/30/2007 4:09:26 AM File C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP563\A0055426.EXE/CryptFF/stream/Script: detected Trojan program Trojan.Win32.DNSChanger.jb
6/30/2007 4:09:26 AM File C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP563\A0055426.EXE/CryptFF/stream/Script: is not disinfected, postponed
6/30/2007 4:24:24 AM Update completed successfully.
6/30/2007 4:45:42 AM File C:\WINDOWS\Temp\kdgfu.ren: detected Trojan program Trojan.Win32.DNSChanger.iu
6/30/2007 4:45:42 AM File C:\WINDOWS\Temp\kdgfu.ren: is not disinfected, postponed
6/30/2007 4:47:49 AM File c:\system volume information\_restore{5d527826-05bd-4a83-8416-28acdda14001}\rp560\a0055283.exe: detected Trojan program Trojan.Win32.DNSChanger.iu
6/30/2007 6:32:40 AM Update completed successfully.
6/30/2007 8:25:23 AM File c:\system volume information\_restore{5d527826-05bd-4a83-8416-28acdda14001}\rp560\a0055283.exe: deleted
6/30/2007 8:25:26 AM Mail attachment Outlook\Personal Folders\Top of Personal Folders\Brian\[From:Brian][Subject:Message is infected : among us-deep, rich chocolate ][Time:2001/07/05 19:34:32]\imagemap.exe: detected virus Email-Worm.Win32.Magistr.a
6/30/2007 8:25:35 AM Mail attachment Outlook\Personal Folders\Top of Personal Folders\Brian\[From:Brian][Subject:Message is infected : among us-deep, rich chocolate ][Time:2001/07/05 19:34:32]\imagemap.exe: disinfected
6/30/2007 8:25:35 AM Mail attachment Outlook\Personal Folders\Top of Personal Folders\Brian\[From:Brian][Subject:Message is infected : among us-deep, rich chocolate ][Time:2001/07/05 19:34:32]\imagemap.exe: disinfected
6/30/2007 8:25:37 AM Mail attachment Outlook\Personal Folders\Top of Personal Folders\Deleted Items\[From:Andrei.leo][Subject:Message is infected : Re: Hi][Time:2004/10/31 16:22:06]\price.cpl: detected virus Email-Worm.Win32.Bagle.at
6/30/2007 8:25:44 AM Mail attachment Outlook\Personal Folders\Top of Personal Folders\Deleted Items\[From:Andrei.leo][Subject:Message is infected : Re: Hi][Time:2004/10/31 16:22:06]\price.cpl: deleted
6/30/2007 8:25:45 AM Mail attachment Outlook\Personal Folders\Top of Personal Folders\Deleted Items\[From:Colsen][Subject:Message is infected : The picture is sent on SMS][Time:2005/06/26 18:46:07]\In_park.zip\f22-013.exe: detected virus Email-Worm.Win32.Bagle.bq
6/30/2007 8:25:57 AM Mail attachment Outlook\Personal Folders\Top of Personal Folders\Deleted Items\[From:Colsen][Subject:Message is infected : The picture is sent on SMS][Time:2005/06/26 18:46:07]\In_park.zip\f22-013.exe: is not disinfected, skipped by user
6/30/2007 8:43:42 AM Update completed successfully.


Reports
-------
Task Status Start Finish Size
---- ------ ----- ------ ----
File Anti-Virus running 6/29/2007 8:16:38 PM 1.9 MB
Mail Anti-Virus running 6/29/2007 8:16:38 PM 7.8 KB
Scan Startup Objects completed 6/29/2007 9:27:13 PM 6/29/2007 9:29:47 PM 827.1 KB
Scan My Computer completed 6/29/2007 9:47:18 PM 6/30/2007 8:26:00 AM 0 bytes
Update completed 6/29/2007 10:17:29 PM 6/29/2007 10:18:18 PM 11.5 KB
Update completed 6/30/2007 12:18:43 AM 6/30/2007 12:19:09 AM 11 KB
Update completed 6/30/2007 2:20:14 AM 6/30/2007 2:20:41 AM 10.6 KB
Update completed 6/30/2007 4:22:15 AM 6/30/2007 4:24:24 AM 10.1 KB
Update completed 6/30/2007 6:32:28 AM 6/30/2007 6:32:40 AM 10.6 KB
Update completed 6/30/2007 8:42:32 AM 6/30/2007 8:43:41 AM 11 KB
Scan My Computer stopped 6/30/2007 10:09:22 AM 6/30/2007 10:45:33 AM 13.8 KB


Quarantine
----------
Status Object Size Added
------ ------ ---- -----


Backup
------
Status Object Size
------ ------ ----
Infected: virus Email-Worm.Win32.Magistr.a C:\Documents and Settings\Christian\Local Settings\Application Data\Identities\{E49DBF85-48DC-42AF-8F45-2F48C0FEA9DE}\Microsoft\Outlook Express\Brian.dbx 342.2 MB
Infected: virus Virus.MSWord.Class.fm C:\Documents and Settings\Christian\Local Settings\Application Data\Identities\{E49DBF85-48DC-42AF-8F45-2F48C0FEA9DE}\Microsoft\Outlook Express\Inbox.dbx 1.5 GB
Infected: virus Virus.MSWord.Class.fm C:\Documents and Settings\Christian\Local Settings\Application Data\Identities\{E49DBF85-48DC-42AF-8F45-2F48C0FEA9DE}\Microsoft\Outlook Express\Sent Items.dbx 1.3 GB
Infected: virus Email-Worm.Win32.Bagle.bq C:\Documents and Settings\Christian\Local Settings\Application Data\Identities\{E49DBF85-48DC-42AF-8F45-2F48C0FEA9DE}\Microsoft\Outlook Express\Deleted Items.dbx 47.4 MB
Infected: Trojan program Trojan.Win32.DNSChanger.iu c:\system volume information\_restore{5d527826-05bd-4a83-8416-28acdda14001}\rp560\a0055283.exe 65 KB
Infected: Trojan program Trojan.Win32.DNSChanger.iu c:\windows\temp\kdgfu.ren 65 KB
Infected: virus Virus.MSWord.Class.fm C:\Documents and Settings\Christian\Local Settings\Application Data\Identities\{E49DBF85-48DC-42AF-8F45-2F48C0FEA9DE}\Microsoft\Outlook Express\Joni.dbx 241.6 MB
Infected: Trojan program Trojan.Win32.DNSChanger.jb c:\documents and settings\all users\application data\symantec\norton antivirus\quarantine\45c66d91.exe 230.9 KB
Infected: Trojan program Trojan.Win32.CokeGift C:\Documents and Settings\Christian\Local Settings\Application Data\Identities\{E49DBF85-48DC-42AF-8F45-2F48C0FEA9DE}\Microsoft\Outlook Express\Microsoft.dbx 10.2 MB
Infected: Trojan program Trojan.Win32.DNSChanger.jb c:\system volume information\_restore{5d527826-05bd-4a83-8416-28acdda14001}\rp563\a0055426.exe 230.9 KB
Infected: Trojan program Trojan-Clicker.HTML.Agent.a c:\documents and settings\christian\local settings\temp\temporary internet files\content.ie5\8hinwt6b\popup[1].htm 10.0 KB

[Jackhole]

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 10:11:48 AM, on 6/30/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\AOL\Active Virus Shield\avp.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\WINDOWS\system32\TpKmpSVC.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\tp4serv.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\MXOALDR.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\WINDOWS\system32\TpScrLk.exe
C:\Program Files\spyrus\Spex2Lib\SpyrusTray.exe
C:\Program Files\spyrus\Spex2Lib\rosreg.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
C:\Program Files\Print Server\PTP\PSDiagnostic.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\AOL\Active Virus Shield\avp.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Skype\Plugin Manager\SkypePM.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Apache Group\Apache2\bin\ApacheMonitor.exe
C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe
C:\Program Files\Outlook Express\msimn.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Microsoft Visual Studio\Common\MSDev98\Bin\MSDEV.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cmd.exe
C:\Documents and Settings\Christian\Desktop\HiJackThis_v2.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 9.8.7.6:8585
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: IE DOM Explorer - {CC7E636D-39AA-49b6-B511-65413DA137A1} - C:\Program Files\Internet Explorer Developer Toolbar\IEDevToolbar.dll
O3 - Toolbar: Developer Toolbar - {CC962137-2E78-4f94-975E-FC0C07DBD78F} - C:\Program Files\Internet Explorer Developer Toolbar\IEDevToolbar.dll
O4 - HKLM\..\Run: [TrackPointSrv] tp4serv.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [UC_Start] C:\Program Files\IBM\Updater\\ucstartup.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [MXOBG] C:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
O4 - HKLM\..\Run: [BMMMONWND] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor
O4 - HKLM\..\Run: [BLOG] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [TPKBDLED] C:\WINDOWS\system32\TpScrLk.exe
O4 - HKLM\..\Run: [SpyrusTray] C:\Program Files\spyrus\Spex2Lib\SpyrusTray.exe
O4 - HKLM\..\Run: [SpyrusReg] C:\Program Files\spyrus\Spex2Lib\rosreg.exe
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [PRONoMgrWired] C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [PrintServer Diagnostic] C:\Program Files\Print Server\PTP\PSDiagnostic.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [aol] "C:\Program Files\AOL\Active Virus Shield\avp.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [configmsi] cmd /c "rmdir /q C:\config.msi" (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [supportdir] cmd /c "rmdir /q /s "C:\WINDOWS\TEMP\{BF90215F-2D7B-4C84-8A24-A03BC41B95DD}"" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [configmsi] cmd /c "rmdir /q C:\config.msi" (User 'Default user')
O4 - Startup: MailWasherPro.lnk = C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Monitor Apache Servers.lnk = C:\Program Files\Apache Group\Apache2\bin\ApacheMonitor.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\ThinkPad\PkgMgr\\PkgMgr.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symant...ex/symdlmgr.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us...nfo/webscan.cab
O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} (HPObjectInstaller Class) - http://h30155.www3.hp.com/ediags/dd/instal...edsolutions.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://upload.smugmu...vex/XUpload.ocx
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...060/mcfscan.cab
O16 - DPF: {F2A84794-EE6D-447B-8C21-3BA1DC77C5B4} (SDKInstall Class) - file://C:\Documents and Settings\Christian\Desktop\Platform SDK\PLAT_SDK\controls\sdkinst.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Unknown owner - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: ACU Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Apache2 - Apache Software Foundation - C:\Program Files\Apache Group\Apache2\bin\Apache.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Active Virus Shield (AVP) - AOL - C:\Program Files\AOL\Active Virus Shield\avp.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: SonicWall VPN Client Service (RampartSvc) - SonicWALL, Inc. - C:\Program Files\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exe
O23 - Service: Trusted Remote Log Receive Files (RemoteLogReceiveFiles) - Unknown owner - C:\Program Files\Szrek2Solutions\TrustedDraw\RemoteLog.exe
O23 - Service: Trusted Remote Log Send Archive (RemoteLogSendArchive) - Unknown owner - C:\Program Files\Szrek2Solutions\TrustedDraw\RemoteLog.exe
O23 - Service: Trusted Remote Log Audit (RemoteLogSendAudit) - Unknown owner - C:\Program Files\Szrek2Solutions\TrustedDraw\RemoteLog.exe
O23 - Service: Trusted Remote Log Send Graphics (RemoteLogSendGraphics) - Unknown owner - C:\Program Files\Szrek2Solutions\TrustedDraw\RemoteLog.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.EXE
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: Trusted Play Bets Extract (TrustedBetsExtract) - Unknown owner - C:\Program Files\Szrek2Solutions\TrustedDraw\TrustedBetsExtract.exe
O23 - Service: Trusted Play Extract (TrustedExtract) - Unknown owner - C:\Program Files\Szrek2Solutions\TrustedDraw\TrustedExtract.exe
O23 - Service: Trusted Play Maintenance (TrustedMaintenance) - Unknown owner - C:\Program Files\Szrek2Solutions\TrustedDraw\TrustedMaintenance.exe
O23 - Service: Trusted Play (TrustedPlay) - Unknown owner - C:\Program Files\Szrek2Solutions\TrustedDraw\TrustedPlay.exe
O23 - Service: Trusted Proxy (TrustedProxy) - Unknown owner - C:\Program Files\Szrek2Solutions\TrustedDraw\TrustedProxy.exe
O23 - Service: Trusted Play Winner Selection (TrustedWinsel) - Unknown owner - C:\Program Files\Szrek2Solutions\TrustedDraw\TrustedWinsel.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

--
End of file - 13098 bytes

[rridgely]

Do things seem back to normal?
Try running AVG antispyware and Superantispyware from the spyware removal guide. Post back the logs if they work.

[Jackhole]

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 10:25:51 AM 7/1/2007

+ Scan result:



C:\Documents and Settings\Christian\Desktop\Download\hypertunnelNT.zip/htc.exe -> Not-A-Virus.NetTool.Win32.HTTPTunnel.a : Ignored.
C:\Documents and Settings\Christian\Desktop\Download\hypertunnelNT.zip/hts.exe -> Not-A-Virus.NetTool.Win32.HTTPTunnel.a : Ignored.
C:\Program Files\hypertunnel\htc.exe -> Not-A-Virus.NetTool.Win32.HTTPTunnel.a : Ignored.
C:\Program Files\hypertunnel\hts.exe -> Not-A-Virus.NetTool.Win32.HTTPTunnel.a : Ignored.
C:\Documents and Settings\Christian\My Documents\Download\aircrack-2.41.zip/aircrack-2.41/win32/aircrack.exe -> Not-A-Virus.PSWTool.Win32.AirCrack.a : Ignored.
:mozilla.115:C:\Documents and Settings\Christian\Application Data\Mozilla\Firefox\Profiles\svx4vmkt.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.116:C:\Documents and Settings\Christian\Application Data\Mozilla\Firefox\Profiles\svx4vmkt.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.117:C:\Documents and Settings\Christian\Application Data\Mozilla\Firefox\Profiles\svx4vmkt.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.118:C:\Documents and Settings\Christian\Application Data\Mozilla\Firefox\Profiles\svx4vmkt.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.119:C:\Documents and Settings\Christian\Application Data\Mozilla\Firefox\Profiles\svx4vmkt.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.120:C:\Documents and Settings\Christian\Application Data\Mozilla\Firefox\Profiles\svx4vmkt.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.121:C:\Documents and Settings\Christian\Application Data\Mozilla\Firefox\Profiles\svx4vmkt.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.122:C:\Documents and Settings\Christian\Application Data\Mozilla\Firefox\Profiles\svx4vmkt.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.123:C:\Documents and Settings\Christian\Application Data\Mozilla\Firefox\Profiles\svx4vmkt.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.124:C:\Documents and Settings\Christian\Application Data\Mozilla\Firefox\Profiles\svx4vmkt.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.125:C:\Documents and Settings\Christian\Application Data\Mozilla\Firefox\Profiles\svx4vmkt.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.126:C:\Documents and Settings\Christian\Application Data\Mozilla\Firefox\Profiles\svx4vmkt.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.127:C:\Documents and Settings\Christian\Application Data\Mozilla\Firefox\Profiles\svx4vmkt.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.128:C:\Documents and Settings\Christian\Application Data\Mozilla\Firefox\Profiles\svx4vmkt.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.129:C:\Documents and Settings\Christian\Application Data\Mozilla\Firefox\Profiles\svx4vmkt.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.130:C:\Documents and Settings\Christian\Application Data\Mozilla\Firefox\Profiles\svx4vmkt.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.223:C:\Documents and Settings\Christian\Application Data\Mozilla\Firefox\Profiles\svx4vmkt.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.480:C:\Documents and Settings\Christian\Application Data\Mozilla\Firefox\Profiles\svx4vmkt.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.624:C:\Documents and Settings\Christian\Application Data\Mozilla\Firefox\Profiles\svx4vmkt.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.438:C:\Documents and Settings\Christian\Application Data\Mozilla\Firefox\Profiles\svx4vmkt.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.439:C:\Documents and Settings\Christian\Application Data\Mozilla\Firefox\Profiles\svx4vmkt.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.301:C:\Documents and Settings\Christian\Application Data\Mozilla\Firefox\Profiles\svx4vmkt.default\cookies.txt -> TrackingCookie.Adbureau : Cleaned.
:mozilla.91:C:\Documents and Settings\Christian\Application Data\Mozilla\Firefox\Profiles\svx4vmkt.default\cookies.txt -> TrackingCookie.Addynamix : Cleaned.
:mozilla.58:C:\Documents and Settings\Christian\Application Data\Mozilla\Firefox\Profiles\svx4vmkt.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.59:C:\Documents and Settings\Christian\Application Data\Mozilla\Firefox\Profiles\svx4vmkt.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.60:C:\Documents and Settings\Christian\Application Data\Mozilla\Firefox\Profiles\svx4vmkt.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.61:C:\Documents and Settings\Christian\Application Data\Mozilla\Firefox\Profiles\svx4vmkt.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.65:C:\Documents and Settings\Christian\Application Data\Mozilla\Firefox\Profiles\svx4vmkt.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.68:C:\Documents and Settings\Christian\Application Data\Mozilla\Firefox\Profiles\svx4vmkt.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.783:C:\Documents and Settings\Christian\Application Data\Mozilla\Firefox\Profiles\svx4vmkt.default\cookies.txt -> TrackingCookie.Adserver : Cleaned.
:mozilla.785:C:\Documents and Settings\Christian\Application Data\Mozilla\Firefox\Profiles\svx4vmkt.default\cookies.txt -> TrackingCookie.Adserver : Cleaned.
:mozilla.76:C:\Documents and Settings\Christian\Application Data\Mozilla\Firefox\Profiles\svx4vmkt.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.77:C:\Documents and Settings\Christian\Application Data\Mozilla\Firefox\Profiles\svx4vmkt.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.78:C:\Documents and Settings\Christian\Application Data\Mozilla\Firefox\Profiles\svx4vmkt.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.79:C:\Documents and Settings\Christian\Application Data\Mozilla\Firefox\Profiles\svx4vmkt.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.80:C:\Documents and Settings\Christian\Application Data\Mozilla\Firefox\Profiles\svx4vmkt.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.50:C:\Documents and Settings\Christian\Application Data\Mozilla\Firefox\Profiles\svx4vmkt.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Christian\Local Settings\Temp\Cookies\christian@ads15.bpath[2].txt -> TrackingCookie.Bpath : Cleaned.
:mozilla.85:C:\Documents and Settings\Christian\Application Data\Mozilla\Firefox\Profiles\svx4vmkt.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.86:C:\Documents and Settings\Christian\Application Data\Mozilla\Firefox\Profiles\svx4vmkt.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.87:C:\Documents and Settings\Christian\Application Data\Mozilla\Firefox\Profiles\svx4vmkt.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.88:C:\Documents and Settings\Christian\Application Data\Mozilla\Firefox\Profiles\svx4vmkt.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.89:C:\Documents and Settings\Christian\Application Data\Mozilla\Firefox\Profiles\svx4vmkt.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.90:C:\Documents and Settings\Christian\Application Data\Mozilla\Firefox\Profiles\svx4vmkt.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.224:C:\Documents and Settings\Christian\Application Data\Mozilla\Firefox\Profiles\svx4vmkt.default\cookies.txt -> TrackingCookie.Cnn : Cleaned.
:mozilla.275:C:\Documents and Settings\Christian\Application Data\Mozilla\Firefox\Profiles\svx4vmkt.default\cookies.txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Christian\Cookies\christian@com[1].txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Christian\Local Settings\Temp\Cookies\christian@com[1].txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Christian\Local Settings\Temp\Cookies\christian@google-cnet.com[1].txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Guest\Cookies\guest@com[2].txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Christian\Cookies\christian@connextra[2].txt -> TrackingCookie.Connextra : Cleaned.
C:\Documents and Settings\Christian\Cookies\christian@data.coremetrics[1].txt -> TrackingCookie.Coremetrics : Cleaned.
C:\Documents and Settings\Christian\Cookies\christian@twci.coremetrics[1].txt -> TrackingCookie.Coremetrics : Cleaned.
C:\Documents and Settings\Christian\Local Settings\Temp\Cookies\christian@data.coremetrics[1].txt -> TrackingCookie.Coremetrics : Cleaned.
:mozilla.49:C:\Documents and Settings\Christian\Application Data\Mozilla\Firefox\Profiles\svx4vmkt.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.485:C:\Documents and Settings\Christian\Application Data\Mozilla\Firefox\Profiles\svx4vmkt.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.486:C:\Documents and Settings\Christian\Application Data\Mozilla\Firefox\Profiles\svx4vmkt.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.487:C:\Documents and Settings\Christian\Application Data\Mozilla\Firefox\Profiles\svx4vmkt.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.146:C:\Documents and Settings\Christian\Application Data\Mozilla\Firefox\Profiles\svx4vmkt.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.135:C:\Documents and Settings\Christian\Application Data\Mozilla\Firefox\Profiles\svx4vmkt.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.207:C:\Documents and Settings\Christian\Application Data\Mozilla\Firefox\Profiles\svx4vmkt.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.283:C:\Documents and Settings\Christian\Application Data\Mozilla\Firefox\Profiles\svx4vmkt.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.322:C:\Documents and Settings\Christian\Application Data\Mozilla\Firefox\Profiles\svx4vmkt.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.406:C:\Documents and Settings\Christian\Application Data\Mozilla\Firefox\Profiles\svx4vmkt.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.734:C:\Documents and Settings\Christian\Application Data\Mozilla\Firefox\Profiles\svx4vmkt.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.213:C:\Documents and Settings\Christian\Application Data\Mozilla\Firefox\Profiles\svx4vmkt.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.37:C:\Documents and Settings\Christian\Application Data\Mozilla\Firefox\Profiles\svx4vmkt.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.38:C:\Documents and Settings\Christian\Application Data\Mozilla\Firefox\Profiles\svx4vmkt.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.39:C:\Documents and Settings\Christian\Application Data\Mozilla\Firefox\Profiles\svx4vmkt.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.553:C:\Documents and Settings\Christian\Application Data\Mozilla\Firefox\Profiles\svx4vmkt.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.554:C:\Documents and Settings\Christian\Application Data\Mozilla\Firefox\Profiles\svx4vmkt.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.709:C:\Documents and Settings\Christian\Application Data\Mozilla\Firefox\Profiles\svx4vmkt.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.710:C:\Documents and Settings\Christian\Application Data\Mozilla\Firefox\Profiles\svx4vmkt.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.746:C:\Documents and Settings\Christian\Application Data\Mozilla\Firefox\Profiles\svx4vmkt.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.747:C:\Documents and Settings\Christian\Application Data\Mozilla\Firefox\Profiles\svx4vmkt.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.413:C:\Documents and Settings\Christian\Application Data\Mozilla\Firefox\Profiles\svx4vmkt.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.415:C:\Documents and Settings\Christian\Application Data\Mozilla\Firefox\Profiles\svx4vmkt.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.236:C:\Documents and Settings\Christian\Application Data\Mozilla\Firefox\Profiles\svx4vmkt.default\cookies.txt -> TrackingCookie.Information : Cleaned.
C:\Documents and Settings\Christian\Cookies\christian@intelli-direct[1].txt -> TrackingCookie.Intelli-direct : Cleaned.
C:\Documents and Settings\Christian\Cookies\christian@search.live[2].txt -> TrackingCookie.Live : Cleaned.
:mozilla.539:C:\Documents and Settings\Christian\Application Data\Mozilla\Firefox\Profiles\svx4vmkt.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.541:C:\Documents and Settings\Christian\Application Data\Mozilla\Firefox\Profiles\svx4vmkt.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.167:C:\Documents and Settings\Christian\Application Data\Mozilla\Firefox\Profiles\svx4vmkt.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.168:C:\Documents and Settings\Christian\Application Data\Mozilla\Firefox\Profiles\svx4vmkt.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Christian\Cookies\christian@search.msn[1].txt -> TrackingCookie.Msn : Cleaned.
C:\Documents and Settings\Christian\Cookies\christian@www.myaffiliateprogram[1].txt -> TrackingCookie.Myaffiliateprogram : Cleaned.
:mozilla.246:C:\Documents and Settings\Christian\Application Data\Mozilla\Firefox\Profiles\svx4vmkt.default\cookies.txt -> TrackingCookie.Netflame : Cleaned.
:mozilla.247:C:\Documents and Settings\Christian\Application Data\Mozilla\Firefox\Profiles\svx4vmkt.default\cookies.txt -> TrackingCookie.Netflame : Cleaned.
C:\Documents and Settings\Christian\Cookies\christian@ssl-hints.netflame[2].txt -> TrackingCookie.Netflame : Cleaned.
:mozilla.288:C:\Documents and Settings\Christian\Application Data\Mozilla\Firefox\Profiles\svx4vmkt.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.329:C:\Documents and Settings\Christian\Application Data\Mozilla\Firefox\Profiles\svx4vmkt.default\cookies.txt -> TrackingCookie.Paypal : Cleaned.
C:\Documents and Settings\Christian\Cookies\christian@www.paypal[1].txt -> TrackingCookie.Paypal : Cleaned.
:mozilla.314:C:\Documents and Settings\Christian\Application Data\Mozilla\Firefox\Profiles\svx4vmkt.default\cookies.txt -> TrackingCookie.Pstats : Cleaned.
:mozilla.143:C:\Documents and Settings\Christian\Application Data\Mozilla\Firefox\Profiles\svx4vmkt.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.144:C:\Documents and Settings\Christian\Application Data\Mozilla\Firefox\Profiles\svx4vmkt.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.145:C:\Documents and Settings\Christian\Application Data\Mozilla\Firefox\Profiles\svx4vmkt.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.529:C:\Documents and Settings\Christian\Application Data\Mozilla\Firefox\Profiles\svx4vmkt.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.530:C:\Documents and Settings\Christian\Application Data\Mozilla\Firefox\Profiles\svx4vmkt.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.531:C:\Documents and Settings\Christian\Application Data\Mozilla\Firefox\Profiles\svx4vmkt.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.323:C:\Documents and Settings\Christian\Application Data\Mozilla\Firefox\Profiles\svx4vmkt.default\cookies.txt -> TrackingCookie.Realtracker : Cleaned.
:mozilla.508:C:\Documents and Settings\Christian\Application Data\Mozilla\Firefox\Profiles\svx4vmkt.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.509:C:\Documents and Settings\Christian\Application Data\Mozilla\Firefox\Profiles\svx4vmkt.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.510:C:\Documents and Settings\Christian\Application Data\Mozilla\Firefox\Profiles\svx4vmkt.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.511:C:\Documents and Settings\Christian\Application Data\Mozilla\Firefox\Profiles\svx4vmkt.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.512:C:\Documents and Settings\Christian\Application Data\Mozilla\Firefox\Profiles\svx4vmkt.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.235:C:\Documents and Settings\Christian\Application Data\Mozilla\Firefox\Profiles\svx4vmkt.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.27:C:\Documents and Settings\Christian\Application Data\Mozilla\Firefox\Profiles\svx4vmkt.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.28:C:\Documents and Settings\Christian\Application Data\Mozilla\Firefox\Profiles\svx4vmkt.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.29:C:\Documents and Settings\Christian\Application Data\Mozilla\Firefox\Profiles\svx4vmkt.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.30:C:\Documents and Settings\Christian\Application Data\Mozilla\Firefox\Profiles\svx4vmkt.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.31:C:\Documents and Settings\Christian\Application Data\Mozilla\Firefox\Profiles\svx4vmkt.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.32:C:\Documents and Settings\Christian\Application Data\Mozilla\Firefox\Profiles\svx4vmkt.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.33:C:\Documents and Settings\Christian\Application Data\Mozilla\Firefox\Profiles\svx4vmkt.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.450:C:\Documents and Settings\Christian\Application Data\Mozilla\Firefox\Profiles\svx4vmkt.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.451:C:\Documents and Settings\Christian\Application Data\Mozilla\Firefox\Profiles\svx4vmkt.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.417:C:\Documents and Settings\Christian\Application Data\Mozilla\Firefox\Profiles\svx4vmkt.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.418:C:\Documents and Settings\Christian\Application Data\Mozilla\Firefox\Profiles\svx4vmkt.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.419:C:\Documents and Settings\Christian\Application Data\Mozilla\Firefox\Profiles\svx4vmkt.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.420:C:\Documents and Settings\Christian\Application Data\Mozilla\Firefox\Profiles\svx4vmkt.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.421:C:\Documents and Settings\Christian\Application Data\Mozilla\Firefox\Profiles\svx4vmkt.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.422:C:\Documents and Settings\Christian\Application Data\Mozilla\Firefox\Profiles\svx4vmkt.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.297:C:\Documents and Settings\Christian\Application Data\Mozilla\Firefox\Profiles\svx4vmkt.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.298:C:\Documents and Settings\Christian\Application Data\Mozilla\Firefox\Profiles\svx4vmkt.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
C:\Documents and Settings\Christian\Cookies\christian@forum.skype[1].txt -> TrackingCookie.Skype : Cleaned.
C:\Documents and Settings\Christian\Cookies\christian@secure.skype[1].txt -> TrackingCookie.Skype : Cleaned.
C:\Documents and Settings\Christian\Cookies\christian@site.skype[2].txt -> TrackingCookie.Skype : Cleaned.
C:\Documents and Settings\Christian\Cookies\christian@skype[1].txt -> TrackingCookie.Skype : Cleaned.
:mozilla.62:C:\Documents and Settings\Christian\Application Data\Mozilla\Firefox\Profiles\svx4vmkt.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.63:C:\Documents and Settings\Christian\Application Data\Mozilla\Firefox\Profiles\svx4vmkt.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.64:C:\Documents and Settings\Christian\Application Data\Mozilla\Firefox\Profiles\svx4vmkt.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.66:C:\Documents and Settings\Christian\Application Data\Mozilla\Firefox\Profiles\svx4vmkt.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.67:C:\Documents and Settings\Christian\Application Data\Mozilla\Firefox\Profiles\svx4vmkt.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.69:C:\Documents and Settings\Christian\Application Data\Mozilla\Firefox\Profiles\svx4vmkt.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.70:C:\Documents and Settings\Christian\Application Data\Mozilla\Firefox\Profiles\svx4vmkt.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.71:C:\Documents and Settings\Christian\Application Data\Mozilla\Firefox\Profiles\svx4vmkt.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.72:C:\Documents and Settings\Christian\Application Data\Mozilla\Firefox\Profiles\svx4vmkt.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.73:C:\Documents and Settings\Christian\Application Data\Mozilla\Firefox\Profiles\svx4vmkt.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.74:C:\Documents and Settings\Christian\Application Data\Mozilla\Firefox\Profiles\svx4vmkt.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.209:C:\Documents and Settings\Christian\Application Data\Mozilla\Firefox\Profiles\svx4vmkt.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.51:C:\Documents and Settings\Christian\Application Data\Mozilla\Firefox\Profiles\svx4vmkt.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.52:C:\Documents and Settings\Christian\Application Data\Mozilla\Firefox\Profiles\svx4vmkt.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.53:C:\Documents and Settings\Christian\Application Data\Mozilla\Firefox\Profiles\svx4vmkt.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.54:C:\Documents and Settings\Christian\Application Data\Mozilla\Firefox\Profiles\svx4vmkt.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.55:C:\Documents and Settings\Christian\Application Data\Mozilla\Firefox\Profiles\svx4vmkt.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.56:C:\Documents and Settings\Christian\Application Data\Mozilla\Firefox\Profiles\svx4vmkt.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.57:C:\Documents and Settings\Christian\Application Data\Mozilla\Firefox\Profiles\svx4vmkt.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Christian\Cookies\christian@trafic[1].txt -> TrackingCookie.Trafic : Cleaned.
:mozilla.161:C:\Documents and Settings\Christian\Application Data\Mozilla\Firefox\Profiles\svx4vmkt.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.721:C:\Documents and Settings\Christian\Application Data\Mozilla\Firefox\Profiles\svx4vmkt.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.722:C:\Documents and Settings\Christian\Application Data\Mozilla\Firefox\Profiles\svx4vmkt.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.723:C:\Documents and Settings\Christian\Application Data\Mozilla\Firefox\Profiles\svx4vmkt.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.724:C:\Documents and Settings\Christian\Application Data\Mozilla\Firefox\Profiles\svx4vmkt.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.725:C:\Documents and Settings\Christian\Application Data\Mozilla\Firefox\Profiles\svx4vmkt.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.726:C:\Documents and Settings\Christian\Application Data\Mozilla\Firefox\Profiles\svx4vmkt.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.258:C:\Documents and Settings\Christian\Application Data\Mozilla\Firefox\Profiles\svx4vmkt.default\cookies.txt -> TrackingCookie.Webtrends : Cleaned.
C:\Documents and Settings\Christian\Cookies\christian@m.webtrends[2].txt -> TrackingCookie.Webtrends : Cleaned.
:mozilla.194:C:\Documents and Settings\Christian\Application Data\Mozilla\Firefox\Profiles\svx4vmkt.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.778:C:\Documents and Settings\Christian\Application Data\Mozilla\Firefox\Profiles\svx4vmkt.default\cookies.txt -> TrackingCookie.Xxxcounter : Cleaned.
:mozilla.765:C:\Documents and Settings\Christian\Application Data\Mozilla\Firefox\Profiles\svx4vmkt.default\cookies.txt -> TrackingCookie.Yadro : Cleaned.
:mozilla.669:C:\Documents and Settings\Christian\Application Data\Mozilla\Firefox\Profiles\svx4vmkt.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.670:C:\Documents and Settings\Christian\Application Data\Mozilla\Firefox\Profiles\svx4vmkt.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.169:C:\Documents and Settings\Christian\Application Data\Mozilla\Firefox\Profiles\svx4vmkt.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.170:C:\Documents and Settings\Christian\Application Data\Mozilla\Firefox\Profiles\svx4vmkt.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.171:C:\Documents and Settings\Christian\Application Data\Mozilla\Firefox\Profiles\svx4vmkt.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.172:C:\Documents and Settings\Christian\Application Data\Mozilla\Firefox\Profiles\svx4vmkt.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.173:C:\Documents and Settings\Christian\Application Data\Mozilla\Firefox\Profiles\svx4vmkt.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.


::Report end

[Jackhole]

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 07/01/2007 at 01:36 AM

Application Version : 3.9.1008

Core Rules Database Version : 3261
Trace Rules Database Version: 1272

Scan type : Complete Scan
Total Scan Time : 01:32:09

Memory items scanned : 593
Memory threats detected : 0
Registry items scanned : 7304
Registry threats detected : 0
File items scanned : 50468
File threats detected : 12

Adware.Tracking Cookie
C:\Documents and Settings\Christian\Cookies\christian@questionmarket[2].txt
C:\Documents and Settings\Christian\Cookies\christian@zedo[1].txt
C:\Documents and Settings\Christian\Cookies\christian@msnportal.112.2o7[1].txt
C:\Documents and Settings\Christian\Cookies\christian@mediaplex[1].txt
C:\Documents and Settings\Christian\Cookies\christian@advertising[1].txt
C:\Documents and Settings\Christian\Cookies\christian@ad.yieldmanager[1].txt
C:\Documents and Settings\Christian\Cookies\christian@ad[2].txt
C:\Documents and Settings\Christian\Cookies\christian@tacoda[1].txt
C:\Documents and Settings\Christian\Cookies\christian@doubleclick[1].txt
C:\Documents and Settings\Christian\Cookies\christian@atdmt[2].txt
C:\Documents and Settings\Christian\Cookies\christian@ads.pointroll[1].txt
C:\Documents and Settings\Christian\Cookies\christian@2o7[1].txt

[Jackhole]

Everything does seem to be back to normal now. Thanks for the expert help!