MSN, Hotmail Services not Working. Computer not in Order

Hi

My internet is working fine my msn is not letting me sign in, the hotmail website is not loading up and i have a feeling the computer is not in order.

Logfile of HijackThis v1.99.1
Scan saved at 20:03:15, on 01/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\csrss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\system32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\Explorer.EXE
C:\windows\system32\spoolsv.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\windows\system32\svchost.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\windows\system32\wscntfy.exe
C:\windows\System32\alg.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Amr\My Documents\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Winstj] C:\3611010322512673937.exe
O4 - HKCU\..\Run: [Winstw] C:\3611010322512673937.exe
O4 - HKCU\..\Run: [Winstl] C:\3611010322512673937.exe
O4 - HKCU\..\Run: [Winstq] C:\3611010322512673937.exe
O4 - HKCU\..\Run: [Winstg] C:\3611010322512673937.exe
O4 - HKCU\..\Run: [Winstv] C:\3611010322512673937.exe
O4 - HKCU\..\Run: [Winsta] C:\3611010322512673937.exe
O4 - HKCU\..\Run: [Winstb] C:\3611010322512673937.exe
O4 - HKCU\..\Run: [Winsth] C:\3611010322512673937.exe
O4 - HKCU\..\Run: [Winstd] C:\3611010322512673937.exe
O4 - HKCU\..\Run: [Winstt] C:\3611010322512673937.exe
O4 - HKCU\..\Run: [Winsty] C:\3611010322512673937.exe
O4 - HKCU\..\Run: [Winsto] C:\3611010322512673937.exe
O4 - HKCU\..\Run: [Winstk] C:\3611010322512673937.exe
O4 - HKCU\..\Run: [Winstz] C:\3611010322512673937.exe
O4 - HKCU\..\Run: [Winstp] C:\3611010322512673937.exe
O4 - HKCU\..\Run: [Winstr] C:\3611010322512673937.exe
O4 - HKCU\..\Run: [Winstx] C:\3611010322512673937.exe
O4 - HKCU\..\Run: [Winstm] C:\3611010322512673937.exe
O4 - HKCU\..\Run: [Winsts] C:\3611010322512673937.exe
O4 - HKCU\..\Run: [Winsti] C:\3611010322512673937.exe
O4 - HKCU\..\Run: [Winstn] C:\3611010322512673937.exe
O4 - HKCU\..\Run: [Winstc] C:\3611010322512673937.exe
O4 - HKCU\..\Run: [Winstf] C:\3611010322512673937.exe
O4 - HKCU\..\Run: [Winstu] C:\3611010322512673937.exe
O4 - HKCU\..\Run: [Winste] C:\3611010322512673937.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\sniffer.dll
O10 - Unknown file in Winsock LSP: c:\sniffer.dll
O10 - Unknown file in Winsock LSP: c:\sniffer.dll
O10 - Unknown file in Winsock LSP: c:\sniffer.dll
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/noc...up1.0.0.15.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\windows\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe

thank you

Welcome,



Create a folder such as C:\HJT or C:\Program Files\HJT and move HJT.exe into the newly created folder so we can have avaiable backups in case you fix the wrong thing or I make a mistake. Very important.


Did you install a program on your computer called sniffer?


I need you to try something for me, after you put hijackthis in the proper place as described above, go to hijackthis.exe and right click it and rename it to bunny.exe and post a log from the newly renamed hijackthis.exe

I have a feeling something else may be hiding and renameing hijackthis may show it.


Also...

I do not see an anti-virus program on your computer, spyware doctor is not enough to protect you.


Free anti-virus program:

Avast: http://www.avast.com/eng/avast_4_home.html



INSTRUCTIONS FOR USING AVG ANTI-SPYWARE in "NORMAL MODE"

Download and scan with AVG Anti-Spyware
1. After download, double click on the file to launch the install process.
2. Choose a language, click "OK" and then click "Next".
3. Read the "License Agreement" and click "I Agree".
4. Accept default installation path: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5, click "Next", then click "Install".
5. After setup completes, click "Finish" to start the program automatically or launch AVG Anti-Spyware by double-clicking its icon on your desktop or in the system tray.
6. The main "Status" menu will appear. Select "Change state" to inactivate 'Resident Shield' and 'Automatic Updates'.
7. Then right click on AVG Anti-Spyware in the system tray and uncheck "Start with Windows".
8. Go to Start > Run and type: services.msc

* Press "OK".
* Click the "Extended tab" and scroll down the list to find AVG Anti-Spyware guard.
* When you find the guard service, double-click on it.
* In the Properties Window > General Tab that opens, click the "Stop" button.
* From the drop-down menu next to "Startup Type", click on "Manual".
* Now click "Apply", then "OK" and close the Services window.

9. Select the "Update" button and click "Start update". Wait until you see the "Update succesfull message". If you are having problems with the updater, manually update with the AVG Anti-Spyware Full database installer from HERE .

Once the updates are installed do the following:
1. Click on the "Scanner" button and choose the "Settings" tab.

* Under "How to act?", click on "Recommended actions" and choose "Quarantine" to set default action for detected malware.
* Under "How to Scan?" check all (default).
* Under "Possibly unwanted software" check all (default).
* Under "What to Scan?" make sure "Scan every file" is selected (default).
* Under "Reports" select "Automatically generate report after every scan" and UNcheck "Only if threats were found".

2. Click the "Scan" tab to return to scanning options.
3. Click "Complete System Scan" to start.
4. When the scan has finished you will be presented with a list of infected objects found. Click "Apply all actions" to place the files in Quarantine.

IMPORTANT! Do not save the report before you have clicked the "Apply all actions button". If you do, the log that is created will indicate "No action taken", making it more difficult to interpret the report. So be sure you save it only AFTER clicking the "Apply all actions" button?

5. Click on "Save Report" to view all completed scans. Click on the most recent scan you just performed and select "Save report as" - the default file name will be in date/time format as follows: Report-Scan-20060620-142816.txt. Save to your desktop. A copy of each report will also be saved in C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Reports\
6. Exit AVG Anti-Spyware when done and submit the log report in your next response.

Close all open windows, programs, and DO NOT USE the computer while AVG Anti-Spyware is scanning. If Explorer or other programs are open during the scan that means certain files will also be in use. Some malware will insert itself and hide in areas that are "protected" by Windows when the files are being used. This can hamper AVG Anti-Spyware's ability to clean properly and may result in reinfection.

Logfile of HijackThis v1.99.1
Scan saved at 21:12:07, on 02/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\csrss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\system32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\windows\Explorer.EXE
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\windows\system32\svchost.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\windows\System32\alg.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\windows\system32\wscntfy.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT\bunny.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Winstj] C:\3611010322512673937.exe
O4 - HKCU\..\Run: [Winstw] C:\3611010322512673937.exe
O4 - HKCU\..\Run: [Winstl] C:\3611010322512673937.exe
O4 - HKCU\..\Run: [Winstq] C:\3611010322512673937.exe
O4 - HKCU\..\Run: [Winstg] C:\3611010322512673937.exe
O4 - HKCU\..\Run: [Winstv] C:\3611010322512673937.exe
O4 - HKCU\..\Run: [Winsta] C:\3611010322512673937.exe
O4 - HKCU\..\Run: [Winstb] C:\3611010322512673937.exe
O4 - HKCU\..\Run: [Winsth] C:\3611010322512673937.exe
O4 - HKCU\..\Run: [Winstd] C:\3611010322512673937.exe
O4 - HKCU\..\Run: [Winstt] C:\3611010322512673937.exe
O4 - HKCU\..\Run: [Winsty] C:\3611010322512673937.exe
O4 - HKCU\..\Run: [Winsto] C:\3611010322512673937.exe
O4 - HKCU\..\Run: [Winstk] C:\3611010322512673937.exe
O4 - HKCU\..\Run: [Winstz] C:\3611010322512673937.exe
O4 - HKCU\..\Run: [Winstp] C:\3611010322512673937.exe
O4 - HKCU\..\Run: [Winstr] C:\3611010322512673937.exe
O4 - HKCU\..\Run: [Winstx] C:\3611010322512673937.exe
O4 - HKCU\..\Run: [Winstm] C:\3611010322512673937.exe
O4 - HKCU\..\Run: [Winsts] C:\3611010322512673937.exe
O4 - HKCU\..\Run: [Winsti] C:\3611010322512673937.exe
O4 - HKCU\..\Run: [Winstn] C:\3611010322512673937.exe
O4 - HKCU\..\Run: [Winstc] C:\3611010322512673937.exe
O4 - HKCU\..\Run: [Winstf] C:\3611010322512673937.exe
O4 - HKCU\..\Run: [Winstu] C:\3611010322512673937.exe
O4 - HKCU\..\Run: [Winste] C:\3611010322512673937.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\sniffer.dll
O10 - Unknown file in Winsock LSP: c:\sniffer.dll
O10 - Unknown file in Winsock LSP: c:\sniffer.dll
O10 - Unknown file in Winsock LSP: c:\sniffer.dll
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/noc...up1.0.0.15.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\windows\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe

I am doing the AVG anti-spyware scan now

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 22:06:45 02/11/2006

+ Scan result:



C:\System Volume Information\_restore{4CEBBCA9-7D7D-4313-8CDD-60AAAF11EAA6}\RP25\A0003009.DLL -> Adware.FunWeb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4CEBBCA9-7D7D-4313-8CDD-60AAAF11EAA6}\RP25\A0003002.DLL -> Adware.IWon : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4CEBBCA9-7D7D-4313-8CDD-60AAAF11EAA6}\RP25\A0003024.EXE -> Adware.MyWebSearch : Cleaned with backup (quarantined).
E:\System Volume Information\_restore{269C939B-B203-451A-9FDE-2007E6DC6CBA}\RP7\A0000794.EXE -> Adware.NewDotNet : Cleaned with backup (quarantined).
E:\System Volume Information\_restore{269C939B-B203-451A-9FDE-2007E6DC6CBA}\RP7\A0000822.EXE -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\Program Files\DAEMON Tools\SetupDTSB.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
E:\System Volume Information\_restore{269C939B-B203-451A-9FDE-2007E6DC6CBA}\RP6\A0000592.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
E:\System Volume Information\_restore{269C939B-B203-451A-9FDE-2007E6DC6CBA}\RP6\A0000593.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
E:\System Volume Information\_restore{269C939B-B203-451A-9FDE-2007E6DC6CBA}\RP6\A0000594.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
E:\System Volume Information\_restore{269C939B-B203-451A-9FDE-2007E6DC6CBA}\RP6\A0000595.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
E:\System Volume Information\_restore{269C939B-B203-451A-9FDE-2007E6DC6CBA}\RP6\A0000596.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4CEBBCA9-7D7D-4313-8CDD-60AAAF11EAA6}\RP25\A0002991.DLL -> Downloader.IstBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Amr\Local Settings\Temporary Internet Files\Content.IE5\0TH9AMTO\loaderg[1].exe -> Downloader.Small.cxz : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4CEBBCA9-7D7D-4313-8CDD-60AAAF11EAA6}\RP31\A0004743.exe -> Hijacker.Small.lt : Cleaned with backup (quarantined).
C:\Sniffer.dll -> Logger.Agent.pa : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4CEBBCA9-7D7D-4313-8CDD-60AAAF11EAA6}\RP31\A0004744.exe/Sniffer.dll -> Logger.Agent.pa : Cleaned with backup (quarantined).
[1092] c:\Sniffer.dll -> Logger.Agent.pa : Cleaned with backup (quarantined).
[1320] c:\Sniffer.dll -> Logger.Agent.pa : Cleaned with backup (quarantined).
[1364] c:\Sniffer.dll -> Logger.Agent.pa : Cleaned with backup (quarantined).
[1412] c:\Sniffer.dll -> Logger.Agent.pa : Cleaned with backup (quarantined).
[1476] c:\Sniffer.dll -> Logger.Agent.pa : Cleaned with backup (quarantined).
[1488] c:\Sniffer.dll -> Logger.Agent.pa : Cleaned with backup (quarantined).
[1644] c:\Sniffer.dll -> Logger.Agent.pa : Cleaned with backup (quarantined).
[2160] c:\Sniffer.dll -> Logger.Agent.pa : Cleaned with backup (quarantined).
C:\3611010322512672531.exe -> Proxy.Agent.ln : Cleaned with backup (quarantined).
:mozilla.6:C:\Documents and Settings\Amr\Application Data\Mozilla\Firefox\Profiles\xomre2fh.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Amr\Cookies\amr@2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Amr\Cookies\amr@marksandspencer.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Amr\Cookies\amr@paypal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Amr\Cookies\amr@premiumtv.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Amr\Cookies\amr@adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Amr\Cookies\amr@axa.addcontrol[1].txt -> TrackingCookie.Addcontrol : Cleaned.
C:\Documents and Settings\Amr\Cookies\amr@rotator.adjuggler[1].txt -> TrackingCookie.Adjuggler : Cleaned.
C:\Documents and Settings\Amr\Cookies\amr@adrevolver[2].txt -> TrackingCookie.Adrevolver : Cleaned.
C:\Documents and Settings\Amr\Cookies\amr@adtech[2].txt -> TrackingCookie.Adtech : Cleaned.
C:\Documents and Settings\Amr\Cookies\amr@advertising[2].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\Amr\Cookies\amr@adviva[1].txt -> TrackingCookie.Adviva : Cleaned.
:mozilla.37:C:\Documents and Settings\Amr\Application Data\Mozilla\Firefox\Profiles\xomre2fh.default\coo kies.txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Amr\Cookies\amr@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Amr\Cookies\amr@www.burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Amr\Cookies\amr@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\Amr\Cookies\amr@promo.casinotropez[2].txt -> TrackingCookie.Casinotropez : Cleaned.
C:\Documents and Settings\Amr\Cookies\amr@ad1.clickhype[1].txt -> TrackingCookie.Clickhype : Cleaned.
C:\Documents and Settings\Amr\Cookies\amr@clickhype[2].txt -> TrackingCookie.Clickhype : Cleaned.
:mozilla.13:C:\Documents and Settings\Amr\Application Data\Mozilla\Firefox\Profiles\xomre2fh.default\coo kies.txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Amr\Cookies\amr@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Amr\Cookies\amr@e-2dj6wfk4qlczmco.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Amr\Cookies\amr@e-2dj6wfkyeicjskp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Amr\Cookies\amr@e-2dj6wfl4ehd5egp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Amr\Cookies\amr@e-2dj6wflikpdpkgq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Amr\Cookies\amr@e-2dj6wflycodpmeo.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Amr\Cookies\amr@e-2dj6wgkiwod5afo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Amr\Cookies\amr@e-2dj6wgkokgaziaq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Amr\Cookies\amr@e-2dj6wgl4klcpkfq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Amr\Cookies\amr@e-2dj6whkikkd5gap.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Amr\Cookies\amr@e-2dj6whkysncjelp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Amr\Cookies\amr@e-2dj6whmiwndjsko.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Amr\Cookies\amr@e-2dj6wjk4gnazido.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Amr\Cookies\amr@e-2dj6wjkoqocjalo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Amr\Cookies\amr@e-2dj6wjl4cpcpceo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Amr\Cookies\amr@e-2dj6wjlicjcjofo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Amr\Cookies\amr@e-2dj6wjlyukd5wko.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Amr\Cookies\amr@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : Cleaned.
C:\Documents and Settings\Amr\Cookies\amr@as-eu.falkag[1].txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.33:C:\Documents and Settings\Amr\Application Data\Mozilla\Firefox\Profiles\xomre2fh.default\coo kies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.35:C:\Documents and Settings\Amr\Application Data\Mozilla\Firefox\Profiles\xomre2fh.default\coo kies.txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\Amr\Cookies\amr@fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\Amr\Cookies\amr@media.fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\Amr\Cookies\amr@ehg-autotrader.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Amr\Cookies\amr@ehg-euromonitor.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Amr\Cookies\amr@ehg-nokiafin.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Amr\Cookies\amr@ehg-warnerbrothers.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Amr\Cookies\amr@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Amr\Cookies\amr@server.iad.liveperson[1].txt -> TrackingCookie.Liveperson : Cleaned.
C:\Documents and Settings\Amr\Cookies\amr@image.masterstats[1].txt -> TrackingCookie.Masterstats : Cleaned.
:mozilla.38:C:\Documents and Settings\Amr\Application Data\Mozilla\Firefox\Profiles\xomre2fh.default\coo kies.txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Amr\Cookies\amr@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Amr\Cookies\amr@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Amr\Cookies\amr@ads.pointroll[1].txt -> TrackingCookie.Pointroll : Cleaned.
C:\Documents and Settings\Amr\Cookies\amr@qksrv[2].txt -> TrackingCookie.Qksrv : Cleaned.
C:\Documents and Settings\Amr\Cookies\amr@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\Amr\Cookies\amr@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Amr\Cookies\amr@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Amr\Cookies\amr@sexlist[1].txt -> TrackingCookie.Sexlist : Cleaned.
C:\Documents and Settings\Amr\Cookies\amr@counter1.sextracker[1].txt -> TrackingCookie.Sextracker : Cleaned.
C:\Documents and Settings\Amr\Cookies\amr@counter6.sextracker[1].txt -> TrackingCookie.Sextracker : Cleaned.
C:\Documents and Settings\Amr\Cookies\amr@sextracker[2].txt -> TrackingCookie.Sextracker : Cleaned.
C:\Documents and Settings\Amr\Cookies\amr@spinbox[2].txt -> TrackingCookie.Spinbox : Cleaned.
C:\Documents and Settings\Amr\Cookies\amr@spylog[2].txt -> TrackingCookie.Spylog : Cleaned.
:mozilla.23:C:\Documents and Settings\Amr\Application Data\Mozilla\Firefox\Profiles\xomre2fh.default\coo kies.txt -> TrackingCookie.Statcounter : Cleaned.
C:\Documents and Settings\Amr\Cookies\amr@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Amr\Cookies\amr@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.29:C:\Documents and Settings\Amr\Application Data\Mozilla\Firefox\Profiles\xomre2fh.default\coo kies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.30:C:\Documents and Settings\Amr\Application Data\Mozilla\Firefox\Profiles\xomre2fh.default\coo kies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.31:C:\Documents and Settings\Amr\Application Data\Mozilla\Firefox\Profiles\xomre2fh.default\coo kies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.32:C:\Documents and Settings\Amr\Application Data\Mozilla\Firefox\Profiles\xomre2fh.default\coo kies.txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\Amr\Cookies\amr@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\Amr\Cookies\amr@statse.webtrendslive[1].txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.14:C:\Documents and Settings\Amr\Application Data\Mozilla\Firefox\Profiles\xomre2fh.default\coo kies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.15:C:\Documents and Settings\Amr\Application Data\Mozilla\Firefox\Profiles\xomre2fh.default\coo kies.txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Amr\Cookies\amr@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.
D:\System Volume Information\_restore{FA970901-4E63-4389-9B5D-D6DB4B67E39B}\RP59\A0074754.exe -> Trojan.Smurf.d : Cleaned with backup (quarantined).


::Report end

Hi,



Download LSPfix here:
http://www.cexx.org/lspfix.htm
Or here:
http://www.snapfiles.com/get/lspfix.html
or here:
http://majorgeeks.com/download625.html

To run it be sure you are NOT connected to the Internet.

Launch the application, and click the "I know what I'm doing" checkbox.

Check all instances of sniffer.dll (and nothing else), and move them to the "Remove" pane.
Then click Finish.
Go to c:\windows\system32\sniffer.dll(could be at a different location) and delete sniffer.dll< file
Reboot your computer. A full power down reboot.


to find and delete sniffer.dll:

Navigate to this file using Windows Explorer (OR Start -> Search) and delete (if present):


post a new hijackthis log please.

there wasn't sniffer.dll listed.

Logfile of HijackThis v1.99.1
Scan saved at 16:59:14, on 03/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\csrss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\system32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\Explorer.EXE
C:\windows\system32\spoolsv.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\windows\system32\svchost.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\windows\system32\wscntfy.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\windows\System32\alg.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT\bunny.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Winstj] C:\3611010322512673937.exe
O4 - HKCU\..\Run: [Winstw] C:\3611010322512673937.exe
O4 - HKCU\..\Run: [Winstl] C:\3611010322512673937.exe
O4 - HKCU\..\Run: [Winstq] C:\3611010322512673937.exe
O4 - HKCU\..\Run: [Winstg] C:\3611010322512673937.exe
O4 - HKCU\..\Run: [Winstv] C:\3611010322512673937.exe
O4 - HKCU\..\Run: [Winsta] C:\3611010322512673937.exe
O4 - HKCU\..\Run: [Winstb] C:\3611010322512673937.exe
O4 - HKCU\..\Run: [Winsth] C:\3611010322512673937.exe
O4 - HKCU\..\Run: [Winstd] C:\3611010322512673937.exe
O4 - HKCU\..\Run: [Winstt] C:\3611010322512673937.exe
O4 - HKCU\..\Run: [Winsty] C:\3611010322512673937.exe
O4 - HKCU\..\Run: [Winsto] C:\3611010322512673937.exe
O4 - HKCU\..\Run: [Winstk] C:\3611010322512673937.exe
O4 - HKCU\..\Run: [Winstz] C:\3611010322512673937.exe
O4 - HKCU\..\Run: [Winstp] C:\3611010322512673937.exe
O4 - HKCU\..\Run: [Winstr] C:\3611010322512673937.exe
O4 - HKCU\..\Run: [Winstx] C:\3611010322512673937.exe
O4 - HKCU\..\Run: [Winstm] C:\3611010322512673937.exe
O4 - HKCU\..\Run: [Winsts] C:\3611010322512673937.exe
O4 - HKCU\..\Run: [Winsti] C:\3611010322512673937.exe
O4 - HKCU\..\Run: [Winstn] C:\3611010322512673937.exe
O4 - HKCU\..\Run: [Winstc] C:\3611010322512673937.exe
O4 - HKCU\..\Run: [Winstf] C:\3611010322512673937.exe
O4 - HKCU\..\Run: [Winstu] C:\3611010322512673937.exe
O4 - HKCU\..\Run: [Winste] C:\3611010322512673937.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/noc...up1.0.0.15.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\windows\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe

Neal is away for the next few days. I can continue to assist you if you wish.


You don't appear to be running any real-time antivirus tool. Please advise.




Please submit the following file to VirusTotal for their immediate feedback on the possible nature of that file (post any feedback received, please):

http://www.virustotal.com/
C:\3611010322512673937.exe(or similar)



SELECT HijackThis FIX ITEMS: Scan with HijackThis and place a check next to these items:

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/no...tup1.0.0.15.cab

Make sure that all browser windows and internet links are closed, even this one!
CLICK ’FIX CHECKED’ with HijackThis.



Post your latest HijackThis log - that will verify the potential random nature of the above file (C:\36110.....)

i cant find 3611010322512673937.exe i think someone went and deleted it from the C: drive.

Logfile of HijackThis v1.99.1
Scan saved at 16:12:56, on 04/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\csrss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\system32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\Explorer.EXE
C:\windows\system32\spoolsv.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\windows\system32\svchost.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\windows\system32\wscntfy.exe
C:\windows\System32\alg.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\Amr\My Documents\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Winstj] C:\3611010322512673937.exe
O4 - HKCU\..\Run: [Winstw] C:\3611010322512673937.exe
O4 - HKCU\..\Run: [Winstl] C:\3611010322512673937.exe
O4 - HKCU\..\Run: [Winstq] C:\3611010322512673937.exe
O4 - HKCU\..\Run: [Winstg] C:\3611010322512673937.exe
O4 - HKCU\..\Run: [Winstv] C:\3611010322512673937.exe
O4 - HKCU\..\Run: [Winsta] C:\3611010322512673937.exe
O4 - HKCU\..\Run: [Winstb] C:\3611010322512673937.exe
O4 - HKCU\..\Run: [Winsth] C:\3611010322512673937.exe
O4 - HKCU\..\Run: [Winstd] C:\3611010322512673937.exe
O4 - HKCU\..\Run: [Winstt] C:\3611010322512673937.exe
O4 - HKCU\..\Run: [Winsty] C:\3611010322512673937.exe
O4 - HKCU\..\Run: [Winsto] C:\3611010322512673937.exe
O4 - HKCU\..\Run: [Winstk] C:\3611010322512673937.exe
O4 - HKCU\..\Run: [Winstz] C:\3611010322512673937.exe
O4 - HKCU\..\Run: [Winstp] C:\3611010322512673937.exe
O4 - HKCU\..\Run: [Winstr] C:\3611010322512673937.exe
O4 - HKCU\..\Run: [Winstx] C:\3611010322512673937.exe
O4 - HKCU\..\Run: [Winstm] C:\3611010322512673937.exe
O4 - HKCU\..\Run: [Winsts] C:\3611010322512673937.exe
O4 - HKCU\..\Run: [Winsti] C:\3611010322512673937.exe
O4 - HKCU\..\Run: [Winstn] C:\3611010322512673937.exe
O4 - HKCU\..\Run: [Winstc] C:\3611010322512673937.exe
O4 - HKCU\..\Run: [Winstf] C:\3611010322512673937.exe
O4 - HKCU\..\Run: [Winstu] C:\3611010322512673937.exe
O4 - HKCU\..\Run: [Winste] C:\3611010322512673937.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\windows\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe

Please ensure that your search start point was at C:\, otherwise that file will not be found.


Try Start>Search (and paste the following in the Search BOX)
C:\3611010322512673937.exe




SELECT HijackThis FIX ITEMS: Scan with HijackThis and place a check next to these items:

O4 - HKCU\..\Run: [Winstj] C:\3611010322512673937.exe
O4 - HKCU\..\Run: [Winstw] C:\3611010322512673937.exe
O4 - HKCU\..\Run: [Winstl] C:\3611010322512673937.exe
O4 - HKCU\..\Run: [Winstq] C:\3611010322512673937.exe
O4 - HKCU\..\Run: [Winstg] C:\3611010322512673937.exe
O4 - HKCU\..\Run: [Winstv] C:\3611010322512673937.exe
O4 - HKCU\..\Run: [Winsta] C:\3611010322512673937.exe
O4 - HKCU\..\Run: [Winstb] C:\3611010322512673937.exe
O4 - HKCU\..\Run: [Winsth] C:\3611010322512673937.exe
O4 - HKCU\..\Run: [Winstd] C:\3611010322512673937.exe
O4 - HKCU\..\Run: [Winstt] C:\3611010322512673937.exe
O4 - HKCU\..\Run: [Winsty] C:\3611010322512673937.exe
O4 - HKCU\..\Run: [Winsto] C:\3611010322512673937.exe
O4 - HKCU\..\Run: [Winstk] C:\3611010322512673937.exe
O4 - HKCU\..\Run: [Winstz] C:\3611010322512673937.exe
O4 - HKCU\..\Run: [Winstp] C:\3611010322512673937.exe
O4 - HKCU\..\Run: [Winstr] C:\3611010322512673937.exe
O4 - HKCU\..\Run: [Winstx] C:\3611010322512673937.exe
O4 - HKCU\..\Run: [Winstm] C:\3611010322512673937.exe
O4 - HKCU\..\Run: [Winsts] C:\3611010322512673937.exe
O4 - HKCU\..\Run: [Winsti] C:\3611010322512673937.exe
O4 - HKCU\..\Run: [Winstn] C:\3611010322512673937.exe
O4 - HKCU\..\Run: [Winstc] C:\3611010322512673937.exe
O4 - HKCU\..\Run: [Winstf] C:\3611010322512673937.exe
O4 - HKCU\..\Run: [Winstu] C:\3611010322512673937.exe
O4 - HKCU\..\Run: [Winste] C:\3611010322512673937.exe

Make sure that all browser windows and internet links are closed, even this one!
CLICK ’FIX CHECKED’ with HijackThis.



POST A REVISED HIJACKTHIS LOG for review:
Reboot and post a new HijackThis log with any feedback as appropriate - how things are now behaving: any new or remaining apparent issues.