When my computer starts up it has a message say that "your computer is infected" it has a red circle and a white cross in the middle.I've tried adware and virus scans but when i delete what shows up and reboot the infection is still there? also the computer runs very slow and every time i open internet explorer it closes down by its self.I have no idea but i cant remove my Norton Internet Security

Logfile of HijackThis v1.99.1
Scan saved at 6:47:20 PM, on 12/03/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\PRTG Traffic Grapher\PRTG Traffic Grapher.exe
C:\Program Files\PRTG Traffic Grapher\PRTG Traffic Grapher.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\windows\system\hpsysdrv.exe
C:\Windows\system32\HpSrvUI.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe
C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
C:\WINDOWS\system32\sistray.EXE
C:\WINPENJR\Win32\pphidpad.exe
C:\Program Files\CA\eTrust PestPatrol\PPActiveDetection.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Lexmark 4200 Series\lxbmbmon.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\ICQLite\ICQLite.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\DOCUME~1\K-SPAR~1\LOCALS~1\Temp\vsp9enus.tmp\setup.exe
c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Aws\WeatherBug\weatherbug.exe
C:\WINDOWS\XBLKg_free_trialcard.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Windows\xpupdate.exe
C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SAdBlock.exe
C:\DOCUME~1\K-SPAR~1\LOCALS~1\Temp\vsp9enus.tmp\mcappins.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\Apple Computer\DVD@ccess\DVDAccess.exe
C:\WINPENJR\Win32\acremchk.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\LimeWire\3.3.5\LimeWire.exe
C:\Program Files\MiniPopupKiller\mpk.exe
C:\Program Files\MSN Messenger\MSNP13Downgrader.exe
C:\PROGRA~1\SOFTWA~1\soproc.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\program files\mcafee.com\shared\mghtml.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://faxmnsgcymjm.net/DSjtltJc/tot.../DhSBzo9cN.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by OptusNet Cable
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = ;localhost;<local>
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=explorer.exe "
F3 - REG:win.ini: run=C:\WINDOWS\inet20091\services.exe
O2 - BHO: SuperAdBlockerBHO Class - {00000000-6C30-11D8-9363-000AE6309654} - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: ClosePopup Class - {2645D297-DD4B-4DD3-BAB0-34D4BB8F7EE6} - C:\Program Files\MiniPopupKiller\cpw.dll
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: (no name) - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: TChkBHO Class - {8181D787-A7EE-45C8-B6F1-5EAE5CDB4B74} - C:\WINDOWS\system32\nvilgo.dll (file missing)
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-au\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {C2EEB4FA-B6D6-41b9-9CFA-ABA87F862BCB} - (no file)
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: ninemsn - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-au\msntb.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - (no file)
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O3 - Toolbar: Super Ad Blocker Toolbar - {B4B3001E-0F56-4E51-8250-BDE11547EC55} - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\sabtb.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [hp Silent Service] C:\Windows\system32\HpSrvUI.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Lexmark 4200 Series] "C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [Fs1lmF0ÔÁÐ]§ú"ü‰üžiC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\wmvuuxrq.exe
O4 - HKLM\..\Run: [Fs1lmF0Ô*ú*ÀaîžaaøYC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\wmvuuxrq.exe
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\system32\khooker.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\system32\sistray.EXE
O4 - HKLM\..\Run: [Á³# K"h'þ9Óœ÷3rÅWC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\wmvuuxrq.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [PPHIDPAD] C:\WINPENJR\Win32\pphidpad.exe
O4 - HKLM\..\Run: [4fba9f4v] C:\WINDOWS\system32\4fba9f4v.exe
O4 - HKLM\..\Run: [SpySpotter System Defender] C:\Program Files\SpySpotter3\Defender.exe -startup
O4 - HKLM\..\Run: [eTrust PestPatrol Active Protection] "C:\Program Files\CA\eTrust PestPatrol\PPActiveDetection.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [IS CfgWiz] C:\Program Files\Norton Internet Security\cfgwiz.exe /GUID {257BBC47-1B26-432e-9F84-188603799DD3} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [ifmzsr] C:\WINDOWS\ifmzsr.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [VSProSetup] C:\DOCUME~1\K-SPAR~1\LOCALS~1\Temp\vsp9enus.tmp\setup.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [AMonitor] C:\Program Files\Tiny Firewall Pro\amon.exe
O4 - HKCU\..\Run: [SOProc_RegSoAlertWxLiteNnAj] rundll32 shell32.dll,ShellExec_RunDLL C:\PROGRA~1\SOFTWA~1\soproc.exe -pack RegSoAlertWxLiteNnAj
O4 - HKCU\..\Run: [WeatherBug] C:\Program Files\Aws\WeatherBug\weatherbug.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [autoexec] C:\WINDOWS\XBLKg_free_trialcard.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe
O4 - HKCU\..\Run: [SuperAdBlocker] C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SAdBlock.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\3.3.5\LimeWire.exe
O4 - Startup: Mpk.lnk = C:\Program Files\MiniPopupKiller\mpk.exe
O4 - Startup: MSNP13 Downgrader.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: DVD@ccess.lnk = ?
O4 - Global Startup: PenPower Email Touchpad.lnk = ?
O4 - Global Startup: PenPower PenKeyboard.lnk = C:\WINPENJR\win32\penkeybd.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Web Rebates. - file://C:\Program Files\WebRebates4\websrebates\webtrebates\toprC0.h tm
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www
O16 - DPF: ConferenceRoom Java Client - http://chat.bigpond.com/java/cr.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15009/CTSUEng.cab
O16 - DPF: {0D62A517-E7C6-4E1F-A577-07D4AC549A48} (Progetto1.int_ver32) - http://advnt01.com/dialer/int_ver32b.CAB
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?link...67&clcid=0x409
O16 - DPF: {2B36F775-8CF5-4489-B454-2D1B80984CF2} (FXPluginCtl Object) - http://www.powerflasher.de/plugin/powerres.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z.net/content.info...TunesSetup.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {58172624-85DD-4482-9E64-02ADCA637E96} (shizmoo Class) - http://www.shizmoo.com/activex/web665.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {771A1334-6B08-4A6B-AEDC-CF994BA2CEBE} - http://www.ysbweb.com/ist/softwares/...sb_regular.cab
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} - http://dm.screensavers.com/dm/instal...sinstaller.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {A1426AC5-8CE5-4A00-B71E-011D35709AC6} (Progetto1.int_ver34) - http://advnt01.com/dialer/int_ver34.CAB
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab32846.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15010/CTPID.cab
O18 - Protocol: bt2 - {1730B77B-F429-498F-9B15-4514D83C8294} - C:\PROGRA~1\BT2Net\BT2PLU~1.DLL (file missing)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Filter: application/x-bt2 - {6E1DDCE8-76BC-4390-9488-806E8FB1AD77} - C:\PROGRA~1\BT2Net\BT2PLU~1.DLL
O20 - Winlogon Notify: gdimxp - C:\WINDOWS\SYSTEM32\gdimxp.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: SABWinLogon - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABWINLO.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PRTG Service - Paessler Router Traffic Grapher (PRTGService) - Paessler GmbH - C:\Program Files\PRTG Traffic Grapher\PRTG Traffic Grapher.exe
O23 - Service: Super Ad Blocker Service (SABSVC) - SuperAdBlocker.com - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE

Please disable or temporarily uninstall:

MiniPopupKiller
Adblocker



You are not running HijackThis (HJT) from a desired location. You really need to setup a dedicated folder for HJT items – to avoid horrible clutter and potential lost backup issues.

It's best that the HijackThis tool NOT be located in its current location (particularly on your Desktop or in a TEMP folder). This way you can more easily undo any changes if something goes wrong.

Create a new folder in your C: Drive. Name it HJT (or HijackThis) such as C:\Program Files\HJT, C:\HJT and move the HijackThis.exe file in it. Run HJT from there (and revise your shortcut accordingly).




See if you can run the following scan:

Please download, install, update and scan your system with the free (trial) version of Ewido trojan scanner:

1. When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
2. When you run ewido for the first time, you will get a warning "Database could not be found!". Click OK. We will fix this in a moment.
3. From the main ewido screen, click on update in the left menu, then click the Start update button.
4. After the update finishes (the status bar at the bottom will display "Update successful"), click on the Scanner button in the left menu, then click on the Start button. This scan can take quite a while to run, so time to go get a drink and a snack....
5. If ewido finds anything, it will pop up a notification. You can select "clean" and check the boxes "Perform action with all infections" and "Create encrypted backup" before clicking on OK.
6. When the scan finishes, click on "Save Report". This will create a text file. Please then paste the contents of the text file to this thread.

Read over the following directions. Ask if anything appears unclear to you.


Download Clean.bat to your desktop: for later use to clean out your TEMPORARY and PREFETCH files.
http://www.thatcomputerguy.us/downloads/clean.bat



We will be restarting into Safe Mode later on in the fix and you might not be able to access the Internet. Accordingly, it is probably a good idea to print out the following directions or copy them to a text file on your desktop using NOTEPAD. Read these instructions carefully and feel free to ask if you're unsure about anything.




HIDDEN FILES: To make sure you can see all hidden files, please follow the directions here

SAFEMODE: Boot into safe mode by tapping the F8 key at restart and choosing 'safe mode' menu option (explained here if needed).



Delete TEMPORARY FILES: Now, hunt down the most common temporary file locations and the temporary file clutter contained therein (and of possible malware hiding places):

Go to Start > Run and type: CLEANMGR.EXE and hit enter.
When prompted select the C: drive and click ok.
Check the boxes for:

• Temporary Internet Files
• Downloaded Program Files
• Recycle Bin
• Temporary Files

Click OK or Enter

For additional, more thorough cleaning and for multi-profile user configurations:
(*) Run Clean.bat to clean up your TEMPorary files.

***** Clean out the Recycle Bin for items removed below, ONLY once you have regained the full functional use of your PC.




Navigate to these files or folders using Windows Explorer (OR Start -> Search) and delete (if present):


DELETE APPLICATION FOLDERS:

1. Go to Add/Remove Programs

1. In Control Panel>Add/Remove Programs look for any CLEARLY related entries for unwanted items listed below (or anything else you need to investigate or did not put in there).
   
   
2. UNINSTALLER Alternate SEARCH: Otherwise, advisable to locate and try right-clicking on any of the given SEARCH FOLDER items below and further search (tick include subdirectories) for the following exact text:
   
   UN*.EXE, *UN*.EXE
   
   This may reveal an uninstaller with label terms such as '...uninstall...EXE', ‘unins000’, or 'unwise.EXE'. Double-click that EXE, if one is found, to remove that particular FOLDER and it contents. Thereafter, check to ensure that the folder is completely gone. Otherwise, consider deleting the folder in question.

-----> C:\Program Files\ISTsvc
-----> C:\Program Files\SpySpotter3
-----> C:\Program Files\MessengerPlus! 3
-----> C:\Program Files\WebRebates4


POST A REVISED HIJACKTHIS LOG for review:
Reboot and post a new HijackThis log with any feedback as appropriate - how things are now behaving: any new or remaining apparent issues.

Sorry Vince didn't see you.

The problem is still their it still says "your computer is infected ect:" I i found a file call E-nrgyPlus ? but here are logs i am unable to put the scan report but i loaded it on ysi =http://s7.yousendit.com/d.aspx?id=2M...92MHPJDSYRL3RQ I dont understander this part

[# UNINSTALLER Alternate SEARCH: Otherwise, advisable to locate and try right-clicking on any of the given SEARCH FOLDER items below and further search (tick include subdirectories) for the following exact text:

UN*.EXE, *UN*.EXE

This may reveal an uninstaller with label terms such as '...uninstall...EXE', ‘unins000’, or 'unwise.EXE'. Double-click that EXE, if one is found, to remove that particular FOLDER and it contents. Thereafter, check to ensure that the folder is completely gone. Otherwise, consider deleting the folder in question.]

Logfile of HijackThis v1.99.1
Scan saved at 5:39:50 PM, on 13/03/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\PRTG Traffic Grapher\PRTG Traffic Grapher.exe
C:\Program Files\PRTG Traffic Grapher\PRTG Traffic Grapher.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\windows\system\hpsysdrv.exe
C:\Windows\system32\HpSrvUI.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
C:\WINPENJR\Win32\pphidpad.exe
C:\Program Files\CA\eTrust PestPatrol\PPActiveDetection.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\ICQLite\ICQLite.exe
C:\DOCUME~1\K-SPAR~1\LOCALS~1\Temp\vsp9enus.tmp\setup.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Aws\WeatherBug\weatherbug.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Windows\xpupdate.exe
C:\Program Files\Apple Computer\DVD@ccess\DVDAccess.exe
C:\WINPENJR\Win32\acremchk.exe
C:\Program Files\LimeWire\3.3.5\LimeWire.exe
C:\Program Files\MSN Messenger\MSNP13Downgrader.exe
C:\Program Files\Lexmark 4200 Series\lxbmbmon.exe
C:\DOCUME~1\K-SPAR~1\LOCALS~1\Temp\vsp9enus.tmp\mcappins.exe
C:\PROGRA~1\SOFTWA~1\soproc.exe
c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\mcafee.com\shared\mghtml.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://faxmnsgcymjm.net/DSjtltJc/tot.../DhSBzo9cN.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by OptusNet Cable
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = ;localhost;<local>
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=explorer.exe "
F3 - REG:win.ini: run=C:\WINDOWS\inet20091\services.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: (no name) - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: TChkBHO Class - {8181D787-A7EE-45C8-B6F1-5EAE5CDB4B74} - C:\WINDOWS\system32\nvilgo.dll (file missing)
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-au\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: ninemsn - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-au\msntb.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - (no file)
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [hp Silent Service] C:\Windows\system32\HpSrvUI.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Lexmark 4200 Series] "C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [Fs1lmF0ÔÁÐ]§ú"ü‰üžiC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\wmvuuxrq.exe
O4 - HKLM\..\Run: [Fs1lmF0Ô*ú*ÀaîžaaøYC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\wmvuuxrq.exe
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\system32\khooker.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
O4 - HKLM\..\Run: [Á³# K"h'þ9Óœ÷3rÅWC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\wmvuuxrq.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [PPHIDPAD] C:\WINPENJR\Win32\pphidpad.exe
O4 - HKLM\..\Run: [4fba9f4v] C:\WINDOWS\system32\4fba9f4v.exe
O4 - HKLM\..\Run: [SpySpotter System Defender] C:\Program Files\SpySpotter3\Defender.exe -startup
O4 - HKLM\..\Run: [eTrust PestPatrol Active Protection] "C:\Program Files\CA\eTrust PestPatrol\PPActiveDetection.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [IS CfgWiz] C:\Program Files\Norton Internet Security\cfgwiz.exe /GUID {257BBC47-1B26-432e-9F84-188603799DD3} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [ifmzsr] C:\WINDOWS\ifmzsr.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [VSProSetup] C:\DOCUME~1\K-SPAR~1\LOCALS~1\Temp\vsp9enus.tmp\setup.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [AMonitor] C:\Program Files\Tiny Firewall Pro\amon.exe
O4 - HKCU\..\Run: [SOProc_RegSoAlertWxLiteNnAj] rundll32 shell32.dll,ShellExec_RunDLL C:\PROGRA~1\SOFTWA~1\soproc.exe -pack RegSoAlertWxLiteNnAj
O4 - HKCU\..\Run: [WeatherBug] C:\Program Files\Aws\WeatherBug\weatherbug.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\3.3.5\LimeWire.exe
O4 - Startup: Mpk.lnk = C:\Program Files\MiniPopupKiller\mpk.exe
O4 - Startup: MSNP13 Downgrader.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: DVD@ccess.lnk = ?
O4 - Global Startup: PenPower Email Touchpad.lnk = ?
O4 - Global Startup: PenPower PenKeyboard.lnk = C:\WINPENJR\win32\penkeybd.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Web Rebates. - file://C:\Program Files\WebRebates4\websrebates\webtrebates\toprC0.h tm
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www
O16 - DPF: ConferenceRoom Java Client - http://chat.bigpond.com/java/cr.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15009/CTSUEng.cab
O16 - DPF: {0D62A517-E7C6-4E1F-A577-07D4AC549A48} (Progetto1.int_ver32) - http://advnt01.com/dialer/int_ver32b.CAB
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?link...67&clcid=0x409
O16 - DPF: {2B36F775-8CF5-4489-B454-2D1B80984CF2} (FXPluginCtl Object) - http://www.powerflasher.de/plugin/powerres.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z.net/content.info...TunesSetup.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {58172624-85DD-4482-9E64-02ADCA637E96} (shizmoo Class) - http://www.shizmoo.com/activex/web665.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {771A1334-6B08-4A6B-AEDC-CF994BA2CEBE} - http://www.ysbweb.com/ist/softwares/...sb_regular.cab
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} - http://dm.screensavers.com/dm/instal...sinstaller.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {A1426AC5-8CE5-4A00-B71E-011D35709AC6} (Progetto1.int_ver34) - http://advnt01.com/dialer/int_ver34.CAB
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab32846.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15010/CTPID.cab
O18 - Protocol: bt2 - {1730B77B-F429-498F-9B15-4514D83C8294} - C:\PROGRA~1\BT2Net\BT2PLU~1.DLL (file missing)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Filter: application/x-bt2 - {6E1DDCE8-76BC-4390-9488-806E8FB1AD77} - C:\PROGRA~1\BT2Net\BT2PLU~1.DLL
O20 - Winlogon Notify: gdimxp - C:\WINDOWS\SYSTEM32\gdimxp.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PRTG Service - Paessler Router Traffic Grapher (PRTGService) - Paessler GmbH - C:\Program Files\PRTG Traffic Grapher\PRTG Traffic Grapher.exe

i am unable to put the scan report but i loaded it on ysi =http://s7.yousendit.com/d.aspx?id=2...M92MHPJDSYRL3RQ

There was a posting character limit that has been adjusted as of today. Try posting again or post it in multiple posts if necessary (maybe some very valuable feedback there).

The download link that you provided appears to have an unacceptible potential 'drive-by download' risk profile - see the following link. Such a site may be a possible source of infection content and not be trustworthy:

http://www.siteadvisor.com/sites/yousendit.com

This site appears to have a business relationship with Zango, a known provider of adware, spyware or other unwanted programs. Use caution before downloading from this site.

I dont understander this part

[# UNINSTALLER Alternate SEARCH: Otherwise, advisable to locate and try right-clicking on any of the given SEARCH FOLDER items below and further search (tick include subdirectories) for the following exact text:

UN*.EXE, *UN*.EXE

Lets see if the following instructions are any clearer:



For the ‘’Program File’ items of interest, if you can locate a similarly named application in Add/Remove Programs remove it there.

Otherwise, navigate to C:\Program Files in WINDOWS EXPLORER (or use <‘Windows Key’>+<E>).
Right-click on the ‘Program Files’ FOLDER and select ‘FIND’.


Search for files with the following exact text (paste that exact text in the search box):

*UNI*.EXE, *UNW*.EXE

For any ‘Program File’ FOLDERS of interest: --- If you can locate a file that has the following terms such as '...uninstall...EXE', ‘unins000’, or 'unwise.EXE', you have located an uninstaller for that application. Double-click that EXE, if one is found, to remove that particular application FOLDER and it contents. Thereafter, check to ensure that the folder of interest is completely gone. Otherwise, consider deleting the folder in question.





SELECT HijackThis FIX ITEMS: Scan with HijackThis and place a check next to these items:

O4 - HKCU\..\Run: [SOPROC_REGSOALERTWXLITENNAJ] rundll32 shell32.dll,ShellExec_RunDLL C:\PROGRA~1\SOFTWA~1\soproc.exe -pack RegSoAlertWxLiteNnAj

O16 - DPF: {0D62A517-E7C6-4E1F-A577-07D4AC549A48} (Progetto1.int_ver32) - http://advnt01.com/dialer/int_ver32b.CAB
O16 - DPF: {771A1334-6B08-4A6B-AEDC-CF994BA2CEBE} - http://www.ysbweb.com/ist/softwares...ysb_regular.cab
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} - http://dm.screensavers.com/dm/insta.../sinstaller.cab

Make sure that all browser windows and internet links are closed, even this one!
CLICK ’FIX CHECKED’ with HijackThis.



POST A REVISED HIJACKTHIS LOG for review:
Reboot and post a new HijackThis log with any feedback as appropriate - how things are now behaving: any new or remaining apparent issues.

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 4:57:20 PM, 13/03/2006
+ Report-Checksum: 5DF3337A

+ Scan result:

HKLM\SOFTWARE\Classes\Replace.HBO -> Adware.CoolWebSearch : Error during cleaning
HKLM\SOFTWARE\Classes\Replace.HBO.1 -> Adware.CoolWebSearch : Error during cleaning
HKLM\SOFTWARE\Classes\ScreensaversInstaller.Instal ler -> Adware.Screensavers : Cleaned with backup
HKLM\SOFTWARE\Classes\ScreensaversInstaller.Instal ler\CLSID -> Adware.Screensavers : Cleaned with backup
HKLM\SOFTWARE\Classes\ScreensaversInstaller.Instal ler\CurVer -> Adware.Screensavers : Cleaned with backup
HKLM\SOFTWARE\Classes\ScreensaversInstaller.Instal ler.1 -> Adware.Screensavers : Cleaned with backup
HKLM\SOFTWARE\Classes\ScreensaversInstaller.Sinsta ller -> Adware.Screensavers : Cleaned with backup
HKLM\SOFTWARE\Classes\ScreensaversInstaller.Sinsta ller\CLSID -> Adware.Screensavers : Cleaned with backup
HKLM\SOFTWARE\Classes\ScreensaversInstaller.Sinsta ller\CurVer -> Adware.Screensavers : Cleaned with backup
HKLM\SOFTWARE\Classes\ScreensaversInstaller.Sinsta ller.1 -> Adware.Screensavers : Cleaned with backup
HKLM\SOFTWARE\FENX -> Dialer.Generic : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Adware.WebRebates : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{C2EEB4FA-B6D6-41b9-9CFA-ABA87F862BCB} -> Adware.Generic : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\Rotue -> Adware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\ScreensaversInstaller -> Adware.Screensavers : Cleaned with backup
HKU\S-1-5-21-181486688-3301028022-890924152-1003\Software\Microsoft\Internet Explorer\Keywords -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-181486688-3301028022-890924152-1003\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{A19EF336-01D4-48E6-926A-FE7E1C747AED} -> Adware.MWSearch : Cleaned with backup
HKU\S-1-5-21-181486688-3301028022-890924152-1003\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{C2EEB4FA-B6D6-41B9-9CFA-ABA87F862BCB} -> Adware.Generic : Cleaned with backup
HKU\S-1-5-21-181486688-3301028022-890924152-1003\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{CA356D79-679B-4B4C-8E49-5AF97014F4C1} -> Adware.Starware : Cleaned with backup
HKU\S-1-5-21-181486688-3301028022-890924152-1003\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{D49E9D35-254C-4C6A-9D17-95018D228FF5} -> Adware.Starware : Cleaned with backup
HKU\S-1-5-21-181486688-3301028022-890924152-1003\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{DA7FF3F8-08BE-4CAC-BC00-94D91C6AE7F4} -> Adware.MWSearch : Cleaned with backup
[3784] C:\WINDOWS\XBLKg_free_trialcard.exe -> Trojan.VB.hn : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\Starware -> Adware.Starware : Cleaned with backup
:mozilla.17:C:\Documents and Settings\k-sparky-k\Application Data\Mozilla\Firefox\Profiles\aybecfz9.Default User\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.18:C:\Documents and Settings\k-sparky-k\Application Data\Mozilla\Firefox\Profiles\aybecfz9.Default User\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.25:C:\Documents and Settings\k-sparky-k\Application Data\Mozilla\Firefox\Profiles\aybecfz9.Default User\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.27:C:\Documents and Settings\k-sparky-k\Application Data\Mozilla\Firefox\Profiles\aybecfz9.Default User\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.31:C:\Documents and Settings\k-sparky-k\Application Data\Mozilla\Firefox\Profiles\aybecfz9.Default User\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.34:C:\Documents and Settings\k-sparky-k\Application Data\Mozilla\Firefox\Profiles\aybecfz9.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.35:C:\Documents and Settings\k-sparky-k\Application Data\Mozilla\Firefox\Profiles\aybecfz9.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.36:C:\Documents and Settings\k-sparky-k\Application Data\Mozilla\Firefox\Profiles\aybecfz9.Default User\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.38:C:\Documents and Settings\k-sparky-k\Application Data\Mozilla\Firefox\Profiles\aybecfz9.Default User\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.39:C:\Documents and Settings\k-sparky-k\Application Data\Mozilla\Firefox\Profiles\aybecfz9.Default User\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.42:C:\Documents and Settings\k-sparky-k\Application Data\Mozilla\Firefox\Profiles\aybecfz9.Default User\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.12:C:\Documents and Settings\k-sparky-k\Application Data\Mozilla\Firefox\Profiles\c1jmjj1g.default\coo kies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.13:C:\Documents and Settings\k-sparky-k\Application Data\Mozilla\Firefox\Profiles\c1jmjj1g.default\coo kies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.19:C:\Documents and Settings\k-sparky-k\Application Data\Mozilla\Firefox\Profiles\c1jmjj1g.default\coo kies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.21:C:\Documents and Settings\k-sparky-k\Application Data\Mozilla\Firefox\Profiles\c1jmjj1g.default\coo kies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.22:C:\Documents and Settings\k-sparky-k\Application Data\Mozilla\Firefox\Profiles\c1jmjj1g.default\coo kies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.31:C:\Documents and Settings\k-sparky-k\Application Data\Mozilla\Firefox\Profiles\c1jmjj1g.default\coo kies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.32:C:\Documents and Settings\k-sparky-k\Application Data\Mozilla\Firefox\Profiles\c1jmjj1g.default\coo kies.txt -> TrackingCookie.Adbrite : Cleaned with backup
:mozilla.33:C:\Documents and Settings\k-sparky-k\Application Data\Mozilla\Firefox\Profiles\c1jmjj1g.default\coo kies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.34:C:\Documents and Settings\k-sparky-k\Application Data\Mozilla\Firefox\Profiles\c1jmjj1g.default\coo kies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.35:C:\Documents and Settings\k-sparky-k\Application Data\Mozilla\Firefox\Profiles\c1jmjj1g.default\coo kies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.36:C:\Documents and Settings\k-sparky-k\Application Data\Mozilla\Firefox\Profiles\c1jmjj1g.default\coo kies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.37:C:\Documents and Settings\k-sparky-k\Application Data\Mozilla\Firefox\Profiles\c1jmjj1g.default\coo kies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.48:C:\Documents and Settings\k-sparky-k\Application Data\Mozilla\Firefox\Profiles\c1jmjj1g.default\coo kies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.49:C:\Documents and Settings\k-sparky-k\Application Data\Mozilla\Firefox\Profiles\c1jmjj1g.default\coo kies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.50:C:\Documents and Settings\k-sparky-k\Application Data\Mozilla\Firefox\Profiles\c1jmjj1g.default\coo kies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.51:C:\Documents and Settings\k-sparky-k\Application Data\Mozilla\Firefox\Profiles\c1jmjj1g.default\coo kies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.52:C:\Documents and Settings\k-sparky-k\Application Data\Mozilla\Firefox\Profiles\c1jmjj1g.default\coo kies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.53:C:\Documents and Settings\k-sparky-k\Application Data\Mozilla\Firefox\Profiles\c1jmjj1g.default\coo kies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.54:C:\Documents and Settings\k-sparky-k\Application Data\Mozilla\Firefox\Profiles\c1jmjj1g.default\coo kies.txt -> TrackingCookie.Hotlog : Cleaned with backup
:mozilla.55:C:\Documents and Settings\k-sparky-k\Application Data\Mozilla\Firefox\Profiles\c1jmjj1g.default\coo kies.txt -> TrackingCookie.Yadro : Cleaned with backup
:mozilla.63:C:\Documents and Settings\k-sparky-k\Application Data\Mozilla\Firefox\Profiles\c1jmjj1g.default\coo kies.txt -> TrackingCookie.Linksynergy : Cleaned with backup
:mozilla.64:C:\Documents and Settings\k-sparky-k\Application Data\Mozilla\Firefox\Profiles\c1jmjj1g.default\coo kies.txt -> TrackingCookie.Qksrv : Cleaned with backup
:mozilla.65:C:\Documents and Settings\k-sparky-k\Application Data\Mozilla\Firefox\Profiles\c1jmjj1g.default\coo kies.txt -> TrackingCookie.Qksrv : Cleaned with backup
:mozilla.66:C:\Documents and Settings\k-sparky-k\Application Data\Mozilla\Firefox\Profiles\c1jmjj1g.default\coo kies.txt -> TrackingCookie.Linksynergy : Cleaned with backup
:mozilla.67:C:\Documents and Settings\k-sparky-k\Application Data\Mozilla\Firefox\Profiles\c1jmjj1g.default\coo kies.txt -> TrackingCookie.Linksynergy : Cleaned with backup
:mozilla.69:C:\Documents and Settings\k-sparky-k\Application Data\Mozilla\Firefox\Profiles\c1jmjj1g.default\coo kies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.70:C:\Documents and Settings\k-sparky-k\Application Data\Mozilla\Firefox\Profiles\c1jmjj1g.default\coo kies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.71:C:\Documents and Settings\k-sparky-k\Application Data\Mozilla\Firefox\Profiles\c1jmjj1g.default\coo kies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.72:C:\Documents and Settings\k-sparky-k\Application Data\Mozilla\Firefox\Profiles\c1jmjj1g.default\coo kies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.83:C:\Documents and Settings\k-sparky-k\Application Data\Mozilla\Firefox\Profiles\c1jmjj1g.default\coo kies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.84:C:\Documents and Settings\k-sparky-k\Application Data\Mozilla\Firefox\Profiles\c1jmjj1g.default\coo kies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.88:C:\Documents and Settings\k-sparky-k\Application Data\Mozilla\Firefox\Profiles\c1jmjj1g.default\coo kies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.89:C:\Documents and Settings\k-sparky-k\Application Data\Mozilla\Firefox\Profiles\c1jmjj1g.default\coo kies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.101:C:\Documents and Settings\k-sparky-k\Application Data\Mozilla\Firefox\Profiles\c1jmjj1g.default\coo kies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.103:C:\Documents and Settings\k-sparky-k\Application Data\Mozilla\Firefox\Profiles\c1jmjj1g.default\coo kies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.104:C:\Documents and Settings\k-sparky-k\Application Data\Mozilla\Firefox\Profiles\c1jmjj1g.default\coo kies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.105:C:\Documents and Settings\k-sparky-k\Application Data\Mozilla\Firefox\Profiles\c1jmjj1g.default\coo kies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.106:C:\Documents and Settings\k-sparky-k\Application Data\Mozilla\Firefox\Profiles\c1jmjj1g.default\coo kies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.107:C:\Documents and Settings\k-sparky-k\Application Data\Mozilla\Firefox\Profiles\c1jmjj1g.default\coo kies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.118:C:\Documents and Settings\k-sparky-k\Application Data\Mozilla\Firefox\Profiles\c1jmjj1g.default\coo kies.txt -> TrackingCookie.Paypopup : Cleaned with backup
:mozilla.120:C:\Documents and Settings\k-sparky-k\Application Data\Mozilla\Firefox\Profiles\c1jmjj1g.default\coo kies.txt -> TrackingCookie.Paypopup : Cleaned with backup
:mozilla.121:C:\Documents and Settings\k-sparky-k\Application Data\Mozilla\Firefox\Profiles\c1jmjj1g.default\coo kies.txt -> TrackingCookie.Paypopup : Cleaned with backup
:mozilla.122:C:\Documents and Settings\k-sparky-k\Application Data\Mozilla\Firefox\Profiles\c1jmjj1g.default\coo kies.txt -> TrackingCookie.Paypopup : Cleaned with backup
:mozilla.123:C:\Documents and Settings\k-sparky-k\Application Data\Mozilla\Firefox\Profiles\c1jmjj1g.default\coo kies.txt -> TrackingCookie.Paypopup : Cleaned with backup
:mozilla.132:C:\Documents and Settings\k-sparky-k\Application Data\Mozilla\Firefox\Profiles\c1jmjj1g.default\coo kies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.133:C:\Documents and Settings\k-sparky-k\Application Data\Mozilla\Firefox\Profiles\c1jmjj1g.default\coo kies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.135:C:\Documents and Settings\k-sparky-k\Application Data\Mozilla\Firefox\Profiles\c1jmjj1g.default\coo kies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.136:C:\Documents and Settings\k-sparky-k\Application Data\Mozilla\Firefox\Profiles\c1jmjj1g.default\coo kies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.140:C:\Documents and Settings\k-sparky-k\Application Data\Mozilla\Firefox\Profiles\c1jmjj1g.default\coo kies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.169:C:\Documents and Settings\k-sparky-k\Application Data\Mozilla\Firefox\Profiles\c1jmjj1g.default\coo kies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.171:C:\Documents and Settings\k-sparky-k\Application Data\Mozilla\Firefox\Profiles\c1jmjj1g.default\coo kies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.172:C:\Documents and Settings\k-sparky-k\Application Data\Mozilla\Firefox\Profiles\c1jmjj1g.default\coo kies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.173:C:\Documents and Settings\k-sparky-k\Application Data\Mozilla\Firefox\Profiles\c1jmjj1g.default\coo kies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.177:C:\Documents and Settings\k-sparky-k\Application Data\Mozilla\Firefox\Profiles\c1jmjj1g.default\coo kies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.178:C:\Documents and Settings\k-sparky-k\Application Data\Mozilla\Firefox\Profiles\c1jmjj1g.default\coo kies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.179:C:\Documents and Settings\k-sparky-k\Application Data\Mozilla\Firefox\Profiles\c1jmjj1g.default\coo kies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.180:C:\Documents and Settings\k-sparky-k\Application Data\Mozilla\Firefox\Profiles\c1jmjj1g.default\coo kies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.181:C:\Documents and Settings\k-sparky-k\Application Data\Mozilla\Firefox\Profiles\c1jmjj1g.default\coo kies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.182:C:\Documents and Settings\k-sparky-k\Application Data\Mozilla\Firefox\Profiles\c1jmjj1g.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.183:C:\Documents and Settings\k-sparky-k\Application Data\Mozilla\Firefox\Profiles\c1jmjj1g.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.187:C:\Documents and Settings\k-sparky-k\Application Data\Mozilla\Firefox\Profiles\c1jmjj1g.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.188:C:\Documents and Settings\k-sparky-k\Application Data\Mozilla\Firefox\Profiles\c1jmjj1g.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.189:C:\Documents and Settings\k-sparky-k\Application Data\Mozilla\Firefox\Profiles\c1jmjj1g.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.190:C:\Documents and Settings\k-sparky-k\Application Data\Mozilla\Firefox\Profiles\c1jmjj1g.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.191:C:\Documents and Settings\k-sparky-k\Application Data\Mozilla\Firefox\Profiles\c1jmjj1g.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.192:C:\Documents and Settings\k-sparky-k\Application Data\Mozilla\Firefox\Profiles\c1jmjj1g.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.193:C:\Documents and Settings\k-sparky-k\Application Data\Mozilla\Firefox\Profiles\c1jmjj1g.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.194:C:\Documents and Settings\k-sparky-k\Application Data\Mozilla\Firefox\Profiles\c1jmjj1g.default\coo kies.txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
:mozilla.200:C:\Documents and Settings\k-sparky-k\Application Data\Mozilla\Firefox\Profiles\c1jmjj1g.default\coo kies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.201:C:\Documents and Settings\k-sparky-k\Application Data\Mozilla\Firefox\Profiles\c1jmjj1g.default\coo kies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.202:C:\Documents and Settings\k-sparky-k\Application Data\Mozilla\Firefox\Profiles\c1jmjj1g.default\coo kies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.231:C:\Documents and Settings\k-sparky-k\Application Data\Mozilla\Firefox\Profiles\c1jmjj1g.default\coo kies.txt -> TrackingCookie.Valueclick : Cleaned with backup
:mozilla.232:C:\Documents and Settings\k-sparky-k\Application Data\Mozilla\Firefox\Profiles\c1jmjj1g.default\coo kies.txt -> TrackingCookie.Valueclick : Cleaned with backup
:mozilla.243:C:\Documents and Settings\k-sparky-k\Application Data\Mozilla\Firefox\Profiles\c1jmjj1g.default\coo kies.txt -> TrackingCookie.Targetnet : Cleaned with backup
:mozilla.262:C:\Documents and Settings\k-sparky-k\Application Data\Mozilla\Firefox\Profiles\c1jmjj1g.default\coo kies.txt -> TrackingCookie.Coremetrics : Cleaned with backup
:mozilla.284:C:\Documents and Settings\k-sparky-k\Application Data\Mozilla\Firefox\Profiles\c1jmjj1g.default\coo kies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.285:C:\Documents and Settings\k-sparky-k\Application Data\Mozilla\Firefox\Profiles\c1jmjj1g.default\coo kies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.286:C:\Documents and Settings\k-sparky-k\Application Data\Mozilla\Firefox\Profiles\c1jmjj1g.default\coo kies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.293:C:\Documents and Settings\k-sparky-k\Application Data\Mozilla\Firefox\Profiles\c1jmjj1g.default\coo kies.txt -> TrackingCookie.Onestat : Cleaned with backup
:mozilla.294:C:\Documents and Settings\k-sparky-k\Application Data\Mozilla\Firefox\Profiles\c1jmjj1g.default\coo kies.txt -> TrackingCookie.Onestat : Cleaned with backup
:mozilla.302:C:\Documents and Settings\k-sparky-k\Application Data\Mozilla\Firefox\Profiles\c1jmjj1g.default\coo kies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.309:C:\Documents and Settings\k-sparky-k\Application Data\Mozilla\Firefox\Profiles\c1jmjj1g.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.341:C:\Documents and Settings\k-sparky-k\Application Data\Mozilla\Firefox\Profiles\c1jmjj1g.default\coo kies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.359:C:\Documents and Settings\k-sparky-k\Application Data\Mozilla\Firefox\Profiles\c1jmjj1g.default\coo kies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.360:C:\Documents and Settings\k-sparky-k\Application Data\Mozilla\Firefox\Profiles\c1jmjj1g.default\coo kies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.361:C:\Documents and Settings\k-sparky-k\Application Data\Mozilla\Firefox\Profiles\c1jmjj1g.default\coo kies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.362:C:\Documents and Settings\k-sparky-k\Application Data\Mozilla\Firefox\Profiles\c1jmjj1g.default\coo kies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.366:C:\Documents and Settings\k-sparky-k\Application Data\Mozilla\Firefox\Profiles\c1jmjj1g.default\coo kies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.367:C:\Documents and Settings\k-sparky-k\Application Data\Mozilla\Firefox\Profiles\c1jmjj1g.default\coo kies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.370:C:\Documents and Settings\k-sparky-k\Application Data\Mozilla\Firefox\Profiles\c1jmjj1g.default\coo kies.txt -> TrackingCookie.Bfast : Cleaned with backup
:mozilla.396:C:\Documents and Settings\k-sparky-k\Application Data\Mozilla\Firefox\Profiles\c1jmjj1g.default\coo kies.txt -> TrackingCookie.Trafic : Cleaned with backup
:mozilla.402:C:\Documents and Settings\k-sparky-k\Application Data\Mozilla\Firefox\Profiles\c1jmjj1g.default\coo kies.txt -> TrackingCookie.Adbrite : Cleaned with backup
:mozilla.409:C:\Documents and Settings\k-sparky-k\Application Data\Mozilla\Firefox\Profiles\c1jmjj1g.default\coo kies.txt -> TrackingCookie.247realmedia : Cleaned with backup
:mozilla.410:C:\Documents and Settings\k-sparky-k\Application Data\Mozilla\Firefox\Profiles\c1jmjj1g.default\coo kies.txt -> TrackingCookie.Pro-market : Cleaned with backup
:mozilla.415:C:\Documents and Settings\k-sparky-k\Application Data\Mozilla\Firefox\Profiles\c1jmjj1g.default\coo kies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.416:C:\Documents and Settings\k-sparky-k\Application Data\Mozilla\Firefox\Profiles\c1jmjj1g.default\coo kies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.417:C:\Documents and Settings\k-sparky-k\Application Data\Mozilla\Firefox\Profiles\c1jmjj1g.default\coo kies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.421:C:\Documents and Settings\k-sparky-k\Application Data\Mozilla\Firefox\Profiles\c1jmjj1g.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.424:C:\Documents and Settings\k-sparky-k\Application Data\Mozilla\Firefox\Profiles\c1jmjj1g.default\coo kies.txt -> TrackingCookie.Paycounter : Cleaned with backup
:mozilla.425:C:\Documents and Settings\k-sparky-k\Application Data\Mozilla\Firefox\Profiles\c1jmjj1g.default\coo kies.txt -> TrackingCookie.Masterstats : Cleaned with backup
:mozilla.452:C:\Documents and Settings\k-sparky-k\Application Data\Mozilla\Firefox\Profiles\c1jmjj1g.default\coo kies.txt -> TrackingCookie.Spylog : Cleaned with backup
:mozilla.473:C:\Documents and Settings\k-sparky-k\Application Data\Mozilla\Firefox\Profiles\c1jmjj1g.default\coo kies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.474:C:\Documents and Settings\k-sparky-k\Application Data\Mozilla\Firefox\Profiles\c1jmjj1g.default\coo kies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.475:C:\Documents and Settings\k-sparky-k\Application Data\Mozilla\Firefox\Profiles\c1jmjj1g.default\coo kies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.476:C:\Documents and Settings\k-sparky-k\Application Data\Mozilla\Firefox\Profiles\c1jmjj1g.default\coo kies.txt -> TrackingCookie.Pointroll : Cleaned with backup
C:\Documents and Settings\k-sparky-k\Application Data\Starware -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\k-sparky-k\Application Data\Starware\MasterOptions.xml -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\k-sparky-k\Application Data\Starware\ProductOptions.xml -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\k-sparky-k\Application Data\Starware\SearchMatch -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\k-sparky-k\Application Data\Starware\ToolbarOptions.xml -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\k-sparky-k\Local Settings\Temp\1B6.tmp -> Downloader.Small.clo : Cleaned with backup
C:\Documents and Settings\k-sparky-k\Local Settings\Temp\1B7.tmp -> Downloader.Small.cms : Cleaned with backup
C:\Documents and Settings\k-sparky-k\Local Settings\Temp\2591.tmp -> Trojan.Agent.fs : Cleaned with backup
C:\Documents and Settings\k-sparky-k\Local Settings\Temp\6.qtdfmp -> Downloader.Small.atl : Cleaned with backup
C:\Documents and Settings\k-sparky-k\Local Settings\Temp\Cookies\k-sparky-k@2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\k-sparky-k\Local Settings\Temp\Cookies\k-sparky-k@statcounter[1].txt -> TrackingCookie.Statcounter : Cleaned with backup
C:\Documents and Settings\k-sparky-k\Local Settings\Temp\fapkagkf.exe -> Downloader.Small.ckj : Cleaned with backup
C:\Documents and Settings\k-sparky-k\Local Settings\Temp\nkdaaifk.exe -> Downloader.CWS.s : Cleaned with backup
C:\Documents and Settings\k-sparky-k\Local Settings\Temp\Rar$EX01.890\crack.exe -> Downloader.Small.ckj : Cleaned with backup
C:\Documents and Settings\k-sparky-k\Local Settings\Temporary Internet Files\Content.IE5\E78RVKL8\kl[1].txt -> Logger.Small.dg : Cleaned with backup
C:\Documents and Settings\k-sparky-k\Local Settings\Temporary Internet Files\Content.IE5\E78RVKL8\mart_05[1].exe -> Proxy.Agent.hs : Cleaned with backup
C:\Documents and Settings\k-sparky-k\Local Settings\Temporary Internet Files\Content.IE5\E78RVKL8\ms1[1].txt -> Downloader.Tiny.al : Cleaned with backup
C:\Documents and Settings\k-sparky-k\Local Settings\Temporary Internet Files\Content.IE5\E78RVKL8\t1[1].exe -> Downloader.Small.clo : Cleaned with backup
C:\Documents and Settings\k-sparky-k\Local Settings\Temporary Internet Files\Content.IE5\EHCNY1W5\paytime[1].txt -> Hijacker.StartPage.adi : Cleaned with backup
C:\Documents and Settings\k-sparky-k\Local Settings\Temporary Internet Files\Content.IE5\EHCNY1W5\rb[1].dll -> Downloader.Agent.aav : Cleaned with backup
C:\Documents and Settings\k-sparky-k\Local Settings\Temporary Internet Files\Content.IE5\SZ63UPQ9\country[1].htm -> Logger.Banker.atw : Cleaned with backup
C:\Documents and Settings\k-sparky-k\Local Settings\Temporary Internet Files\Content.IE5\VIJPLD7B\gsdj[1].exe -> Downloader.Small.cms : Cleaned with backup
C:\Documents and Settings\k-sparky-k\Local Settings\Temporary Internet Files\Content.IE5\VIJPLD7B\tool2[1].txt -> Not-A-Virus.Hoax.Win32.Renos.bw : Cleaned with backup
C:\Documents and Settings\k-sparky-k\Local Settings\Temporary Internet Files\Content.IE5\VIJPLD7B\wm2[1] -> Trojan.Agent.fs : Cleaned with backup
:mozilla.25:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8dhts87h.default\coo kies.txt -> TrackingCookie.Hitslink : Cleaned with backup
:mozilla.26:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8dhts87h.default\coo kies.txt -> TrackingCookie.Hitslink : Cleaned with backup
:mozilla.28:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8dhts87h.default\coo kies.txt -> TrackingCookie.Hitslink : Cleaned with backup
:mozilla.29:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8dhts87h.default\coo kies.txt -> TrackingCookie.Hitslink : Cleaned with backup
:mozilla.31:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8dhts87h.default\coo kies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.32:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8dhts87h.default\coo kies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.33:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8dhts87h.default\coo kies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.34:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8dhts87h.default\coo kies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.35:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8dhts87h.default\coo kies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.41:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8dhts87h.default\coo kies.txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
:mozilla.42:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8dhts87h.default\coo kies.txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
:mozilla.43:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8dhts87h.default\coo kies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.47:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8dhts87h.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.50:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8dhts87h.default\coo kies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.51:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8dhts87h.default\coo kies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.52:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8dhts87h.default\coo kies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.53:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8dhts87h.default\coo kies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.54:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8dhts87h.default\coo kies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.55:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8dhts87h.default\coo kies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.56:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8dhts87h.default\coo kies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.57:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8dhts87h.default\coo kies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.72:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8dhts87h.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.74:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8dhts87h.default\coo kies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.76:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8dhts87h.default\coo kies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.77:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8dhts87h.default\coo kies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.79:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8dhts87h.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.90:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8dhts87h.default\coo kies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.91:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8dhts87h.default\coo kies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.92:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8dhts87h.default\coo kies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.93:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8dhts87h.default\coo kies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.98:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8dhts87h.default\coo kies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.99:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8dhts87h.default\coo kies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.100:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8dhts87h.default\coo kies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.104:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8dhts87h.default\coo kies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.105:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8dhts87h.default\coo kies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.106:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8dhts87h.default\coo kies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.117:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8dhts87h.default\coo kies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.120:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8dhts87h.default\coo kies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.121:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8dhts87h.default\coo kies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.122:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8dhts87h.default\coo kies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.123:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8dhts87h.default\coo kies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.124:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8dhts87h.default\coo kies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.153:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8dhts87h.default\coo kies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.154:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8dhts87h.default\coo kies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.155:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8dhts87h.default\coo kies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.157:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8dhts87h.default\coo kies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.170:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8dhts87h.default\coo kies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.171:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8dhts87h.default\coo kies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.174:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8dhts87h.default\coo kies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.176:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8dhts87h.default\coo kies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.177:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8dhts87h.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.178:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8dhts87h.default\coo kies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.179:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8dhts87h.default\coo kies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.180:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8dhts87h.default\coo kies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.187:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8dhts87h.default\coo kies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.188:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8dhts87h.default\coo kies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.198:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8dhts87h.default\coo kies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
C:\Documents and Settings\Owner\Application Data\Starware -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\Owner\Application Data\Starware\MasterOptions.xml -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\Owner\Application Data\Starware\ProductOptions.xml -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\Owner\Application Data\Starware\SearchMatch -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\Owner\Application Data\Starware\ToolbarOptions.xml -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\NNCPUR638.exe -> Adware.NewDotNet : Cleaned with backup
C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00004.dll -> Logger.Small.dg : Cleaned with backup
C:\Program Files\Mozilla Firefox\plugins\npzango.dll -> Adware.WinAD : Cleaned with backup
C:\Program Files\mozilla.org\Mozilla\plugins\npzango.dll -> Adware.WinAD : Cleaned with backup
C:\Program Files\Starware -> Adware.Starware : Cleaned with backup
C:\Program Files\Starware\bin -> Adware.Starware : Cleaned with backup
C:\Program Files\Starware\brand.bmp -> Adware.Starware : Cleaned with backup
C:\Program Files\Starware\buttons -> Adware.Starware : Cleaned with backup
C:\Program Files\Starware\buttons\screensaver.bmp -> Adware.Starware : Cleaned with backup
C:\Program Files\Starware\buttons\Thumbs.db -> Adware.Starware : Cleaned with backup
C:\Program Files\Starware\contexts -> Adware.Starware : Cleaned with backup
C:\Program Files\Starware\contexts\error.xml -> Adware.Starware : Cleaned with backup
C:\Program Files\Starware\contexts\Related.xml -> Adware.Starware : Cleaned with backup
C:\Program Files\Starware\contexts\Travel.xml -> Adware.Starware : Cleaned with backup
C:\Program Files\Starware\icons -> Adware.Starware : Cleaned with backup
C:\Program Files\Starware\icons\star_16.ico -> Adware.Starware : Cleaned with backup
C:\Program Files\Starware\StarwareConfig.xml -> Adware.Starware : Cleaned with backup
C:\Program Files\Starware\StarwareUninstall.exe -> Adware.Starware : Cleaned with backup
C:\Program Files\Starware\Thumbs.db -> Adware.Starware : Cleaned with backup
C:\Program Files\Starware\xml -> Adware.Starware : Cleaned with backup
C:\Program Files\Starware\xml\GlobalInfo.xml -> Adware.Starware : Cleaned with backup
C:\Program Files\Starware\xml\SimpleUpdate.xml -> Adware.Starware : Cleaned with backup
C:\WINDOWS\avalon_6.txt -> Trojan.Agent.fs : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\int_ver34.ocx -> Dialer.VB.j : Cleaned with backup
C:\WINDOWS\inet20091\3.02.00.dll -> Adware.Ihbo : Cleaned with backup
C:\WINDOWS\inet20091\mm5.exe.bak -> Logger.Delf.ig : Cleaned with backup
C:\WINDOWS\inet20091\mm6.exe.bak -> Logger.Delf.ig : Cleaned with backup
C:\WINDOWS\system32\kafumr\iestart.exe -> Hijacker.StartPage.agz : Cleaned with backup
C:\WINDOWS\Temp\1361.tmp -> Trojan.Agent.fs : Cleaned with backup
C:\WINDOWS\Temp\408F.tmp -> Trojan.Agent.fs : Cleaned with backup
C:\WINDOWS\Temp\7CD0.tmp -> Trojan.Agent.fs : Cleaned with backup
C:\WINDOWS\Temp\7CFF.tmp -> Trojan.Agent.fs : Cleaned with backup
C:\WINDOWS\Temp\8501.tmp -> Trojan.Agent.fs : Cleaned with backup
C:\WINDOWS\Temp\8E64.tmp -> Trojan.Agent.fs : Cleaned with backup
C:\WINDOWS\Temp\A40F.tmp -> Trojan.Agent.fs : Cleaned with backup
C:\WINDOWS\Temp\B784.tmp -> Trojan.Agent.fs : Cleaned with backup
C:\WINDOWS\XBLKg_free_trialcard.exe -> Trojan.VB.hn : Cleaned with backup


::Report End

Ewido showed a couple of fix errors. I need you to appy the outstanding fixes and to post a revised HJT log in order to make any headway here.

well the computer is abit faster and internet expore work but i still have the pop up that says "computer is affected" but here are my logs

Logfile of HijackThis v1.99.1
Scan saved at 3:39:14 PM, on 14/03/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\PRTG Traffic Grapher\PRTG Traffic Grapher.exe
C:\Program Files\PRTG Traffic Grapher\PRTG Traffic Grapher.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\windows\system\hpsysdrv.exe
C:\Windows\system32\HpSrvUI.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
C:\WINPENJR\Win32\pphidpad.exe
C:\Program Files\CA\eTrust PestPatrol\PPActiveDetection.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\DOCUME~1\K-SPAR~1\LOCALS~1\Temp\vsp9enus.tmp\setup.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Aws\WeatherBug\weatherbug.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Windows\xpupdate.exe
C:\Program Files\Apple Computer\DVD@ccess\DVDAccess.exe
C:\WINPENJR\Win32\acremchk.exe
C:\Program Files\LimeWire\3.3.5\LimeWire.exe
C:\Program Files\MSN Messenger\MSNP13Downgrader.exe
C:\Program Files\Lexmark 4200 Series\lxbmbmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\DOCUME~1\K-SPAR~1\LOCALS~1\Temp\vsp9enus.tmp\mcappins.exe
c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
c:\program files\mcafee.com\shared\mghtml.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://faxmnsgcymjm.net/DSjtltJc/tot.../DhSBzo9cN.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by OptusNet Cable
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = ;localhost;<local>
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=explorer.exe "
F3 - REG:win.ini: run=C:\WINDOWS\inet20091\services.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: (no name) - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: TChkBHO Class - {8181D787-A7EE-45C8-B6F1-5EAE5CDB4B74} - C:\WINDOWS\system32\nvilgo.dll (file missing)
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-au\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: ninemsn - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-au\msntb.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - (no file)
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [hp Silent Service] C:\Windows\system32\HpSrvUI.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Lexmark 4200 Series] "C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [Fs1lmF0ÔÁÐ]§ú"ü‰üžiC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\wmvuuxrq.exe
O4 - HKLM\..\Run: [Fs1lmF0Ô*ú*ÀaîžaaøYC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\wmvuuxrq.exe
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\system32\khooker.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
O4 - HKLM\..\Run: [Á³# K"h'þ9Óœ÷3rÅWC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\wmvuuxrq.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [PPHIDPAD] C:\WINPENJR\Win32\pphidpad.exe
O4 - HKLM\..\Run: [4fba9f4v] C:\WINDOWS\system32\4fba9f4v.exe
O4 - HKLM\..\Run: [SpySpotter System Defender] C:\Program Files\SpySpotter3\Defender.exe -startup
O4 - HKLM\..\Run: [eTrust PestPatrol Active Protection] "C:\Program Files\CA\eTrust PestPatrol\PPActiveDetection.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [IS CfgWiz] C:\Program Files\Norton Internet Security\cfgwiz.exe /GUID {257BBC47-1B26-432e-9F84-188603799DD3} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [ifmzsr] C:\WINDOWS\ifmzsr.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [VSProSetup] C:\DOCUME~1\K-SPAR~1\LOCALS~1\Temp\vsp9enus.tmp\setup.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [AMonitor] C:\Program Files\Tiny Firewall Pro\amon.exe
O4 - HKCU\..\Run: [WeatherBug] C:\Program Files\Aws\WeatherBug\weatherbug.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\3.3.5\LimeWire.exe
O4 - Startup: Mpk.lnk = C:\Program Files\MiniPopupKiller\mpk.exe
O4 - Startup: MSNP13 Downgrader.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: DVD@ccess.lnk = ?
O4 - Global Startup: PenPower Email Touchpad.lnk = ?
O4 - Global Startup: PenPower PenKeyboard.lnk = C:\WINPENJR\win32\penkeybd.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Web Rebates. - file://C:\Program Files\WebRebates4\websrebates\webtrebates\toprC0.h tm
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www
O16 - DPF: ConferenceRoom Java Client - http://chat.bigpond.com/java/cr.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15009/CTSUEng.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?link...67&clcid=0x409
O16 - DPF: {2B36F775-8CF5-4489-B454-2D1B80984CF2} (FXPluginCtl Object) - http://www.powerflasher.de/plugin/powerres.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z.net/content.info...TunesSetup.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {58172624-85DD-4482-9E64-02ADCA637E96} (shizmoo Class) - http://www.shizmoo.com/activex/web665.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {A1426AC5-8CE5-4A00-B71E-011D35709AC6} (Progetto1.int_ver34) - http://advnt01.com/dialer/int_ver34.CAB
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab32846.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15010/CTPID.cab
O18 - Protocol: bt2 - {1730B77B-F429-498F-9B15-4514D83C8294} - C:\PROGRA~1\BT2Net\BT2PLU~1.DLL (file missing)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Filter: application/x-bt2 - {6E1DDCE8-76BC-4390-9488-806E8FB1AD77} - C:\PROGRA~1\BT2Net\BT2PLU~1.DLL
O20 - Winlogon Notify: gdimxp - C:\WINDOWS\SYSTEM32\gdimxp.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PRTG Service - Paessler Router Traffic Grapher (PRTGService) - Paessler GmbH - C:\Program Files\PRTG Traffic Grapher\PRTG Traffic Grapher.exe

SELECT HijackThis FIX ITEMS: Scan with HijackThis and place a check next to these items:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://faxmnsgcymjm.net/DSjtltJc/tot.../DhSBzo9cN.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=explorer.exe "
F3 - REG:win.ini: run=C:\WINDOWS\inet20091\services.exe

O2 - BHO: (no name) - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - (no file)
O2 - BHO: TChkBHO Class - {8181D787-A7EE-45C8-B6F1-5EAE5CDB4B74} - C:\WINDOWS\system32\nvilgo.dll (file missing)

O4 - HKLM\..\Run: [FS1LMF0ÔÁÐ]§ú"ü‰üžiC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\wmvuuxrq.exe
O4 - HKLM\..\Run: [FS1LMF0Ô*Ú*ÀAÎŽAAØYC:\PROGRAM FILES\ISTSVC\ISTSVC.EXE] C:\WINDOWS\wmvuuxrq.exe
O4 - HKLM\..\Run: [Á³# K"H'Þ9ÓŒ÷3RÅWC:\PROGRAM FILES\ISTSVC\ISTSVC.EXE] C:\WINDOWS\wmvuuxrq.exe
O4 - HKLM\..\Run: [4FBA9F4V] C:\WINDOWS\system32\4fba9f4v.exe
O4 - HKLM\..\Run: [SPYSPOTTER SYSTEM DEFENDER] C:\Program Files\SpySpotter3\Defender.exe -startup
O4 - HKLM\..\Run: [IFMZSR] C:\WINDOWS\ifmzsr.exe
O4 - HKLM\..\Run: [MESSENGERPLUS3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKCU\..\Run: [MESSENGERPLUS3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [WINDOWS UPDATE LOADER] C:\Windows\xpupdate.exe

Make sure that all browser windows and internet links are closed, even this one!
CLICK ’FIX CHECKED’ with HijackThis.




1) Please download the Killbox.
Unzip it to the desktop and run it.

2) Select "Delete on Reboot".
3) Then Click the "All Files" button.

4) Copy the file names below to the clipboard by highlighting them and pressing Control-C:

C:\WINDOWS\inet20091
C:\WINDOWS\wmvuuxrq.exe
C:\WINDOWS\system32\4fba9f4v.exe
C:\WINDOWS\ifmzsr.exe
C:\Windows\xpupdate.exe

5) Return to Killbox, go to the File menu, and choose "Paste from Clipboard".

6) Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "Yes" to reboot next.




POST A REVISED HIJACKTHIS LOG for review:
Reboot and post a new HijackThis log with any feedback as appropriate - how things are now behaving: any new or remaining apparent issues.

Even though things should be much improved, there will be more to do after this.