Www zestyfind com cgi bin search cgi keywords dating

Rogue Remover 1.15S3Display S3Gamma2S3Info2S3Overlay Security Update for Microsoft . EXEC:\Program Files\Microsoft Windows One Care Live\Firewall\C:\Program Files\Microsoft Windows One Care Live\C:\Program Files\Softex\Omni Pass\C:\WINDOWS\Explorer. \Companion\Installs\cpn0\O2 - BHO: Adobe PDF Reader Link Helper - - C:\Program Files\Adobe\Acrobat 7.0\Active X\Acro O2 - BHO: (no name) - - C:\Program Files\Microsoft Money\System\O2 - BHO: Yahoo! \Common\O2 - BHO: SSVHelper Class - - C:\Program Files\Java\jre1.5.0_10\bin\O3 - Toolbar: HP View - - c:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpdtlk02O3 - Toolbar: Yahoo! \Companion\Installs\cpn0\O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\O4 - HKLM\..\Run: [Hot Keys Cmds] C:\WINDOWS\System32\O4 - HKLM\..\Run: [Cam Monitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\O4 - HKLM\..\Run: [HP Software Update] "c:\Program Files\HP\HP Software Update\HPWu Schd.exe"O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\hphupd05O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD. \Common\O18 - Protocol: livecall - - C:\PROGRA~1\MSNMES~1\MSGRAP~1.

NET Framework 2.0 (KB917283)Security Update for Microsoft . EXEC:\windows\system\C:\WINDOWS\System32\C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\C:\Program Files\HP\HP Software Update\HPWu C:\WINDOWS\System32\hphmon05C:\HP\KBD\KBD. EXEO4 - HKLM\..\Run: [Storage Guard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [Tk Bell Exe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Auto TKit] C:\hp\bin\AUTOTKIT. EXE C:\WINDOWS\System32\Nv Cpl.dll, Nv Startup O4 - HKLM\..\Run: [nwiz] /installquiet /keeploaded /nodetect O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\O4 - HKLM\..\Run: [Alcx Monitor] ALCXMNTR. DLLO18 - Protocol: msnim - - C:\PROGRA~1\MSNMES~1\MSGRAP~1.

NET Framework 2.0 (KB922770)Security Update for Step By Step Interactive Training (KB898458)Security Update for Step By Step Interactive Training (KB923723)Security Update for Windows Internet Explorer 7 (KB928090)Security Update for Windows Media Player (KB911564)Security Update for Windows Media Player 6.4 (KB925398)Security Update for Windows Media Player 9 (KB917734)Security Update for Windows XP (KB890046)Security Update for Windows XP (KB893756)Security Update for Windows XP (KB896358)Security Update for Windows XP (KB896423)Security Update for Windows XP (KB896424)Security Update for Windows XP (KB896428)Security Update for Windows XP (KB899587)Security Update for Windows XP (KB899591)Security Update for Windows XP (KB900725)Security Update for Windows XP (KB901017)Security Update for Windows XP (KB901214)Security Update for Windows XP (KB902400)Security Update for Windows XP (KB905414)Security Update for Windows XP (KB905749)Security Update for Windows XP (KB908519)Security Update for Windows XP (KB911562)Security Update for Windows XP (KB911927)Security Update for Windows XP (KB912919)Security Update for Windows XP (KB913580)Security Update for Windows XP (KB914388)Security Update for Windows XP (KB914389)Security Update for Windows XP (KB917344)Security Update for Windows XP (KB917422)Security Update for Windows XP (KB917953)Security Update for Windows XP (KB918118)Security Update for Windows XP (KB919007)Security Update for Windows XP (KB920213)Security Update for Windows XP (KB920670)Security Update for Windows XP (KB920683)Security Update for Windows XP (KB920685)Security Update for Windows XP (KB921398)Security Update for Windows XP (KB921883)Security Update for Windows XP (KB922616)Security Update for Windows XP (KB922819)Security Update for Windows XP (KB923191)Security Update for Windows XP (KB923414)Security Update for Windows XP (KB923689)Security Update for Windows XP (KB923694)Security Update for Windows XP (KB923980)Security Update for Windows XP (KB924191)Security Update for Windows XP (KB924270)Security Update for Windows XP (KB924496)Security Update for Windows XP (KB924667)Security Update for Windows XP (KB925902)Security Update for Windows XP (KB926255)Security Update for Windows XP (KB926436)Security Update for Windows XP (KB927779)Security Update for Windows XP (KB927802)Security Update for Windows XP (KB928090)Security Update for Windows XP (KB928255)Security Update for Windows XP (KB928843)Security Update for Windows XP (KB930178)Security Update for Windows XP (KB931261)Security Update for Windows XP (KB931784)Security Update for Windows XP (KB932168)Slyder from Hewlett-Packard Desktops (remove only)Snes9x Sonic Update Manager Spam Subtract STX from Hewlett-Packard Desktops (remove only)toolkit Total Video Converter 3.10TUGZip 3.4Ultra Flash Video FLV Converter 2.0.2Update for Windows XP (KB898461)Update for Windows XP (KB900485)Update for Windows XP (KB904942)Update for Windows XP (KB908531)Update for Windows XP (KB910437)Update for Windows XP (KB911280)Update for Windows XP (KB914882)Update for Windows XP (KB916595)Update for Windows XP (KB920872)Update for Windows XP (KB922582)Update for Windows XP (KB929338)Update for Windows XP (KB931836)Updates from HPVentrilo Client Ventrilo Server Virtual Warfare from Hewlett-Packard Desktops (remove only)Weblink Windows Defender Windows Installer 3.1 (KB893803)Windows Internet Explorer 7Windows Live Messenger Windows Live One Care Windows Media Format Runtime Windows XP Hotfix - KB873339Windows XP Hotfix - KB885835Windows XP Hotfix - KB885836Windows XP Hotfix - KB886185Windows XP Hotfix - KB887472Windows XP Hotfix - KB888302Windows XP Hotfix - KB890859Windows XP Hotfix - KB891781Windows XP Service Pack 2Word Perfect Office 11World of Warcraft Yahoo! EXEC:\Program Files\Common Files\Real\Update_OB\C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\C:\WINDOWS\System32\C:\Program Files\Quick Time\C:\Program Files\i Tunes\i Tunes C:\Program Files\Common Files\Real\Update_OB\C:\Program Files\Microsoft Windows One Care Live\C:\Program Files\i Pod\bin\i Pod C:\Program Files\Messenger\C:\WINDOWS\system32\C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08C:\Program Files\Updates from HP7903\Program\Back Web-137903C:\Program Files\Motorola Wireless\WU830G USB Adapter\Od C:\Program Files\Motorola Wireless\WU830G USB Adapter\C:\Program Files\Mozilla Firefox\C:\Documents and Settings\Owner\Desktop\Hijack R1 - HKCU\Software\Microsoft\Internet Connection Wizard, Shell Next = - HKCU\Software\Microsoft\Windows\Current Version\Internet Settings, Proxy Override = localhost R3 - URLSearch Hook: Yahoo! EXEO4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD. EXEO4 - HKLM\..\Run: [Igfx Tray] C:\WINDOWS\System32\O4 - HKLM\..\Run: [Quick Time Task] "C:\Program Files\Quick Time\qttask.exe" -atboottime O4 - HKLM\..\Run: [i Tunes Helper] "C:\Program Files\i Tunes\i Tunes Helper.exe"O4 - HKLM\..\Run: [Quick Finder Scheduler] "c:\Program Files\Word Perfect Office 11\Programs\QFSCHD110. DLLO20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\Omni Pass\O20 - Winlogon Notify: Wga Logon - C:\WINDOWS\SYSTEM32\Wga O23 - Service: i Pod Service - Apple Computer, Inc. ]127.0.0.1 browser.secondpower.com127.0.0.1 download.secondpower.com127.0.0.1 www1.secondpower.com127.0.0.1 www3.#[KB320159]127.0.0.1 adserver.securityfocus.com127.0.0.1 sesso.com127.0.0.1 [email protected]]127.0.0.1 ds.serving-sys.com127.0.0.1 quasar.sitegauge.com127.0.0.1 tracker.sitescout.com127.0.0.1 advertpro.sitepoint.com127.0.0.1 adserver.#[nictechnetworks.com]127.0.0.1 #[Parasite. Ssppyy]127.0.0.1 link.startmake.com127.0.0.1 adsintl.starwave.com127.0.0.1 c1.statcounter.com127.0.0.1 js.statistici.ro127.0.0.1 log.statistici.ro127.0.0.1 s.statistici.ro127.0.0.1 reg.stats4all.com127.0.0.1 stats4you.com127.0.0.1 ctgbn.#[Backdoor. EXE"O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [One Care UI] "C:\Program Files\Microsoft Windows One Care Live\winssnotify.exe"O4 - HKCU\..\Run: [Backup Notify] c:\Program Files\Hewlett-Packard\Digital Imaging\bin\O4 - HKCU\..\Run: [NVIEW] rundll32nview.dll,n View Load Hook O4 - HKCU\..\Run: [Real Player] "C:\Program Files\Real\Real One Player\realplay.exe" /Run UPGTool Command Re Boot O4 - HKCU\..\Run: [update Mgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\Adobe Update Ac Rd B7_0_9O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\O4 - Global Startup: Adobe Reader Speed = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_O4 - Global Startup: HP Digital Imaging = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08O4 - Global Startup: Motorola Wireless USB = ? - C:\Program Files\i Pod\bin\i Pod O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32O23 - Service: Softex Omni Pass Service (omniserv) - Unknown owner - C:\Program Files\Softex\Omni Pass\O23 - Service: Ventrilo - Unknown owner - C:\Program Files\Vent Srv\ventrilo_O23 - Service: Windows Network Log Manage - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\MSInfo\Edited by Nekoyasha, 13 April 2007 - AM. Elite Bar]127.0.0.1 install.searchmiracle.com127.0.0.1 641.searchmiracle.com127.0.0.1 10016.searchmiracle.com127.0.0.1 9310.searchmiracle.com127.0.0.1 Shop At Home Select]127.0.0.1 download1.#[ADW_SAHAGENT. A]127.0.0.1 downloads.shopathomeselect.com127.0.0.1 SAHAgent]127.0.0.1 skeech.com127.0.0.1 Zone site]127.0.0.1 smart2#[Trojan. Autoproxy]127.0.0.1 smart-browser.com127.0.0.1 update.#[Parasite. Smart Browser]127.0.0.1 smartclicks.net127.0.0.1 #[Restricted Zone site]127.0.0.1 sidebar.smarter.com127.0.0.1 com127.0.0.1 com127.0.0.1 EXEC:\Program Files\Common Files\Real\Update_OB\C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\C:\WINDOWS\System32\C:\Program Files\Quick Time\C:\Program Files\i Tunes\i Tunes C:\Program Files\Common Files\Real\Update_OB\C:\Program Files\Microsoft Windows One Care Live\C:\Program Files\i Pod\bin\i Pod C:\Program Files\Messenger\C:\WINDOWS\system32\C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08C:\Program Files\Updates from HP7903\Program\Back Web-137903C:\Program Files\Motorola Wireless\WU830G USB Adapter\Od C:\Program Files\Motorola Wireless\WU830G USB Adapter\C:\Program Files\Mozilla Firefox\C:\WINDOWS\system32\hostshosts file corrupted ! COM] C:\ C:\WINDOWS C:\WINDOWS\system C:\WINDOWS\Web C:\WINDOWS\system32 C:\Documents and Settings\Owner C:\Documents and Settings\Owner\Application Data Start Menu C:\DOCUME~1\Owner\FAVORI~1 Desktop C:\Program Files Corrupted keys Desktop Components Sharedtaskscheduler!!! H]127.0.0.1 de127.0.0.1 de127.0.0.1 theaffiliateprogram.com127.0.0.1 myaffiliateprogram.com127.0.0.1 adbot.theonion.com127.0.0.1 Risk. Attention, following keys are not inevitably infected!!! Ri Search Shared Task Scheduler's .dll[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Explorer\Shared Task Scheduler]""="frisbee"[HKEY_CLASSES_ROOT\CLSID\In Proc Server32]@="C:\WINDOWS\system32\ygjun.dll"[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\In Proc Server32]@="C:\WINDOWS\system32\ygjun.dll" App Init_DLLs!!! NET Framework 2.0Microsoft Internationalized Domain Names Mitigation APIs Microsoft Money 2003Microsoft Money 2003 System Pack Microsoft National Language Support Downlevel APIs Microsoft Plus! Supaseek]127.0.0.1 rd1.#[Surfer NETWORK Plugin]127.0.0.1 www2.surveyfocus.com127.0.0.1 www2.#[microsoft]127.0.0.1 #[phishing exploit]127.0.0.1 Squatter]127.0.0.1 adpick.switchboard.com127.0.0.1 adtag.sympatico.ca127.0.0.1 scam]127.0.0.1 Moxie]127.0.0.1 tangozebra.com127.0.0.1 #[Trojan. H]127.0.0.1 adult.targetsearch.info127.0.0.1 go.targetsearch.info127.0.0.1 #[Backdoor. EXE""Storage Guard"="\"C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe\" /r""Tk Bell Exe"="\"C:\Program Files\Common Files\Real\Update_OB\realsched.exe\" -osboot""Auto TKit"="C:\hp\bin\AUTOTKIT. EXE""Igfx Tray"="C:\WINDOWS\System32\igfxtray.exe""Quick Time Task"="\"C:\Program Files\Quick Time\qttask.exe\" -atboottime""i Tunes Helper"="\"C:\Program Files\i Tunes\i Tunes Helper.exe\"""Quick Finder Scheduler"="\"c:\Program Files\Word Perfect Office 11\Programs\QFSCHD110. \Companion\Installs\cpn0\O2 - BHO: Adobe PDF Reader Link Helper - - C:\Program Files\Adobe\Acrobat 7.0\Active X\Acro O2 - BHO: (no name) - - C:\Program Files\Microsoft Money\System\O2 - BHO: Yahoo! \Common\O2 - BHO: SSVHelper Class - - C:\Program Files\Java\jre1.5.0_10\bin\O3 - Toolbar: HP View - - c:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpdtlk02O3 - Toolbar: Yahoo! \Companion\Installs\cpn0\O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\O4 - HKLM\..\Run: [Hot Keys Cmds] C:\WINDOWS\System32\O4 - HKLM\..\Run: [Cam Monitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\O4 - HKLM\..\Run: [HP Software Update] "c:\Program Files\HP\HP Software Update\HPWu Schd.exe"O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\hphupd05O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD. \Common\O18 - Protocol: livecall - - C:\PROGRA~1\MSNMES~1\MSGRAP~1. Actual Names]127.0.0.1 ad-up.com127.0.0.1 adatom.com127.0.0.1 aesp.adatom.com127.0.0.1 adbest.com127.0.0.1 adserv.adbonus.com127.0.0.1 ad2.adcept.net127.0.0.1 ad3.adcept.net127.0.0.1 adcomplete.com127.0.0.1 ads.adcorps.com127.0.0.1 ads.addynamix.com127.0.0.1 pt.server1.adexit.com127.0.0.1 adhearus.com127.0.0.1 display2.adhearus.com127.0.0.1 ssl3.adhost.com127.0.0.1 www2.adhost.com127.0.0.1 te.adlandpro.com127.0.0.1 classic.adlink.de127.0.0.1 regio.adlink.de127.0.0.1 west.adlink.de127.0.0.1 adsfac.net127.0.0.1 Ratings]127.0.0.1 media.adrevolver.com127.0.0.1 adroar.com127.0.0.1 ads.adroar.com127.0.0.1 delta.adroar.com127.0.0.1 iads.#[Adware. A]127.0.0.1 lists.adroar.com127.0.0.1 ads.adsag.com127.0.0.1 di.adsag.com127.0.0.1 img.adsag.com127.0.0.1 adserv.com127.0.0.1 ads.adtomi.com127.0.0.1 Client Man]127.0.0.1 Zone site]127.0.0.1 www2.bannerspace.com127.0.0.1 www3.bannerspace.com127.0.0.1 www5.bannerspace.com127.0.0.1 www6.bannerspace.com127.0.0.1 www7.bannerspace.com127.0.0.1 bannerswap.com127.0.0.1 bidclix.net127.0.0.1 bigtracker.com127.0.0.1 #[Restricted Zone site]127.0.0.1 bigticker.bighits.net127.0.0.1 bounty.bighits.net127.0.0.1 download.#[hotwebsearch.com]127.0.0.1 counter.bizland.com127.0.0.1 webads.bizservers.com127.0.0.1 #[Restricted Zone site]127.0.0.1 s7.#[Easywebinstaller Control]127.0.0.1 ads.#[bluemountain]127.0.0.1 #[Parasite. Bookedspace]127.0.0.1 ro127.0.0.1 ro127.0.0.1 www1.boomerank.com127.0.0.1 boomerank.com127.0.0.1 citi.#[Tracking Service]127.0.0.1 rccl.bridgetrack.com127.0.0.1 config.#[TROJ_RVP. Daily Winner][ezcybersearch.com]127.0.0.1 dw.dailywinner.net127.0.0.1 com127.0.0.1 com127.0.0.1 com127.0.0.1 #[bserv.darkblue.com][Restricted Zone site]127.0.0.1 19828#[roar.com]127.0.0.1 16871dbbsrv.com127.0.0.1 18345dbbsrv.com127.0.0.1 collector.deepmetrix.com127.0.0.1 geo.deepmetrix.com127.0.0.1 dk127.0.0.1 dk127.0.0.1 #[email tracker]127.0.0.1 counter.digits.com127.0.0.1 Beagooz]127.0.0.1 downloadalot.com127.0.0.1 get.downloadalot.com127.0.0.1 Zone site]127.0.0.1 doc-tracker.com127.0.0.1 #[spam]127.0.0.1 drmx01#[spam]127.0.0.1 gfx.dvlabs.com127.0.0.1 klipads.dvlabs.com127.0.0.1 e2#[Adware-E2Give][Spyware.e2give]127.0.0.1 adv1.eblocs.com127.0.0.1 banners.easydns.com127.0.0.1 banner.easyspace.com127.0.0.1 adserv1.#[Web Savings]127.0.0.1 Mess Stopper]127.0.0.1 adserver.filefront.com127.0.0.1 ]127.0.0.1 firstname.com127.0.0.1 clicks.firstname.com127.0.0.1 flashtrack.net127.0.0.1 ads.#[Adware. Ducky]127.0.0.1 ads.mcafee.com127.0.0.1 directads.mcafee.com127.0.0.1 ads.mediaodyssey.com127.0.0.1 Tickets Installer Control]127.0.0.1 ads.mediaturf.net127.0.0.1 banner.#[IEHIjacker.

EXE\"""Windows Defender"="\"C:\Program Files\Windows Defender\MSASCui.exe\" -hide""One Care UI"="\"C:\Program Files\Microsoft Windows One Care Live\winssnotify.exe\"" [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]"DWQueued Reporting"="\"C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe\" -t"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"Disable Task Mgr"=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]""="frisbee"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]""="Microsoft Anti Malware Shell Execute Hook"HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]"Security Providers"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages REG_MULTI_SZ msv1_0

EXE\"""Windows Defender"="\"C:\Program Files\Windows Defender\MSASCui.exe\" -hide""One Care UI"="\"C:\Program Files\Microsoft Windows One Care Live\winssnotify.exe\"" [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]"DWQueued Reporting"="\"C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe\" -t"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"Disable Task Mgr"=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]""="frisbee"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]""="Microsoft Anti Malware Shell Execute Hook"HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]"Security Providers"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages REG_MULTI_SZ msv1_0

EXE\"""Windows Defender"="\"C:\Program Files\Windows Defender\MSASCui.exe\" -hide""One Care UI"="\"C:\Program Files\Microsoft Windows One Care Live\winssnotify.exe\"" [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]"DWQueued Reporting"="\"C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe\" -t"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"Disable Task Mgr"=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]""="frisbee"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]""="Microsoft Anti Malware Shell Execute Hook"HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]"Security Providers"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages REG_MULTI_SZ msv1_0

EXE\"""Windows Defender"="\"C:\Program Files\Windows Defender\MSASCui.exe\" -hide""One Care UI"="\"C:\Program Files\Microsoft Windows One Care Live\winssnotify.exe\"" [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]"DWQueued Reporting"="\"C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe\" -t"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"Disable Task Mgr"=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]""="frisbee"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]""="Microsoft Anti Malware Shell Execute Hook"HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]"Security Providers"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages REG_MULTI_SZ msv1_0

EXE\"""Windows Defender"="\"C:\Program Files\Windows Defender\MSASCui.exe\" -hide""One Care UI"="\"C:\Program Files\Microsoft Windows One Care Live\winssnotify.exe\"" [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]"DWQueued Reporting"="\"C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe\" -t"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"Disable Task Mgr"=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]""="frisbee"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]""="Microsoft Anti Malware Shell Execute Hook"HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]"Security Providers"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages REG_MULTI_SZ msv1_0

EXE\"""Windows Defender"="\"C:\Program Files\Windows Defender\MSASCui.exe\" -hide""One Care UI"="\"C:\Program Files\Microsoft Windows One Care Live\winssnotify.exe\"" [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]"DWQueued Reporting"="\"C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe\" -t"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"Disable Task Mgr"=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]""="frisbee"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]""="Microsoft Anti Malware Shell Execute Hook"HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]"Security Providers"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages REG_MULTI_SZ msv1_0

EXE\"""Windows Defender"="\"C:\Program Files\Windows Defender\MSASCui.exe\" -hide""One Care UI"="\"C:\Program Files\Microsoft Windows One Care Live\winssnotify.exe\"" [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]"DWQueued Reporting"="\"C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe\" -t"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"Disable Task Mgr"=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]""="frisbee"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]""="Microsoft Anti Malware Shell Execute Hook"HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]"Security Providers"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages REG_MULTI_SZ msv1_0

EXE\"""Windows Defender"="\"C:\Program Files\Windows Defender\MSASCui.exe\" -hide""One Care UI"="\"C:\Program Files\Microsoft Windows One Care Live\winssnotify.exe\"" [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]"DWQueued Reporting"="\"C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe\" -t"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"Disable Task Mgr"=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]""="frisbee"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]""="Microsoft Anti Malware Shell Execute Hook"HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]"Security Providers"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages REG_MULTI_SZ msv1_0

EXE\"""Windows Defender"="\"C:\Program Files\Windows Defender\MSASCui.exe\" -hide""One Care UI"="\"C:\Program Files\Microsoft Windows One Care Live\winssnotify.exe\"" [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]"DWQueued Reporting"="\"C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe\" -t"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"Disable Task Mgr"=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]""="frisbee"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]""="Microsoft Anti Malware Shell Execute Hook"HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]"Security Providers"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages REG_MULTI_SZ msv1_0

EXE\"""Windows Defender"="\"C:\Program Files\Windows Defender\MSASCui.exe\" -hide""One Care UI"="\"C:\Program Files\Microsoft Windows One Care Live\winssnotify.exe\"" [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]"DWQueued Reporting"="\"C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe\" -t"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"Disable Task Mgr"=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]""="frisbee"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]""="Microsoft Anti Malware Shell Execute Hook"HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]"Security Providers"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages REG_MULTI_SZ msv1_0

EXE\"""Windows Defender"="\"C:\Program Files\Windows Defender\MSASCui.exe\" -hide""One Care UI"="\"C:\Program Files\Microsoft Windows One Care Live\winssnotify.exe\"" [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]"DWQueued Reporting"="\"C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe\" -t"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"Disable Task Mgr"=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]""="frisbee"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]""="Microsoft Anti Malware Shell Execute Hook"HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]"Security Providers"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages REG_MULTI_SZ msv1_0

EXE\"""Windows Defender"="\"C:\Program Files\Windows Defender\MSASCui.exe\" -hide""One Care UI"="\"C:\Program Files\Microsoft Windows One Care Live\winssnotify.exe\"" [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]"DWQueued Reporting"="\"C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe\" -t"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"Disable Task Mgr"=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]""="frisbee"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]""="Microsoft Anti Malware Shell Execute Hook"HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]"Security Providers"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages REG_MULTI_SZ msv1_0

EXE\"""Windows Defender"="\"C:\Program Files\Windows Defender\MSASCui.exe\" -hide""One Care UI"="\"C:\Program Files\Microsoft Windows One Care Live\winssnotify.exe\"" [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]"DWQueued Reporting"="\"C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe\" -t"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"Disable Task Mgr"=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]""="frisbee"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]""="Microsoft Anti Malware Shell Execute Hook"HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]"Security Providers"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages REG_MULTI_SZ msv1_0

EXE\"""Windows Defender"="\"C:\Program Files\Windows Defender\MSASCui.exe\" -hide""One Care UI"="\"C:\Program Files\Microsoft Windows One Care Live\winssnotify.exe\"" [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]"DWQueued Reporting"="\"C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe\" -t"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"Disable Task Mgr"=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]""="frisbee"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]""="Microsoft Anti Malware Shell Execute Hook"HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]"Security Providers"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages REG_MULTI_SZ msv1_0

EXE\"""Windows Defender"="\"C:\Program Files\Windows Defender\MSASCui.exe\" -hide""One Care UI"="\"C:\Program Files\Microsoft Windows One Care Live\winssnotify.exe\"" [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]"DWQueued Reporting"="\"C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe\" -t"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"Disable Task Mgr"=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]""="frisbee"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]""="Microsoft Anti Malware Shell Execute Hook"HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]"Security Providers"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages REG_MULTI_SZ msv1_0

EXE\"""Windows Defender"="\"C:\Program Files\Windows Defender\MSASCui.exe\" -hide""One Care UI"="\"C:\Program Files\Microsoft Windows One Care Live\winssnotify.exe\"" [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]"DWQueued Reporting"="\"C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe\" -t"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"Disable Task Mgr"=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]""="frisbee"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]""="Microsoft Anti Malware Shell Execute Hook"HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]"Security Providers"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages REG_MULTI_SZ msv1_0

EXE\"""Windows Defender"="\"C:\Program Files\Windows Defender\MSASCui.exe\" -hide""One Care UI"="\"C:\Program Files\Microsoft Windows One Care Live\winssnotify.exe\"" [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]"DWQueued Reporting"="\"C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe\" -t"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"Disable Task Mgr"=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]""="frisbee"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]""="Microsoft Anti Malware Shell Execute Hook"HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]"Security Providers"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages REG_MULTI_SZ msv1_0

EXE\"""Windows Defender"="\"C:\Program Files\Windows Defender\MSASCui.exe\" -hide""One Care UI"="\"C:\Program Files\Microsoft Windows One Care Live\winssnotify.exe\"" [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]"DWQueued Reporting"="\"C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe\" -t"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"Disable Task Mgr"=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]""="frisbee"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]""="Microsoft Anti Malware Shell Execute Hook"HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]"Security Providers"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages REG_MULTI_SZ msv1_0

EXE\"""Windows Defender"="\"C:\Program Files\Windows Defender\MSASCui.exe\" -hide""One Care UI"="\"C:\Program Files\Microsoft Windows One Care Live\winssnotify.exe\"" [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]"DWQueued Reporting"="\"C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe\" -t"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"Disable Task Mgr"=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]""="frisbee"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]""="Microsoft Anti Malware Shell Execute Hook"HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]"Security Providers"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages REG_MULTI_SZ msv1_0

EXE\"""Windows Defender"="\"C:\Program Files\Windows Defender\MSASCui.exe\" -hide""One Care UI"="\"C:\Program Files\Microsoft Windows One Care Live\winssnotify.exe\"" [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]"DWQueued Reporting"="\"C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe\" -t"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"Disable Task Mgr"=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]""="frisbee"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]""="Microsoft Anti Malware Shell Execute Hook"HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]"Security Providers"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages REG_MULTI_SZ msv1_0

EXE\"""Windows Defender"="\"C:\Program Files\Windows Defender\MSASCui.exe\" -hide""One Care UI"="\"C:\Program Files\Microsoft Windows One Care Live\winssnotify.exe\"" [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]"DWQueued Reporting"="\"C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe\" -t"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"Disable Task Mgr"=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]""="frisbee"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]""="Microsoft Anti Malware Shell Execute Hook"HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]"Security Providers"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages REG_MULTI_SZ msv1_0

EXE\"""Windows Defender"="\"C:\Program Files\Windows Defender\MSASCui.exe\" -hide""One Care UI"="\"C:\Program Files\Microsoft Windows One Care Live\winssnotify.exe\"" [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]"DWQueued Reporting"="\"C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe\" -t"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"Disable Task Mgr"=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]""="frisbee"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]""="Microsoft Anti Malware Shell Execute Hook"HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]"Security Providers"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages REG_MULTI_SZ msv1_0

EXE\"""Windows Defender"="\"C:\Program Files\Windows Defender\MSASCui.exe\" -hide""One Care UI"="\"C:\Program Files\Microsoft Windows One Care Live\winssnotify.exe\"" [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]"DWQueued Reporting"="\"C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe\" -t"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"Disable Task Mgr"=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]""="frisbee"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]""="Microsoft Anti Malware Shell Execute Hook"HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]"Security Providers"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages REG_MULTI_SZ msv1_0

EXE\"""Windows Defender"="\"C:\Program Files\Windows Defender\MSASCui.exe\" -hide""One Care UI"="\"C:\Program Files\Microsoft Windows One Care Live\winssnotify.exe\"" [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]"DWQueued Reporting"="\"C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe\" -t"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"Disable Task Mgr"=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]""="frisbee"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]""="Microsoft Anti Malware Shell Execute Hook"HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]"Security Providers"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages REG_MULTI_SZ msv1_0

EXE\"""Windows Defender"="\"C:\Program Files\Windows Defender\MSASCui.exe\" -hide""One Care UI"="\"C:\Program Files\Microsoft Windows One Care Live\winssnotify.exe\"" [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]"DWQueued Reporting"="\"C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe\" -t"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"Disable Task Mgr"=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]""="frisbee"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]""="Microsoft Anti Malware Shell Execute Hook"HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]"Security Providers"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages REG_MULTI_SZ msv1_0

EXE\"""Windows Defender"="\"C:\Program Files\Windows Defender\MSASCui.exe\" -hide""One Care UI"="\"C:\Program Files\Microsoft Windows One Care Live\winssnotify.exe\"" [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]"DWQueued Reporting"="\"C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe\" -t"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"Disable Task Mgr"=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]""="frisbee"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]""="Microsoft Anti Malware Shell Execute Hook"HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]"Security Providers"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages REG_MULTI_SZ msv1_0

EXE\"""Windows Defender"="\"C:\Program Files\Windows Defender\MSASCui.exe\" -hide""One Care UI"="\"C:\Program Files\Microsoft Windows One Care Live\winssnotify.exe\"" [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]"DWQueued Reporting"="\"C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe\" -t"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"Disable Task Mgr"=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]""="frisbee"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]""="Microsoft Anti Malware Shell Execute Hook"HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]"Security Providers"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages REG_MULTI_SZ msv1_0

EXE\"""Windows Defender"="\"C:\Program Files\Windows Defender\MSASCui.exe\" -hide""One Care UI"="\"C:\Program Files\Microsoft Windows One Care Live\winssnotify.exe\"" [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]"DWQueued Reporting"="\"C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe\" -t"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"Disable Task Mgr"=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]""="frisbee"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]""="Microsoft Anti Malware Shell Execute Hook"HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]"Security Providers"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages REG_MULTI_SZ msv1_0

EXE\"""Windows Defender"="\"C:\Program Files\Windows Defender\MSASCui.exe\" -hide""One Care UI"="\"C:\Program Files\Microsoft Windows One Care Live\winssnotify.exe\"" [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]"DWQueued Reporting"="\"C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe\" -t"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"Disable Task Mgr"=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]""="frisbee"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]""="Microsoft Anti Malware Shell Execute Hook"HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]"Security Providers"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages REG_MULTI_SZ msv1_0

EXE\"""Windows Defender"="\"C:\Program Files\Windows Defender\MSASCui.exe\" -hide""One Care UI"="\"C:\Program Files\Microsoft Windows One Care Live\winssnotify.exe\"" [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]"DWQueued Reporting"="\"C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe\" -t"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"Disable Task Mgr"=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]""="frisbee"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]""="Microsoft Anti Malware Shell Execute Hook"HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]"Security Providers"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages REG_MULTI_SZ msv1_0[[

EXE\"""Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide""One Care UI"="\"C:\\Program Files\\Microsoft Windows One Care Live\\winssnotify.exe\"" [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]"DWQueued Reporting"="\"C:\\PROGRA~1\\COMMON~1\\MICROS~1\\DW\\dwtrig20.exe\" -t"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"Disable Task Mgr"=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]""="frisbee"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]""="Microsoft Anti Malware Shell Execute Hook"HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]"Security Providers"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages REG_MULTI_SZ msv1_0\0\0 Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0 Notification Packages REG_MULTI_SZ scecli\0\0HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\One Care MP [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\Current Version\Svchost]Local Service REG_MULTI_SZ Alerter\0Web Client\0Lm Hosts\0Remote Registry\0upnphost\0SSDPSRV\0\0Network Service REG_MULTI_SZ Dns Cache\0\0rpcss REG_MULTI_SZ Rpc Ss\0\0imgsvc REG_MULTI_SZ Sti Svc\0\0termsvcs REG_MULTI_SZ Term Service\0\0HTTPFilter REG_MULTI_SZ HTTPFilter\0\0Dcom Launch REG_MULTI_SZ Dcom Launch\0Term Service\0\0Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\MP Scheduled Quick C:\WINDOWS\tasks\MP Scheduled C:\WINDOWS\tasks\MP Scheduled Signature C:\WINDOWS\tasks\Symantec Net Detect.job********************************************************************catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006 hidden processes ...scanning hidden services ...scanning hidden autostart entries ...scanning hidden files ..completed successfullyhidden processes: 0hidden services: 0hidden files: 0********************************************************************Completion time: 07-04-13 C:\Combo ... EXEO4 - HKLM\..\Run: [Storage Guard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [Tk Bell Exe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Auto TKit] C:\hp\bin\AUTOTKIT. EXE C:\WINDOWS\System32\Nv Cpl.dll, Nv Startup O4 - HKLM\..\Run: [nwiz] /installquiet /keeploaded /nodetect O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\O4 - HKLM\..\Run: [Alcx Monitor] ALCXMNTR. DLLO18 - Protocol: msnim - - C:\PROGRA~1\MSNMES~1\MSGRAP~1. Adtomi]127.0.0.1 downldcl.adtoolsinc.com127.0.0.1 survey.advantageresearch.com127.0.0.1 ad.tw127.0.0.1 ads.advertise.net127.0.0.1 #[Adware. Arm Bender]127.0.0.1 audiogalaxy.com127.0.0.1 Zone site]127.0.0.1 adserving.autotrader.com127.0.0.1 Moe Money]127.0.0.1 Page-DA]127.0.0.1 c.#[ah-ha.com]127.0.0.1 #[xzoomy.com]127.0.0.1 epeople.com127.0.0.1 errorpage404#[JS_TRAFFICHBAR. Tiny Bar]127.0.0.1 er.errorplace.com127.0.0.1 vipuk.#[123Messenger Hijacker]127.0.0.1 antivirus spyware]127.0.0.1 Page-EZ][server down? Meerhits.nl]127.0.0.1 pokpok.meerhits.nl127.0.0.1 exit.megago.com127.0.0.1 squatter]127.0.0.1 Zone site]127.0.0.1 If so, click it, then click the next icon right below and select "Move incurable". Please copy/paste the content of that report into your next reply.*****************************Launch HJThis,click 'Open the Misc Tools Section'. EXEC:\Program Files\Microsoft Windows One Care Live\Firewall\C:\Program Files\Microsoft Windows One Care Live\C:\Program Files\Softex\Omni Pass\C:\WINDOWS\Explorer. Download Plus]127.0.0.1 ad.tomshardware.com127.0.0.1 #[IEDLL. EXEC:\windows\system\C:\WINDOWS\System32\C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\C:\Program Files\HP\HP Software Update\HPWu C:\WINDOWS\System32\hphmon05C:\HP\KBD\KBD. 07-04-13 Hijack logs Logfile of Hijack This v1.99.1Scan saved at AM, on 4/13/2007Platform: Windows XP SP2 (Win NT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16414)Running processes: C:\WINDOWS\System32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\Program Files\Microsoft Windows One Care Live\Antivirus\Ms Mp C:\WINDOWS\system32\C:\Program Files\Softex\Omni Pass\C:\WINDOWS\C:\Documents and Settings\Owner\Desktop\Hijack R1 - HKCU\Software\Microsoft\Internet Connection Wizard, Shell Next = - HKCU\Software\Microsoft\Windows\Current Version\Internet Settings, Proxy Override = localhost R3 - URLSearch Hook: Yahoo! EXEO4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD. EXEO4 - HKLM\..\Run: [Igfx Tray] C:\WINDOWS\System32\O4 - HKLM\..\Run: [Quick Time Task] "C:\Program Files\Quick Time\qttask.exe" -atboottime O4 - HKLM\..\Run: [i Tunes Helper] "C:\Program Files\i Tunes\i Tunes Helper.exe"O4 - HKLM\..\Run: [Quick Finder Scheduler] "c:\Program Files\Word Perfect Office 11\Programs\QFSCHD110. DLLO20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\Omni Pass\O20 - Winlogon Notify: Wga Logon - C:\WINDOWS\SYSTEM32\Wga O23 - Service: i Pod Service - Apple Computer, Inc. Advision]127.0.0.1 adviva.com127.0.0.1 ads.adviva.net127.0.0.1 adstats.adviva.net127.0.0.1 tracker.#[msvrl.dll]127.0.0.1 banners.affiliatefuel.com127.0.0.1 affiliatetarget.com127.0.0.1 fcds.affiliatetracking.net127.0.0.1 our.affiliatetracking.net127.0.0.1 partner.#[Troj/Subsear-A][Adware-SSF.dr]127.0.0.1 adserver.aim4media.com127.0.0.1 adtest.aim4media.com127.0.0.1 pops.aim4media.com127.0.0.1 crs.akamai.com127.0.0.1 soap.#[Spyware. Auto Startup]127.0.0.1 cploving.#[Trojan Clicker. ]127.0.0.1 perso.estat.com127.0.0.1 prof.estat.com127.0.0.1 Zone site]127.0.0.1 eu-adcenter.net127.0.0.1 thinknyc.eu-adcenter.net127.0.0.1 ugo.#[evidence-eliminator.com]127.0.0.1 Bar][Installer X Class]127.0.0.1 engage.everyone.net127.0.0.1 static.everyone.net127.0.0.1 exitexchange.com127.0.0.1 count.exitexchange.com127.0.0.1 images.exitexchange.com127.0.0.1 Zone site]127.0.0.1 #[EZCyber Search. A]127.0.0.1 net #[Grolier Network]127.0.0.1 micorsoft.com127.0.0.1 hijacker]127.0.0.1 adserver.mindshare.de127.0.0.1 Mini-Player]127.0.0.1 banner.missingkids.com127.0.0.1 ads.monster.com127.0.0.1 adserver.monster.com127.0.0.1 adserver.monster.com127.0.0.1 ads.monstermoving.com127.0.0.1 cookie.monster.com127.0.0.1 mp3today.net127.0.0.1 mpamexit.com127.0.0.1 msgtag.com127.0.0.1 img.#[Restricted Zone site]127.0.0.1 multi1co.uk127.0.0.1 #[Multimpp Obj Class][Adv Ware. Now Box]127.0.0.1 mediatickets.nubela.net127.0.0.1 nz127.0.0.1 okcounter.com127.0.0.1 net #[Trojan. C]127.0.0.1 stat.onestat.com127.0.0.1 one.ru127.0.0.1 ru127.0.0.1 stats0ru127.0.0.1 stats1ru127.0.0.1 stats2ru127.0.0.1 server1.opentracker.net127.0.0.1 ccc00.opinionlab.com127.0.0.1 rate.opinionlab.com127.0.0.1 net127.0.0.1 Organizer Class]127.0.0.1 com127.0.0.1 com127.0.0.1 otx5.otxresearch.com127.0.0.1 otx.#[OTXMedia.dll]127.0.0.1 Class]127.0.0.1 adpopper.#[bargain-buddy.net]127.0.0.1 click.payserve.com127.0.0.1 ad1com127.0.0.1 ad3com127.0.0.1 com127.0.0.1 ad4com127.0.0.1 ads5com127.0.0.1 com127.0.0.1 net127.0.0.1 ads.#[addynamix.com]127.0.0.1 banners.pennyweb.com127.0.0.1 D]127.0.0.1 ads.photosight.ru127.0.0.1 phpadsnew.com127.0.0.1 #[Backdoor. EXE"O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [One Care UI] "C:\Program Files\Microsoft Windows One Care Live\winssnotify.exe"O4 - HKCU\..\Run: [Backup Notify] c:\Program Files\Hewlett-Packard\Digital Imaging\bin\O4 - HKCU\..\Run: [NVIEW] rundll32nview.dll,n View Load Hook O4 - HKCU\..\Run: [Real Player] "C:\Program Files\Real\Real One Player\realplay.exe" /Run UPGTool Command Re Boot O4 - HKCU\..\Run: [update Mgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\Adobe Update Ac Rd B7_0_9O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\O4 - Startup: Auto O4 - Global Startup: Adobe Reader Speed = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_O4 - Global Startup: HP Digital Imaging = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08O4 - Global Startup: Motorola Wireless USB = ? - C:\Program Files\i Pod\bin\i Pod O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32O23 - Service: Softex Omni Pass Service (omniserv) - Unknown owner - C:\Program Files\Softex\Omni Pass\O23 - Service: Ventrilo - Unknown owner - C:\Program Files\Vent Srv\ventrilo_O23 - Service: Windows Network Log Manage - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\MSInfo\Smit Fraud Fix v2.166Scan done at .25, Fri 04/13/2007Run from C:\Documents and Settings\Owner\Desktop\Smitfraud Fix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NTThe filesystem type is NTFSFix run in safe mode Shared Task Scheduler Before Smit Fraud Fix!!! Alexa][Alexa Toolbar]127.0.0.1 #[Backdoor-CIE]127.0.0.1 ads.as4#[Ticketmaster]127.0.0.1 net127.0.0.1 net127.0.0.1 ads.amazingmedia.com127.0.0.1 bohema.#[Trojan. H]127.0.0.1 adserver04.#[Real Media]127.0.0.1 ads.antionline.com127.0.0.1 net127.0.0.1 banner.arttoday.com127.0.0.1 #[amazon.com]127.0.0.1 #[UCSearch][W32. Surebar]127.0.0.1 ads.ezcybersearch.com127.0.0.1 everyone.net127.0.0.1 Search]127.0.0.1 ads.au127.0.0.1 au127.0.0.1 redirect.au127.0.0.1 campaigns.f2au127.0.0.1 Search][TROJ_STARTPAG. Bi Spy.o]127.0.0.1 mvtracker.com127.0.0.1 mvr3#[Nav Excel\n-CASE]127.0.0.1 #[Parasite. No Adware]127.0.0.1 ad.nobreak.com127.0.0.1 #[spam][server down? O4 - Global Startup: Quicken Scheduled = C:\Program Files\Quicken\O4 - Global Startup: Updates from = C:\Program Files\Updates from HP\137903\Program\Back Web-137903O8 - Extra context menu item: &Yahoo! Attention, following keys are not inevitably infected!!! Ri Search Shared Task Scheduler's .dll[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Explorer\Shared Task Scheduler]""="frisbee"[HKEY_CLASSES_ROOT\CLSID\\In Proc Server32]@="C:\WINDOWS\system32\ygjun.dll"[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\\In Proc Server32]@="C:\WINDOWS\system32\ygjun.dll" Killing process hosts127.0.0.1 downloads.aaa1#[Bargin Buddy]127.0.0.1 dl.aaascreensavers.com127.0.0.1 abcsearch.com127.0.0.1 admin.abcsearch.com127.0.0.1 www3.#[Browseraid]127.0.0.1 abc517#[Trojan. Nav Excel]127.0.0.1 us127.0.0.1 ads.mydailyhoroscope.net127.0.0.1 Horoscope]127.0.0.1 com127.0.0.1 myhitlogger.com127.0.0.1 #[Parasite. My Page Finder]127.0.0.1 hit.namimedia.com127.0.0.1 ads.nandomedia.com127.0.0.1 #[Adware. Needed Ware]127.0.0.1 www6.netbroadcaster.com127.0.0.1 code.au127.0.0.1 money2.netfirms.com127.0.0.1 partner.netmechanic.com127.0.0.1 tracker.netmechanic.com127.0.0.1 counter.netmore.net127.0.0.1 ads.netsol.com127.0.0.1 ads.uk127.0.0.1 adq.nextag.com127.0.0.1 #[TROJ_DELF.

||

EXE\"""Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide""One Care UI"="\"C:\\Program Files\\Microsoft Windows One Care Live\\winssnotify.exe\"" [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]"DWQueued Reporting"="\"C:\\PROGRA~1\\COMMON~1\\MICROS~1\\DW\\dwtrig20.exe\" -t"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"Disable Task Mgr"=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]""="frisbee"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]""="Microsoft Anti Malware Shell Execute Hook"HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]"Security Providers"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages REG_MULTI_SZ msv1_0\0\0 Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0 Notification Packages REG_MULTI_SZ scecli\0\0HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\One Care MP [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\Current Version\Svchost]Local Service REG_MULTI_SZ Alerter\0Web Client\0Lm Hosts\0Remote Registry\0upnphost\0SSDPSRV\0\0Network Service REG_MULTI_SZ Dns Cache\0\0rpcss REG_MULTI_SZ Rpc Ss\0\0imgsvc REG_MULTI_SZ Sti Svc\0\0termsvcs REG_MULTI_SZ Term Service\0\0HTTPFilter REG_MULTI_SZ HTTPFilter\0\0Dcom Launch REG_MULTI_SZ Dcom Launch\0Term Service\0\0Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\MP Scheduled Quick C:\WINDOWS\tasks\MP Scheduled C:\WINDOWS\tasks\MP Scheduled Signature C:\WINDOWS\tasks\Symantec Net Detect.job********************************************************************catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006 hidden processes ...scanning hidden services ...scanning hidden autostart entries ...scanning hidden files ..completed successfullyhidden processes: 0hidden services: 0hidden files: 0********************************************************************Completion time: 07-04-13 C:\Combo ... EXEO4 - HKLM\..\Run: [Storage Guard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [Tk Bell Exe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Auto TKit] C:\hp\bin\AUTOTKIT. EXE C:\WINDOWS\System32\Nv Cpl.dll, Nv Startup O4 - HKLM\..\Run: [nwiz] /installquiet /keeploaded /nodetect O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\O4 - HKLM\..\Run: [Alcx Monitor] ALCXMNTR. DLLO18 - Protocol: msnim - - C:\PROGRA~1\MSNMES~1\MSGRAP~1. Adtomi]127.0.0.1 downldcl.adtoolsinc.com127.0.0.1 survey.advantageresearch.com127.0.0.1 ad.tw127.0.0.1 ads.advertise.net127.0.0.1 #[Adware. Arm Bender]127.0.0.1 audiogalaxy.com127.0.0.1 Zone site]127.0.0.1 adserving.autotrader.com127.0.0.1 Moe Money]127.0.0.1 Page-DA]127.0.0.1 c.#[ah-ha.com]127.0.0.1 #[xzoomy.com]127.0.0.1 epeople.com127.0.0.1 errorpage404#[JS_TRAFFICHBAR. Tiny Bar]127.0.0.1 er.errorplace.com127.0.0.1 vipuk.#[123Messenger Hijacker]127.0.0.1 antivirus spyware]127.0.0.1 Page-EZ][server down? Meerhits.nl]127.0.0.1 pokpok.meerhits.nl127.0.0.1 exit.megago.com127.0.0.1 squatter]127.0.0.1 Zone site]127.0.0.1

If so, click it, then click the next icon right below and select "Move incurable". Please copy/paste the content of that report into your next reply.*****************************Launch HJThis,click 'Open the Misc Tools Section'. EXEC:\Program Files\Microsoft Windows One Care Live\Firewall\C:\Program Files\Microsoft Windows One Care Live\C:\Program Files\Softex\Omni Pass\C:\WINDOWS\Explorer. Download Plus]127.0.0.1 ad.tomshardware.com127.0.0.1 #[IEDLL.

EXEC:\windows\system\C:\WINDOWS\System32\C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\C:\Program Files\HP\HP Software Update\HPWu C:\WINDOWS\System32\hphmon05C:\HP\KBD\KBD.

07-04-13 Hijack logs Logfile of Hijack This v1.99.1Scan saved at AM, on 4/13/2007Platform: Windows XP SP2 (Win NT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16414)Running processes: C:\WINDOWS\System32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\Program Files\Microsoft Windows One Care Live\Antivirus\Ms Mp C:\WINDOWS\system32\C:\Program Files\Softex\Omni Pass\C:\WINDOWS\C:\Documents and Settings\Owner\Desktop\Hijack R1 - HKCU\Software\Microsoft\Internet Connection Wizard, Shell Next = - HKCU\Software\Microsoft\Windows\Current Version\Internet Settings, Proxy Override = localhost R3 - URLSearch Hook: Yahoo! EXEO4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD. EXEO4 - HKLM\..\Run: [Igfx Tray] C:\WINDOWS\System32\O4 - HKLM\..\Run: [Quick Time Task] "C:\Program Files\Quick Time\qttask.exe" -atboottime O4 - HKLM\..\Run: [i Tunes Helper] "C:\Program Files\i Tunes\i Tunes Helper.exe"O4 - HKLM\..\Run: [Quick Finder Scheduler] "c:\Program Files\Word Perfect Office 11\Programs\QFSCHD110. DLLO20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\Omni Pass\O20 - Winlogon Notify: Wga Logon - C:\WINDOWS\SYSTEM32\Wga O23 - Service: i Pod Service - Apple Computer, Inc. Advision]127.0.0.1 adviva.com127.0.0.1 ads.adviva.net127.0.0.1 adstats.adviva.net127.0.0.1 tracker.#[msvrl.dll]127.0.0.1 banners.affiliatefuel.com127.0.0.1 affiliatetarget.com127.0.0.1 fcds.affiliatetracking.net127.0.0.1 our.affiliatetracking.net127.0.0.1 partner.#[Troj/Subsear-A][Adware-SSF.dr]127.0.0.1 adserver.aim4media.com127.0.0.1 adtest.aim4media.com127.0.0.1 pops.aim4media.com127.0.0.1 crs.akamai.com127.0.0.1 soap.#[Spyware. Auto Startup]127.0.0.1 cploving.#[Trojan Clicker. ]127.0.0.1 perso.estat.com127.0.0.1 prof.estat.com127.0.0.1 Zone site]127.0.0.1 eu-adcenter.net127.0.0.1 thinknyc.eu-adcenter.net127.0.0.1 ugo.#[evidence-eliminator.com]127.0.0.1 Bar][Installer X Class]127.0.0.1 engage.everyone.net127.0.0.1 static.everyone.net127.0.0.1 exitexchange.com127.0.0.1 count.exitexchange.com127.0.0.1 images.exitexchange.com127.0.0.1 Zone site]127.0.0.1 #[EZCyber Search. A]127.0.0.1 net #[Grolier Network]127.0.0.1 micorsoft.com127.0.0.1 hijacker]127.0.0.1 adserver.mindshare.de127.0.0.1 Mini-Player]127.0.0.1 banner.missingkids.com127.0.0.1 ads.monster.com127.0.0.1 adserver.monster.com127.0.0.1 adserver.monster.com127.0.0.1 ads.monstermoving.com127.0.0.1 cookie.monster.com127.0.0.1 mp3today.net127.0.0.1 mpamexit.com127.0.0.1 msgtag.com127.0.0.1 img.#[Restricted Zone site]127.0.0.1 multi1co.uk127.0.0.1 #[Multimpp Obj Class][Adv Ware. Now Box]127.0.0.1 mediatickets.nubela.net127.0.0.1 nz127.0.0.1 okcounter.com127.0.0.1 net #[Trojan. C]127.0.0.1 stat.onestat.com127.0.0.1 one.ru127.0.0.1 ru127.0.0.1 stats0ru127.0.0.1 stats1ru127.0.0.1 stats2ru127.0.0.1 server1.opentracker.net127.0.0.1 ccc00.opinionlab.com127.0.0.1 rate.opinionlab.com127.0.0.1 net127.0.0.1 Organizer Class]127.0.0.1 com127.0.0.1 com127.0.0.1 otx5.otxresearch.com127.0.0.1 otx.#[OTXMedia.dll]127.0.0.1 Class]127.0.0.1 adpopper.#[bargain-buddy.net]127.0.0.1 click.payserve.com127.0.0.1 ad1com127.0.0.1 ad3com127.0.0.1 com127.0.0.1 ad4com127.0.0.1 ads5com127.0.0.1 com127.0.0.1 net127.0.0.1 ads.#[addynamix.com]127.0.0.1 banners.pennyweb.com127.0.0.1 D]127.0.0.1 ads.photosight.ru127.0.0.1 phpadsnew.com127.0.0.1 #[Backdoor.

EXE"O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [One Care UI] "C:\Program Files\Microsoft Windows One Care Live\winssnotify.exe"O4 - HKCU\..\Run: [Backup Notify] c:\Program Files\Hewlett-Packard\Digital Imaging\bin\O4 - HKCU\..\Run: [NVIEW] rundll32nview.dll,n View Load Hook O4 - HKCU\..\Run: [Real Player] "C:\Program Files\Real\Real One Player\realplay.exe" /Run UPGTool Command Re Boot O4 - HKCU\..\Run: [update Mgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\Adobe Update Ac Rd B7_0_9O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\O4 - Startup: Auto O4 - Global Startup: Adobe Reader Speed = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_O4 - Global Startup: HP Digital Imaging = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08O4 - Global Startup: Motorola Wireless USB = ? - C:\Program Files\i Pod\bin\i Pod O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32O23 - Service: Softex Omni Pass Service (omniserv) - Unknown owner - C:\Program Files\Softex\Omni Pass\O23 - Service: Ventrilo - Unknown owner - C:\Program Files\Vent Srv\ventrilo_O23 - Service: Windows Network Log Manage - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\MSInfo\Smit Fraud Fix v2.166Scan done at .25, Fri 04/13/2007Run from C:\Documents and Settings\Owner\Desktop\Smitfraud Fix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NTThe filesystem type is NTFSFix run in safe mode Shared Task Scheduler Before Smit Fraud Fix!!! Alexa][Alexa Toolbar]127.0.0.1 #[Backdoor-CIE]127.0.0.1 ads.as4#[Ticketmaster]127.0.0.1 net127.0.0.1 net127.0.0.1 ads.amazingmedia.com127.0.0.1 bohema.#[Trojan. H]127.0.0.1 adserver04.#[Real Media]127.0.0.1 ads.antionline.com127.0.0.1 net127.0.0.1 banner.arttoday.com127.0.0.1 #[amazon.com]127.0.0.1 #[UCSearch][W32. Surebar]127.0.0.1 ads.ezcybersearch.com127.0.0.1 everyone.net127.0.0.1 Search]127.0.0.1 ads.au127.0.0.1 au127.0.0.1 redirect.au127.0.0.1 campaigns.f2au127.0.0.1 Search][TROJ_STARTPAG. Bi Spy.o]127.0.0.1 mvtracker.com127.0.0.1 mvr3#[Nav Excel\n-CASE]127.0.0.1 #[Parasite. No Adware]127.0.0.1 ad.nobreak.com127.0.0.1 #[spam][server down?

O4 - Global Startup: Quicken Scheduled = C:\Program Files\Quicken\O4 - Global Startup: Updates from = C:\Program Files\Updates from HP\137903\Program\Back Web-137903O8 - Extra context menu item: &Yahoo! Attention, following keys are not inevitably infected!!! Ri Search Shared Task Scheduler's .dll[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Explorer\Shared Task Scheduler]""="frisbee"[HKEY_CLASSES_ROOT\CLSID\\In Proc Server32]@="C:\WINDOWS\system32\ygjun.dll"[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\\In Proc Server32]@="C:\WINDOWS\system32\ygjun.dll" Killing process hosts127.0.0.1 downloads.aaa1#[Bargin Buddy]127.0.0.1 dl.aaascreensavers.com127.0.0.1 abcsearch.com127.0.0.1 admin.abcsearch.com127.0.0.1 www3.#[Browseraid]127.0.0.1 abc517#[Trojan. Nav Excel]127.0.0.1 us127.0.0.1 ads.mydailyhoroscope.net127.0.0.1 Horoscope]127.0.0.1 com127.0.0.1 myhitlogger.com127.0.0.1 #[Parasite. My Page Finder]127.0.0.1 hit.namimedia.com127.0.0.1 ads.nandomedia.com127.0.0.1 #[Adware. Needed Ware]127.0.0.1 www6.netbroadcaster.com127.0.0.1 code.au127.0.0.1 money2.netfirms.com127.0.0.1 partner.netmechanic.com127.0.0.1 tracker.netmechanic.com127.0.0.1 counter.netmore.net127.0.0.1 ads.netsol.com127.0.0.1 ads.uk127.0.0.1 adq.nextag.com127.0.0.1 #[TROJ_DELF.

]][[

EXE\"""Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide""One Care UI"="\"C:\\Program Files\\Microsoft Windows One Care Live\\winssnotify.exe\"" [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]"DWQueued Reporting"="\"C:\\PROGRA~1\\COMMON~1\\MICROS~1\\DW\\dwtrig20.exe\" -t"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"Disable Task Mgr"=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]""="frisbee"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]""="Microsoft Anti Malware Shell Execute Hook"HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]"Security Providers"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages REG_MULTI_SZ msv1_0\0\0 Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0 Notification Packages REG_MULTI_SZ scecli\0\0HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\One Care MP [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\Current Version\Svchost]Local Service REG_MULTI_SZ Alerter\0Web Client\0Lm Hosts\0Remote Registry\0upnphost\0SSDPSRV\0\0Network Service REG_MULTI_SZ Dns Cache\0\0rpcss REG_MULTI_SZ Rpc Ss\0\0imgsvc REG_MULTI_SZ Sti Svc\0\0termsvcs REG_MULTI_SZ Term Service\0\0HTTPFilter REG_MULTI_SZ HTTPFilter\0\0Dcom Launch REG_MULTI_SZ Dcom Launch\0Term Service\0\0Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\MP Scheduled Quick C:\WINDOWS\tasks\MP Scheduled C:\WINDOWS\tasks\MP Scheduled Signature C:\WINDOWS\tasks\Symantec Net Detect.job********************************************************************catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006 hidden processes ...scanning hidden services ...scanning hidden autostart entries ...scanning hidden files ..completed successfullyhidden processes: 0hidden services: 0hidden files: 0********************************************************************Completion time: 07-04-13 C:\Combo ... EXEO4 - HKLM\..\Run: [Storage Guard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [Tk Bell Exe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Auto TKit] C:\hp\bin\AUTOTKIT. EXE C:\WINDOWS\System32\Nv Cpl.dll, Nv Startup O4 - HKLM\..\Run: [nwiz] /installquiet /keeploaded /nodetect O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\O4 - HKLM\..\Run: [Alcx Monitor] ALCXMNTR. DLLO18 - Protocol: msnim - - C:\PROGRA~1\MSNMES~1\MSGRAP~1. Adtomi]127.0.0.1 downldcl.adtoolsinc.com127.0.0.1 survey.advantageresearch.com127.0.0.1 ad.tw127.0.0.1 ads.advertise.net127.0.0.1 #[Adware. Arm Bender]127.0.0.1 audiogalaxy.com127.0.0.1 Zone site]127.0.0.1 adserving.autotrader.com127.0.0.1 Moe Money]127.0.0.1 Page-DA]127.0.0.1 c.#[ah-ha.com]127.0.0.1 #[xzoomy.com]127.0.0.1 epeople.com127.0.0.1 errorpage404#[JS_TRAFFICHBAR. Tiny Bar]127.0.0.1 er.errorplace.com127.0.0.1 vipuk.#[123Messenger Hijacker]127.0.0.1 antivirus spyware]127.0.0.1 Page-EZ][server down? Meerhits.nl]127.0.0.1 pokpok.meerhits.nl127.0.0.1 exit.megago.com127.0.0.1 squatter]127.0.0.1 Zone site]127.0.0.1 If so, click it, then click the next icon right below and select "Move incurable". Please copy/paste the content of that report into your next reply.*****************************Launch HJThis,click 'Open the Misc Tools Section'. EXEC:\Program Files\Microsoft Windows One Care Live\Firewall\C:\Program Files\Microsoft Windows One Care Live\C:\Program Files\Softex\Omni Pass\C:\WINDOWS\Explorer. Download Plus]127.0.0.1 ad.tomshardware.com127.0.0.1 #[IEDLL. EXEC:\windows\system\C:\WINDOWS\System32\C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\C:\Program Files\HP\HP Software Update\HPWu C:\WINDOWS\System32\hphmon05C:\HP\KBD\KBD. 07-04-13 Hijack logs Logfile of Hijack This v1.99.1Scan saved at AM, on 4/13/2007Platform: Windows XP SP2 (Win NT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16414)Running processes: C:\WINDOWS\System32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\Program Files\Microsoft Windows One Care Live\Antivirus\Ms Mp C:\WINDOWS\system32\C:\Program Files\Softex\Omni Pass\C:\WINDOWS\C:\Documents and Settings\Owner\Desktop\Hijack R1 - HKCU\Software\Microsoft\Internet Connection Wizard, Shell Next = - HKCU\Software\Microsoft\Windows\Current Version\Internet Settings, Proxy Override = localhost R3 - URLSearch Hook: Yahoo! EXEO4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD. EXEO4 - HKLM\..\Run: [Igfx Tray] C:\WINDOWS\System32\O4 - HKLM\..\Run: [Quick Time Task] "C:\Program Files\Quick Time\qttask.exe" -atboottime O4 - HKLM\..\Run: [i Tunes Helper] "C:\Program Files\i Tunes\i Tunes Helper.exe"O4 - HKLM\..\Run: [Quick Finder Scheduler] "c:\Program Files\Word Perfect Office 11\Programs\QFSCHD110. DLLO20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\Omni Pass\O20 - Winlogon Notify: Wga Logon - C:\WINDOWS\SYSTEM32\Wga O23 - Service: i Pod Service - Apple Computer, Inc. Advision]127.0.0.1 adviva.com127.0.0.1 ads.adviva.net127.0.0.1 adstats.adviva.net127.0.0.1 tracker.#[msvrl.dll]127.0.0.1 banners.affiliatefuel.com127.0.0.1 affiliatetarget.com127.0.0.1 fcds.affiliatetracking.net127.0.0.1 our.affiliatetracking.net127.0.0.1 partner.#[Troj/Subsear-A][Adware-SSF.dr]127.0.0.1 adserver.aim4media.com127.0.0.1 adtest.aim4media.com127.0.0.1 pops.aim4media.com127.0.0.1 crs.akamai.com127.0.0.1 soap.#[Spyware. Auto Startup]127.0.0.1 cploving.#[Trojan Clicker. ]127.0.0.1 perso.estat.com127.0.0.1 prof.estat.com127.0.0.1 Zone site]127.0.0.1 eu-adcenter.net127.0.0.1 thinknyc.eu-adcenter.net127.0.0.1 ugo.#[evidence-eliminator.com]127.0.0.1 Bar][Installer X Class]127.0.0.1 engage.everyone.net127.0.0.1 static.everyone.net127.0.0.1 exitexchange.com127.0.0.1 count.exitexchange.com127.0.0.1 images.exitexchange.com127.0.0.1 Zone site]127.0.0.1 #[EZCyber Search. A]127.0.0.1 net #[Grolier Network]127.0.0.1 micorsoft.com127.0.0.1 hijacker]127.0.0.1 adserver.mindshare.de127.0.0.1 Mini-Player]127.0.0.1 banner.missingkids.com127.0.0.1 ads.monster.com127.0.0.1 adserver.monster.com127.0.0.1 adserver.monster.com127.0.0.1 ads.monstermoving.com127.0.0.1 cookie.monster.com127.0.0.1 mp3today.net127.0.0.1 mpamexit.com127.0.0.1 msgtag.com127.0.0.1 img.#[Restricted Zone site]127.0.0.1 multi1co.uk127.0.0.1 #[Multimpp Obj Class][Adv Ware. Now Box]127.0.0.1 mediatickets.nubela.net127.0.0.1 nz127.0.0.1 okcounter.com127.0.0.1 net #[Trojan. C]127.0.0.1 stat.onestat.com127.0.0.1 one.ru127.0.0.1 ru127.0.0.1 stats0ru127.0.0.1 stats1ru127.0.0.1 stats2ru127.0.0.1 server1.opentracker.net127.0.0.1 ccc00.opinionlab.com127.0.0.1 rate.opinionlab.com127.0.0.1 net127.0.0.1 Organizer Class]127.0.0.1 com127.0.0.1 com127.0.0.1 otx5.otxresearch.com127.0.0.1 otx.#[OTXMedia.dll]127.0.0.1 Class]127.0.0.1 adpopper.#[bargain-buddy.net]127.0.0.1 click.payserve.com127.0.0.1 ad1com127.0.0.1 ad3com127.0.0.1 com127.0.0.1 ad4com127.0.0.1 ads5com127.0.0.1 com127.0.0.1 net127.0.0.1 ads.#[addynamix.com]127.0.0.1 banners.pennyweb.com127.0.0.1 D]127.0.0.1 ads.photosight.ru127.0.0.1 phpadsnew.com127.0.0.1 #[Backdoor. EXE"O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [One Care UI] "C:\Program Files\Microsoft Windows One Care Live\winssnotify.exe"O4 - HKCU\..\Run: [Backup Notify] c:\Program Files\Hewlett-Packard\Digital Imaging\bin\O4 - HKCU\..\Run: [NVIEW] rundll32nview.dll,n View Load Hook O4 - HKCU\..\Run: [Real Player] "C:\Program Files\Real\Real One Player\realplay.exe" /Run UPGTool Command Re Boot O4 - HKCU\..\Run: [update Mgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\Adobe Update Ac Rd B7_0_9O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\O4 - Startup: Auto O4 - Global Startup: Adobe Reader Speed = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_O4 - Global Startup: HP Digital Imaging = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08O4 - Global Startup: Motorola Wireless USB = ? - C:\Program Files\i Pod\bin\i Pod O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32O23 - Service: Softex Omni Pass Service (omniserv) - Unknown owner - C:\Program Files\Softex\Omni Pass\O23 - Service: Ventrilo - Unknown owner - C:\Program Files\Vent Srv\ventrilo_O23 - Service: Windows Network Log Manage - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\MSInfo\Smit Fraud Fix v2.166Scan done at .25, Fri 04/13/2007Run from C:\Documents and Settings\Owner\Desktop\Smitfraud Fix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NTThe filesystem type is NTFSFix run in safe mode Shared Task Scheduler Before Smit Fraud Fix!!! Alexa][Alexa Toolbar]127.0.0.1 #[Backdoor-CIE]127.0.0.1 ads.as4#[Ticketmaster]127.0.0.1 net127.0.0.1 net127.0.0.1 ads.amazingmedia.com127.0.0.1 bohema.#[Trojan. H]127.0.0.1 adserver04.#[Real Media]127.0.0.1 ads.antionline.com127.0.0.1 net127.0.0.1 banner.arttoday.com127.0.0.1 #[amazon.com]127.0.0.1 #[UCSearch][W32. Surebar]127.0.0.1 ads.ezcybersearch.com127.0.0.1 everyone.net127.0.0.1 Search]127.0.0.1 ads.au127.0.0.1 au127.0.0.1 redirect.au127.0.0.1 campaigns.f2au127.0.0.1 Search][TROJ_STARTPAG. Bi Spy.o]127.0.0.1 mvtracker.com127.0.0.1 mvr3#[Nav Excel\n-CASE]127.0.0.1 #[Parasite. No Adware]127.0.0.1 ad.nobreak.com127.0.0.1 #[spam][server down? O4 - Global Startup: Quicken Scheduled = C:\Program Files\Quicken\O4 - Global Startup: Updates from = C:\Program Files\Updates from HP\137903\Program\Back Web-137903O8 - Extra context menu item: &Yahoo! Attention, following keys are not inevitably infected!!! Ri Search Shared Task Scheduler's .dll[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Explorer\Shared Task Scheduler]""="frisbee"[HKEY_CLASSES_ROOT\CLSID\\In Proc Server32]@="C:\WINDOWS\system32\ygjun.dll"[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\\In Proc Server32]@="C:\WINDOWS\system32\ygjun.dll" Killing process hosts127.0.0.1 downloads.aaa1#[Bargin Buddy]127.0.0.1 dl.aaascreensavers.com127.0.0.1 abcsearch.com127.0.0.1 admin.abcsearch.com127.0.0.1 www3.#[Browseraid]127.0.0.1 abc517#[Trojan. Nav Excel]127.0.0.1 us127.0.0.1 ads.mydailyhoroscope.net127.0.0.1 Horoscope]127.0.0.1 com127.0.0.1 myhitlogger.com127.0.0.1 #[Parasite. My Page Finder]127.0.0.1 hit.namimedia.com127.0.0.1 ads.nandomedia.com127.0.0.1 #[Adware. Needed Ware]127.0.0.1 www6.netbroadcaster.com127.0.0.1 code.au127.0.0.1 money2.netfirms.com127.0.0.1 partner.netmechanic.com127.0.0.1 tracker.netmechanic.com127.0.0.1 counter.netmore.net127.0.0.1 ads.netsol.com127.0.0.1 ads.uk127.0.0.1 adq.nextag.com127.0.0.1 #[TROJ_DELF.

||

EXE\"""Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide""One Care UI"="\"C:\\Program Files\\Microsoft Windows One Care Live\\winssnotify.exe\"" [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]"DWQueued Reporting"="\"C:\\PROGRA~1\\COMMON~1\\MICROS~1\\DW\\dwtrig20.exe\" -t"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"Disable Task Mgr"=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]""="frisbee"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]""="Microsoft Anti Malware Shell Execute Hook"HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]"Security Providers"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages REG_MULTI_SZ msv1_0\0\0 Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0 Notification Packages REG_MULTI_SZ scecli\0\0HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\One Care MP [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\Current Version\Svchost]Local Service REG_MULTI_SZ Alerter\0Web Client\0Lm Hosts\0Remote Registry\0upnphost\0SSDPSRV\0\0Network Service REG_MULTI_SZ Dns Cache\0\0rpcss REG_MULTI_SZ Rpc Ss\0\0imgsvc REG_MULTI_SZ Sti Svc\0\0termsvcs REG_MULTI_SZ Term Service\0\0HTTPFilter REG_MULTI_SZ HTTPFilter\0\0Dcom Launch REG_MULTI_SZ Dcom Launch\0Term Service\0\0Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\MP Scheduled Quick C:\WINDOWS\tasks\MP Scheduled C:\WINDOWS\tasks\MP Scheduled Signature C:\WINDOWS\tasks\Symantec Net Detect.job********************************************************************catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006 hidden processes ...scanning hidden services ...scanning hidden autostart entries ...scanning hidden files ..completed successfullyhidden processes: 0hidden services: 0hidden files: 0********************************************************************Completion time: 07-04-13 C:\Combo ... EXEO4 - HKLM\..\Run: [Storage Guard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [Tk Bell Exe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Auto TKit] C:\hp\bin\AUTOTKIT. EXE C:\WINDOWS\System32\Nv Cpl.dll, Nv Startup O4 - HKLM\..\Run: [nwiz] /installquiet /keeploaded /nodetect O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\O4 - HKLM\..\Run: [Alcx Monitor] ALCXMNTR. DLLO18 - Protocol: msnim - - C:\PROGRA~1\MSNMES~1\MSGRAP~1. Adtomi]127.0.0.1 downldcl.adtoolsinc.com127.0.0.1 survey.advantageresearch.com127.0.0.1 ad.tw127.0.0.1 ads.advertise.net127.0.0.1 #[Adware. Arm Bender]127.0.0.1 audiogalaxy.com127.0.0.1 Zone site]127.0.0.1 adserving.autotrader.com127.0.0.1 Moe Money]127.0.0.1 Page-DA]127.0.0.1 c.#[ah-ha.com]127.0.0.1 #[xzoomy.com]127.0.0.1 epeople.com127.0.0.1 errorpage404#[JS_TRAFFICHBAR. Tiny Bar]127.0.0.1 er.errorplace.com127.0.0.1 vipuk.#[123Messenger Hijacker]127.0.0.1 antivirus spyware]127.0.0.1 Page-EZ][server down? Meerhits.nl]127.0.0.1 pokpok.meerhits.nl127.0.0.1 exit.megago.com127.0.0.1 squatter]127.0.0.1 Zone site]127.0.0.1

If so, click it, then click the next icon right below and select "Move incurable". Please copy/paste the content of that report into your next reply.*****************************Launch HJThis,click 'Open the Misc Tools Section'. EXEC:\Program Files\Microsoft Windows One Care Live\Firewall\C:\Program Files\Microsoft Windows One Care Live\C:\Program Files\Softex\Omni Pass\C:\WINDOWS\Explorer. Download Plus]127.0.0.1 ad.tomshardware.com127.0.0.1 #[IEDLL.

EXEC:\windows\system\C:\WINDOWS\System32\C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\C:\Program Files\HP\HP Software Update\HPWu C:\WINDOWS\System32\hphmon05C:\HP\KBD\KBD.

07-04-13 Hijack logs Logfile of Hijack This v1.99.1Scan saved at AM, on 4/13/2007Platform: Windows XP SP2 (Win NT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16414)Running processes: C:\WINDOWS\System32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\Program Files\Microsoft Windows One Care Live\Antivirus\Ms Mp C:\WINDOWS\system32\C:\Program Files\Softex\Omni Pass\C:\WINDOWS\C:\Documents and Settings\Owner\Desktop\Hijack R1 - HKCU\Software\Microsoft\Internet Connection Wizard, Shell Next = - HKCU\Software\Microsoft\Windows\Current Version\Internet Settings, Proxy Override = localhost R3 - URLSearch Hook: Yahoo! EXEO4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD. EXEO4 - HKLM\..\Run: [Igfx Tray] C:\WINDOWS\System32\O4 - HKLM\..\Run: [Quick Time Task] "C:\Program Files\Quick Time\qttask.exe" -atboottime O4 - HKLM\..\Run: [i Tunes Helper] "C:\Program Files\i Tunes\i Tunes Helper.exe"O4 - HKLM\..\Run: [Quick Finder Scheduler] "c:\Program Files\Word Perfect Office 11\Programs\QFSCHD110. DLLO20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\Omni Pass\O20 - Winlogon Notify: Wga Logon - C:\WINDOWS\SYSTEM32\Wga O23 - Service: i Pod Service - Apple Computer, Inc. Advision]127.0.0.1 adviva.com127.0.0.1 ads.adviva.net127.0.0.1 adstats.adviva.net127.0.0.1 tracker.#[msvrl.dll]127.0.0.1 banners.affiliatefuel.com127.0.0.1 affiliatetarget.com127.0.0.1 fcds.affiliatetracking.net127.0.0.1 our.affiliatetracking.net127.0.0.1 partner.#[Troj/Subsear-A][Adware-SSF.dr]127.0.0.1 adserver.aim4media.com127.0.0.1 adtest.aim4media.com127.0.0.1 pops.aim4media.com127.0.0.1 crs.akamai.com127.0.0.1 soap.#[Spyware. Auto Startup]127.0.0.1 cploving.#[Trojan Clicker. ]127.0.0.1 perso.estat.com127.0.0.1 prof.estat.com127.0.0.1 Zone site]127.0.0.1 eu-adcenter.net127.0.0.1 thinknyc.eu-adcenter.net127.0.0.1 ugo.#[evidence-eliminator.com]127.0.0.1 Bar][Installer X Class]127.0.0.1 engage.everyone.net127.0.0.1 static.everyone.net127.0.0.1 exitexchange.com127.0.0.1 count.exitexchange.com127.0.0.1 images.exitexchange.com127.0.0.1 Zone site]127.0.0.1 #[EZCyber Search. A]127.0.0.1 net #[Grolier Network]127.0.0.1 micorsoft.com127.0.0.1 hijacker]127.0.0.1 adserver.mindshare.de127.0.0.1 Mini-Player]127.0.0.1 banner.missingkids.com127.0.0.1 ads.monster.com127.0.0.1 adserver.monster.com127.0.0.1 adserver.monster.com127.0.0.1 ads.monstermoving.com127.0.0.1 cookie.monster.com127.0.0.1 mp3today.net127.0.0.1 mpamexit.com127.0.0.1 msgtag.com127.0.0.1 img.#[Restricted Zone site]127.0.0.1 multi1co.uk127.0.0.1 #[Multimpp Obj Class][Adv Ware. Now Box]127.0.0.1 mediatickets.nubela.net127.0.0.1 nz127.0.0.1 okcounter.com127.0.0.1 net #[Trojan. C]127.0.0.1 stat.onestat.com127.0.0.1 one.ru127.0.0.1 ru127.0.0.1 stats0ru127.0.0.1 stats1ru127.0.0.1 stats2ru127.0.0.1 server1.opentracker.net127.0.0.1 ccc00.opinionlab.com127.0.0.1 rate.opinionlab.com127.0.0.1 net127.0.0.1 Organizer Class]127.0.0.1 com127.0.0.1 com127.0.0.1 otx5.otxresearch.com127.0.0.1 otx.#[OTXMedia.dll]127.0.0.1 Class]127.0.0.1 adpopper.#[bargain-buddy.net]127.0.0.1 click.payserve.com127.0.0.1 ad1com127.0.0.1 ad3com127.0.0.1 com127.0.0.1 ad4com127.0.0.1 ads5com127.0.0.1 com127.0.0.1 net127.0.0.1 ads.#[addynamix.com]127.0.0.1 banners.pennyweb.com127.0.0.1 D]127.0.0.1 ads.photosight.ru127.0.0.1 phpadsnew.com127.0.0.1 #[Backdoor.

EXE"O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [One Care UI] "C:\Program Files\Microsoft Windows One Care Live\winssnotify.exe"O4 - HKCU\..\Run: [Backup Notify] c:\Program Files\Hewlett-Packard\Digital Imaging\bin\O4 - HKCU\..\Run: [NVIEW] rundll32nview.dll,n View Load Hook O4 - HKCU\..\Run: [Real Player] "C:\Program Files\Real\Real One Player\realplay.exe" /Run UPGTool Command Re Boot O4 - HKCU\..\Run: [update Mgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\Adobe Update Ac Rd B7_0_9O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\O4 - Startup: Auto O4 - Global Startup: Adobe Reader Speed = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_O4 - Global Startup: HP Digital Imaging = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08O4 - Global Startup: Motorola Wireless USB = ? - C:\Program Files\i Pod\bin\i Pod O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32O23 - Service: Softex Omni Pass Service (omniserv) - Unknown owner - C:\Program Files\Softex\Omni Pass\O23 - Service: Ventrilo - Unknown owner - C:\Program Files\Vent Srv\ventrilo_O23 - Service: Windows Network Log Manage - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\MSInfo\Smit Fraud Fix v2.166Scan done at .25, Fri 04/13/2007Run from C:\Documents and Settings\Owner\Desktop\Smitfraud Fix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NTThe filesystem type is NTFSFix run in safe mode Shared Task Scheduler Before Smit Fraud Fix!!! Alexa][Alexa Toolbar]127.0.0.1 #[Backdoor-CIE]127.0.0.1 ads.as4#[Ticketmaster]127.0.0.1 net127.0.0.1 net127.0.0.1 ads.amazingmedia.com127.0.0.1 bohema.#[Trojan. H]127.0.0.1 adserver04.#[Real Media]127.0.0.1 ads.antionline.com127.0.0.1 net127.0.0.1 banner.arttoday.com127.0.0.1 #[amazon.com]127.0.0.1 #[UCSearch][W32. Surebar]127.0.0.1 ads.ezcybersearch.com127.0.0.1 everyone.net127.0.0.1 Search]127.0.0.1 ads.au127.0.0.1 au127.0.0.1 redirect.au127.0.0.1 campaigns.f2au127.0.0.1 Search][TROJ_STARTPAG. Bi Spy.o]127.0.0.1 mvtracker.com127.0.0.1 mvr3#[Nav Excel\n-CASE]127.0.0.1 #[Parasite. No Adware]127.0.0.1 ad.nobreak.com127.0.0.1 #[spam][server down?

O4 - Global Startup: Quicken Scheduled = C:\Program Files\Quicken\O4 - Global Startup: Updates from = C:\Program Files\Updates from HP\137903\Program\Back Web-137903O8 - Extra context menu item: &Yahoo! Attention, following keys are not inevitably infected!!! Ri Search Shared Task Scheduler's .dll[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Explorer\Shared Task Scheduler]""="frisbee"[HKEY_CLASSES_ROOT\CLSID\\In Proc Server32]@="C:\WINDOWS\system32\ygjun.dll"[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\\In Proc Server32]@="C:\WINDOWS\system32\ygjun.dll" Killing process hosts127.0.0.1 downloads.aaa1#[Bargin Buddy]127.0.0.1 dl.aaascreensavers.com127.0.0.1 abcsearch.com127.0.0.1 admin.abcsearch.com127.0.0.1 www3.#[Browseraid]127.0.0.1 abc517#[Trojan. Nav Excel]127.0.0.1 us127.0.0.1 ads.mydailyhoroscope.net127.0.0.1 Horoscope]127.0.0.1 com127.0.0.1 myhitlogger.com127.0.0.1 #[Parasite. My Page Finder]127.0.0.1 hit.namimedia.com127.0.0.1 ads.nandomedia.com127.0.0.1 #[Adware. Needed Ware]127.0.0.1 www6.netbroadcaster.com127.0.0.1 code.au127.0.0.1 money2.netfirms.com127.0.0.1 partner.netmechanic.com127.0.0.1 tracker.netmechanic.com127.0.0.1 counter.netmore.net127.0.0.1 ads.netsol.com127.0.0.1 ads.uk127.0.0.1 adq.nextag.com127.0.0.1 #[TROJ_DELF.

]] Security Packages REG_MULTI_SZ kerberos[[

EXE\"""Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide""One Care UI"="\"C:\\Program Files\\Microsoft Windows One Care Live\\winssnotify.exe\"" [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]"DWQueued Reporting"="\"C:\\PROGRA~1\\COMMON~1\\MICROS~1\\DW\\dwtrig20.exe\" -t"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"Disable Task Mgr"=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]""="frisbee"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]""="Microsoft Anti Malware Shell Execute Hook"HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]"Security Providers"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages REG_MULTI_SZ msv1_0\0\0 Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0 Notification Packages REG_MULTI_SZ scecli\0\0HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\One Care MP [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\Current Version\Svchost]Local Service REG_MULTI_SZ Alerter\0Web Client\0Lm Hosts\0Remote Registry\0upnphost\0SSDPSRV\0\0Network Service REG_MULTI_SZ Dns Cache\0\0rpcss REG_MULTI_SZ Rpc Ss\0\0imgsvc REG_MULTI_SZ Sti Svc\0\0termsvcs REG_MULTI_SZ Term Service\0\0HTTPFilter REG_MULTI_SZ HTTPFilter\0\0Dcom Launch REG_MULTI_SZ Dcom Launch\0Term Service\0\0Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\MP Scheduled Quick C:\WINDOWS\tasks\MP Scheduled C:\WINDOWS\tasks\MP Scheduled Signature C:\WINDOWS\tasks\Symantec Net Detect.job********************************************************************catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006 hidden processes ...scanning hidden services ...scanning hidden autostart entries ...scanning hidden files ..completed successfullyhidden processes: 0hidden services: 0hidden files: 0********************************************************************Completion time: 07-04-13 C:\Combo ... EXEO4 - HKLM\..\Run: [Storage Guard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [Tk Bell Exe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Auto TKit] C:\hp\bin\AUTOTKIT. EXE C:\WINDOWS\System32\Nv Cpl.dll, Nv Startup O4 - HKLM\..\Run: [nwiz] /installquiet /keeploaded /nodetect O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\O4 - HKLM\..\Run: [Alcx Monitor] ALCXMNTR. DLLO18 - Protocol: msnim - - C:\PROGRA~1\MSNMES~1\MSGRAP~1. Adtomi]127.0.0.1 downldcl.adtoolsinc.com127.0.0.1 survey.advantageresearch.com127.0.0.1 ad.tw127.0.0.1 ads.advertise.net127.0.0.1 #[Adware. Arm Bender]127.0.0.1 audiogalaxy.com127.0.0.1 Zone site]127.0.0.1 adserving.autotrader.com127.0.0.1 Moe Money]127.0.0.1 Page-DA]127.0.0.1 c.#[ah-ha.com]127.0.0.1 #[xzoomy.com]127.0.0.1 epeople.com127.0.0.1 errorpage404#[JS_TRAFFICHBAR. Tiny Bar]127.0.0.1 er.errorplace.com127.0.0.1 vipuk.#[123Messenger Hijacker]127.0.0.1 antivirus spyware]127.0.0.1 Page-EZ][server down? Meerhits.nl]127.0.0.1 pokpok.meerhits.nl127.0.0.1 exit.megago.com127.0.0.1 squatter]127.0.0.1 Zone site]127.0.0.1 If so, click it, then click the next icon right below and select "Move incurable". Please copy/paste the content of that report into your next reply.*****************************Launch HJThis,click 'Open the Misc Tools Section'. EXEC:\Program Files\Microsoft Windows One Care Live\Firewall\C:\Program Files\Microsoft Windows One Care Live\C:\Program Files\Softex\Omni Pass\C:\WINDOWS\Explorer. Download Plus]127.0.0.1 ad.tomshardware.com127.0.0.1 #[IEDLL. EXEC:\windows\system\C:\WINDOWS\System32\C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\C:\Program Files\HP\HP Software Update\HPWu C:\WINDOWS\System32\hphmon05C:\HP\KBD\KBD. 07-04-13 Hijack logs Logfile of Hijack This v1.99.1Scan saved at AM, on 4/13/2007Platform: Windows XP SP2 (Win NT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16414)Running processes: C:\WINDOWS\System32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\Program Files\Microsoft Windows One Care Live\Antivirus\Ms Mp C:\WINDOWS\system32\C:\Program Files\Softex\Omni Pass\C:\WINDOWS\C:\Documents and Settings\Owner\Desktop\Hijack R1 - HKCU\Software\Microsoft\Internet Connection Wizard, Shell Next = - HKCU\Software\Microsoft\Windows\Current Version\Internet Settings, Proxy Override = localhost R3 - URLSearch Hook: Yahoo! EXEO4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD. EXEO4 - HKLM\..\Run: [Igfx Tray] C:\WINDOWS\System32\O4 - HKLM\..\Run: [Quick Time Task] "C:\Program Files\Quick Time\qttask.exe" -atboottime O4 - HKLM\..\Run: [i Tunes Helper] "C:\Program Files\i Tunes\i Tunes Helper.exe"O4 - HKLM\..\Run: [Quick Finder Scheduler] "c:\Program Files\Word Perfect Office 11\Programs\QFSCHD110. DLLO20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\Omni Pass\O20 - Winlogon Notify: Wga Logon - C:\WINDOWS\SYSTEM32\Wga O23 - Service: i Pod Service - Apple Computer, Inc. Advision]127.0.0.1 adviva.com127.0.0.1 ads.adviva.net127.0.0.1 adstats.adviva.net127.0.0.1 tracker.#[msvrl.dll]127.0.0.1 banners.affiliatefuel.com127.0.0.1 affiliatetarget.com127.0.0.1 fcds.affiliatetracking.net127.0.0.1 our.affiliatetracking.net127.0.0.1 partner.#[Troj/Subsear-A][Adware-SSF.dr]127.0.0.1 adserver.aim4media.com127.0.0.1 adtest.aim4media.com127.0.0.1 pops.aim4media.com127.0.0.1 crs.akamai.com127.0.0.1 soap.#[Spyware. Auto Startup]127.0.0.1 cploving.#[Trojan Clicker. ]127.0.0.1 perso.estat.com127.0.0.1 prof.estat.com127.0.0.1 Zone site]127.0.0.1 eu-adcenter.net127.0.0.1 thinknyc.eu-adcenter.net127.0.0.1 ugo.#[evidence-eliminator.com]127.0.0.1 Bar][Installer X Class]127.0.0.1 engage.everyone.net127.0.0.1 static.everyone.net127.0.0.1 exitexchange.com127.0.0.1 count.exitexchange.com127.0.0.1 images.exitexchange.com127.0.0.1 Zone site]127.0.0.1 #[EZCyber Search. A]127.0.0.1 net #[Grolier Network]127.0.0.1 micorsoft.com127.0.0.1 hijacker]127.0.0.1 adserver.mindshare.de127.0.0.1 Mini-Player]127.0.0.1 banner.missingkids.com127.0.0.1 ads.monster.com127.0.0.1 adserver.monster.com127.0.0.1 adserver.monster.com127.0.0.1 ads.monstermoving.com127.0.0.1 cookie.monster.com127.0.0.1 mp3today.net127.0.0.1 mpamexit.com127.0.0.1 msgtag.com127.0.0.1 img.#[Restricted Zone site]127.0.0.1 multi1co.uk127.0.0.1 #[Multimpp Obj Class][Adv Ware. Now Box]127.0.0.1 mediatickets.nubela.net127.0.0.1 nz127.0.0.1 okcounter.com127.0.0.1 net #[Trojan. C]127.0.0.1 stat.onestat.com127.0.0.1 one.ru127.0.0.1 ru127.0.0.1 stats0ru127.0.0.1 stats1ru127.0.0.1 stats2ru127.0.0.1 server1.opentracker.net127.0.0.1 ccc00.opinionlab.com127.0.0.1 rate.opinionlab.com127.0.0.1 net127.0.0.1 Organizer Class]127.0.0.1 com127.0.0.1 com127.0.0.1 otx5.otxresearch.com127.0.0.1 otx.#[OTXMedia.dll]127.0.0.1 Class]127.0.0.1 adpopper.#[bargain-buddy.net]127.0.0.1 click.payserve.com127.0.0.1 ad1com127.0.0.1 ad3com127.0.0.1 com127.0.0.1 ad4com127.0.0.1 ads5com127.0.0.1 com127.0.0.1 net127.0.0.1 ads.#[addynamix.com]127.0.0.1 banners.pennyweb.com127.0.0.1 D]127.0.0.1 ads.photosight.ru127.0.0.1 phpadsnew.com127.0.0.1 #[Backdoor. EXE"O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [One Care UI] "C:\Program Files\Microsoft Windows One Care Live\winssnotify.exe"O4 - HKCU\..\Run: [Backup Notify] c:\Program Files\Hewlett-Packard\Digital Imaging\bin\O4 - HKCU\..\Run: [NVIEW] rundll32nview.dll,n View Load Hook O4 - HKCU\..\Run: [Real Player] "C:\Program Files\Real\Real One Player\realplay.exe" /Run UPGTool Command Re Boot O4 - HKCU\..\Run: [update Mgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\Adobe Update Ac Rd B7_0_9O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\O4 - Startup: Auto O4 - Global Startup: Adobe Reader Speed = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_O4 - Global Startup: HP Digital Imaging = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08O4 - Global Startup: Motorola Wireless USB = ? - C:\Program Files\i Pod\bin\i Pod O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32O23 - Service: Softex Omni Pass Service (omniserv) - Unknown owner - C:\Program Files\Softex\Omni Pass\O23 - Service: Ventrilo - Unknown owner - C:\Program Files\Vent Srv\ventrilo_O23 - Service: Windows Network Log Manage - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\MSInfo\Smit Fraud Fix v2.166Scan done at .25, Fri 04/13/2007Run from C:\Documents and Settings\Owner\Desktop\Smitfraud Fix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NTThe filesystem type is NTFSFix run in safe mode Shared Task Scheduler Before Smit Fraud Fix!!! Alexa][Alexa Toolbar]127.0.0.1 #[Backdoor-CIE]127.0.0.1 ads.as4#[Ticketmaster]127.0.0.1 net127.0.0.1 net127.0.0.1 ads.amazingmedia.com127.0.0.1 bohema.#[Trojan. H]127.0.0.1 adserver04.#[Real Media]127.0.0.1 ads.antionline.com127.0.0.1 net127.0.0.1 banner.arttoday.com127.0.0.1 #[amazon.com]127.0.0.1 #[UCSearch][W32. Surebar]127.0.0.1 ads.ezcybersearch.com127.0.0.1 everyone.net127.0.0.1 Search]127.0.0.1 ads.au127.0.0.1 au127.0.0.1 redirect.au127.0.0.1 campaigns.f2au127.0.0.1 Search][TROJ_STARTPAG. Bi Spy.o]127.0.0.1 mvtracker.com127.0.0.1 mvr3#[Nav Excel\n-CASE]127.0.0.1 #[Parasite. No Adware]127.0.0.1 ad.nobreak.com127.0.0.1 #[spam][server down? O4 - Global Startup: Quicken Scheduled = C:\Program Files\Quicken\O4 - Global Startup: Updates from = C:\Program Files\Updates from HP\137903\Program\Back Web-137903O8 - Extra context menu item: &Yahoo! Attention, following keys are not inevitably infected!!! Ri Search Shared Task Scheduler's .dll[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Explorer\Shared Task Scheduler]""="frisbee"[HKEY_CLASSES_ROOT\CLSID\\In Proc Server32]@="C:\WINDOWS\system32\ygjun.dll"[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\\In Proc Server32]@="C:\WINDOWS\system32\ygjun.dll" Killing process hosts127.0.0.1 downloads.aaa1#[Bargin Buddy]127.0.0.1 dl.aaascreensavers.com127.0.0.1 abcsearch.com127.0.0.1 admin.abcsearch.com127.0.0.1 www3.#[Browseraid]127.0.0.1 abc517#[Trojan. Nav Excel]127.0.0.1 us127.0.0.1 ads.mydailyhoroscope.net127.0.0.1 Horoscope]127.0.0.1 com127.0.0.1 myhitlogger.com127.0.0.1 #[Parasite. My Page Finder]127.0.0.1 hit.namimedia.com127.0.0.1 ads.nandomedia.com127.0.0.1 #[Adware. Needed Ware]127.0.0.1 www6.netbroadcaster.com127.0.0.1 code.au127.0.0.1 money2.netfirms.com127.0.0.1 partner.netmechanic.com127.0.0.1 tracker.netmechanic.com127.0.0.1 counter.netmore.net127.0.0.1 ads.netsol.com127.0.0.1 ads.uk127.0.0.1 adq.nextag.com127.0.0.1 #[TROJ_DELF.

||

EXE\"""Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide""One Care UI"="\"C:\\Program Files\\Microsoft Windows One Care Live\\winssnotify.exe\"" [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]"DWQueued Reporting"="\"C:\\PROGRA~1\\COMMON~1\\MICROS~1\\DW\\dwtrig20.exe\" -t"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"Disable Task Mgr"=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]""="frisbee"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]""="Microsoft Anti Malware Shell Execute Hook"HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]"Security Providers"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages REG_MULTI_SZ msv1_0\0\0 Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0 Notification Packages REG_MULTI_SZ scecli\0\0HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\One Care MP [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\Current Version\Svchost]Local Service REG_MULTI_SZ Alerter\0Web Client\0Lm Hosts\0Remote Registry\0upnphost\0SSDPSRV\0\0Network Service REG_MULTI_SZ Dns Cache\0\0rpcss REG_MULTI_SZ Rpc Ss\0\0imgsvc REG_MULTI_SZ Sti Svc\0\0termsvcs REG_MULTI_SZ Term Service\0\0HTTPFilter REG_MULTI_SZ HTTPFilter\0\0Dcom Launch REG_MULTI_SZ Dcom Launch\0Term Service\0\0Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\MP Scheduled Quick C:\WINDOWS\tasks\MP Scheduled C:\WINDOWS\tasks\MP Scheduled Signature C:\WINDOWS\tasks\Symantec Net Detect.job********************************************************************catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006 hidden processes ...scanning hidden services ...scanning hidden autostart entries ...scanning hidden files ..completed successfullyhidden processes: 0hidden services: 0hidden files: 0********************************************************************Completion time: 07-04-13 C:\Combo ... EXEO4 - HKLM\..\Run: [Storage Guard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [Tk Bell Exe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Auto TKit] C:\hp\bin\AUTOTKIT. EXE C:\WINDOWS\System32\Nv Cpl.dll, Nv Startup O4 - HKLM\..\Run: [nwiz] /installquiet /keeploaded /nodetect O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\O4 - HKLM\..\Run: [Alcx Monitor] ALCXMNTR. DLLO18 - Protocol: msnim - - C:\PROGRA~1\MSNMES~1\MSGRAP~1. Adtomi]127.0.0.1 downldcl.adtoolsinc.com127.0.0.1 survey.advantageresearch.com127.0.0.1 ad.tw127.0.0.1 ads.advertise.net127.0.0.1 #[Adware. Arm Bender]127.0.0.1 audiogalaxy.com127.0.0.1 Zone site]127.0.0.1 adserving.autotrader.com127.0.0.1 Moe Money]127.0.0.1 Page-DA]127.0.0.1 c.#[ah-ha.com]127.0.0.1 #[xzoomy.com]127.0.0.1 epeople.com127.0.0.1 errorpage404#[JS_TRAFFICHBAR. Tiny Bar]127.0.0.1 er.errorplace.com127.0.0.1 vipuk.#[123Messenger Hijacker]127.0.0.1 antivirus spyware]127.0.0.1 Page-EZ][server down? Meerhits.nl]127.0.0.1 pokpok.meerhits.nl127.0.0.1 exit.megago.com127.0.0.1 squatter]127.0.0.1 Zone site]127.0.0.1

If so, click it, then click the next icon right below and select "Move incurable". Please copy/paste the content of that report into your next reply.*****************************Launch HJThis,click 'Open the Misc Tools Section'. EXEC:\Program Files\Microsoft Windows One Care Live\Firewall\C:\Program Files\Microsoft Windows One Care Live\C:\Program Files\Softex\Omni Pass\C:\WINDOWS\Explorer. Download Plus]127.0.0.1 ad.tomshardware.com127.0.0.1 #[IEDLL.

EXEC:\windows\system\C:\WINDOWS\System32\C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\C:\Program Files\HP\HP Software Update\HPWu C:\WINDOWS\System32\hphmon05C:\HP\KBD\KBD.

07-04-13 Hijack logs Logfile of Hijack This v1.99.1Scan saved at AM, on 4/13/2007Platform: Windows XP SP2 (Win NT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16414)Running processes: C:\WINDOWS\System32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\Program Files\Microsoft Windows One Care Live\Antivirus\Ms Mp C:\WINDOWS\system32\C:\Program Files\Softex\Omni Pass\C:\WINDOWS\C:\Documents and Settings\Owner\Desktop\Hijack R1 - HKCU\Software\Microsoft\Internet Connection Wizard, Shell Next = - HKCU\Software\Microsoft\Windows\Current Version\Internet Settings, Proxy Override = localhost R3 - URLSearch Hook: Yahoo! EXEO4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD. EXEO4 - HKLM\..\Run: [Igfx Tray] C:\WINDOWS\System32\O4 - HKLM\..\Run: [Quick Time Task] "C:\Program Files\Quick Time\qttask.exe" -atboottime O4 - HKLM\..\Run: [i Tunes Helper] "C:\Program Files\i Tunes\i Tunes Helper.exe"O4 - HKLM\..\Run: [Quick Finder Scheduler] "c:\Program Files\Word Perfect Office 11\Programs\QFSCHD110. DLLO20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\Omni Pass\O20 - Winlogon Notify: Wga Logon - C:\WINDOWS\SYSTEM32\Wga O23 - Service: i Pod Service - Apple Computer, Inc. Advision]127.0.0.1 adviva.com127.0.0.1 ads.adviva.net127.0.0.1 adstats.adviva.net127.0.0.1 tracker.#[msvrl.dll]127.0.0.1 banners.affiliatefuel.com127.0.0.1 affiliatetarget.com127.0.0.1 fcds.affiliatetracking.net127.0.0.1 our.affiliatetracking.net127.0.0.1 partner.#[Troj/Subsear-A][Adware-SSF.dr]127.0.0.1 adserver.aim4media.com127.0.0.1 adtest.aim4media.com127.0.0.1 pops.aim4media.com127.0.0.1 crs.akamai.com127.0.0.1 soap.#[Spyware. Auto Startup]127.0.0.1 cploving.#[Trojan Clicker. ]127.0.0.1 perso.estat.com127.0.0.1 prof.estat.com127.0.0.1 Zone site]127.0.0.1 eu-adcenter.net127.0.0.1 thinknyc.eu-adcenter.net127.0.0.1 ugo.#[evidence-eliminator.com]127.0.0.1 Bar][Installer X Class]127.0.0.1 engage.everyone.net127.0.0.1 static.everyone.net127.0.0.1 exitexchange.com127.0.0.1 count.exitexchange.com127.0.0.1 images.exitexchange.com127.0.0.1 Zone site]127.0.0.1 #[EZCyber Search. A]127.0.0.1 net #[Grolier Network]127.0.0.1 micorsoft.com127.0.0.1 hijacker]127.0.0.1 adserver.mindshare.de127.0.0.1 Mini-Player]127.0.0.1 banner.missingkids.com127.0.0.1 ads.monster.com127.0.0.1 adserver.monster.com127.0.0.1 adserver.monster.com127.0.0.1 ads.monstermoving.com127.0.0.1 cookie.monster.com127.0.0.1 mp3today.net127.0.0.1 mpamexit.com127.0.0.1 msgtag.com127.0.0.1 img.#[Restricted Zone site]127.0.0.1 multi1co.uk127.0.0.1 #[Multimpp Obj Class][Adv Ware. Now Box]127.0.0.1 mediatickets.nubela.net127.0.0.1 nz127.0.0.1 okcounter.com127.0.0.1 net #[Trojan. C]127.0.0.1 stat.onestat.com127.0.0.1 one.ru127.0.0.1 ru127.0.0.1 stats0ru127.0.0.1 stats1ru127.0.0.1 stats2ru127.0.0.1 server1.opentracker.net127.0.0.1 ccc00.opinionlab.com127.0.0.1 rate.opinionlab.com127.0.0.1 net127.0.0.1 Organizer Class]127.0.0.1 com127.0.0.1 com127.0.0.1 otx5.otxresearch.com127.0.0.1 otx.#[OTXMedia.dll]127.0.0.1 Class]127.0.0.1 adpopper.#[bargain-buddy.net]127.0.0.1 click.payserve.com127.0.0.1 ad1com127.0.0.1 ad3com127.0.0.1 com127.0.0.1 ad4com127.0.0.1 ads5com127.0.0.1 com127.0.0.1 net127.0.0.1 ads.#[addynamix.com]127.0.0.1 banners.pennyweb.com127.0.0.1 D]127.0.0.1 ads.photosight.ru127.0.0.1 phpadsnew.com127.0.0.1 #[Backdoor.

EXE"O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [One Care UI] "C:\Program Files\Microsoft Windows One Care Live\winssnotify.exe"O4 - HKCU\..\Run: [Backup Notify] c:\Program Files\Hewlett-Packard\Digital Imaging\bin\O4 - HKCU\..\Run: [NVIEW] rundll32nview.dll,n View Load Hook O4 - HKCU\..\Run: [Real Player] "C:\Program Files\Real\Real One Player\realplay.exe" /Run UPGTool Command Re Boot O4 - HKCU\..\Run: [update Mgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\Adobe Update Ac Rd B7_0_9O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\O4 - Startup: Auto O4 - Global Startup: Adobe Reader Speed = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_O4 - Global Startup: HP Digital Imaging = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08O4 - Global Startup: Motorola Wireless USB = ? - C:\Program Files\i Pod\bin\i Pod O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32O23 - Service: Softex Omni Pass Service (omniserv) - Unknown owner - C:\Program Files\Softex\Omni Pass\O23 - Service: Ventrilo - Unknown owner - C:\Program Files\Vent Srv\ventrilo_O23 - Service: Windows Network Log Manage - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\MSInfo\Smit Fraud Fix v2.166Scan done at .25, Fri 04/13/2007Run from C:\Documents and Settings\Owner\Desktop\Smitfraud Fix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NTThe filesystem type is NTFSFix run in safe mode Shared Task Scheduler Before Smit Fraud Fix!!! Alexa][Alexa Toolbar]127.0.0.1 #[Backdoor-CIE]127.0.0.1 ads.as4#[Ticketmaster]127.0.0.1 net127.0.0.1 net127.0.0.1 ads.amazingmedia.com127.0.0.1 bohema.#[Trojan. H]127.0.0.1 adserver04.#[Real Media]127.0.0.1 ads.antionline.com127.0.0.1 net127.0.0.1 banner.arttoday.com127.0.0.1 #[amazon.com]127.0.0.1 #[UCSearch][W32. Surebar]127.0.0.1 ads.ezcybersearch.com127.0.0.1 everyone.net127.0.0.1 Search]127.0.0.1 ads.au127.0.0.1 au127.0.0.1 redirect.au127.0.0.1 campaigns.f2au127.0.0.1 Search][TROJ_STARTPAG. Bi Spy.o]127.0.0.1 mvtracker.com127.0.0.1 mvr3#[Nav Excel\n-CASE]127.0.0.1 #[Parasite. No Adware]127.0.0.1 ad.nobreak.com127.0.0.1 #[spam][server down?

O4 - Global Startup: Quicken Scheduled = C:\Program Files\Quicken\O4 - Global Startup: Updates from = C:\Program Files\Updates from HP\137903\Program\Back Web-137903O8 - Extra context menu item: &Yahoo! Attention, following keys are not inevitably infected!!! Ri Search Shared Task Scheduler's .dll[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Explorer\Shared Task Scheduler]""="frisbee"[HKEY_CLASSES_ROOT\CLSID\\In Proc Server32]@="C:\WINDOWS\system32\ygjun.dll"[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\\In Proc Server32]@="C:\WINDOWS\system32\ygjun.dll" Killing process hosts127.0.0.1 downloads.aaa1#[Bargin Buddy]127.0.0.1 dl.aaascreensavers.com127.0.0.1 abcsearch.com127.0.0.1 admin.abcsearch.com127.0.0.1 www3.#[Browseraid]127.0.0.1 abc517#[Trojan. Nav Excel]127.0.0.1 us127.0.0.1 ads.mydailyhoroscope.net127.0.0.1 Horoscope]127.0.0.1 com127.0.0.1 myhitlogger.com127.0.0.1 #[Parasite. My Page Finder]127.0.0.1 hit.namimedia.com127.0.0.1 ads.nandomedia.com127.0.0.1 #[Adware. Needed Ware]127.0.0.1 www6.netbroadcaster.com127.0.0.1 code.au127.0.0.1 money2.netfirms.com127.0.0.1 partner.netmechanic.com127.0.0.1 tracker.netmechanic.com127.0.0.1 counter.netmore.net127.0.0.1 ads.netsol.com127.0.0.1 ads.uk127.0.0.1 adq.nextag.com127.0.0.1 #[TROJ_DELF.

]]msv1_0[[

EXE\"""Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide""One Care UI"="\"C:\\Program Files\\Microsoft Windows One Care Live\\winssnotify.exe\"" [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]"DWQueued Reporting"="\"C:\\PROGRA~1\\COMMON~1\\MICROS~1\\DW\\dwtrig20.exe\" -t"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"Disable Task Mgr"=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]""="frisbee"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]""="Microsoft Anti Malware Shell Execute Hook"HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]"Security Providers"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages REG_MULTI_SZ msv1_0\0\0 Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0 Notification Packages REG_MULTI_SZ scecli\0\0HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\One Care MP [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\Current Version\Svchost]Local Service REG_MULTI_SZ Alerter\0Web Client\0Lm Hosts\0Remote Registry\0upnphost\0SSDPSRV\0\0Network Service REG_MULTI_SZ Dns Cache\0\0rpcss REG_MULTI_SZ Rpc Ss\0\0imgsvc REG_MULTI_SZ Sti Svc\0\0termsvcs REG_MULTI_SZ Term Service\0\0HTTPFilter REG_MULTI_SZ HTTPFilter\0\0Dcom Launch REG_MULTI_SZ Dcom Launch\0Term Service\0\0Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\MP Scheduled Quick C:\WINDOWS\tasks\MP Scheduled C:\WINDOWS\tasks\MP Scheduled Signature C:\WINDOWS\tasks\Symantec Net Detect.job********************************************************************catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006 hidden processes ...scanning hidden services ...scanning hidden autostart entries ...scanning hidden files ..completed successfullyhidden processes: 0hidden services: 0hidden files: 0********************************************************************Completion time: 07-04-13 C:\Combo ... EXEO4 - HKLM\..\Run: [Storage Guard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [Tk Bell Exe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Auto TKit] C:\hp\bin\AUTOTKIT. EXE C:\WINDOWS\System32\Nv Cpl.dll, Nv Startup O4 - HKLM\..\Run: [nwiz] /installquiet /keeploaded /nodetect O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\O4 - HKLM\..\Run: [Alcx Monitor] ALCXMNTR. DLLO18 - Protocol: msnim - - C:\PROGRA~1\MSNMES~1\MSGRAP~1. Adtomi]127.0.0.1 downldcl.adtoolsinc.com127.0.0.1 survey.advantageresearch.com127.0.0.1 ad.tw127.0.0.1 ads.advertise.net127.0.0.1 #[Adware. Arm Bender]127.0.0.1 audiogalaxy.com127.0.0.1 Zone site]127.0.0.1 adserving.autotrader.com127.0.0.1 Moe Money]127.0.0.1 Page-DA]127.0.0.1 c.#[ah-ha.com]127.0.0.1 #[xzoomy.com]127.0.0.1 epeople.com127.0.0.1 errorpage404#[JS_TRAFFICHBAR. Tiny Bar]127.0.0.1 er.errorplace.com127.0.0.1 vipuk.#[123Messenger Hijacker]127.0.0.1 antivirus spyware]127.0.0.1 Page-EZ][server down? Meerhits.nl]127.0.0.1 pokpok.meerhits.nl127.0.0.1 exit.megago.com127.0.0.1 squatter]127.0.0.1 Zone site]127.0.0.1 If so, click it, then click the next icon right below and select "Move incurable". Please copy/paste the content of that report into your next reply.*****************************Launch HJThis,click 'Open the Misc Tools Section'. EXEC:\Program Files\Microsoft Windows One Care Live\Firewall\C:\Program Files\Microsoft Windows One Care Live\C:\Program Files\Softex\Omni Pass\C:\WINDOWS\Explorer. Download Plus]127.0.0.1 ad.tomshardware.com127.0.0.1 #[IEDLL. EXEC:\windows\system\C:\WINDOWS\System32\C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\C:\Program Files\HP\HP Software Update\HPWu C:\WINDOWS\System32\hphmon05C:\HP\KBD\KBD. 07-04-13 Hijack logs Logfile of Hijack This v1.99.1Scan saved at AM, on 4/13/2007Platform: Windows XP SP2 (Win NT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16414)Running processes: C:\WINDOWS\System32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\Program Files\Microsoft Windows One Care Live\Antivirus\Ms Mp C:\WINDOWS\system32\C:\Program Files\Softex\Omni Pass\C:\WINDOWS\C:\Documents and Settings\Owner\Desktop\Hijack R1 - HKCU\Software\Microsoft\Internet Connection Wizard, Shell Next = - HKCU\Software\Microsoft\Windows\Current Version\Internet Settings, Proxy Override = localhost R3 - URLSearch Hook: Yahoo! EXEO4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD. EXEO4 - HKLM\..\Run: [Igfx Tray] C:\WINDOWS\System32\O4 - HKLM\..\Run: [Quick Time Task] "C:\Program Files\Quick Time\qttask.exe" -atboottime O4 - HKLM\..\Run: [i Tunes Helper] "C:\Program Files\i Tunes\i Tunes Helper.exe"O4 - HKLM\..\Run: [Quick Finder Scheduler] "c:\Program Files\Word Perfect Office 11\Programs\QFSCHD110. DLLO20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\Omni Pass\O20 - Winlogon Notify: Wga Logon - C:\WINDOWS\SYSTEM32\Wga O23 - Service: i Pod Service - Apple Computer, Inc. Advision]127.0.0.1 adviva.com127.0.0.1 ads.adviva.net127.0.0.1 adstats.adviva.net127.0.0.1 tracker.#[msvrl.dll]127.0.0.1 banners.affiliatefuel.com127.0.0.1 affiliatetarget.com127.0.0.1 fcds.affiliatetracking.net127.0.0.1 our.affiliatetracking.net127.0.0.1 partner.#[Troj/Subsear-A][Adware-SSF.dr]127.0.0.1 adserver.aim4media.com127.0.0.1 adtest.aim4media.com127.0.0.1 pops.aim4media.com127.0.0.1 crs.akamai.com127.0.0.1 soap.#[Spyware. Auto Startup]127.0.0.1 cploving.#[Trojan Clicker. ]127.0.0.1 perso.estat.com127.0.0.1 prof.estat.com127.0.0.1 Zone site]127.0.0.1 eu-adcenter.net127.0.0.1 thinknyc.eu-adcenter.net127.0.0.1 ugo.#[evidence-eliminator.com]127.0.0.1 Bar][Installer X Class]127.0.0.1 engage.everyone.net127.0.0.1 static.everyone.net127.0.0.1 exitexchange.com127.0.0.1 count.exitexchange.com127.0.0.1 images.exitexchange.com127.0.0.1 Zone site]127.0.0.1 #[EZCyber Search. A]127.0.0.1 net #[Grolier Network]127.0.0.1 micorsoft.com127.0.0.1 hijacker]127.0.0.1 adserver.mindshare.de127.0.0.1 Mini-Player]127.0.0.1 banner.missingkids.com127.0.0.1 ads.monster.com127.0.0.1 adserver.monster.com127.0.0.1 adserver.monster.com127.0.0.1 ads.monstermoving.com127.0.0.1 cookie.monster.com127.0.0.1 mp3today.net127.0.0.1 mpamexit.com127.0.0.1 msgtag.com127.0.0.1 img.#[Restricted Zone site]127.0.0.1 multi1co.uk127.0.0.1 #[Multimpp Obj Class][Adv Ware. Now Box]127.0.0.1 mediatickets.nubela.net127.0.0.1 nz127.0.0.1 okcounter.com127.0.0.1 net #[Trojan. C]127.0.0.1 stat.onestat.com127.0.0.1 one.ru127.0.0.1 ru127.0.0.1 stats0ru127.0.0.1 stats1ru127.0.0.1 stats2ru127.0.0.1 server1.opentracker.net127.0.0.1 ccc00.opinionlab.com127.0.0.1 rate.opinionlab.com127.0.0.1 net127.0.0.1 Organizer Class]127.0.0.1 com127.0.0.1 com127.0.0.1 otx5.otxresearch.com127.0.0.1 otx.#[OTXMedia.dll]127.0.0.1 Class]127.0.0.1 adpopper.#[bargain-buddy.net]127.0.0.1 click.payserve.com127.0.0.1 ad1com127.0.0.1 ad3com127.0.0.1 com127.0.0.1 ad4com127.0.0.1 ads5com127.0.0.1 com127.0.0.1 net127.0.0.1 ads.#[addynamix.com]127.0.0.1 banners.pennyweb.com127.0.0.1 D]127.0.0.1 ads.photosight.ru127.0.0.1 phpadsnew.com127.0.0.1 #[Backdoor. EXE"O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [One Care UI] "C:\Program Files\Microsoft Windows One Care Live\winssnotify.exe"O4 - HKCU\..\Run: [Backup Notify] c:\Program Files\Hewlett-Packard\Digital Imaging\bin\O4 - HKCU\..\Run: [NVIEW] rundll32nview.dll,n View Load Hook O4 - HKCU\..\Run: [Real Player] "C:\Program Files\Real\Real One Player\realplay.exe" /Run UPGTool Command Re Boot O4 - HKCU\..\Run: [update Mgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\Adobe Update Ac Rd B7_0_9O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\O4 - Startup: Auto O4 - Global Startup: Adobe Reader Speed = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_O4 - Global Startup: HP Digital Imaging = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08O4 - Global Startup: Motorola Wireless USB = ? - C:\Program Files\i Pod\bin\i Pod O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32O23 - Service: Softex Omni Pass Service (omniserv) - Unknown owner - C:\Program Files\Softex\Omni Pass\O23 - Service: Ventrilo - Unknown owner - C:\Program Files\Vent Srv\ventrilo_O23 - Service: Windows Network Log Manage - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\MSInfo\Smit Fraud Fix v2.166Scan done at .25, Fri 04/13/2007Run from C:\Documents and Settings\Owner\Desktop\Smitfraud Fix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NTThe filesystem type is NTFSFix run in safe mode Shared Task Scheduler Before Smit Fraud Fix!!! Alexa][Alexa Toolbar]127.0.0.1 #[Backdoor-CIE]127.0.0.1 ads.as4#[Ticketmaster]127.0.0.1 net127.0.0.1 net127.0.0.1 ads.amazingmedia.com127.0.0.1 bohema.#[Trojan. H]127.0.0.1 adserver04.#[Real Media]127.0.0.1 ads.antionline.com127.0.0.1 net127.0.0.1 banner.arttoday.com127.0.0.1 #[amazon.com]127.0.0.1 #[UCSearch][W32. Surebar]127.0.0.1 ads.ezcybersearch.com127.0.0.1 everyone.net127.0.0.1 Search]127.0.0.1 ads.au127.0.0.1 au127.0.0.1 redirect.au127.0.0.1 campaigns.f2au127.0.0.1 Search][TROJ_STARTPAG. Bi Spy.o]127.0.0.1 mvtracker.com127.0.0.1 mvr3#[Nav Excel\n-CASE]127.0.0.1 #[Parasite. No Adware]127.0.0.1 ad.nobreak.com127.0.0.1 #[spam][server down? O4 - Global Startup: Quicken Scheduled = C:\Program Files\Quicken\O4 - Global Startup: Updates from = C:\Program Files\Updates from HP\137903\Program\Back Web-137903O8 - Extra context menu item: &Yahoo! Attention, following keys are not inevitably infected!!! Ri Search Shared Task Scheduler's .dll[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Explorer\Shared Task Scheduler]""="frisbee"[HKEY_CLASSES_ROOT\CLSID\\In Proc Server32]@="C:\WINDOWS\system32\ygjun.dll"[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\\In Proc Server32]@="C:\WINDOWS\system32\ygjun.dll" Killing process hosts127.0.0.1 downloads.aaa1#[Bargin Buddy]127.0.0.1 dl.aaascreensavers.com127.0.0.1 abcsearch.com127.0.0.1 admin.abcsearch.com127.0.0.1 www3.#[Browseraid]127.0.0.1 abc517#[Trojan. Nav Excel]127.0.0.1 us127.0.0.1 ads.mydailyhoroscope.net127.0.0.1 Horoscope]127.0.0.1 com127.0.0.1 myhitlogger.com127.0.0.1 #[Parasite. My Page Finder]127.0.0.1 hit.namimedia.com127.0.0.1 ads.nandomedia.com127.0.0.1 #[Adware. Needed Ware]127.0.0.1 www6.netbroadcaster.com127.0.0.1 code.au127.0.0.1 money2.netfirms.com127.0.0.1 partner.netmechanic.com127.0.0.1 tracker.netmechanic.com127.0.0.1 counter.netmore.net127.0.0.1 ads.netsol.com127.0.0.1 ads.uk127.0.0.1 adq.nextag.com127.0.0.1 #[TROJ_DELF.

||

EXE\"""Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide""One Care UI"="\"C:\\Program Files\\Microsoft Windows One Care Live\\winssnotify.exe\"" [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]"DWQueued Reporting"="\"C:\\PROGRA~1\\COMMON~1\\MICROS~1\\DW\\dwtrig20.exe\" -t"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"Disable Task Mgr"=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]""="frisbee"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]""="Microsoft Anti Malware Shell Execute Hook"HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]"Security Providers"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages REG_MULTI_SZ msv1_0\0\0 Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0 Notification Packages REG_MULTI_SZ scecli\0\0HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\One Care MP [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\Current Version\Svchost]Local Service REG_MULTI_SZ Alerter\0Web Client\0Lm Hosts\0Remote Registry\0upnphost\0SSDPSRV\0\0Network Service REG_MULTI_SZ Dns Cache\0\0rpcss REG_MULTI_SZ Rpc Ss\0\0imgsvc REG_MULTI_SZ Sti Svc\0\0termsvcs REG_MULTI_SZ Term Service\0\0HTTPFilter REG_MULTI_SZ HTTPFilter\0\0Dcom Launch REG_MULTI_SZ Dcom Launch\0Term Service\0\0Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\MP Scheduled Quick C:\WINDOWS\tasks\MP Scheduled C:\WINDOWS\tasks\MP Scheduled Signature C:\WINDOWS\tasks\Symantec Net Detect.job********************************************************************catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006 hidden processes ...scanning hidden services ...scanning hidden autostart entries ...scanning hidden files ..completed successfullyhidden processes: 0hidden services: 0hidden files: 0********************************************************************Completion time: 07-04-13 C:\Combo ... EXEO4 - HKLM\..\Run: [Storage Guard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [Tk Bell Exe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Auto TKit] C:\hp\bin\AUTOTKIT. EXE C:\WINDOWS\System32\Nv Cpl.dll, Nv Startup O4 - HKLM\..\Run: [nwiz] /installquiet /keeploaded /nodetect O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\O4 - HKLM\..\Run: [Alcx Monitor] ALCXMNTR. DLLO18 - Protocol: msnim - - C:\PROGRA~1\MSNMES~1\MSGRAP~1. Adtomi]127.0.0.1 downldcl.adtoolsinc.com127.0.0.1 survey.advantageresearch.com127.0.0.1 ad.tw127.0.0.1 ads.advertise.net127.0.0.1 #[Adware. Arm Bender]127.0.0.1 audiogalaxy.com127.0.0.1 Zone site]127.0.0.1 adserving.autotrader.com127.0.0.1 Moe Money]127.0.0.1 Page-DA]127.0.0.1 c.#[ah-ha.com]127.0.0.1 #[xzoomy.com]127.0.0.1 epeople.com127.0.0.1 errorpage404#[JS_TRAFFICHBAR. Tiny Bar]127.0.0.1 er.errorplace.com127.0.0.1 vipuk.#[123Messenger Hijacker]127.0.0.1 antivirus spyware]127.0.0.1 Page-EZ][server down? Meerhits.nl]127.0.0.1 pokpok.meerhits.nl127.0.0.1 exit.megago.com127.0.0.1 squatter]127.0.0.1 Zone site]127.0.0.1

If so, click it, then click the next icon right below and select "Move incurable". Please copy/paste the content of that report into your next reply.*****************************Launch HJThis,click 'Open the Misc Tools Section'. EXEC:\Program Files\Microsoft Windows One Care Live\Firewall\C:\Program Files\Microsoft Windows One Care Live\C:\Program Files\Softex\Omni Pass\C:\WINDOWS\Explorer. Download Plus]127.0.0.1 ad.tomshardware.com127.0.0.1 #[IEDLL.

EXEC:\windows\system\C:\WINDOWS\System32\C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\C:\Program Files\HP\HP Software Update\HPWu C:\WINDOWS\System32\hphmon05C:\HP\KBD\KBD.

07-04-13 Hijack logs Logfile of Hijack This v1.99.1Scan saved at AM, on 4/13/2007Platform: Windows XP SP2 (Win NT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16414)Running processes: C:\WINDOWS\System32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\Program Files\Microsoft Windows One Care Live\Antivirus\Ms Mp C:\WINDOWS\system32\C:\Program Files\Softex\Omni Pass\C:\WINDOWS\C:\Documents and Settings\Owner\Desktop\Hijack R1 - HKCU\Software\Microsoft\Internet Connection Wizard, Shell Next = - HKCU\Software\Microsoft\Windows\Current Version\Internet Settings, Proxy Override = localhost R3 - URLSearch Hook: Yahoo! EXEO4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD. EXEO4 - HKLM\..\Run: [Igfx Tray] C:\WINDOWS\System32\O4 - HKLM\..\Run: [Quick Time Task] "C:\Program Files\Quick Time\qttask.exe" -atboottime O4 - HKLM\..\Run: [i Tunes Helper] "C:\Program Files\i Tunes\i Tunes Helper.exe"O4 - HKLM\..\Run: [Quick Finder Scheduler] "c:\Program Files\Word Perfect Office 11\Programs\QFSCHD110. DLLO20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\Omni Pass\O20 - Winlogon Notify: Wga Logon - C:\WINDOWS\SYSTEM32\Wga O23 - Service: i Pod Service - Apple Computer, Inc. Advision]127.0.0.1 adviva.com127.0.0.1 ads.adviva.net127.0.0.1 adstats.adviva.net127.0.0.1 tracker.#[msvrl.dll]127.0.0.1 banners.affiliatefuel.com127.0.0.1 affiliatetarget.com127.0.0.1 fcds.affiliatetracking.net127.0.0.1 our.affiliatetracking.net127.0.0.1 partner.#[Troj/Subsear-A][Adware-SSF.dr]127.0.0.1 adserver.aim4media.com127.0.0.1 adtest.aim4media.com127.0.0.1 pops.aim4media.com127.0.0.1 crs.akamai.com127.0.0.1 soap.#[Spyware. Auto Startup]127.0.0.1 cploving.#[Trojan Clicker. ]127.0.0.1 perso.estat.com127.0.0.1 prof.estat.com127.0.0.1 Zone site]127.0.0.1 eu-adcenter.net127.0.0.1 thinknyc.eu-adcenter.net127.0.0.1 ugo.#[evidence-eliminator.com]127.0.0.1 Bar][Installer X Class]127.0.0.1 engage.everyone.net127.0.0.1 static.everyone.net127.0.0.1 exitexchange.com127.0.0.1 count.exitexchange.com127.0.0.1 images.exitexchange.com127.0.0.1 Zone site]127.0.0.1 #[EZCyber Search. A]127.0.0.1 net #[Grolier Network]127.0.0.1 micorsoft.com127.0.0.1 hijacker]127.0.0.1 adserver.mindshare.de127.0.0.1 Mini-Player]127.0.0.1 banner.missingkids.com127.0.0.1 ads.monster.com127.0.0.1 adserver.monster.com127.0.0.1 adserver.monster.com127.0.0.1 ads.monstermoving.com127.0.0.1 cookie.monster.com127.0.0.1 mp3today.net127.0.0.1 mpamexit.com127.0.0.1 msgtag.com127.0.0.1 img.#[Restricted Zone site]127.0.0.1 multi1co.uk127.0.0.1 #[Multimpp Obj Class][Adv Ware. Now Box]127.0.0.1 mediatickets.nubela.net127.0.0.1 nz127.0.0.1 okcounter.com127.0.0.1 net #[Trojan. C]127.0.0.1 stat.onestat.com127.0.0.1 one.ru127.0.0.1 ru127.0.0.1 stats0ru127.0.0.1 stats1ru127.0.0.1 stats2ru127.0.0.1 server1.opentracker.net127.0.0.1 ccc00.opinionlab.com127.0.0.1 rate.opinionlab.com127.0.0.1 net127.0.0.1 Organizer Class]127.0.0.1 com127.0.0.1 com127.0.0.1 otx5.otxresearch.com127.0.0.1 otx.#[OTXMedia.dll]127.0.0.1 Class]127.0.0.1 adpopper.#[bargain-buddy.net]127.0.0.1 click.payserve.com127.0.0.1 ad1com127.0.0.1 ad3com127.0.0.1 com127.0.0.1 ad4com127.0.0.1 ads5com127.0.0.1 com127.0.0.1 net127.0.0.1 ads.#[addynamix.com]127.0.0.1 banners.pennyweb.com127.0.0.1 D]127.0.0.1 ads.photosight.ru127.0.0.1 phpadsnew.com127.0.0.1 #[Backdoor.

EXE"O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [One Care UI] "C:\Program Files\Microsoft Windows One Care Live\winssnotify.exe"O4 - HKCU\..\Run: [Backup Notify] c:\Program Files\Hewlett-Packard\Digital Imaging\bin\O4 - HKCU\..\Run: [NVIEW] rundll32nview.dll,n View Load Hook O4 - HKCU\..\Run: [Real Player] "C:\Program Files\Real\Real One Player\realplay.exe" /Run UPGTool Command Re Boot O4 - HKCU\..\Run: [update Mgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\Adobe Update Ac Rd B7_0_9O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\O4 - Startup: Auto O4 - Global Startup: Adobe Reader Speed = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_O4 - Global Startup: HP Digital Imaging = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08O4 - Global Startup: Motorola Wireless USB = ? - C:\Program Files\i Pod\bin\i Pod O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32O23 - Service: Softex Omni Pass Service (omniserv) - Unknown owner - C:\Program Files\Softex\Omni Pass\O23 - Service: Ventrilo - Unknown owner - C:\Program Files\Vent Srv\ventrilo_O23 - Service: Windows Network Log Manage - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\MSInfo\Smit Fraud Fix v2.166Scan done at .25, Fri 04/13/2007Run from C:\Documents and Settings\Owner\Desktop\Smitfraud Fix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NTThe filesystem type is NTFSFix run in safe mode Shared Task Scheduler Before Smit Fraud Fix!!! Alexa][Alexa Toolbar]127.0.0.1 #[Backdoor-CIE]127.0.0.1 ads.as4#[Ticketmaster]127.0.0.1 net127.0.0.1 net127.0.0.1 ads.amazingmedia.com127.0.0.1 bohema.#[Trojan. H]127.0.0.1 adserver04.#[Real Media]127.0.0.1 ads.antionline.com127.0.0.1 net127.0.0.1 banner.arttoday.com127.0.0.1 #[amazon.com]127.0.0.1 #[UCSearch][W32. Surebar]127.0.0.1 ads.ezcybersearch.com127.0.0.1 everyone.net127.0.0.1 Search]127.0.0.1 ads.au127.0.0.1 au127.0.0.1 redirect.au127.0.0.1 campaigns.f2au127.0.0.1 Search][TROJ_STARTPAG. Bi Spy.o]127.0.0.1 mvtracker.com127.0.0.1 mvr3#[Nav Excel\n-CASE]127.0.0.1 #[Parasite. No Adware]127.0.0.1 ad.nobreak.com127.0.0.1 #[spam][server down?

O4 - Global Startup: Quicken Scheduled = C:\Program Files\Quicken\O4 - Global Startup: Updates from = C:\Program Files\Updates from HP\137903\Program\Back Web-137903O8 - Extra context menu item: &Yahoo! Attention, following keys are not inevitably infected!!! Ri Search Shared Task Scheduler's .dll[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Explorer\Shared Task Scheduler]""="frisbee"[HKEY_CLASSES_ROOT\CLSID\\In Proc Server32]@="C:\WINDOWS\system32\ygjun.dll"[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\\In Proc Server32]@="C:\WINDOWS\system32\ygjun.dll" Killing process hosts127.0.0.1 downloads.aaa1#[Bargin Buddy]127.0.0.1 dl.aaascreensavers.com127.0.0.1 abcsearch.com127.0.0.1 admin.abcsearch.com127.0.0.1 www3.#[Browseraid]127.0.0.1 abc517#[Trojan. Nav Excel]127.0.0.1 us127.0.0.1 ads.mydailyhoroscope.net127.0.0.1 Horoscope]127.0.0.1 com127.0.0.1 myhitlogger.com127.0.0.1 #[Parasite. My Page Finder]127.0.0.1 hit.namimedia.com127.0.0.1 ads.nandomedia.com127.0.0.1 #[Adware. Needed Ware]127.0.0.1 www6.netbroadcaster.com127.0.0.1 code.au127.0.0.1 money2.netfirms.com127.0.0.1 partner.netmechanic.com127.0.0.1 tracker.netmechanic.com127.0.0.1 counter.netmore.net127.0.0.1 ads.netsol.com127.0.0.1 ads.uk127.0.0.1 adq.nextag.com127.0.0.1 #[TROJ_DELF.

]]schannel[[

EXE\"""Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide""One Care UI"="\"C:\\Program Files\\Microsoft Windows One Care Live\\winssnotify.exe\"" [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]"DWQueued Reporting"="\"C:\\PROGRA~1\\COMMON~1\\MICROS~1\\DW\\dwtrig20.exe\" -t"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"Disable Task Mgr"=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]""="frisbee"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]""="Microsoft Anti Malware Shell Execute Hook"HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]"Security Providers"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages REG_MULTI_SZ msv1_0\0\0 Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0 Notification Packages REG_MULTI_SZ scecli\0\0HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\One Care MP [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\Current Version\Svchost]Local Service REG_MULTI_SZ Alerter\0Web Client\0Lm Hosts\0Remote Registry\0upnphost\0SSDPSRV\0\0Network Service REG_MULTI_SZ Dns Cache\0\0rpcss REG_MULTI_SZ Rpc Ss\0\0imgsvc REG_MULTI_SZ Sti Svc\0\0termsvcs REG_MULTI_SZ Term Service\0\0HTTPFilter REG_MULTI_SZ HTTPFilter\0\0Dcom Launch REG_MULTI_SZ Dcom Launch\0Term Service\0\0Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\MP Scheduled Quick C:\WINDOWS\tasks\MP Scheduled C:\WINDOWS\tasks\MP Scheduled Signature C:\WINDOWS\tasks\Symantec Net Detect.job********************************************************************catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006 hidden processes ...scanning hidden services ...scanning hidden autostart entries ...scanning hidden files ..completed successfullyhidden processes: 0hidden services: 0hidden files: 0********************************************************************Completion time: 07-04-13 C:\Combo ... EXEO4 - HKLM\..\Run: [Storage Guard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [Tk Bell Exe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Auto TKit] C:\hp\bin\AUTOTKIT. EXE C:\WINDOWS\System32\Nv Cpl.dll, Nv Startup O4 - HKLM\..\Run: [nwiz] /installquiet /keeploaded /nodetect O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\O4 - HKLM\..\Run: [Alcx Monitor] ALCXMNTR. DLLO18 - Protocol: msnim - - C:\PROGRA~1\MSNMES~1\MSGRAP~1. Adtomi]127.0.0.1 downldcl.adtoolsinc.com127.0.0.1 survey.advantageresearch.com127.0.0.1 ad.tw127.0.0.1 ads.advertise.net127.0.0.1 #[Adware. Arm Bender]127.0.0.1 audiogalaxy.com127.0.0.1 Zone site]127.0.0.1 adserving.autotrader.com127.0.0.1 Moe Money]127.0.0.1 Page-DA]127.0.0.1 c.#[ah-ha.com]127.0.0.1 #[xzoomy.com]127.0.0.1 epeople.com127.0.0.1 errorpage404#[JS_TRAFFICHBAR. Tiny Bar]127.0.0.1 er.errorplace.com127.0.0.1 vipuk.#[123Messenger Hijacker]127.0.0.1 antivirus spyware]127.0.0.1 Page-EZ][server down? Meerhits.nl]127.0.0.1 pokpok.meerhits.nl127.0.0.1 exit.megago.com127.0.0.1 squatter]127.0.0.1 Zone site]127.0.0.1 If so, click it, then click the next icon right below and select "Move incurable". Please copy/paste the content of that report into your next reply.*****************************Launch HJThis,click 'Open the Misc Tools Section'. EXEC:\Program Files\Microsoft Windows One Care Live\Firewall\C:\Program Files\Microsoft Windows One Care Live\C:\Program Files\Softex\Omni Pass\C:\WINDOWS\Explorer. Download Plus]127.0.0.1 ad.tomshardware.com127.0.0.1 #[IEDLL. EXEC:\windows\system\C:\WINDOWS\System32\C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\C:\Program Files\HP\HP Software Update\HPWu C:\WINDOWS\System32\hphmon05C:\HP\KBD\KBD. 07-04-13 Hijack logs Logfile of Hijack This v1.99.1Scan saved at AM, on 4/13/2007Platform: Windows XP SP2 (Win NT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16414)Running processes: C:\WINDOWS\System32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\Program Files\Microsoft Windows One Care Live\Antivirus\Ms Mp C:\WINDOWS\system32\C:\Program Files\Softex\Omni Pass\C:\WINDOWS\C:\Documents and Settings\Owner\Desktop\Hijack R1 - HKCU\Software\Microsoft\Internet Connection Wizard, Shell Next = - HKCU\Software\Microsoft\Windows\Current Version\Internet Settings, Proxy Override = localhost R3 - URLSearch Hook: Yahoo! EXEO4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD. EXEO4 - HKLM\..\Run: [Igfx Tray] C:\WINDOWS\System32\O4 - HKLM\..\Run: [Quick Time Task] "C:\Program Files\Quick Time\qttask.exe" -atboottime O4 - HKLM\..\Run: [i Tunes Helper] "C:\Program Files\i Tunes\i Tunes Helper.exe"O4 - HKLM\..\Run: [Quick Finder Scheduler] "c:\Program Files\Word Perfect Office 11\Programs\QFSCHD110. DLLO20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\Omni Pass\O20 - Winlogon Notify: Wga Logon - C:\WINDOWS\SYSTEM32\Wga O23 - Service: i Pod Service - Apple Computer, Inc. Advision]127.0.0.1 adviva.com127.0.0.1 ads.adviva.net127.0.0.1 adstats.adviva.net127.0.0.1 tracker.#[msvrl.dll]127.0.0.1 banners.affiliatefuel.com127.0.0.1 affiliatetarget.com127.0.0.1 fcds.affiliatetracking.net127.0.0.1 our.affiliatetracking.net127.0.0.1 partner.#[Troj/Subsear-A][Adware-SSF.dr]127.0.0.1 adserver.aim4media.com127.0.0.1 adtest.aim4media.com127.0.0.1 pops.aim4media.com127.0.0.1 crs.akamai.com127.0.0.1 soap.#[Spyware. Auto Startup]127.0.0.1 cploving.#[Trojan Clicker. ]127.0.0.1 perso.estat.com127.0.0.1 prof.estat.com127.0.0.1 Zone site]127.0.0.1 eu-adcenter.net127.0.0.1 thinknyc.eu-adcenter.net127.0.0.1 ugo.#[evidence-eliminator.com]127.0.0.1 Bar][Installer X Class]127.0.0.1 engage.everyone.net127.0.0.1 static.everyone.net127.0.0.1 exitexchange.com127.0.0.1 count.exitexchange.com127.0.0.1 images.exitexchange.com127.0.0.1 Zone site]127.0.0.1 #[EZCyber Search. A]127.0.0.1 net #[Grolier Network]127.0.0.1 micorsoft.com127.0.0.1 hijacker]127.0.0.1 adserver.mindshare.de127.0.0.1 Mini-Player]127.0.0.1 banner.missingkids.com127.0.0.1 ads.monster.com127.0.0.1 adserver.monster.com127.0.0.1 adserver.monster.com127.0.0.1 ads.monstermoving.com127.0.0.1 cookie.monster.com127.0.0.1 mp3today.net127.0.0.1 mpamexit.com127.0.0.1 msgtag.com127.0.0.1 img.#[Restricted Zone site]127.0.0.1 multi1co.uk127.0.0.1 #[Multimpp Obj Class][Adv Ware. Now Box]127.0.0.1 mediatickets.nubela.net127.0.0.1 nz127.0.0.1 okcounter.com127.0.0.1 net #[Trojan. C]127.0.0.1 stat.onestat.com127.0.0.1 one.ru127.0.0.1 ru127.0.0.1 stats0ru127.0.0.1 stats1ru127.0.0.1 stats2ru127.0.0.1 server1.opentracker.net127.0.0.1 ccc00.opinionlab.com127.0.0.1 rate.opinionlab.com127.0.0.1 net127.0.0.1 Organizer Class]127.0.0.1 com127.0.0.1 com127.0.0.1 otx5.otxresearch.com127.0.0.1 otx.#[OTXMedia.dll]127.0.0.1 Class]127.0.0.1 adpopper.#[bargain-buddy.net]127.0.0.1 click.payserve.com127.0.0.1 ad1com127.0.0.1 ad3com127.0.0.1 com127.0.0.1 ad4com127.0.0.1 ads5com127.0.0.1 com127.0.0.1 net127.0.0.1 ads.#[addynamix.com]127.0.0.1 banners.pennyweb.com127.0.0.1 D]127.0.0.1 ads.photosight.ru127.0.0.1 phpadsnew.com127.0.0.1 #[Backdoor. EXE"O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [One Care UI] "C:\Program Files\Microsoft Windows One Care Live\winssnotify.exe"O4 - HKCU\..\Run: [Backup Notify] c:\Program Files\Hewlett-Packard\Digital Imaging\bin\O4 - HKCU\..\Run: [NVIEW] rundll32nview.dll,n View Load Hook O4 - HKCU\..\Run: [Real Player] "C:\Program Files\Real\Real One Player\realplay.exe" /Run UPGTool Command Re Boot O4 - HKCU\..\Run: [update Mgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\Adobe Update Ac Rd B7_0_9O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\O4 - Startup: Auto O4 - Global Startup: Adobe Reader Speed = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_O4 - Global Startup: HP Digital Imaging = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08O4 - Global Startup: Motorola Wireless USB = ? - C:\Program Files\i Pod\bin\i Pod O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32O23 - Service: Softex Omni Pass Service (omniserv) - Unknown owner - C:\Program Files\Softex\Omni Pass\O23 - Service: Ventrilo - Unknown owner - C:\Program Files\Vent Srv\ventrilo_O23 - Service: Windows Network Log Manage - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\MSInfo\Smit Fraud Fix v2.166Scan done at .25, Fri 04/13/2007Run from C:\Documents and Settings\Owner\Desktop\Smitfraud Fix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NTThe filesystem type is NTFSFix run in safe mode Shared Task Scheduler Before Smit Fraud Fix!!! Alexa][Alexa Toolbar]127.0.0.1 #[Backdoor-CIE]127.0.0.1 ads.as4#[Ticketmaster]127.0.0.1 net127.0.0.1 net127.0.0.1 ads.amazingmedia.com127.0.0.1 bohema.#[Trojan. H]127.0.0.1 adserver04.#[Real Media]127.0.0.1 ads.antionline.com127.0.0.1 net127.0.0.1 banner.arttoday.com127.0.0.1 #[amazon.com]127.0.0.1 #[UCSearch][W32. Surebar]127.0.0.1 ads.ezcybersearch.com127.0.0.1 everyone.net127.0.0.1 Search]127.0.0.1 ads.au127.0.0.1 au127.0.0.1 redirect.au127.0.0.1 campaigns.f2au127.0.0.1 Search][TROJ_STARTPAG. Bi Spy.o]127.0.0.1 mvtracker.com127.0.0.1 mvr3#[Nav Excel\n-CASE]127.0.0.1 #[Parasite. No Adware]127.0.0.1 ad.nobreak.com127.0.0.1 #[spam][server down? O4 - Global Startup: Quicken Scheduled = C:\Program Files\Quicken\O4 - Global Startup: Updates from = C:\Program Files\Updates from HP\137903\Program\Back Web-137903O8 - Extra context menu item: &Yahoo! Attention, following keys are not inevitably infected!!! Ri Search Shared Task Scheduler's .dll[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Explorer\Shared Task Scheduler]""="frisbee"[HKEY_CLASSES_ROOT\CLSID\\In Proc Server32]@="C:\WINDOWS\system32\ygjun.dll"[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\\In Proc Server32]@="C:\WINDOWS\system32\ygjun.dll" Killing process hosts127.0.0.1 downloads.aaa1#[Bargin Buddy]127.0.0.1 dl.aaascreensavers.com127.0.0.1 abcsearch.com127.0.0.1 admin.abcsearch.com127.0.0.1 www3.#[Browseraid]127.0.0.1 abc517#[Trojan. Nav Excel]127.0.0.1 us127.0.0.1 ads.mydailyhoroscope.net127.0.0.1 Horoscope]127.0.0.1 com127.0.0.1 myhitlogger.com127.0.0.1 #[Parasite. My Page Finder]127.0.0.1 hit.namimedia.com127.0.0.1 ads.nandomedia.com127.0.0.1 #[Adware. Needed Ware]127.0.0.1 www6.netbroadcaster.com127.0.0.1 code.au127.0.0.1 money2.netfirms.com127.0.0.1 partner.netmechanic.com127.0.0.1 tracker.netmechanic.com127.0.0.1 counter.netmore.net127.0.0.1 ads.netsol.com127.0.0.1 ads.uk127.0.0.1 adq.nextag.com127.0.0.1 #[TROJ_DELF.

||

EXE\"""Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide""One Care UI"="\"C:\\Program Files\\Microsoft Windows One Care Live\\winssnotify.exe\"" [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]"DWQueued Reporting"="\"C:\\PROGRA~1\\COMMON~1\\MICROS~1\\DW\\dwtrig20.exe\" -t"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"Disable Task Mgr"=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]""="frisbee"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]""="Microsoft Anti Malware Shell Execute Hook"HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]"Security Providers"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages REG_MULTI_SZ msv1_0\0\0 Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0 Notification Packages REG_MULTI_SZ scecli\0\0HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\One Care MP [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\Current Version\Svchost]Local Service REG_MULTI_SZ Alerter\0Web Client\0Lm Hosts\0Remote Registry\0upnphost\0SSDPSRV\0\0Network Service REG_MULTI_SZ Dns Cache\0\0rpcss REG_MULTI_SZ Rpc Ss\0\0imgsvc REG_MULTI_SZ Sti Svc\0\0termsvcs REG_MULTI_SZ Term Service\0\0HTTPFilter REG_MULTI_SZ HTTPFilter\0\0Dcom Launch REG_MULTI_SZ Dcom Launch\0Term Service\0\0Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\MP Scheduled Quick C:\WINDOWS\tasks\MP Scheduled C:\WINDOWS\tasks\MP Scheduled Signature C:\WINDOWS\tasks\Symantec Net Detect.job********************************************************************catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006 hidden processes ...scanning hidden services ...scanning hidden autostart entries ...scanning hidden files ..completed successfullyhidden processes: 0hidden services: 0hidden files: 0********************************************************************Completion time: 07-04-13 C:\Combo ... EXEO4 - HKLM\..\Run: [Storage Guard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [Tk Bell Exe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Auto TKit] C:\hp\bin\AUTOTKIT. EXE C:\WINDOWS\System32\Nv Cpl.dll, Nv Startup O4 - HKLM\..\Run: [nwiz] /installquiet /keeploaded /nodetect O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\O4 - HKLM\..\Run: [Alcx Monitor] ALCXMNTR. DLLO18 - Protocol: msnim - - C:\PROGRA~1\MSNMES~1\MSGRAP~1. Adtomi]127.0.0.1 downldcl.adtoolsinc.com127.0.0.1 survey.advantageresearch.com127.0.0.1 ad.tw127.0.0.1 ads.advertise.net127.0.0.1 #[Adware. Arm Bender]127.0.0.1 audiogalaxy.com127.0.0.1 Zone site]127.0.0.1 adserving.autotrader.com127.0.0.1 Moe Money]127.0.0.1 Page-DA]127.0.0.1 c.#[ah-ha.com]127.0.0.1 #[xzoomy.com]127.0.0.1 epeople.com127.0.0.1 errorpage404#[JS_TRAFFICHBAR. Tiny Bar]127.0.0.1 er.errorplace.com127.0.0.1 vipuk.#[123Messenger Hijacker]127.0.0.1 antivirus spyware]127.0.0.1 Page-EZ][server down? Meerhits.nl]127.0.0.1 pokpok.meerhits.nl127.0.0.1 exit.megago.com127.0.0.1 squatter]127.0.0.1 Zone site]127.0.0.1

If so, click it, then click the next icon right below and select "Move incurable". Please copy/paste the content of that report into your next reply.*****************************Launch HJThis,click 'Open the Misc Tools Section'. EXEC:\Program Files\Microsoft Windows One Care Live\Firewall\C:\Program Files\Microsoft Windows One Care Live\C:\Program Files\Softex\Omni Pass\C:\WINDOWS\Explorer. Download Plus]127.0.0.1 ad.tomshardware.com127.0.0.1 #[IEDLL.

EXEC:\windows\system\C:\WINDOWS\System32\C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\C:\Program Files\HP\HP Software Update\HPWu C:\WINDOWS\System32\hphmon05C:\HP\KBD\KBD.

07-04-13 Hijack logs Logfile of Hijack This v1.99.1Scan saved at AM, on 4/13/2007Platform: Windows XP SP2 (Win NT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16414)Running processes: C:\WINDOWS\System32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\Program Files\Microsoft Windows One Care Live\Antivirus\Ms Mp C:\WINDOWS\system32\C:\Program Files\Softex\Omni Pass\C:\WINDOWS\C:\Documents and Settings\Owner\Desktop\Hijack R1 - HKCU\Software\Microsoft\Internet Connection Wizard, Shell Next = - HKCU\Software\Microsoft\Windows\Current Version\Internet Settings, Proxy Override = localhost R3 - URLSearch Hook: Yahoo! EXEO4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD. EXEO4 - HKLM\..\Run: [Igfx Tray] C:\WINDOWS\System32\O4 - HKLM\..\Run: [Quick Time Task] "C:\Program Files\Quick Time\qttask.exe" -atboottime O4 - HKLM\..\Run: [i Tunes Helper] "C:\Program Files\i Tunes\i Tunes Helper.exe"O4 - HKLM\..\Run: [Quick Finder Scheduler] "c:\Program Files\Word Perfect Office 11\Programs\QFSCHD110. DLLO20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\Omni Pass\O20 - Winlogon Notify: Wga Logon - C:\WINDOWS\SYSTEM32\Wga O23 - Service: i Pod Service - Apple Computer, Inc. Advision]127.0.0.1 adviva.com127.0.0.1 ads.adviva.net127.0.0.1 adstats.adviva.net127.0.0.1 tracker.#[msvrl.dll]127.0.0.1 banners.affiliatefuel.com127.0.0.1 affiliatetarget.com127.0.0.1 fcds.affiliatetracking.net127.0.0.1 our.affiliatetracking.net127.0.0.1 partner.#[Troj/Subsear-A][Adware-SSF.dr]127.0.0.1 adserver.aim4media.com127.0.0.1 adtest.aim4media.com127.0.0.1 pops.aim4media.com127.0.0.1 crs.akamai.com127.0.0.1 soap.#[Spyware. Auto Startup]127.0.0.1 cploving.#[Trojan Clicker. ]127.0.0.1 perso.estat.com127.0.0.1 prof.estat.com127.0.0.1 Zone site]127.0.0.1 eu-adcenter.net127.0.0.1 thinknyc.eu-adcenter.net127.0.0.1 ugo.#[evidence-eliminator.com]127.0.0.1 Bar][Installer X Class]127.0.0.1 engage.everyone.net127.0.0.1 static.everyone.net127.0.0.1 exitexchange.com127.0.0.1 count.exitexchange.com127.0.0.1 images.exitexchange.com127.0.0.1 Zone site]127.0.0.1 #[EZCyber Search. A]127.0.0.1 net #[Grolier Network]127.0.0.1 micorsoft.com127.0.0.1 hijacker]127.0.0.1 adserver.mindshare.de127.0.0.1 Mini-Player]127.0.0.1 banner.missingkids.com127.0.0.1 ads.monster.com127.0.0.1 adserver.monster.com127.0.0.1 adserver.monster.com127.0.0.1 ads.monstermoving.com127.0.0.1 cookie.monster.com127.0.0.1 mp3today.net127.0.0.1 mpamexit.com127.0.0.1 msgtag.com127.0.0.1 img.#[Restricted Zone site]127.0.0.1 multi1co.uk127.0.0.1 #[Multimpp Obj Class][Adv Ware. Now Box]127.0.0.1 mediatickets.nubela.net127.0.0.1 nz127.0.0.1 okcounter.com127.0.0.1 net #[Trojan. C]127.0.0.1 stat.onestat.com127.0.0.1 one.ru127.0.0.1 ru127.0.0.1 stats0ru127.0.0.1 stats1ru127.0.0.1 stats2ru127.0.0.1 server1.opentracker.net127.0.0.1 ccc00.opinionlab.com127.0.0.1 rate.opinionlab.com127.0.0.1 net127.0.0.1 Organizer Class]127.0.0.1 com127.0.0.1 com127.0.0.1 otx5.otxresearch.com127.0.0.1 otx.#[OTXMedia.dll]127.0.0.1 Class]127.0.0.1 adpopper.#[bargain-buddy.net]127.0.0.1 click.payserve.com127.0.0.1 ad1com127.0.0.1 ad3com127.0.0.1 com127.0.0.1 ad4com127.0.0.1 ads5com127.0.0.1 com127.0.0.1 net127.0.0.1 ads.#[addynamix.com]127.0.0.1 banners.pennyweb.com127.0.0.1 D]127.0.0.1 ads.photosight.ru127.0.0.1 phpadsnew.com127.0.0.1 #[Backdoor.

EXE"O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [One Care UI] "C:\Program Files\Microsoft Windows One Care Live\winssnotify.exe"O4 - HKCU\..\Run: [Backup Notify] c:\Program Files\Hewlett-Packard\Digital Imaging\bin\O4 - HKCU\..\Run: [NVIEW] rundll32nview.dll,n View Load Hook O4 - HKCU\..\Run: [Real Player] "C:\Program Files\Real\Real One Player\realplay.exe" /Run UPGTool Command Re Boot O4 - HKCU\..\Run: [update Mgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\Adobe Update Ac Rd B7_0_9O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\O4 - Startup: Auto O4 - Global Startup: Adobe Reader Speed = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_O4 - Global Startup: HP Digital Imaging = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08O4 - Global Startup: Motorola Wireless USB = ? - C:\Program Files\i Pod\bin\i Pod O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32O23 - Service: Softex Omni Pass Service (omniserv) - Unknown owner - C:\Program Files\Softex\Omni Pass\O23 - Service: Ventrilo - Unknown owner - C:\Program Files\Vent Srv\ventrilo_O23 - Service: Windows Network Log Manage - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\MSInfo\Smit Fraud Fix v2.166Scan done at .25, Fri 04/13/2007Run from C:\Documents and Settings\Owner\Desktop\Smitfraud Fix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NTThe filesystem type is NTFSFix run in safe mode Shared Task Scheduler Before Smit Fraud Fix!!! Alexa][Alexa Toolbar]127.0.0.1 #[Backdoor-CIE]127.0.0.1 ads.as4#[Ticketmaster]127.0.0.1 net127.0.0.1 net127.0.0.1 ads.amazingmedia.com127.0.0.1 bohema.#[Trojan. H]127.0.0.1 adserver04.#[Real Media]127.0.0.1 ads.antionline.com127.0.0.1 net127.0.0.1 banner.arttoday.com127.0.0.1 #[amazon.com]127.0.0.1 #[UCSearch][W32. Surebar]127.0.0.1 ads.ezcybersearch.com127.0.0.1 everyone.net127.0.0.1 Search]127.0.0.1 ads.au127.0.0.1 au127.0.0.1 redirect.au127.0.0.1 campaigns.f2au127.0.0.1 Search][TROJ_STARTPAG. Bi Spy.o]127.0.0.1 mvtracker.com127.0.0.1 mvr3#[Nav Excel\n-CASE]127.0.0.1 #[Parasite. No Adware]127.0.0.1 ad.nobreak.com127.0.0.1 #[spam][server down?

O4 - Global Startup: Quicken Scheduled = C:\Program Files\Quicken\O4 - Global Startup: Updates from = C:\Program Files\Updates from HP\137903\Program\Back Web-137903O8 - Extra context menu item: &Yahoo! Attention, following keys are not inevitably infected!!! Ri Search Shared Task Scheduler's .dll[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Explorer\Shared Task Scheduler]""="frisbee"[HKEY_CLASSES_ROOT\CLSID\\In Proc Server32]@="C:\WINDOWS\system32\ygjun.dll"[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\\In Proc Server32]@="C:\WINDOWS\system32\ygjun.dll" Killing process hosts127.0.0.1 downloads.aaa1#[Bargin Buddy]127.0.0.1 dl.aaascreensavers.com127.0.0.1 abcsearch.com127.0.0.1 admin.abcsearch.com127.0.0.1 www3.#[Browseraid]127.0.0.1 abc517#[Trojan. Nav Excel]127.0.0.1 us127.0.0.1 ads.mydailyhoroscope.net127.0.0.1 Horoscope]127.0.0.1 com127.0.0.1 myhitlogger.com127.0.0.1 #[Parasite. My Page Finder]127.0.0.1 hit.namimedia.com127.0.0.1 ads.nandomedia.com127.0.0.1 #[Adware. Needed Ware]127.0.0.1 www6.netbroadcaster.com127.0.0.1 code.au127.0.0.1 money2.netfirms.com127.0.0.1 partner.netmechanic.com127.0.0.1 tracker.netmechanic.com127.0.0.1 counter.netmore.net127.0.0.1 ads.netsol.com127.0.0.1 ads.uk127.0.0.1 adq.nextag.com127.0.0.1 #[TROJ_DELF.

]]wdigest[[

EXE\"""Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide""One Care UI"="\"C:\\Program Files\\Microsoft Windows One Care Live\\winssnotify.exe\"" [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]"DWQueued Reporting"="\"C:\\PROGRA~1\\COMMON~1\\MICROS~1\\DW\\dwtrig20.exe\" -t"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"Disable Task Mgr"=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]""="frisbee"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]""="Microsoft Anti Malware Shell Execute Hook"HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]"Security Providers"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages REG_MULTI_SZ msv1_0\0\0 Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0 Notification Packages REG_MULTI_SZ scecli\0\0HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\One Care MP [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\Current Version\Svchost]Local Service REG_MULTI_SZ Alerter\0Web Client\0Lm Hosts\0Remote Registry\0upnphost\0SSDPSRV\0\0Network Service REG_MULTI_SZ Dns Cache\0\0rpcss REG_MULTI_SZ Rpc Ss\0\0imgsvc REG_MULTI_SZ Sti Svc\0\0termsvcs REG_MULTI_SZ Term Service\0\0HTTPFilter REG_MULTI_SZ HTTPFilter\0\0Dcom Launch REG_MULTI_SZ Dcom Launch\0Term Service\0\0Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\MP Scheduled Quick C:\WINDOWS\tasks\MP Scheduled C:\WINDOWS\tasks\MP Scheduled Signature C:\WINDOWS\tasks\Symantec Net Detect.job********************************************************************catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006 hidden processes ...scanning hidden services ...scanning hidden autostart entries ...scanning hidden files ..completed successfullyhidden processes: 0hidden services: 0hidden files: 0********************************************************************Completion time: 07-04-13 C:\Combo ... EXEO4 - HKLM\..\Run: [Storage Guard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [Tk Bell Exe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Auto TKit] C:\hp\bin\AUTOTKIT. EXE C:\WINDOWS\System32\Nv Cpl.dll, Nv Startup O4 - HKLM\..\Run: [nwiz] /installquiet /keeploaded /nodetect O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\O4 - HKLM\..\Run: [Alcx Monitor] ALCXMNTR. DLLO18 - Protocol: msnim - - C:\PROGRA~1\MSNMES~1\MSGRAP~1. Adtomi]127.0.0.1 downldcl.adtoolsinc.com127.0.0.1 survey.advantageresearch.com127.0.0.1 ad.tw127.0.0.1 ads.advertise.net127.0.0.1 #[Adware. Arm Bender]127.0.0.1 audiogalaxy.com127.0.0.1 Zone site]127.0.0.1 adserving.autotrader.com127.0.0.1 Moe Money]127.0.0.1 Page-DA]127.0.0.1 c.#[ah-ha.com]127.0.0.1 #[xzoomy.com]127.0.0.1 epeople.com127.0.0.1 errorpage404#[JS_TRAFFICHBAR. Tiny Bar]127.0.0.1 er.errorplace.com127.0.0.1 vipuk.#[123Messenger Hijacker]127.0.0.1 antivirus spyware]127.0.0.1 Page-EZ][server down? Meerhits.nl]127.0.0.1 pokpok.meerhits.nl127.0.0.1 exit.megago.com127.0.0.1 squatter]127.0.0.1 Zone site]127.0.0.1 If so, click it, then click the next icon right below and select "Move incurable". Please copy/paste the content of that report into your next reply.*****************************Launch HJThis,click 'Open the Misc Tools Section'. EXEC:\Program Files\Microsoft Windows One Care Live\Firewall\C:\Program Files\Microsoft Windows One Care Live\C:\Program Files\Softex\Omni Pass\C:\WINDOWS\Explorer. Download Plus]127.0.0.1 ad.tomshardware.com127.0.0.1 #[IEDLL. EXEC:\windows\system\C:\WINDOWS\System32\C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\C:\Program Files\HP\HP Software Update\HPWu C:\WINDOWS\System32\hphmon05C:\HP\KBD\KBD. 07-04-13 Hijack logs Logfile of Hijack This v1.99.1Scan saved at AM, on 4/13/2007Platform: Windows XP SP2 (Win NT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16414)Running processes: C:\WINDOWS\System32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\Program Files\Microsoft Windows One Care Live\Antivirus\Ms Mp C:\WINDOWS\system32\C:\Program Files\Softex\Omni Pass\C:\WINDOWS\C:\Documents and Settings\Owner\Desktop\Hijack R1 - HKCU\Software\Microsoft\Internet Connection Wizard, Shell Next = - HKCU\Software\Microsoft\Windows\Current Version\Internet Settings, Proxy Override = localhost R3 - URLSearch Hook: Yahoo! EXEO4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD. EXEO4 - HKLM\..\Run: [Igfx Tray] C:\WINDOWS\System32\O4 - HKLM\..\Run: [Quick Time Task] "C:\Program Files\Quick Time\qttask.exe" -atboottime O4 - HKLM\..\Run: [i Tunes Helper] "C:\Program Files\i Tunes\i Tunes Helper.exe"O4 - HKLM\..\Run: [Quick Finder Scheduler] "c:\Program Files\Word Perfect Office 11\Programs\QFSCHD110. DLLO20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\Omni Pass\O20 - Winlogon Notify: Wga Logon - C:\WINDOWS\SYSTEM32\Wga O23 - Service: i Pod Service - Apple Computer, Inc. Advision]127.0.0.1 adviva.com127.0.0.1 ads.adviva.net127.0.0.1 adstats.adviva.net127.0.0.1 tracker.#[msvrl.dll]127.0.0.1 banners.affiliatefuel.com127.0.0.1 affiliatetarget.com127.0.0.1 fcds.affiliatetracking.net127.0.0.1 our.affiliatetracking.net127.0.0.1 partner.#[Troj/Subsear-A][Adware-SSF.dr]127.0.0.1 adserver.aim4media.com127.0.0.1 adtest.aim4media.com127.0.0.1 pops.aim4media.com127.0.0.1 crs.akamai.com127.0.0.1 soap.#[Spyware. Auto Startup]127.0.0.1 cploving.#[Trojan Clicker. ]127.0.0.1 perso.estat.com127.0.0.1 prof.estat.com127.0.0.1 Zone site]127.0.0.1 eu-adcenter.net127.0.0.1 thinknyc.eu-adcenter.net127.0.0.1 ugo.#[evidence-eliminator.com]127.0.0.1 Bar][Installer X Class]127.0.0.1 engage.everyone.net127.0.0.1 static.everyone.net127.0.0.1 exitexchange.com127.0.0.1 count.exitexchange.com127.0.0.1 images.exitexchange.com127.0.0.1 Zone site]127.0.0.1 #[EZCyber Search. A]127.0.0.1 net #[Grolier Network]127.0.0.1 micorsoft.com127.0.0.1 hijacker]127.0.0.1 adserver.mindshare.de127.0.0.1 Mini-Player]127.0.0.1 banner.missingkids.com127.0.0.1 ads.monster.com127.0.0.1 adserver.monster.com127.0.0.1 adserver.monster.com127.0.0.1 ads.monstermoving.com127.0.0.1 cookie.monster.com127.0.0.1 mp3today.net127.0.0.1 mpamexit.com127.0.0.1 msgtag.com127.0.0.1 img.#[Restricted Zone site]127.0.0.1 multi1co.uk127.0.0.1 #[Multimpp Obj Class][Adv Ware. Now Box]127.0.0.1 mediatickets.nubela.net127.0.0.1 nz127.0.0.1 okcounter.com127.0.0.1 net #[Trojan. C]127.0.0.1 stat.onestat.com127.0.0.1 one.ru127.0.0.1 ru127.0.0.1 stats0ru127.0.0.1 stats1ru127.0.0.1 stats2ru127.0.0.1 server1.opentracker.net127.0.0.1 ccc00.opinionlab.com127.0.0.1 rate.opinionlab.com127.0.0.1 net127.0.0.1 Organizer Class]127.0.0.1 com127.0.0.1 com127.0.0.1 otx5.otxresearch.com127.0.0.1 otx.#[OTXMedia.dll]127.0.0.1 Class]127.0.0.1 adpopper.#[bargain-buddy.net]127.0.0.1 click.payserve.com127.0.0.1 ad1com127.0.0.1 ad3com127.0.0.1 com127.0.0.1 ad4com127.0.0.1 ads5com127.0.0.1 com127.0.0.1 net127.0.0.1 ads.#[addynamix.com]127.0.0.1 banners.pennyweb.com127.0.0.1 D]127.0.0.1 ads.photosight.ru127.0.0.1 phpadsnew.com127.0.0.1 #[Backdoor. EXE"O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [One Care UI] "C:\Program Files\Microsoft Windows One Care Live\winssnotify.exe"O4 - HKCU\..\Run: [Backup Notify] c:\Program Files\Hewlett-Packard\Digital Imaging\bin\O4 - HKCU\..\Run: [NVIEW] rundll32nview.dll,n View Load Hook O4 - HKCU\..\Run: [Real Player] "C:\Program Files\Real\Real One Player\realplay.exe" /Run UPGTool Command Re Boot O4 - HKCU\..\Run: [update Mgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\Adobe Update Ac Rd B7_0_9O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\O4 - Startup: Auto O4 - Global Startup: Adobe Reader Speed = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_O4 - Global Startup: HP Digital Imaging = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08O4 - Global Startup: Motorola Wireless USB = ? - C:\Program Files\i Pod\bin\i Pod O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32O23 - Service: Softex Omni Pass Service (omniserv) - Unknown owner - C:\Program Files\Softex\Omni Pass\O23 - Service: Ventrilo - Unknown owner - C:\Program Files\Vent Srv\ventrilo_O23 - Service: Windows Network Log Manage - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\MSInfo\Smit Fraud Fix v2.166Scan done at .25, Fri 04/13/2007Run from C:\Documents and Settings\Owner\Desktop\Smitfraud Fix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NTThe filesystem type is NTFSFix run in safe mode Shared Task Scheduler Before Smit Fraud Fix!!! Alexa][Alexa Toolbar]127.0.0.1 #[Backdoor-CIE]127.0.0.1 ads.as4#[Ticketmaster]127.0.0.1 net127.0.0.1 net127.0.0.1 ads.amazingmedia.com127.0.0.1 bohema.#[Trojan. H]127.0.0.1 adserver04.#[Real Media]127.0.0.1 ads.antionline.com127.0.0.1 net127.0.0.1 banner.arttoday.com127.0.0.1 #[amazon.com]127.0.0.1 #[UCSearch][W32. Surebar]127.0.0.1 ads.ezcybersearch.com127.0.0.1 everyone.net127.0.0.1 Search]127.0.0.1 ads.au127.0.0.1 au127.0.0.1 redirect.au127.0.0.1 campaigns.f2au127.0.0.1 Search][TROJ_STARTPAG. Bi Spy.o]127.0.0.1 mvtracker.com127.0.0.1 mvr3#[Nav Excel\n-CASE]127.0.0.1 #[Parasite. No Adware]127.0.0.1 ad.nobreak.com127.0.0.1 #[spam][server down? O4 - Global Startup: Quicken Scheduled = C:\Program Files\Quicken\O4 - Global Startup: Updates from = C:\Program Files\Updates from HP\137903\Program\Back Web-137903O8 - Extra context menu item: &Yahoo! Attention, following keys are not inevitably infected!!! Ri Search Shared Task Scheduler's .dll[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Explorer\Shared Task Scheduler]""="frisbee"[HKEY_CLASSES_ROOT\CLSID\\In Proc Server32]@="C:\WINDOWS\system32\ygjun.dll"[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\\In Proc Server32]@="C:\WINDOWS\system32\ygjun.dll" Killing process hosts127.0.0.1 downloads.aaa1#[Bargin Buddy]127.0.0.1 dl.aaascreensavers.com127.0.0.1 abcsearch.com127.0.0.1 admin.abcsearch.com127.0.0.1 www3.#[Browseraid]127.0.0.1 abc517#[Trojan. Nav Excel]127.0.0.1 us127.0.0.1 ads.mydailyhoroscope.net127.0.0.1 Horoscope]127.0.0.1 com127.0.0.1 myhitlogger.com127.0.0.1 #[Parasite. My Page Finder]127.0.0.1 hit.namimedia.com127.0.0.1 ads.nandomedia.com127.0.0.1 #[Adware. Needed Ware]127.0.0.1 www6.netbroadcaster.com127.0.0.1 code.au127.0.0.1 money2.netfirms.com127.0.0.1 partner.netmechanic.com127.0.0.1 tracker.netmechanic.com127.0.0.1 counter.netmore.net127.0.0.1 ads.netsol.com127.0.0.1 ads.uk127.0.0.1 adq.nextag.com127.0.0.1 #[TROJ_DELF.

||

EXE\"""Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide""One Care UI"="\"C:\\Program Files\\Microsoft Windows One Care Live\\winssnotify.exe\"" [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]"DWQueued Reporting"="\"C:\\PROGRA~1\\COMMON~1\\MICROS~1\\DW\\dwtrig20.exe\" -t"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"Disable Task Mgr"=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]""="frisbee"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]""="Microsoft Anti Malware Shell Execute Hook"HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]"Security Providers"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages REG_MULTI_SZ msv1_0\0\0 Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0 Notification Packages REG_MULTI_SZ scecli\0\0HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\One Care MP [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\Current Version\Svchost]Local Service REG_MULTI_SZ Alerter\0Web Client\0Lm Hosts\0Remote Registry\0upnphost\0SSDPSRV\0\0Network Service REG_MULTI_SZ Dns Cache\0\0rpcss REG_MULTI_SZ Rpc Ss\0\0imgsvc REG_MULTI_SZ Sti Svc\0\0termsvcs REG_MULTI_SZ Term Service\0\0HTTPFilter REG_MULTI_SZ HTTPFilter\0\0Dcom Launch REG_MULTI_SZ Dcom Launch\0Term Service\0\0Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\MP Scheduled Quick C:\WINDOWS\tasks\MP Scheduled C:\WINDOWS\tasks\MP Scheduled Signature C:\WINDOWS\tasks\Symantec Net Detect.job********************************************************************catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006 hidden processes ...scanning hidden services ...scanning hidden autostart entries ...scanning hidden files ..completed successfullyhidden processes: 0hidden services: 0hidden files: 0********************************************************************Completion time: 07-04-13 C:\Combo ... EXEO4 - HKLM\..\Run: [Storage Guard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [Tk Bell Exe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Auto TKit] C:\hp\bin\AUTOTKIT. EXE C:\WINDOWS\System32\Nv Cpl.dll, Nv Startup O4 - HKLM\..\Run: [nwiz] /installquiet /keeploaded /nodetect O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\O4 - HKLM\..\Run: [Alcx Monitor] ALCXMNTR. DLLO18 - Protocol: msnim - - C:\PROGRA~1\MSNMES~1\MSGRAP~1. Adtomi]127.0.0.1 downldcl.adtoolsinc.com127.0.0.1 survey.advantageresearch.com127.0.0.1 ad.tw127.0.0.1 ads.advertise.net127.0.0.1 #[Adware. Arm Bender]127.0.0.1 audiogalaxy.com127.0.0.1 Zone site]127.0.0.1 adserving.autotrader.com127.0.0.1 Moe Money]127.0.0.1 Page-DA]127.0.0.1 c.#[ah-ha.com]127.0.0.1 #[xzoomy.com]127.0.0.1 epeople.com127.0.0.1 errorpage404#[JS_TRAFFICHBAR. Tiny Bar]127.0.0.1 er.errorplace.com127.0.0.1 vipuk.#[123Messenger Hijacker]127.0.0.1 antivirus spyware]127.0.0.1 Page-EZ][server down? Meerhits.nl]127.0.0.1 pokpok.meerhits.nl127.0.0.1 exit.megago.com127.0.0.1 squatter]127.0.0.1 Zone site]127.0.0.1

If so, click it, then click the next icon right below and select "Move incurable". Please copy/paste the content of that report into your next reply.*****************************Launch HJThis,click 'Open the Misc Tools Section'. EXEC:\Program Files\Microsoft Windows One Care Live\Firewall\C:\Program Files\Microsoft Windows One Care Live\C:\Program Files\Softex\Omni Pass\C:\WINDOWS\Explorer. Download Plus]127.0.0.1 ad.tomshardware.com127.0.0.1 #[IEDLL.

EXEC:\windows\system\C:\WINDOWS\System32\C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\C:\Program Files\HP\HP Software Update\HPWu C:\WINDOWS\System32\hphmon05C:\HP\KBD\KBD.

07-04-13 Hijack logs Logfile of Hijack This v1.99.1Scan saved at AM, on 4/13/2007Platform: Windows XP SP2 (Win NT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16414)Running processes: C:\WINDOWS\System32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\Program Files\Microsoft Windows One Care Live\Antivirus\Ms Mp C:\WINDOWS\system32\C:\Program Files\Softex\Omni Pass\C:\WINDOWS\C:\Documents and Settings\Owner\Desktop\Hijack R1 - HKCU\Software\Microsoft\Internet Connection Wizard, Shell Next = - HKCU\Software\Microsoft\Windows\Current Version\Internet Settings, Proxy Override = localhost R3 - URLSearch Hook: Yahoo! EXEO4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD. EXEO4 - HKLM\..\Run: [Igfx Tray] C:\WINDOWS\System32\O4 - HKLM\..\Run: [Quick Time Task] "C:\Program Files\Quick Time\qttask.exe" -atboottime O4 - HKLM\..\Run: [i Tunes Helper] "C:\Program Files\i Tunes\i Tunes Helper.exe"O4 - HKLM\..\Run: [Quick Finder Scheduler] "c:\Program Files\Word Perfect Office 11\Programs\QFSCHD110. DLLO20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\Omni Pass\O20 - Winlogon Notify: Wga Logon - C:\WINDOWS\SYSTEM32\Wga O23 - Service: i Pod Service - Apple Computer, Inc. Advision]127.0.0.1 adviva.com127.0.0.1 ads.adviva.net127.0.0.1 adstats.adviva.net127.0.0.1 tracker.#[msvrl.dll]127.0.0.1 banners.affiliatefuel.com127.0.0.1 affiliatetarget.com127.0.0.1 fcds.affiliatetracking.net127.0.0.1 our.affiliatetracking.net127.0.0.1 partner.#[Troj/Subsear-A][Adware-SSF.dr]127.0.0.1 adserver.aim4media.com127.0.0.1 adtest.aim4media.com127.0.0.1 pops.aim4media.com127.0.0.1 crs.akamai.com127.0.0.1 soap.#[Spyware. Auto Startup]127.0.0.1 cploving.#[Trojan Clicker. ]127.0.0.1 perso.estat.com127.0.0.1 prof.estat.com127.0.0.1 Zone site]127.0.0.1 eu-adcenter.net127.0.0.1 thinknyc.eu-adcenter.net127.0.0.1 ugo.#[evidence-eliminator.com]127.0.0.1 Bar][Installer X Class]127.0.0.1 engage.everyone.net127.0.0.1 static.everyone.net127.0.0.1 exitexchange.com127.0.0.1 count.exitexchange.com127.0.0.1 images.exitexchange.com127.0.0.1 Zone site]127.0.0.1 #[EZCyber Search. A]127.0.0.1 net #[Grolier Network]127.0.0.1 micorsoft.com127.0.0.1 hijacker]127.0.0.1 adserver.mindshare.de127.0.0.1 Mini-Player]127.0.0.1 banner.missingkids.com127.0.0.1 ads.monster.com127.0.0.1 adserver.monster.com127.0.0.1 adserver.monster.com127.0.0.1 ads.monstermoving.com127.0.0.1 cookie.monster.com127.0.0.1 mp3today.net127.0.0.1 mpamexit.com127.0.0.1 msgtag.com127.0.0.1 img.#[Restricted Zone site]127.0.0.1 multi1co.uk127.0.0.1 #[Multimpp Obj Class][Adv Ware. Now Box]127.0.0.1 mediatickets.nubela.net127.0.0.1 nz127.0.0.1 okcounter.com127.0.0.1 net #[Trojan. C]127.0.0.1 stat.onestat.com127.0.0.1 one.ru127.0.0.1 ru127.0.0.1 stats0ru127.0.0.1 stats1ru127.0.0.1 stats2ru127.0.0.1 server1.opentracker.net127.0.0.1 ccc00.opinionlab.com127.0.0.1 rate.opinionlab.com127.0.0.1 net127.0.0.1 Organizer Class]127.0.0.1 com127.0.0.1 com127.0.0.1 otx5.otxresearch.com127.0.0.1 otx.#[OTXMedia.dll]127.0.0.1 Class]127.0.0.1 adpopper.#[bargain-buddy.net]127.0.0.1 click.payserve.com127.0.0.1 ad1com127.0.0.1 ad3com127.0.0.1 com127.0.0.1 ad4com127.0.0.1 ads5com127.0.0.1 com127.0.0.1 net127.0.0.1 ads.#[addynamix.com]127.0.0.1 banners.pennyweb.com127.0.0.1 D]127.0.0.1 ads.photosight.ru127.0.0.1 phpadsnew.com127.0.0.1 #[Backdoor.

EXE"O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [One Care UI] "C:\Program Files\Microsoft Windows One Care Live\winssnotify.exe"O4 - HKCU\..\Run: [Backup Notify] c:\Program Files\Hewlett-Packard\Digital Imaging\bin\O4 - HKCU\..\Run: [NVIEW] rundll32nview.dll,n View Load Hook O4 - HKCU\..\Run: [Real Player] "C:\Program Files\Real\Real One Player\realplay.exe" /Run UPGTool Command Re Boot O4 - HKCU\..\Run: [update Mgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\Adobe Update Ac Rd B7_0_9O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\O4 - Startup: Auto O4 - Global Startup: Adobe Reader Speed = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_O4 - Global Startup: HP Digital Imaging = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08O4 - Global Startup: Motorola Wireless USB = ? - C:\Program Files\i Pod\bin\i Pod O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32O23 - Service: Softex Omni Pass Service (omniserv) - Unknown owner - C:\Program Files\Softex\Omni Pass\O23 - Service: Ventrilo - Unknown owner - C:\Program Files\Vent Srv\ventrilo_O23 - Service: Windows Network Log Manage - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\MSInfo\Smit Fraud Fix v2.166Scan done at .25, Fri 04/13/2007Run from C:\Documents and Settings\Owner\Desktop\Smitfraud Fix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NTThe filesystem type is NTFSFix run in safe mode Shared Task Scheduler Before Smit Fraud Fix!!! Alexa][Alexa Toolbar]127.0.0.1 #[Backdoor-CIE]127.0.0.1 ads.as4#[Ticketmaster]127.0.0.1 net127.0.0.1 net127.0.0.1 ads.amazingmedia.com127.0.0.1 bohema.#[Trojan. H]127.0.0.1 adserver04.#[Real Media]127.0.0.1 ads.antionline.com127.0.0.1 net127.0.0.1 banner.arttoday.com127.0.0.1 #[amazon.com]127.0.0.1 #[UCSearch][W32. Surebar]127.0.0.1 ads.ezcybersearch.com127.0.0.1 everyone.net127.0.0.1 Search]127.0.0.1 ads.au127.0.0.1 au127.0.0.1 redirect.au127.0.0.1 campaigns.f2au127.0.0.1 Search][TROJ_STARTPAG. Bi Spy.o]127.0.0.1 mvtracker.com127.0.0.1 mvr3#[Nav Excel\n-CASE]127.0.0.1 #[Parasite. No Adware]127.0.0.1 ad.nobreak.com127.0.0.1 #[spam][server down?

O4 - Global Startup: Quicken Scheduled = C:\Program Files\Quicken\O4 - Global Startup: Updates from = C:\Program Files\Updates from HP\137903\Program\Back Web-137903O8 - Extra context menu item: &Yahoo! Attention, following keys are not inevitably infected!!! Ri Search Shared Task Scheduler's .dll[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Explorer\Shared Task Scheduler]""="frisbee"[HKEY_CLASSES_ROOT\CLSID\\In Proc Server32]@="C:\WINDOWS\system32\ygjun.dll"[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\\In Proc Server32]@="C:\WINDOWS\system32\ygjun.dll" Killing process hosts127.0.0.1 downloads.aaa1#[Bargin Buddy]127.0.0.1 dl.aaascreensavers.com127.0.0.1 abcsearch.com127.0.0.1 admin.abcsearch.com127.0.0.1 www3.#[Browseraid]127.0.0.1 abc517#[Trojan. Nav Excel]127.0.0.1 us127.0.0.1 ads.mydailyhoroscope.net127.0.0.1 Horoscope]127.0.0.1 com127.0.0.1 myhitlogger.com127.0.0.1 #[Parasite. My Page Finder]127.0.0.1 hit.namimedia.com127.0.0.1 ads.nandomedia.com127.0.0.1 #[Adware. Needed Ware]127.0.0.1 www6.netbroadcaster.com127.0.0.1 code.au127.0.0.1 money2.netfirms.com127.0.0.1 partner.netmechanic.com127.0.0.1 tracker.netmechanic.com127.0.0.1 counter.netmore.net127.0.0.1 ads.netsol.com127.0.0.1 ads.uk127.0.0.1 adq.nextag.com127.0.0.1 #[TROJ_DELF.

]][[

EXE\"""Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide""One Care UI"="\"C:\\Program Files\\Microsoft Windows One Care Live\\winssnotify.exe\"" [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]"DWQueued Reporting"="\"C:\\PROGRA~1\\COMMON~1\\MICROS~1\\DW\\dwtrig20.exe\" -t"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"Disable Task Mgr"=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]""="frisbee"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]""="Microsoft Anti Malware Shell Execute Hook"HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]"Security Providers"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages REG_MULTI_SZ msv1_0\0\0 Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0 Notification Packages REG_MULTI_SZ scecli\0\0HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\One Care MP [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\Current Version\Svchost]Local Service REG_MULTI_SZ Alerter\0Web Client\0Lm Hosts\0Remote Registry\0upnphost\0SSDPSRV\0\0Network Service REG_MULTI_SZ Dns Cache\0\0rpcss REG_MULTI_SZ Rpc Ss\0\0imgsvc REG_MULTI_SZ Sti Svc\0\0termsvcs REG_MULTI_SZ Term Service\0\0HTTPFilter REG_MULTI_SZ HTTPFilter\0\0Dcom Launch REG_MULTI_SZ Dcom Launch\0Term Service\0\0Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\MP Scheduled Quick C:\WINDOWS\tasks\MP Scheduled C:\WINDOWS\tasks\MP Scheduled Signature C:\WINDOWS\tasks\Symantec Net Detect.job********************************************************************catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006 hidden processes ...scanning hidden services ...scanning hidden autostart entries ...scanning hidden files ..completed successfullyhidden processes: 0hidden services: 0hidden files: 0********************************************************************Completion time: 07-04-13 C:\Combo ... EXEO4 - HKLM\..\Run: [Storage Guard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [Tk Bell Exe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Auto TKit] C:\hp\bin\AUTOTKIT. EXE C:\WINDOWS\System32\Nv Cpl.dll, Nv Startup O4 - HKLM\..\Run: [nwiz] /installquiet /keeploaded /nodetect O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\O4 - HKLM\..\Run: [Alcx Monitor] ALCXMNTR. DLLO18 - Protocol: msnim - - C:\PROGRA~1\MSNMES~1\MSGRAP~1. Adtomi]127.0.0.1 downldcl.adtoolsinc.com127.0.0.1 survey.advantageresearch.com127.0.0.1 ad.tw127.0.0.1 ads.advertise.net127.0.0.1 #[Adware. Arm Bender]127.0.0.1 audiogalaxy.com127.0.0.1 Zone site]127.0.0.1 adserving.autotrader.com127.0.0.1 Moe Money]127.0.0.1 Page-DA]127.0.0.1 c.#[ah-ha.com]127.0.0.1 #[xzoomy.com]127.0.0.1 epeople.com127.0.0.1 errorpage404#[JS_TRAFFICHBAR. Tiny Bar]127.0.0.1 er.errorplace.com127.0.0.1 vipuk.#[123Messenger Hijacker]127.0.0.1 antivirus spyware]127.0.0.1 Page-EZ][server down? Meerhits.nl]127.0.0.1 pokpok.meerhits.nl127.0.0.1 exit.megago.com127.0.0.1 squatter]127.0.0.1 Zone site]127.0.0.1 If so, click it, then click the next icon right below and select "Move incurable". Please copy/paste the content of that report into your next reply.*****************************Launch HJThis,click 'Open the Misc Tools Section'. EXEC:\Program Files\Microsoft Windows One Care Live\Firewall\C:\Program Files\Microsoft Windows One Care Live\C:\Program Files\Softex\Omni Pass\C:\WINDOWS\Explorer. Download Plus]127.0.0.1 ad.tomshardware.com127.0.0.1 #[IEDLL. EXEC:\windows\system\C:\WINDOWS\System32\C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\C:\Program Files\HP\HP Software Update\HPWu C:\WINDOWS\System32\hphmon05C:\HP\KBD\KBD. 07-04-13 Hijack logs Logfile of Hijack This v1.99.1Scan saved at AM, on 4/13/2007Platform: Windows XP SP2 (Win NT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16414)Running processes: C:\WINDOWS\System32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\Program Files\Microsoft Windows One Care Live\Antivirus\Ms Mp C:\WINDOWS\system32\C:\Program Files\Softex\Omni Pass\C:\WINDOWS\C:\Documents and Settings\Owner\Desktop\Hijack R1 - HKCU\Software\Microsoft\Internet Connection Wizard, Shell Next = - HKCU\Software\Microsoft\Windows\Current Version\Internet Settings, Proxy Override = localhost R3 - URLSearch Hook: Yahoo! EXEO4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD. EXEO4 - HKLM\..\Run: [Igfx Tray] C:\WINDOWS\System32\O4 - HKLM\..\Run: [Quick Time Task] "C:\Program Files\Quick Time\qttask.exe" -atboottime O4 - HKLM\..\Run: [i Tunes Helper] "C:\Program Files\i Tunes\i Tunes Helper.exe"O4 - HKLM\..\Run: [Quick Finder Scheduler] "c:\Program Files\Word Perfect Office 11\Programs\QFSCHD110. DLLO20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\Omni Pass\O20 - Winlogon Notify: Wga Logon - C:\WINDOWS\SYSTEM32\Wga O23 - Service: i Pod Service - Apple Computer, Inc. Advision]127.0.0.1 adviva.com127.0.0.1 ads.adviva.net127.0.0.1 adstats.adviva.net127.0.0.1 tracker.#[msvrl.dll]127.0.0.1 banners.affiliatefuel.com127.0.0.1 affiliatetarget.com127.0.0.1 fcds.affiliatetracking.net127.0.0.1 our.affiliatetracking.net127.0.0.1 partner.#[Troj/Subsear-A][Adware-SSF.dr]127.0.0.1 adserver.aim4media.com127.0.0.1 adtest.aim4media.com127.0.0.1 pops.aim4media.com127.0.0.1 crs.akamai.com127.0.0.1 soap.#[Spyware. Auto Startup]127.0.0.1 cploving.#[Trojan Clicker. ]127.0.0.1 perso.estat.com127.0.0.1 prof.estat.com127.0.0.1 Zone site]127.0.0.1 eu-adcenter.net127.0.0.1 thinknyc.eu-adcenter.net127.0.0.1 ugo.#[evidence-eliminator.com]127.0.0.1 Bar][Installer X Class]127.0.0.1 engage.everyone.net127.0.0.1 static.everyone.net127.0.0.1 exitexchange.com127.0.0.1 count.exitexchange.com127.0.0.1 images.exitexchange.com127.0.0.1 Zone site]127.0.0.1 #[EZCyber Search. A]127.0.0.1 net #[Grolier Network]127.0.0.1 micorsoft.com127.0.0.1 hijacker]127.0.0.1 adserver.mindshare.de127.0.0.1 Mini-Player]127.0.0.1 banner.missingkids.com127.0.0.1 ads.monster.com127.0.0.1 adserver.monster.com127.0.0.1 adserver.monster.com127.0.0.1 ads.monstermoving.com127.0.0.1 cookie.monster.com127.0.0.1 mp3today.net127.0.0.1 mpamexit.com127.0.0.1 msgtag.com127.0.0.1 img.#[Restricted Zone site]127.0.0.1 multi1co.uk127.0.0.1 #[Multimpp Obj Class][Adv Ware. Now Box]127.0.0.1 mediatickets.nubela.net127.0.0.1 nz127.0.0.1 okcounter.com127.0.0.1 net #[Trojan. C]127.0.0.1 stat.onestat.com127.0.0.1 one.ru127.0.0.1 ru127.0.0.1 stats0ru127.0.0.1 stats1ru127.0.0.1 stats2ru127.0.0.1 server1.opentracker.net127.0.0.1 ccc00.opinionlab.com127.0.0.1 rate.opinionlab.com127.0.0.1 net127.0.0.1 Organizer Class]127.0.0.1 com127.0.0.1 com127.0.0.1 otx5.otxresearch.com127.0.0.1 otx.#[OTXMedia.dll]127.0.0.1 Class]127.0.0.1 adpopper.#[bargain-buddy.net]127.0.0.1 click.payserve.com127.0.0.1 ad1com127.0.0.1 ad3com127.0.0.1 com127.0.0.1 ad4com127.0.0.1 ads5com127.0.0.1 com127.0.0.1 net127.0.0.1 ads.#[addynamix.com]127.0.0.1 banners.pennyweb.com127.0.0.1 D]127.0.0.1 ads.photosight.ru127.0.0.1 phpadsnew.com127.0.0.1 #[Backdoor. EXE"O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [One Care UI] "C:\Program Files\Microsoft Windows One Care Live\winssnotify.exe"O4 - HKCU\..\Run: [Backup Notify] c:\Program Files\Hewlett-Packard\Digital Imaging\bin\O4 - HKCU\..\Run: [NVIEW] rundll32nview.dll,n View Load Hook O4 - HKCU\..\Run: [Real Player] "C:\Program Files\Real\Real One Player\realplay.exe" /Run UPGTool Command Re Boot O4 - HKCU\..\Run: [update Mgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\Adobe Update Ac Rd B7_0_9O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\O4 - Startup: Auto O4 - Global Startup: Adobe Reader Speed = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_O4 - Global Startup: HP Digital Imaging = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08O4 - Global Startup: Motorola Wireless USB = ? - C:\Program Files\i Pod\bin\i Pod O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32O23 - Service: Softex Omni Pass Service (omniserv) - Unknown owner - C:\Program Files\Softex\Omni Pass\O23 - Service: Ventrilo - Unknown owner - C:\Program Files\Vent Srv\ventrilo_O23 - Service: Windows Network Log Manage - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\MSInfo\Smit Fraud Fix v2.166Scan done at .25, Fri 04/13/2007Run from C:\Documents and Settings\Owner\Desktop\Smitfraud Fix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NTThe filesystem type is NTFSFix run in safe mode Shared Task Scheduler Before Smit Fraud Fix!!! Alexa][Alexa Toolbar]127.0.0.1 #[Backdoor-CIE]127.0.0.1 ads.as4#[Ticketmaster]127.0.0.1 net127.0.0.1 net127.0.0.1 ads.amazingmedia.com127.0.0.1 bohema.#[Trojan. H]127.0.0.1 adserver04.#[Real Media]127.0.0.1 ads.antionline.com127.0.0.1 net127.0.0.1 banner.arttoday.com127.0.0.1 #[amazon.com]127.0.0.1 #[UCSearch][W32. Surebar]127.0.0.1 ads.ezcybersearch.com127.0.0.1 everyone.net127.0.0.1 Search]127.0.0.1 ads.au127.0.0.1 au127.0.0.1 redirect.au127.0.0.1 campaigns.f2au127.0.0.1 Search][TROJ_STARTPAG. Bi Spy.o]127.0.0.1 mvtracker.com127.0.0.1 mvr3#[Nav Excel\n-CASE]127.0.0.1 #[Parasite. No Adware]127.0.0.1 ad.nobreak.com127.0.0.1 #[spam][server down? O4 - Global Startup: Quicken Scheduled = C:\Program Files\Quicken\O4 - Global Startup: Updates from = C:\Program Files\Updates from HP\137903\Program\Back Web-137903O8 - Extra context menu item: &Yahoo! Attention, following keys are not inevitably infected!!! Ri Search Shared Task Scheduler's .dll[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Explorer\Shared Task Scheduler]""="frisbee"[HKEY_CLASSES_ROOT\CLSID\\In Proc Server32]@="C:\WINDOWS\system32\ygjun.dll"[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\\In Proc Server32]@="C:\WINDOWS\system32\ygjun.dll" Killing process hosts127.0.0.1 downloads.aaa1#[Bargin Buddy]127.0.0.1 dl.aaascreensavers.com127.0.0.1 abcsearch.com127.0.0.1 admin.abcsearch.com127.0.0.1 www3.#[Browseraid]127.0.0.1 abc517#[Trojan. Nav Excel]127.0.0.1 us127.0.0.1 ads.mydailyhoroscope.net127.0.0.1 Horoscope]127.0.0.1 com127.0.0.1 myhitlogger.com127.0.0.1 #[Parasite. My Page Finder]127.0.0.1 hit.namimedia.com127.0.0.1 ads.nandomedia.com127.0.0.1 #[Adware. Needed Ware]127.0.0.1 www6.netbroadcaster.com127.0.0.1 code.au127.0.0.1 money2.netfirms.com127.0.0.1 partner.netmechanic.com127.0.0.1 tracker.netmechanic.com127.0.0.1 counter.netmore.net127.0.0.1 ads.netsol.com127.0.0.1 ads.uk127.0.0.1 adq.nextag.com127.0.0.1 #[TROJ_DELF.

||

EXE\"""Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide""One Care UI"="\"C:\\Program Files\\Microsoft Windows One Care Live\\winssnotify.exe\"" [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]"DWQueued Reporting"="\"C:\\PROGRA~1\\COMMON~1\\MICROS~1\\DW\\dwtrig20.exe\" -t"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"Disable Task Mgr"=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]""="frisbee"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]""="Microsoft Anti Malware Shell Execute Hook"HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]"Security Providers"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages REG_MULTI_SZ msv1_0\0\0 Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0 Notification Packages REG_MULTI_SZ scecli\0\0HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\One Care MP [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\Current Version\Svchost]Local Service REG_MULTI_SZ Alerter\0Web Client\0Lm Hosts\0Remote Registry\0upnphost\0SSDPSRV\0\0Network Service REG_MULTI_SZ Dns Cache\0\0rpcss REG_MULTI_SZ Rpc Ss\0\0imgsvc REG_MULTI_SZ Sti Svc\0\0termsvcs REG_MULTI_SZ Term Service\0\0HTTPFilter REG_MULTI_SZ HTTPFilter\0\0Dcom Launch REG_MULTI_SZ Dcom Launch\0Term Service\0\0Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\MP Scheduled Quick C:\WINDOWS\tasks\MP Scheduled C:\WINDOWS\tasks\MP Scheduled Signature C:\WINDOWS\tasks\Symantec Net Detect.job********************************************************************catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006 hidden processes ...scanning hidden services ...scanning hidden autostart entries ...scanning hidden files ..completed successfullyhidden processes: 0hidden services: 0hidden files: 0********************************************************************Completion time: 07-04-13 C:\Combo ... EXEO4 - HKLM\..\Run: [Storage Guard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [Tk Bell Exe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Auto TKit] C:\hp\bin\AUTOTKIT. EXE C:\WINDOWS\System32\Nv Cpl.dll, Nv Startup O4 - HKLM\..\Run: [nwiz] /installquiet /keeploaded /nodetect O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\O4 - HKLM\..\Run: [Alcx Monitor] ALCXMNTR. DLLO18 - Protocol: msnim - - C:\PROGRA~1\MSNMES~1\MSGRAP~1. Adtomi]127.0.0.1 downldcl.adtoolsinc.com127.0.0.1 survey.advantageresearch.com127.0.0.1 ad.tw127.0.0.1 ads.advertise.net127.0.0.1 #[Adware. Arm Bender]127.0.0.1 audiogalaxy.com127.0.0.1 Zone site]127.0.0.1 adserving.autotrader.com127.0.0.1 Moe Money]127.0.0.1 Page-DA]127.0.0.1 c.#[ah-ha.com]127.0.0.1 #[xzoomy.com]127.0.0.1 epeople.com127.0.0.1 errorpage404#[JS_TRAFFICHBAR. Tiny Bar]127.0.0.1 er.errorplace.com127.0.0.1 vipuk.#[123Messenger Hijacker]127.0.0.1 antivirus spyware]127.0.0.1 Page-EZ][server down? Meerhits.nl]127.0.0.1 pokpok.meerhits.nl127.0.0.1 exit.megago.com127.0.0.1 squatter]127.0.0.1 Zone site]127.0.0.1

If so, click it, then click the next icon right below and select "Move incurable". Please copy/paste the content of that report into your next reply.*****************************Launch HJThis,click 'Open the Misc Tools Section'. EXEC:\Program Files\Microsoft Windows One Care Live\Firewall\C:\Program Files\Microsoft Windows One Care Live\C:\Program Files\Softex\Omni Pass\C:\WINDOWS\Explorer. Download Plus]127.0.0.1 ad.tomshardware.com127.0.0.1 #[IEDLL.

EXEC:\windows\system\C:\WINDOWS\System32\C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\C:\Program Files\HP\HP Software Update\HPWu C:\WINDOWS\System32\hphmon05C:\HP\KBD\KBD.

07-04-13 Hijack logs Logfile of Hijack This v1.99.1Scan saved at AM, on 4/13/2007Platform: Windows XP SP2 (Win NT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16414)Running processes: C:\WINDOWS\System32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\Program Files\Microsoft Windows One Care Live\Antivirus\Ms Mp C:\WINDOWS\system32\C:\Program Files\Softex\Omni Pass\C:\WINDOWS\C:\Documents and Settings\Owner\Desktop\Hijack R1 - HKCU\Software\Microsoft\Internet Connection Wizard, Shell Next = - HKCU\Software\Microsoft\Windows\Current Version\Internet Settings, Proxy Override = localhost R3 - URLSearch Hook: Yahoo! EXEO4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD. EXEO4 - HKLM\..\Run: [Igfx Tray] C:\WINDOWS\System32\O4 - HKLM\..\Run: [Quick Time Task] "C:\Program Files\Quick Time\qttask.exe" -atboottime O4 - HKLM\..\Run: [i Tunes Helper] "C:\Program Files\i Tunes\i Tunes Helper.exe"O4 - HKLM\..\Run: [Quick Finder Scheduler] "c:\Program Files\Word Perfect Office 11\Programs\QFSCHD110. DLLO20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\Omni Pass\O20 - Winlogon Notify: Wga Logon - C:\WINDOWS\SYSTEM32\Wga O23 - Service: i Pod Service - Apple Computer, Inc. Advision]127.0.0.1 adviva.com127.0.0.1 ads.adviva.net127.0.0.1 adstats.adviva.net127.0.0.1 tracker.#[msvrl.dll]127.0.0.1 banners.affiliatefuel.com127.0.0.1 affiliatetarget.com127.0.0.1 fcds.affiliatetracking.net127.0.0.1 our.affiliatetracking.net127.0.0.1 partner.#[Troj/Subsear-A][Adware-SSF.dr]127.0.0.1 adserver.aim4media.com127.0.0.1 adtest.aim4media.com127.0.0.1 pops.aim4media.com127.0.0.1 crs.akamai.com127.0.0.1 soap.#[Spyware. Auto Startup]127.0.0.1 cploving.#[Trojan Clicker. ]127.0.0.1 perso.estat.com127.0.0.1 prof.estat.com127.0.0.1 Zone site]127.0.0.1 eu-adcenter.net127.0.0.1 thinknyc.eu-adcenter.net127.0.0.1 ugo.#[evidence-eliminator.com]127.0.0.1 Bar][Installer X Class]127.0.0.1 engage.everyone.net127.0.0.1 static.everyone.net127.0.0.1 exitexchange.com127.0.0.1 count.exitexchange.com127.0.0.1 images.exitexchange.com127.0.0.1 Zone site]127.0.0.1 #[EZCyber Search. A]127.0.0.1 net #[Grolier Network]127.0.0.1 micorsoft.com127.0.0.1 hijacker]127.0.0.1 adserver.mindshare.de127.0.0.1 Mini-Player]127.0.0.1 banner.missingkids.com127.0.0.1 ads.monster.com127.0.0.1 adserver.monster.com127.0.0.1 adserver.monster.com127.0.0.1 ads.monstermoving.com127.0.0.1 cookie.monster.com127.0.0.1 mp3today.net127.0.0.1 mpamexit.com127.0.0.1 msgtag.com127.0.0.1 img.#[Restricted Zone site]127.0.0.1 multi1co.uk127.0.0.1 #[Multimpp Obj Class][Adv Ware. Now Box]127.0.0.1 mediatickets.nubela.net127.0.0.1 nz127.0.0.1 okcounter.com127.0.0.1 net #[Trojan. C]127.0.0.1 stat.onestat.com127.0.0.1 one.ru127.0.0.1 ru127.0.0.1 stats0ru127.0.0.1 stats1ru127.0.0.1 stats2ru127.0.0.1 server1.opentracker.net127.0.0.1 ccc00.opinionlab.com127.0.0.1 rate.opinionlab.com127.0.0.1 net127.0.0.1 Organizer Class]127.0.0.1 com127.0.0.1 com127.0.0.1 otx5.otxresearch.com127.0.0.1 otx.#[OTXMedia.dll]127.0.0.1 Class]127.0.0.1 adpopper.#[bargain-buddy.net]127.0.0.1 click.payserve.com127.0.0.1 ad1com127.0.0.1 ad3com127.0.0.1 com127.0.0.1 ad4com127.0.0.1 ads5com127.0.0.1 com127.0.0.1 net127.0.0.1 ads.#[addynamix.com]127.0.0.1 banners.pennyweb.com127.0.0.1 D]127.0.0.1 ads.photosight.ru127.0.0.1 phpadsnew.com127.0.0.1 #[Backdoor.

EXE"O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [One Care UI] "C:\Program Files\Microsoft Windows One Care Live\winssnotify.exe"O4 - HKCU\..\Run: [Backup Notify] c:\Program Files\Hewlett-Packard\Digital Imaging\bin\O4 - HKCU\..\Run: [NVIEW] rundll32nview.dll,n View Load Hook O4 - HKCU\..\Run: [Real Player] "C:\Program Files\Real\Real One Player\realplay.exe" /Run UPGTool Command Re Boot O4 - HKCU\..\Run: [update Mgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\Adobe Update Ac Rd B7_0_9O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\O4 - Startup: Auto O4 - Global Startup: Adobe Reader Speed = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_O4 - Global Startup: HP Digital Imaging = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08O4 - Global Startup: Motorola Wireless USB = ? - C:\Program Files\i Pod\bin\i Pod O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32O23 - Service: Softex Omni Pass Service (omniserv) - Unknown owner - C:\Program Files\Softex\Omni Pass\O23 - Service: Ventrilo - Unknown owner - C:\Program Files\Vent Srv\ventrilo_O23 - Service: Windows Network Log Manage - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\MSInfo\Smit Fraud Fix v2.166Scan done at .25, Fri 04/13/2007Run from C:\Documents and Settings\Owner\Desktop\Smitfraud Fix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NTThe filesystem type is NTFSFix run in safe mode Shared Task Scheduler Before Smit Fraud Fix!!! Alexa][Alexa Toolbar]127.0.0.1 #[Backdoor-CIE]127.0.0.1 ads.as4#[Ticketmaster]127.0.0.1 net127.0.0.1 net127.0.0.1 ads.amazingmedia.com127.0.0.1 bohema.#[Trojan. H]127.0.0.1 adserver04.#[Real Media]127.0.0.1 ads.antionline.com127.0.0.1 net127.0.0.1 banner.arttoday.com127.0.0.1 #[amazon.com]127.0.0.1 #[UCSearch][W32. Surebar]127.0.0.1 ads.ezcybersearch.com127.0.0.1 everyone.net127.0.0.1 Search]127.0.0.1 ads.au127.0.0.1 au127.0.0.1 redirect.au127.0.0.1 campaigns.f2au127.0.0.1 Search][TROJ_STARTPAG. Bi Spy.o]127.0.0.1 mvtracker.com127.0.0.1 mvr3#[Nav Excel\n-CASE]127.0.0.1 #[Parasite. No Adware]127.0.0.1 ad.nobreak.com127.0.0.1 #[spam][server down?

O4 - Global Startup: Quicken Scheduled = C:\Program Files\Quicken\O4 - Global Startup: Updates from = C:\Program Files\Updates from HP\137903\Program\Back Web-137903O8 - Extra context menu item: &Yahoo! Attention, following keys are not inevitably infected!!! Ri Search Shared Task Scheduler's .dll[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Explorer\Shared Task Scheduler]""="frisbee"[HKEY_CLASSES_ROOT\CLSID\\In Proc Server32]@="C:\WINDOWS\system32\ygjun.dll"[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\\In Proc Server32]@="C:\WINDOWS\system32\ygjun.dll" Killing process hosts127.0.0.1 downloads.aaa1#[Bargin Buddy]127.0.0.1 dl.aaascreensavers.com127.0.0.1 abcsearch.com127.0.0.1 admin.abcsearch.com127.0.0.1 www3.#[Browseraid]127.0.0.1 abc517#[Trojan. Nav Excel]127.0.0.1 us127.0.0.1 ads.mydailyhoroscope.net127.0.0.1 Horoscope]127.0.0.1 com127.0.0.1 myhitlogger.com127.0.0.1 #[Parasite. My Page Finder]127.0.0.1 hit.namimedia.com127.0.0.1 ads.nandomedia.com127.0.0.1 #[Adware. Needed Ware]127.0.0.1 www6.netbroadcaster.com127.0.0.1 code.au127.0.0.1 money2.netfirms.com127.0.0.1 partner.netmechanic.com127.0.0.1 tracker.netmechanic.com127.0.0.1 counter.netmore.net127.0.0.1 ads.netsol.com127.0.0.1 ads.uk127.0.0.1 adq.nextag.com127.0.0.1 #[TROJ_DELF.

]] Notification Packages REG_MULTI_SZ scecli[[

EXE\"""Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide""One Care UI"="\"C:\\Program Files\\Microsoft Windows One Care Live\\winssnotify.exe\"" [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]"DWQueued Reporting"="\"C:\\PROGRA~1\\COMMON~1\\MICROS~1\\DW\\dwtrig20.exe\" -t"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"Disable Task Mgr"=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]""="frisbee"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]""="Microsoft Anti Malware Shell Execute Hook"HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]"Security Providers"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages REG_MULTI_SZ msv1_0\0\0 Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0 Notification Packages REG_MULTI_SZ scecli\0\0HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\One Care MP [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\Current Version\Svchost]Local Service REG_MULTI_SZ Alerter\0Web Client\0Lm Hosts\0Remote Registry\0upnphost\0SSDPSRV\0\0Network Service REG_MULTI_SZ Dns Cache\0\0rpcss REG_MULTI_SZ Rpc Ss\0\0imgsvc REG_MULTI_SZ Sti Svc\0\0termsvcs REG_MULTI_SZ Term Service\0\0HTTPFilter REG_MULTI_SZ HTTPFilter\0\0Dcom Launch REG_MULTI_SZ Dcom Launch\0Term Service\0\0Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\MP Scheduled Quick C:\WINDOWS\tasks\MP Scheduled C:\WINDOWS\tasks\MP Scheduled Signature C:\WINDOWS\tasks\Symantec Net Detect.job********************************************************************catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006 hidden processes ...scanning hidden services ...scanning hidden autostart entries ...scanning hidden files ..completed successfullyhidden processes: 0hidden services: 0hidden files: 0********************************************************************Completion time: 07-04-13 C:\Combo ... EXEO4 - HKLM\..\Run: [Storage Guard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [Tk Bell Exe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Auto TKit] C:\hp\bin\AUTOTKIT. EXE C:\WINDOWS\System32\Nv Cpl.dll, Nv Startup O4 - HKLM\..\Run: [nwiz] /installquiet /keeploaded /nodetect O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\O4 - HKLM\..\Run: [Alcx Monitor] ALCXMNTR. DLLO18 - Protocol: msnim - - C:\PROGRA~1\MSNMES~1\MSGRAP~1. Adtomi]127.0.0.1 downldcl.adtoolsinc.com127.0.0.1 survey.advantageresearch.com127.0.0.1 ad.tw127.0.0.1 ads.advertise.net127.0.0.1 #[Adware. Arm Bender]127.0.0.1 audiogalaxy.com127.0.0.1 Zone site]127.0.0.1 adserving.autotrader.com127.0.0.1 Moe Money]127.0.0.1 Page-DA]127.0.0.1 c.#[ah-ha.com]127.0.0.1 #[xzoomy.com]127.0.0.1 epeople.com127.0.0.1 errorpage404#[JS_TRAFFICHBAR. Tiny Bar]127.0.0.1 er.errorplace.com127.0.0.1 vipuk.#[123Messenger Hijacker]127.0.0.1 antivirus spyware]127.0.0.1 Page-EZ][server down? Meerhits.nl]127.0.0.1 pokpok.meerhits.nl127.0.0.1 exit.megago.com127.0.0.1 squatter]127.0.0.1 Zone site]127.0.0.1 If so, click it, then click the next icon right below and select "Move incurable". Please copy/paste the content of that report into your next reply.*****************************Launch HJThis,click 'Open the Misc Tools Section'. EXEC:\Program Files\Microsoft Windows One Care Live\Firewall\C:\Program Files\Microsoft Windows One Care Live\C:\Program Files\Softex\Omni Pass\C:\WINDOWS\Explorer. Download Plus]127.0.0.1 ad.tomshardware.com127.0.0.1 #[IEDLL. EXEC:\windows\system\C:\WINDOWS\System32\C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\C:\Program Files\HP\HP Software Update\HPWu C:\WINDOWS\System32\hphmon05C:\HP\KBD\KBD. 07-04-13 Hijack logs Logfile of Hijack This v1.99.1Scan saved at AM, on 4/13/2007Platform: Windows XP SP2 (Win NT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16414)Running processes: C:\WINDOWS\System32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\Program Files\Microsoft Windows One Care Live\Antivirus\Ms Mp C:\WINDOWS\system32\C:\Program Files\Softex\Omni Pass\C:\WINDOWS\C:\Documents and Settings\Owner\Desktop\Hijack R1 - HKCU\Software\Microsoft\Internet Connection Wizard, Shell Next = - HKCU\Software\Microsoft\Windows\Current Version\Internet Settings, Proxy Override = localhost R3 - URLSearch Hook: Yahoo! EXEO4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD. EXEO4 - HKLM\..\Run: [Igfx Tray] C:\WINDOWS\System32\O4 - HKLM\..\Run: [Quick Time Task] "C:\Program Files\Quick Time\qttask.exe" -atboottime O4 - HKLM\..\Run: [i Tunes Helper] "C:\Program Files\i Tunes\i Tunes Helper.exe"O4 - HKLM\..\Run: [Quick Finder Scheduler] "c:\Program Files\Word Perfect Office 11\Programs\QFSCHD110. DLLO20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\Omni Pass\O20 - Winlogon Notify: Wga Logon - C:\WINDOWS\SYSTEM32\Wga O23 - Service: i Pod Service - Apple Computer, Inc. Advision]127.0.0.1 adviva.com127.0.0.1 ads.adviva.net127.0.0.1 adstats.adviva.net127.0.0.1 tracker.#[msvrl.dll]127.0.0.1 banners.affiliatefuel.com127.0.0.1 affiliatetarget.com127.0.0.1 fcds.affiliatetracking.net127.0.0.1 our.affiliatetracking.net127.0.0.1 partner.#[Troj/Subsear-A][Adware-SSF.dr]127.0.0.1 adserver.aim4media.com127.0.0.1 adtest.aim4media.com127.0.0.1 pops.aim4media.com127.0.0.1 crs.akamai.com127.0.0.1 soap.#[Spyware. Auto Startup]127.0.0.1 cploving.#[Trojan Clicker. ]127.0.0.1 perso.estat.com127.0.0.1 prof.estat.com127.0.0.1 Zone site]127.0.0.1 eu-adcenter.net127.0.0.1 thinknyc.eu-adcenter.net127.0.0.1 ugo.#[evidence-eliminator.com]127.0.0.1 Bar][Installer X Class]127.0.0.1 engage.everyone.net127.0.0.1 static.everyone.net127.0.0.1 exitexchange.com127.0.0.1 count.exitexchange.com127.0.0.1 images.exitexchange.com127.0.0.1 Zone site]127.0.0.1 #[EZCyber Search. A]127.0.0.1 net #[Grolier Network]127.0.0.1 micorsoft.com127.0.0.1 hijacker]127.0.0.1 adserver.mindshare.de127.0.0.1 Mini-Player]127.0.0.1 banner.missingkids.com127.0.0.1 ads.monster.com127.0.0.1 adserver.monster.com127.0.0.1 adserver.monster.com127.0.0.1 ads.monstermoving.com127.0.0.1 cookie.monster.com127.0.0.1 mp3today.net127.0.0.1 mpamexit.com127.0.0.1 msgtag.com127.0.0.1 img.#[Restricted Zone site]127.0.0.1 multi1co.uk127.0.0.1 #[Multimpp Obj Class][Adv Ware. Now Box]127.0.0.1 mediatickets.nubela.net127.0.0.1 nz127.0.0.1 okcounter.com127.0.0.1 net #[Trojan. C]127.0.0.1 stat.onestat.com127.0.0.1 one.ru127.0.0.1 ru127.0.0.1 stats0ru127.0.0.1 stats1ru127.0.0.1 stats2ru127.0.0.1 server1.opentracker.net127.0.0.1 ccc00.opinionlab.com127.0.0.1 rate.opinionlab.com127.0.0.1 net127.0.0.1 Organizer Class]127.0.0.1 com127.0.0.1 com127.0.0.1 otx5.otxresearch.com127.0.0.1 otx.#[OTXMedia.dll]127.0.0.1 Class]127.0.0.1 adpopper.#[bargain-buddy.net]127.0.0.1 click.payserve.com127.0.0.1 ad1com127.0.0.1 ad3com127.0.0.1 com127.0.0.1 ad4com127.0.0.1 ads5com127.0.0.1 com127.0.0.1 net127.0.0.1 ads.#[addynamix.com]127.0.0.1 banners.pennyweb.com127.0.0.1 D]127.0.0.1 ads.photosight.ru127.0.0.1 phpadsnew.com127.0.0.1 #[Backdoor. EXE"O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [One Care UI] "C:\Program Files\Microsoft Windows One Care Live\winssnotify.exe"O4 - HKCU\..\Run: [Backup Notify] c:\Program Files\Hewlett-Packard\Digital Imaging\bin\O4 - HKCU\..\Run: [NVIEW] rundll32nview.dll,n View Load Hook O4 - HKCU\..\Run: [Real Player] "C:\Program Files\Real\Real One Player\realplay.exe" /Run UPGTool Command Re Boot O4 - HKCU\..\Run: [update Mgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\Adobe Update Ac Rd B7_0_9O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\O4 - Startup: Auto O4 - Global Startup: Adobe Reader Speed = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_O4 - Global Startup: HP Digital Imaging = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08O4 - Global Startup: Motorola Wireless USB = ? - C:\Program Files\i Pod\bin\i Pod O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32O23 - Service: Softex Omni Pass Service (omniserv) - Unknown owner - C:\Program Files\Softex\Omni Pass\O23 - Service: Ventrilo - Unknown owner - C:\Program Files\Vent Srv\ventrilo_O23 - Service: Windows Network Log Manage - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\MSInfo\Smit Fraud Fix v2.166Scan done at .25, Fri 04/13/2007Run from C:\Documents and Settings\Owner\Desktop\Smitfraud Fix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NTThe filesystem type is NTFSFix run in safe mode Shared Task Scheduler Before Smit Fraud Fix!!! Alexa][Alexa Toolbar]127.0.0.1 #[Backdoor-CIE]127.0.0.1 ads.as4#[Ticketmaster]127.0.0.1 net127.0.0.1 net127.0.0.1 ads.amazingmedia.com127.0.0.1 bohema.#[Trojan. H]127.0.0.1 adserver04.#[Real Media]127.0.0.1 ads.antionline.com127.0.0.1 net127.0.0.1 banner.arttoday.com127.0.0.1 #[amazon.com]127.0.0.1 #[UCSearch][W32. Surebar]127.0.0.1 ads.ezcybersearch.com127.0.0.1 everyone.net127.0.0.1 Search]127.0.0.1 ads.au127.0.0.1 au127.0.0.1 redirect.au127.0.0.1 campaigns.f2au127.0.0.1 Search][TROJ_STARTPAG. Bi Spy.o]127.0.0.1 mvtracker.com127.0.0.1 mvr3#[Nav Excel\n-CASE]127.0.0.1 #[Parasite. No Adware]127.0.0.1 ad.nobreak.com127.0.0.1 #[spam][server down? O4 - Global Startup: Quicken Scheduled = C:\Program Files\Quicken\O4 - Global Startup: Updates from = C:\Program Files\Updates from HP\137903\Program\Back Web-137903O8 - Extra context menu item: &Yahoo! Attention, following keys are not inevitably infected!!! Ri Search Shared Task Scheduler's .dll[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Explorer\Shared Task Scheduler]""="frisbee"[HKEY_CLASSES_ROOT\CLSID\\In Proc Server32]@="C:\WINDOWS\system32\ygjun.dll"[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\\In Proc Server32]@="C:\WINDOWS\system32\ygjun.dll" Killing process hosts127.0.0.1 downloads.aaa1#[Bargin Buddy]127.0.0.1 dl.aaascreensavers.com127.0.0.1 abcsearch.com127.0.0.1 admin.abcsearch.com127.0.0.1 www3.#[Browseraid]127.0.0.1 abc517#[Trojan. Nav Excel]127.0.0.1 us127.0.0.1 ads.mydailyhoroscope.net127.0.0.1 Horoscope]127.0.0.1 com127.0.0.1 myhitlogger.com127.0.0.1 #[Parasite. My Page Finder]127.0.0.1 hit.namimedia.com127.0.0.1 ads.nandomedia.com127.0.0.1 #[Adware. Needed Ware]127.0.0.1 www6.netbroadcaster.com127.0.0.1 code.au127.0.0.1 money2.netfirms.com127.0.0.1 partner.netmechanic.com127.0.0.1 tracker.netmechanic.com127.0.0.1 counter.netmore.net127.0.0.1 ads.netsol.com127.0.0.1 ads.uk127.0.0.1 adq.nextag.com127.0.0.1 #[TROJ_DELF.

||

EXE\"""Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide""One Care UI"="\"C:\\Program Files\\Microsoft Windows One Care Live\\winssnotify.exe\"" [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]"DWQueued Reporting"="\"C:\\PROGRA~1\\COMMON~1\\MICROS~1\\DW\\dwtrig20.exe\" -t"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"Disable Task Mgr"=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]""="frisbee"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]""="Microsoft Anti Malware Shell Execute Hook"HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]"Security Providers"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages REG_MULTI_SZ msv1_0\0\0 Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0 Notification Packages REG_MULTI_SZ scecli\0\0HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\One Care MP [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\Current Version\Svchost]Local Service REG_MULTI_SZ Alerter\0Web Client\0Lm Hosts\0Remote Registry\0upnphost\0SSDPSRV\0\0Network Service REG_MULTI_SZ Dns Cache\0\0rpcss REG_MULTI_SZ Rpc Ss\0\0imgsvc REG_MULTI_SZ Sti Svc\0\0termsvcs REG_MULTI_SZ Term Service\0\0HTTPFilter REG_MULTI_SZ HTTPFilter\0\0Dcom Launch REG_MULTI_SZ Dcom Launch\0Term Service\0\0Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\MP Scheduled Quick C:\WINDOWS\tasks\MP Scheduled C:\WINDOWS\tasks\MP Scheduled Signature C:\WINDOWS\tasks\Symantec Net Detect.job********************************************************************catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006 hidden processes ...scanning hidden services ...scanning hidden autostart entries ...scanning hidden files ..completed successfullyhidden processes: 0hidden services: 0hidden files: 0********************************************************************Completion time: 07-04-13 C:\Combo ... EXEO4 - HKLM\..\Run: [Storage Guard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [Tk Bell Exe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Auto TKit] C:\hp\bin\AUTOTKIT. EXE C:\WINDOWS\System32\Nv Cpl.dll, Nv Startup O4 - HKLM\..\Run: [nwiz] /installquiet /keeploaded /nodetect O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\O4 - HKLM\..\Run: [Alcx Monitor] ALCXMNTR. DLLO18 - Protocol: msnim - - C:\PROGRA~1\MSNMES~1\MSGRAP~1. Adtomi]127.0.0.1 downldcl.adtoolsinc.com127.0.0.1 survey.advantageresearch.com127.0.0.1 ad.tw127.0.0.1 ads.advertise.net127.0.0.1 #[Adware. Arm Bender]127.0.0.1 audiogalaxy.com127.0.0.1 Zone site]127.0.0.1 adserving.autotrader.com127.0.0.1 Moe Money]127.0.0.1 Page-DA]127.0.0.1 c.#[ah-ha.com]127.0.0.1 #[xzoomy.com]127.0.0.1 epeople.com127.0.0.1 errorpage404#[JS_TRAFFICHBAR. Tiny Bar]127.0.0.1 er.errorplace.com127.0.0.1 vipuk.#[123Messenger Hijacker]127.0.0.1 antivirus spyware]127.0.0.1 Page-EZ][server down? Meerhits.nl]127.0.0.1 pokpok.meerhits.nl127.0.0.1 exit.megago.com127.0.0.1 squatter]127.0.0.1 Zone site]127.0.0.1

If so, click it, then click the next icon right below and select "Move incurable". Please copy/paste the content of that report into your next reply.*****************************Launch HJThis,click 'Open the Misc Tools Section'. EXEC:\Program Files\Microsoft Windows One Care Live\Firewall\C:\Program Files\Microsoft Windows One Care Live\C:\Program Files\Softex\Omni Pass\C:\WINDOWS\Explorer. Download Plus]127.0.0.1 ad.tomshardware.com127.0.0.1 #[IEDLL.

EXEC:\windows\system\C:\WINDOWS\System32\C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\C:\Program Files\HP\HP Software Update\HPWu C:\WINDOWS\System32\hphmon05C:\HP\KBD\KBD.

07-04-13 Hijack logs Logfile of Hijack This v1.99.1Scan saved at AM, on 4/13/2007Platform: Windows XP SP2 (Win NT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16414)Running processes: C:\WINDOWS\System32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\Program Files\Microsoft Windows One Care Live\Antivirus\Ms Mp C:\WINDOWS\system32\C:\Program Files\Softex\Omni Pass\C:\WINDOWS\C:\Documents and Settings\Owner\Desktop\Hijack R1 - HKCU\Software\Microsoft\Internet Connection Wizard, Shell Next = - HKCU\Software\Microsoft\Windows\Current Version\Internet Settings, Proxy Override = localhost R3 - URLSearch Hook: Yahoo! EXEO4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD. EXEO4 - HKLM\..\Run: [Igfx Tray] C:\WINDOWS\System32\O4 - HKLM\..\Run: [Quick Time Task] "C:\Program Files\Quick Time\qttask.exe" -atboottime O4 - HKLM\..\Run: [i Tunes Helper] "C:\Program Files\i Tunes\i Tunes Helper.exe"O4 - HKLM\..\Run: [Quick Finder Scheduler] "c:\Program Files\Word Perfect Office 11\Programs\QFSCHD110. DLLO20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\Omni Pass\O20 - Winlogon Notify: Wga Logon - C:\WINDOWS\SYSTEM32\Wga O23 - Service: i Pod Service - Apple Computer, Inc. Advision]127.0.0.1 adviva.com127.0.0.1 ads.adviva.net127.0.0.1 adstats.adviva.net127.0.0.1 tracker.#[msvrl.dll]127.0.0.1 banners.affiliatefuel.com127.0.0.1 affiliatetarget.com127.0.0.1 fcds.affiliatetracking.net127.0.0.1 our.affiliatetracking.net127.0.0.1 partner.#[Troj/Subsear-A][Adware-SSF.dr]127.0.0.1 adserver.aim4media.com127.0.0.1 adtest.aim4media.com127.0.0.1 pops.aim4media.com127.0.0.1 crs.akamai.com127.0.0.1 soap.#[Spyware. Auto Startup]127.0.0.1 cploving.#[Trojan Clicker. ]127.0.0.1 perso.estat.com127.0.0.1 prof.estat.com127.0.0.1 Zone site]127.0.0.1 eu-adcenter.net127.0.0.1 thinknyc.eu-adcenter.net127.0.0.1 ugo.#[evidence-eliminator.com]127.0.0.1 Bar][Installer X Class]127.0.0.1 engage.everyone.net127.0.0.1 static.everyone.net127.0.0.1 exitexchange.com127.0.0.1 count.exitexchange.com127.0.0.1 images.exitexchange.com127.0.0.1 Zone site]127.0.0.1 #[EZCyber Search. A]127.0.0.1 net #[Grolier Network]127.0.0.1 micorsoft.com127.0.0.1 hijacker]127.0.0.1 adserver.mindshare.de127.0.0.1 Mini-Player]127.0.0.1 banner.missingkids.com127.0.0.1 ads.monster.com127.0.0.1 adserver.monster.com127.0.0.1 adserver.monster.com127.0.0.1 ads.monstermoving.com127.0.0.1 cookie.monster.com127.0.0.1 mp3today.net127.0.0.1 mpamexit.com127.0.0.1 msgtag.com127.0.0.1 img.#[Restricted Zone site]127.0.0.1 multi1co.uk127.0.0.1 #[Multimpp Obj Class][Adv Ware. Now Box]127.0.0.1 mediatickets.nubela.net127.0.0.1 nz127.0.0.1 okcounter.com127.0.0.1 net #[Trojan. C]127.0.0.1 stat.onestat.com127.0.0.1 one.ru127.0.0.1 ru127.0.0.1 stats0ru127.0.0.1 stats1ru127.0.0.1 stats2ru127.0.0.1 server1.opentracker.net127.0.0.1 ccc00.opinionlab.com127.0.0.1 rate.opinionlab.com127.0.0.1 net127.0.0.1 Organizer Class]127.0.0.1 com127.0.0.1 com127.0.0.1 otx5.otxresearch.com127.0.0.1 otx.#[OTXMedia.dll]127.0.0.1 Class]127.0.0.1 adpopper.#[bargain-buddy.net]127.0.0.1 click.payserve.com127.0.0.1 ad1com127.0.0.1 ad3com127.0.0.1 com127.0.0.1 ad4com127.0.0.1 ads5com127.0.0.1 com127.0.0.1 net127.0.0.1 ads.#[addynamix.com]127.0.0.1 banners.pennyweb.com127.0.0.1 D]127.0.0.1 ads.photosight.ru127.0.0.1 phpadsnew.com127.0.0.1 #[Backdoor.

EXE"O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [One Care UI] "C:\Program Files\Microsoft Windows One Care Live\winssnotify.exe"O4 - HKCU\..\Run: [Backup Notify] c:\Program Files\Hewlett-Packard\Digital Imaging\bin\O4 - HKCU\..\Run: [NVIEW] rundll32nview.dll,n View Load Hook O4 - HKCU\..\Run: [Real Player] "C:\Program Files\Real\Real One Player\realplay.exe" /Run UPGTool Command Re Boot O4 - HKCU\..\Run: [update Mgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\Adobe Update Ac Rd B7_0_9O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\O4 - Startup: Auto O4 - Global Startup: Adobe Reader Speed = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_O4 - Global Startup: HP Digital Imaging = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08O4 - Global Startup: Motorola Wireless USB = ? - C:\Program Files\i Pod\bin\i Pod O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32O23 - Service: Softex Omni Pass Service (omniserv) - Unknown owner - C:\Program Files\Softex\Omni Pass\O23 - Service: Ventrilo - Unknown owner - C:\Program Files\Vent Srv\ventrilo_O23 - Service: Windows Network Log Manage - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\MSInfo\Smit Fraud Fix v2.166Scan done at .25, Fri 04/13/2007Run from C:\Documents and Settings\Owner\Desktop\Smitfraud Fix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NTThe filesystem type is NTFSFix run in safe mode Shared Task Scheduler Before Smit Fraud Fix!!! Alexa][Alexa Toolbar]127.0.0.1 #[Backdoor-CIE]127.0.0.1 ads.as4#[Ticketmaster]127.0.0.1 net127.0.0.1 net127.0.0.1 ads.amazingmedia.com127.0.0.1 bohema.#[Trojan. H]127.0.0.1 adserver04.#[Real Media]127.0.0.1 ads.antionline.com127.0.0.1 net127.0.0.1 banner.arttoday.com127.0.0.1 #[amazon.com]127.0.0.1 #[UCSearch][W32. Surebar]127.0.0.1 ads.ezcybersearch.com127.0.0.1 everyone.net127.0.0.1 Search]127.0.0.1 ads.au127.0.0.1 au127.0.0.1 redirect.au127.0.0.1 campaigns.f2au127.0.0.1 Search][TROJ_STARTPAG. Bi Spy.o]127.0.0.1 mvtracker.com127.0.0.1 mvr3#[Nav Excel\n-CASE]127.0.0.1 #[Parasite. No Adware]127.0.0.1 ad.nobreak.com127.0.0.1 #[spam][server down?

O4 - Global Startup: Quicken Scheduled = C:\Program Files\Quicken\O4 - Global Startup: Updates from = C:\Program Files\Updates from HP\137903\Program\Back Web-137903O8 - Extra context menu item: &Yahoo! Attention, following keys are not inevitably infected!!! Ri Search Shared Task Scheduler's .dll[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Explorer\Shared Task Scheduler]""="frisbee"[HKEY_CLASSES_ROOT\CLSID\\In Proc Server32]@="C:\WINDOWS\system32\ygjun.dll"[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\\In Proc Server32]@="C:\WINDOWS\system32\ygjun.dll" Killing process hosts127.0.0.1 downloads.aaa1#[Bargin Buddy]127.0.0.1 dl.aaascreensavers.com127.0.0.1 abcsearch.com127.0.0.1 admin.abcsearch.com127.0.0.1 www3.#[Browseraid]127.0.0.1 abc517#[Trojan. Nav Excel]127.0.0.1 us127.0.0.1 ads.mydailyhoroscope.net127.0.0.1 Horoscope]127.0.0.1 com127.0.0.1 myhitlogger.com127.0.0.1 #[Parasite. My Page Finder]127.0.0.1 hit.namimedia.com127.0.0.1 ads.nandomedia.com127.0.0.1 #[Adware. Needed Ware]127.0.0.1 www6.netbroadcaster.com127.0.0.1 code.au127.0.0.1 money2.netfirms.com127.0.0.1 partner.netmechanic.com127.0.0.1 tracker.netmechanic.com127.0.0.1 counter.netmore.net127.0.0.1 ads.netsol.com127.0.0.1 ads.uk127.0.0.1 adq.nextag.com127.0.0.1 #[TROJ_DELF.

]][[

EXE\"""Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide""One Care UI"="\"C:\\Program Files\\Microsoft Windows One Care Live\\winssnotify.exe\"" [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]"DWQueued Reporting"="\"C:\\PROGRA~1\\COMMON~1\\MICROS~1\\DW\\dwtrig20.exe\" -t"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"Disable Task Mgr"=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]""="frisbee"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]""="Microsoft Anti Malware Shell Execute Hook"HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]"Security Providers"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages REG_MULTI_SZ msv1_0\0\0 Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0 Notification Packages REG_MULTI_SZ scecli\0\0HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\One Care MP [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\Current Version\Svchost]Local Service REG_MULTI_SZ Alerter\0Web Client\0Lm Hosts\0Remote Registry\0upnphost\0SSDPSRV\0\0Network Service REG_MULTI_SZ Dns Cache\0\0rpcss REG_MULTI_SZ Rpc Ss\0\0imgsvc REG_MULTI_SZ Sti Svc\0\0termsvcs REG_MULTI_SZ Term Service\0\0HTTPFilter REG_MULTI_SZ HTTPFilter\0\0Dcom Launch REG_MULTI_SZ Dcom Launch\0Term Service\0\0Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\MP Scheduled Quick C:\WINDOWS\tasks\MP Scheduled C:\WINDOWS\tasks\MP Scheduled Signature C:\WINDOWS\tasks\Symantec Net Detect.job********************************************************************catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006 hidden processes ...scanning hidden services ...scanning hidden autostart entries ...scanning hidden files ..completed successfullyhidden processes: 0hidden services: 0hidden files: 0********************************************************************Completion time: 07-04-13 C:\Combo ... EXEO4 - HKLM\..\Run: [Storage Guard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [Tk Bell Exe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Auto TKit] C:\hp\bin\AUTOTKIT. EXE C:\WINDOWS\System32\Nv Cpl.dll, Nv Startup O4 - HKLM\..\Run: [nwiz] /installquiet /keeploaded /nodetect O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\O4 - HKLM\..\Run: [Alcx Monitor] ALCXMNTR. DLLO18 - Protocol: msnim - - C:\PROGRA~1\MSNMES~1\MSGRAP~1. Adtomi]127.0.0.1 downldcl.adtoolsinc.com127.0.0.1 survey.advantageresearch.com127.0.0.1 ad.tw127.0.0.1 ads.advertise.net127.0.0.1 #[Adware. Arm Bender]127.0.0.1 audiogalaxy.com127.0.0.1 Zone site]127.0.0.1 adserving.autotrader.com127.0.0.1 Moe Money]127.0.0.1 Page-DA]127.0.0.1 c.#[ah-ha.com]127.0.0.1 #[xzoomy.com]127.0.0.1 epeople.com127.0.0.1 errorpage404#[JS_TRAFFICHBAR. Tiny Bar]127.0.0.1 er.errorplace.com127.0.0.1 vipuk.#[123Messenger Hijacker]127.0.0.1 antivirus spyware]127.0.0.1 Page-EZ][server down? Meerhits.nl]127.0.0.1 pokpok.meerhits.nl127.0.0.1 exit.megago.com127.0.0.1 squatter]127.0.0.1 Zone site]127.0.0.1 If so, click it, then click the next icon right below and select "Move incurable". Please copy/paste the content of that report into your next reply.*****************************Launch HJThis,click 'Open the Misc Tools Section'. EXEC:\Program Files\Microsoft Windows One Care Live\Firewall\C:\Program Files\Microsoft Windows One Care Live\C:\Program Files\Softex\Omni Pass\C:\WINDOWS\Explorer. Download Plus]127.0.0.1 ad.tomshardware.com127.0.0.1 #[IEDLL. EXEC:\windows\system\C:\WINDOWS\System32\C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\C:\Program Files\HP\HP Software Update\HPWu C:\WINDOWS\System32\hphmon05C:\HP\KBD\KBD. 07-04-13 Hijack logs Logfile of Hijack This v1.99.1Scan saved at AM, on 4/13/2007Platform: Windows XP SP2 (Win NT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16414)Running processes: C:\WINDOWS\System32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\Program Files\Microsoft Windows One Care Live\Antivirus\Ms Mp C:\WINDOWS\system32\C:\Program Files\Softex\Omni Pass\C:\WINDOWS\C:\Documents and Settings\Owner\Desktop\Hijack R1 - HKCU\Software\Microsoft\Internet Connection Wizard, Shell Next = - HKCU\Software\Microsoft\Windows\Current Version\Internet Settings, Proxy Override = localhost R3 - URLSearch Hook: Yahoo! EXEO4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD. EXEO4 - HKLM\..\Run: [Igfx Tray] C:\WINDOWS\System32\O4 - HKLM\..\Run: [Quick Time Task] "C:\Program Files\Quick Time\qttask.exe" -atboottime O4 - HKLM\..\Run: [i Tunes Helper] "C:\Program Files\i Tunes\i Tunes Helper.exe"O4 - HKLM\..\Run: [Quick Finder Scheduler] "c:\Program Files\Word Perfect Office 11\Programs\QFSCHD110. DLLO20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\Omni Pass\O20 - Winlogon Notify: Wga Logon - C:\WINDOWS\SYSTEM32\Wga O23 - Service: i Pod Service - Apple Computer, Inc. Advision]127.0.0.1 adviva.com127.0.0.1 ads.adviva.net127.0.0.1 adstats.adviva.net127.0.0.1 tracker.#[msvrl.dll]127.0.0.1 banners.affiliatefuel.com127.0.0.1 affiliatetarget.com127.0.0.1 fcds.affiliatetracking.net127.0.0.1 our.affiliatetracking.net127.0.0.1 partner.#[Troj/Subsear-A][Adware-SSF.dr]127.0.0.1 adserver.aim4media.com127.0.0.1 adtest.aim4media.com127.0.0.1 pops.aim4media.com127.0.0.1 crs.akamai.com127.0.0.1 soap.#[Spyware. Auto Startup]127.0.0.1 cploving.#[Trojan Clicker. ]127.0.0.1 perso.estat.com127.0.0.1 prof.estat.com127.0.0.1 Zone site]127.0.0.1 eu-adcenter.net127.0.0.1 thinknyc.eu-adcenter.net127.0.0.1 ugo.#[evidence-eliminator.com]127.0.0.1 Bar][Installer X Class]127.0.0.1 engage.everyone.net127.0.0.1 static.everyone.net127.0.0.1 exitexchange.com127.0.0.1 count.exitexchange.com127.0.0.1 images.exitexchange.com127.0.0.1 Zone site]127.0.0.1 #[EZCyber Search. A]127.0.0.1 net #[Grolier Network]127.0.0.1 micorsoft.com127.0.0.1 hijacker]127.0.0.1 adserver.mindshare.de127.0.0.1 Mini-Player]127.0.0.1 banner.missingkids.com127.0.0.1 ads.monster.com127.0.0.1 adserver.monster.com127.0.0.1 adserver.monster.com127.0.0.1 ads.monstermoving.com127.0.0.1 cookie.monster.com127.0.0.1 mp3today.net127.0.0.1 mpamexit.com127.0.0.1 msgtag.com127.0.0.1 img.#[Restricted Zone site]127.0.0.1 multi1co.uk127.0.0.1 #[Multimpp Obj Class][Adv Ware. Now Box]127.0.0.1 mediatickets.nubela.net127.0.0.1 nz127.0.0.1 okcounter.com127.0.0.1 net #[Trojan. C]127.0.0.1 stat.onestat.com127.0.0.1 one.ru127.0.0.1 ru127.0.0.1 stats0ru127.0.0.1 stats1ru127.0.0.1 stats2ru127.0.0.1 server1.opentracker.net127.0.0.1 ccc00.opinionlab.com127.0.0.1 rate.opinionlab.com127.0.0.1 net127.0.0.1 Organizer Class]127.0.0.1 com127.0.0.1 com127.0.0.1 otx5.otxresearch.com127.0.0.1 otx.#[OTXMedia.dll]127.0.0.1 Class]127.0.0.1 adpopper.#[bargain-buddy.net]127.0.0.1 click.payserve.com127.0.0.1 ad1com127.0.0.1 ad3com127.0.0.1 com127.0.0.1 ad4com127.0.0.1 ads5com127.0.0.1 com127.0.0.1 net127.0.0.1 ads.#[addynamix.com]127.0.0.1 banners.pennyweb.com127.0.0.1 D]127.0.0.1 ads.photosight.ru127.0.0.1 phpadsnew.com127.0.0.1 #[Backdoor. EXE"O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [One Care UI] "C:\Program Files\Microsoft Windows One Care Live\winssnotify.exe"O4 - HKCU\..\Run: [Backup Notify] c:\Program Files\Hewlett-Packard\Digital Imaging\bin\O4 - HKCU\..\Run: [NVIEW] rundll32nview.dll,n View Load Hook O4 - HKCU\..\Run: [Real Player] "C:\Program Files\Real\Real One Player\realplay.exe" /Run UPGTool Command Re Boot O4 - HKCU\..\Run: [update Mgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\Adobe Update Ac Rd B7_0_9O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\O4 - Startup: Auto O4 - Global Startup: Adobe Reader Speed = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_O4 - Global Startup: HP Digital Imaging = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08O4 - Global Startup: Motorola Wireless USB = ? - C:\Program Files\i Pod\bin\i Pod O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32O23 - Service: Softex Omni Pass Service (omniserv) - Unknown owner - C:\Program Files\Softex\Omni Pass\O23 - Service: Ventrilo - Unknown owner - C:\Program Files\Vent Srv\ventrilo_O23 - Service: Windows Network Log Manage - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\MSInfo\Smit Fraud Fix v2.166Scan done at .25, Fri 04/13/2007Run from C:\Documents and Settings\Owner\Desktop\Smitfraud Fix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NTThe filesystem type is NTFSFix run in safe mode Shared Task Scheduler Before Smit Fraud Fix!!! Alexa][Alexa Toolbar]127.0.0.1 #[Backdoor-CIE]127.0.0.1 ads.as4#[Ticketmaster]127.0.0.1 net127.0.0.1 net127.0.0.1 ads.amazingmedia.com127.0.0.1 bohema.#[Trojan. H]127.0.0.1 adserver04.#[Real Media]127.0.0.1 ads.antionline.com127.0.0.1 net127.0.0.1 banner.arttoday.com127.0.0.1 #[amazon.com]127.0.0.1 #[UCSearch][W32. Surebar]127.0.0.1 ads.ezcybersearch.com127.0.0.1 everyone.net127.0.0.1 Search]127.0.0.1 ads.au127.0.0.1 au127.0.0.1 redirect.au127.0.0.1 campaigns.f2au127.0.0.1 Search][TROJ_STARTPAG. Bi Spy.o]127.0.0.1 mvtracker.com127.0.0.1 mvr3#[Nav Excel\n-CASE]127.0.0.1 #[Parasite. No Adware]127.0.0.1 ad.nobreak.com127.0.0.1 #[spam][server down? O4 - Global Startup: Quicken Scheduled = C:\Program Files\Quicken\O4 - Global Startup: Updates from = C:\Program Files\Updates from HP\137903\Program\Back Web-137903O8 - Extra context menu item: &Yahoo! Attention, following keys are not inevitably infected!!! Ri Search Shared Task Scheduler's .dll[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Explorer\Shared Task Scheduler]""="frisbee"[HKEY_CLASSES_ROOT\CLSID\\In Proc Server32]@="C:\WINDOWS\system32\ygjun.dll"[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\\In Proc Server32]@="C:\WINDOWS\system32\ygjun.dll" Killing process hosts127.0.0.1 downloads.aaa1#[Bargin Buddy]127.0.0.1 dl.aaascreensavers.com127.0.0.1 abcsearch.com127.0.0.1 admin.abcsearch.com127.0.0.1 www3.#[Browseraid]127.0.0.1 abc517#[Trojan. Nav Excel]127.0.0.1 us127.0.0.1 ads.mydailyhoroscope.net127.0.0.1 Horoscope]127.0.0.1 com127.0.0.1 myhitlogger.com127.0.0.1 #[Parasite. My Page Finder]127.0.0.1 hit.namimedia.com127.0.0.1 ads.nandomedia.com127.0.0.1 #[Adware. Needed Ware]127.0.0.1 www6.netbroadcaster.com127.0.0.1 code.au127.0.0.1 money2.netfirms.com127.0.0.1 partner.netmechanic.com127.0.0.1 tracker.netmechanic.com127.0.0.1 counter.netmore.net127.0.0.1 ads.netsol.com127.0.0.1 ads.uk127.0.0.1 adq.nextag.com127.0.0.1 #[TROJ_DELF.

||

EXE\"""Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide""One Care UI"="\"C:\\Program Files\\Microsoft Windows One Care Live\\winssnotify.exe\"" [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]"DWQueued Reporting"="\"C:\\PROGRA~1\\COMMON~1\\MICROS~1\\DW\\dwtrig20.exe\" -t"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"Disable Task Mgr"=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]""="frisbee"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]""="Microsoft Anti Malware Shell Execute Hook"HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]"Security Providers"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages REG_MULTI_SZ msv1_0\0\0 Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0 Notification Packages REG_MULTI_SZ scecli\0\0HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\One Care MP [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\Current Version\Svchost]Local Service REG_MULTI_SZ Alerter\0Web Client\0Lm Hosts\0Remote Registry\0upnphost\0SSDPSRV\0\0Network Service REG_MULTI_SZ Dns Cache\0\0rpcss REG_MULTI_SZ Rpc Ss\0\0imgsvc REG_MULTI_SZ Sti Svc\0\0termsvcs REG_MULTI_SZ Term Service\0\0HTTPFilter REG_MULTI_SZ HTTPFilter\0\0Dcom Launch REG_MULTI_SZ Dcom Launch\0Term Service\0\0Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\MP Scheduled Quick C:\WINDOWS\tasks\MP Scheduled C:\WINDOWS\tasks\MP Scheduled Signature C:\WINDOWS\tasks\Symantec Net Detect.job********************************************************************catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006 hidden processes ...scanning hidden services ...scanning hidden autostart entries ...scanning hidden files ..completed successfullyhidden processes: 0hidden services: 0hidden files: 0********************************************************************Completion time: 07-04-13 C:\Combo ... EXEO4 - HKLM\..\Run: [Storage Guard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [Tk Bell Exe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Auto TKit] C:\hp\bin\AUTOTKIT. EXE C:\WINDOWS\System32\Nv Cpl.dll, Nv Startup O4 - HKLM\..\Run: [nwiz] /installquiet /keeploaded /nodetect O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\O4 - HKLM\..\Run: [Alcx Monitor] ALCXMNTR. DLLO18 - Protocol: msnim - - C:\PROGRA~1\MSNMES~1\MSGRAP~1. Adtomi]127.0.0.1 downldcl.adtoolsinc.com127.0.0.1 survey.advantageresearch.com127.0.0.1 ad.tw127.0.0.1 ads.advertise.net127.0.0.1 #[Adware. Arm Bender]127.0.0.1 audiogalaxy.com127.0.0.1 Zone site]127.0.0.1 adserving.autotrader.com127.0.0.1 Moe Money]127.0.0.1 Page-DA]127.0.0.1 c.#[ah-ha.com]127.0.0.1 #[xzoomy.com]127.0.0.1 epeople.com127.0.0.1 errorpage404#[JS_TRAFFICHBAR. Tiny Bar]127.0.0.1 er.errorplace.com127.0.0.1 vipuk.#[123Messenger Hijacker]127.0.0.1 antivirus spyware]127.0.0.1 Page-EZ][server down? Meerhits.nl]127.0.0.1 pokpok.meerhits.nl127.0.0.1 exit.megago.com127.0.0.1 squatter]127.0.0.1 Zone site]127.0.0.1

If so, click it, then click the next icon right below and select "Move incurable". Please copy/paste the content of that report into your next reply.*****************************Launch HJThis,click 'Open the Misc Tools Section'. EXEC:\Program Files\Microsoft Windows One Care Live\Firewall\C:\Program Files\Microsoft Windows One Care Live\C:\Program Files\Softex\Omni Pass\C:\WINDOWS\Explorer. Download Plus]127.0.0.1 ad.tomshardware.com127.0.0.1 #[IEDLL.

EXEC:\windows\system\C:\WINDOWS\System32\C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\C:\Program Files\HP\HP Software Update\HPWu C:\WINDOWS\System32\hphmon05C:\HP\KBD\KBD.

07-04-13 Hijack logs Logfile of Hijack This v1.99.1Scan saved at AM, on 4/13/2007Platform: Windows XP SP2 (Win NT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16414)Running processes: C:\WINDOWS\System32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\Program Files\Microsoft Windows One Care Live\Antivirus\Ms Mp C:\WINDOWS\system32\C:\Program Files\Softex\Omni Pass\C:\WINDOWS\C:\Documents and Settings\Owner\Desktop\Hijack R1 - HKCU\Software\Microsoft\Internet Connection Wizard, Shell Next = - HKCU\Software\Microsoft\Windows\Current Version\Internet Settings, Proxy Override = localhost R3 - URLSearch Hook: Yahoo! EXEO4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD. EXEO4 - HKLM\..\Run: [Igfx Tray] C:\WINDOWS\System32\O4 - HKLM\..\Run: [Quick Time Task] "C:\Program Files\Quick Time\qttask.exe" -atboottime O4 - HKLM\..\Run: [i Tunes Helper] "C:\Program Files\i Tunes\i Tunes Helper.exe"O4 - HKLM\..\Run: [Quick Finder Scheduler] "c:\Program Files\Word Perfect Office 11\Programs\QFSCHD110. DLLO20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\Omni Pass\O20 - Winlogon Notify: Wga Logon - C:\WINDOWS\SYSTEM32\Wga O23 - Service: i Pod Service - Apple Computer, Inc. Advision]127.0.0.1 adviva.com127.0.0.1 ads.adviva.net127.0.0.1 adstats.adviva.net127.0.0.1 tracker.#[msvrl.dll]127.0.0.1 banners.affiliatefuel.com127.0.0.1 affiliatetarget.com127.0.0.1 fcds.affiliatetracking.net127.0.0.1 our.affiliatetracking.net127.0.0.1 partner.#[Troj/Subsear-A][Adware-SSF.dr]127.0.0.1 adserver.aim4media.com127.0.0.1 adtest.aim4media.com127.0.0.1 pops.aim4media.com127.0.0.1 crs.akamai.com127.0.0.1 soap.#[Spyware. Auto Startup]127.0.0.1 cploving.#[Trojan Clicker. ]127.0.0.1 perso.estat.com127.0.0.1 prof.estat.com127.0.0.1 Zone site]127.0.0.1 eu-adcenter.net127.0.0.1 thinknyc.eu-adcenter.net127.0.0.1 ugo.#[evidence-eliminator.com]127.0.0.1 Bar][Installer X Class]127.0.0.1 engage.everyone.net127.0.0.1 static.everyone.net127.0.0.1 exitexchange.com127.0.0.1 count.exitexchange.com127.0.0.1 images.exitexchange.com127.0.0.1 Zone site]127.0.0.1 #[EZCyber Search. A]127.0.0.1 net #[Grolier Network]127.0.0.1 micorsoft.com127.0.0.1 hijacker]127.0.0.1 adserver.mindshare.de127.0.0.1 Mini-Player]127.0.0.1 banner.missingkids.com127.0.0.1 ads.monster.com127.0.0.1 adserver.monster.com127.0.0.1 adserver.monster.com127.0.0.1 ads.monstermoving.com127.0.0.1 cookie.monster.com127.0.0.1 mp3today.net127.0.0.1 mpamexit.com127.0.0.1 msgtag.com127.0.0.1 img.#[Restricted Zone site]127.0.0.1 multi1co.uk127.0.0.1 #[Multimpp Obj Class][Adv Ware. Now Box]127.0.0.1 mediatickets.nubela.net127.0.0.1 nz127.0.0.1 okcounter.com127.0.0.1 net #[Trojan. C]127.0.0.1 stat.onestat.com127.0.0.1 one.ru127.0.0.1 ru127.0.0.1 stats0ru127.0.0.1 stats1ru127.0.0.1 stats2ru127.0.0.1 server1.opentracker.net127.0.0.1 ccc00.opinionlab.com127.0.0.1 rate.opinionlab.com127.0.0.1 net127.0.0.1 Organizer Class]127.0.0.1 com127.0.0.1 com127.0.0.1 otx5.otxresearch.com127.0.0.1 otx.#[OTXMedia.dll]127.0.0.1 Class]127.0.0.1 adpopper.#[bargain-buddy.net]127.0.0.1 click.payserve.com127.0.0.1 ad1com127.0.0.1 ad3com127.0.0.1 com127.0.0.1 ad4com127.0.0.1 ads5com127.0.0.1 com127.0.0.1 net127.0.0.1 ads.#[addynamix.com]127.0.0.1 banners.pennyweb.com127.0.0.1 D]127.0.0.1 ads.photosight.ru127.0.0.1 phpadsnew.com127.0.0.1 #[Backdoor.

EXE"O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [One Care UI] "C:\Program Files\Microsoft Windows One Care Live\winssnotify.exe"O4 - HKCU\..\Run: [Backup Notify] c:\Program Files\Hewlett-Packard\Digital Imaging\bin\O4 - HKCU\..\Run: [NVIEW] rundll32nview.dll,n View Load Hook O4 - HKCU\..\Run: [Real Player] "C:\Program Files\Real\Real One Player\realplay.exe" /Run UPGTool Command Re Boot O4 - HKCU\..\Run: [update Mgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\Adobe Update Ac Rd B7_0_9O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\O4 - Startup: Auto O4 - Global Startup: Adobe Reader Speed = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_O4 - Global Startup: HP Digital Imaging = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08O4 - Global Startup: Motorola Wireless USB = ? - C:\Program Files\i Pod\bin\i Pod O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32O23 - Service: Softex Omni Pass Service (omniserv) - Unknown owner - C:\Program Files\Softex\Omni Pass\O23 - Service: Ventrilo - Unknown owner - C:\Program Files\Vent Srv\ventrilo_O23 - Service: Windows Network Log Manage - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\MSInfo\Smit Fraud Fix v2.166Scan done at .25, Fri 04/13/2007Run from C:\Documents and Settings\Owner\Desktop\Smitfraud Fix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NTThe filesystem type is NTFSFix run in safe mode Shared Task Scheduler Before Smit Fraud Fix!!! Alexa][Alexa Toolbar]127.0.0.1 #[Backdoor-CIE]127.0.0.1 ads.as4#[Ticketmaster]127.0.0.1 net127.0.0.1 net127.0.0.1 ads.amazingmedia.com127.0.0.1 bohema.#[Trojan. H]127.0.0.1 adserver04.#[Real Media]127.0.0.1 ads.antionline.com127.0.0.1 net127.0.0.1 banner.arttoday.com127.0.0.1 #[amazon.com]127.0.0.1 #[UCSearch][W32. Surebar]127.0.0.1 ads.ezcybersearch.com127.0.0.1 everyone.net127.0.0.1 Search]127.0.0.1 ads.au127.0.0.1 au127.0.0.1 redirect.au127.0.0.1 campaigns.f2au127.0.0.1 Search][TROJ_STARTPAG. Bi Spy.o]127.0.0.1 mvtracker.com127.0.0.1 mvr3#[Nav Excel\n-CASE]127.0.0.1 #[Parasite. No Adware]127.0.0.1 ad.nobreak.com127.0.0.1 #[spam][server down?

O4 - Global Startup: Quicken Scheduled = C:\Program Files\Quicken\O4 - Global Startup: Updates from = C:\Program Files\Updates from HP\137903\Program\Back Web-137903O8 - Extra context menu item: &Yahoo! Attention, following keys are not inevitably infected!!! Ri Search Shared Task Scheduler's .dll[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Explorer\Shared Task Scheduler]""="frisbee"[HKEY_CLASSES_ROOT\CLSID\\In Proc Server32]@="C:\WINDOWS\system32\ygjun.dll"[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\\In Proc Server32]@="C:\WINDOWS\system32\ygjun.dll" Killing process hosts127.0.0.1 downloads.aaa1#[Bargin Buddy]127.0.0.1 dl.aaascreensavers.com127.0.0.1 abcsearch.com127.0.0.1 admin.abcsearch.com127.0.0.1 www3.#[Browseraid]127.0.0.1 abc517#[Trojan. Nav Excel]127.0.0.1 us127.0.0.1 ads.mydailyhoroscope.net127.0.0.1 Horoscope]127.0.0.1 com127.0.0.1 myhitlogger.com127.0.0.1 #[Parasite. My Page Finder]127.0.0.1 hit.namimedia.com127.0.0.1 ads.nandomedia.com127.0.0.1 #[Adware. Needed Ware]127.0.0.1 www6.netbroadcaster.com127.0.0.1 code.au127.0.0.1 money2.netfirms.com127.0.0.1 partner.netmechanic.com127.0.0.1 tracker.netmechanic.com127.0.0.1 counter.netmore.net127.0.0.1 ads.netsol.com127.0.0.1 ads.uk127.0.0.1 adq.nextag.com127.0.0.1 #[TROJ_DELF.

]]HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\One Care MP [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\Current Version\Svchost]Local Service REG_MULTI_SZ Alerter[[

EXE\"""Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide""One Care UI"="\"C:\\Program Files\\Microsoft Windows One Care Live\\winssnotify.exe\"" [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]"DWQueued Reporting"="\"C:\\PROGRA~1\\COMMON~1\\MICROS~1\\DW\\dwtrig20.exe\" -t"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"Disable Task Mgr"=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]""="frisbee"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]""="Microsoft Anti Malware Shell Execute Hook"HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]"Security Providers"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages REG_MULTI_SZ msv1_0\0\0 Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0 Notification Packages REG_MULTI_SZ scecli\0\0HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\One Care MP [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\Current Version\Svchost]Local Service REG_MULTI_SZ Alerter\0Web Client\0Lm Hosts\0Remote Registry\0upnphost\0SSDPSRV\0\0Network Service REG_MULTI_SZ Dns Cache\0\0rpcss REG_MULTI_SZ Rpc Ss\0\0imgsvc REG_MULTI_SZ Sti Svc\0\0termsvcs REG_MULTI_SZ Term Service\0\0HTTPFilter REG_MULTI_SZ HTTPFilter\0\0Dcom Launch REG_MULTI_SZ Dcom Launch\0Term Service\0\0Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\MP Scheduled Quick C:\WINDOWS\tasks\MP Scheduled C:\WINDOWS\tasks\MP Scheduled Signature C:\WINDOWS\tasks\Symantec Net Detect.job********************************************************************catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006 hidden processes ...scanning hidden services ...scanning hidden autostart entries ...scanning hidden files ..completed successfullyhidden processes: 0hidden services: 0hidden files: 0********************************************************************Completion time: 07-04-13 C:\Combo ... EXEO4 - HKLM\..\Run: [Storage Guard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [Tk Bell Exe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Auto TKit] C:\hp\bin\AUTOTKIT. EXE C:\WINDOWS\System32\Nv Cpl.dll, Nv Startup O4 - HKLM\..\Run: [nwiz] /installquiet /keeploaded /nodetect O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\O4 - HKLM\..\Run: [Alcx Monitor] ALCXMNTR. DLLO18 - Protocol: msnim - - C:\PROGRA~1\MSNMES~1\MSGRAP~1. Adtomi]127.0.0.1 downldcl.adtoolsinc.com127.0.0.1 survey.advantageresearch.com127.0.0.1 ad.tw127.0.0.1 ads.advertise.net127.0.0.1 #[Adware. Arm Bender]127.0.0.1 audiogalaxy.com127.0.0.1 Zone site]127.0.0.1 adserving.autotrader.com127.0.0.1 Moe Money]127.0.0.1 Page-DA]127.0.0.1 c.#[ah-ha.com]127.0.0.1 #[xzoomy.com]127.0.0.1 epeople.com127.0.0.1 errorpage404#[JS_TRAFFICHBAR. Tiny Bar]127.0.0.1 er.errorplace.com127.0.0.1 vipuk.#[123Messenger Hijacker]127.0.0.1 antivirus spyware]127.0.0.1 Page-EZ][server down? Meerhits.nl]127.0.0.1 pokpok.meerhits.nl127.0.0.1 exit.megago.com127.0.0.1 squatter]127.0.0.1 Zone site]127.0.0.1 If so, click it, then click the next icon right below and select "Move incurable". Please copy/paste the content of that report into your next reply.*****************************Launch HJThis,click 'Open the Misc Tools Section'. EXEC:\Program Files\Microsoft Windows One Care Live\Firewall\C:\Program Files\Microsoft Windows One Care Live\C:\Program Files\Softex\Omni Pass\C:\WINDOWS\Explorer. Download Plus]127.0.0.1 ad.tomshardware.com127.0.0.1 #[IEDLL. EXEC:\windows\system\C:\WINDOWS\System32\C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\C:\Program Files\HP\HP Software Update\HPWu C:\WINDOWS\System32\hphmon05C:\HP\KBD\KBD. 07-04-13 Hijack logs Logfile of Hijack This v1.99.1Scan saved at AM, on 4/13/2007Platform: Windows XP SP2 (Win NT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16414)Running processes: C:\WINDOWS\System32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\Program Files\Microsoft Windows One Care Live\Antivirus\Ms Mp C:\WINDOWS\system32\C:\Program Files\Softex\Omni Pass\C:\WINDOWS\C:\Documents and Settings\Owner\Desktop\Hijack R1 - HKCU\Software\Microsoft\Internet Connection Wizard, Shell Next = - HKCU\Software\Microsoft\Windows\Current Version\Internet Settings, Proxy Override = localhost R3 - URLSearch Hook: Yahoo! EXEO4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD. EXEO4 - HKLM\..\Run: [Igfx Tray] C:\WINDOWS\System32\O4 - HKLM\..\Run: [Quick Time Task] "C:\Program Files\Quick Time\qttask.exe" -atboottime O4 - HKLM\..\Run: [i Tunes Helper] "C:\Program Files\i Tunes\i Tunes Helper.exe"O4 - HKLM\..\Run: [Quick Finder Scheduler] "c:\Program Files\Word Perfect Office 11\Programs\QFSCHD110. DLLO20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\Omni Pass\O20 - Winlogon Notify: Wga Logon - C:\WINDOWS\SYSTEM32\Wga O23 - Service: i Pod Service - Apple Computer, Inc. Advision]127.0.0.1 adviva.com127.0.0.1 ads.adviva.net127.0.0.1 adstats.adviva.net127.0.0.1 tracker.#[msvrl.dll]127.0.0.1 banners.affiliatefuel.com127.0.0.1 affiliatetarget.com127.0.0.1 fcds.affiliatetracking.net127.0.0.1 our.affiliatetracking.net127.0.0.1 partner.#[Troj/Subsear-A][Adware-SSF.dr]127.0.0.1 adserver.aim4media.com127.0.0.1 adtest.aim4media.com127.0.0.1 pops.aim4media.com127.0.0.1 crs.akamai.com127.0.0.1 soap.#[Spyware. Auto Startup]127.0.0.1 cploving.#[Trojan Clicker. ]127.0.0.1 perso.estat.com127.0.0.1 prof.estat.com127.0.0.1 Zone site]127.0.0.1 eu-adcenter.net127.0.0.1 thinknyc.eu-adcenter.net127.0.0.1 ugo.#[evidence-eliminator.com]127.0.0.1 Bar][Installer X Class]127.0.0.1 engage.everyone.net127.0.0.1 static.everyone.net127.0.0.1 exitexchange.com127.0.0.1 count.exitexchange.com127.0.0.1 images.exitexchange.com127.0.0.1 Zone site]127.0.0.1 #[EZCyber Search. A]127.0.0.1 net #[Grolier Network]127.0.0.1 micorsoft.com127.0.0.1 hijacker]127.0.0.1 adserver.mindshare.de127.0.0.1 Mini-Player]127.0.0.1 banner.missingkids.com127.0.0.1 ads.monster.com127.0.0.1 adserver.monster.com127.0.0.1 adserver.monster.com127.0.0.1 ads.monstermoving.com127.0.0.1 cookie.monster.com127.0.0.1 mp3today.net127.0.0.1 mpamexit.com127.0.0.1 msgtag.com127.0.0.1 img.#[Restricted Zone site]127.0.0.1 multi1co.uk127.0.0.1 #[Multimpp Obj Class][Adv Ware. Now Box]127.0.0.1 mediatickets.nubela.net127.0.0.1 nz127.0.0.1 okcounter.com127.0.0.1 net #[Trojan. C]127.0.0.1 stat.onestat.com127.0.0.1 one.ru127.0.0.1 ru127.0.0.1 stats0ru127.0.0.1 stats1ru127.0.0.1 stats2ru127.0.0.1 server1.opentracker.net127.0.0.1 ccc00.opinionlab.com127.0.0.1 rate.opinionlab.com127.0.0.1 net127.0.0.1 Organizer Class]127.0.0.1 com127.0.0.1 com127.0.0.1 otx5.otxresearch.com127.0.0.1 otx.#[OTXMedia.dll]127.0.0.1 Class]127.0.0.1 adpopper.#[bargain-buddy.net]127.0.0.1 click.payserve.com127.0.0.1 ad1com127.0.0.1 ad3com127.0.0.1 com127.0.0.1 ad4com127.0.0.1 ads5com127.0.0.1 com127.0.0.1 net127.0.0.1 ads.#[addynamix.com]127.0.0.1 banners.pennyweb.com127.0.0.1 D]127.0.0.1 ads.photosight.ru127.0.0.1 phpadsnew.com127.0.0.1 #[Backdoor. EXE"O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [One Care UI] "C:\Program Files\Microsoft Windows One Care Live\winssnotify.exe"O4 - HKCU\..\Run: [Backup Notify] c:\Program Files\Hewlett-Packard\Digital Imaging\bin\O4 - HKCU\..\Run: [NVIEW] rundll32nview.dll,n View Load Hook O4 - HKCU\..\Run: [Real Player] "C:\Program Files\Real\Real One Player\realplay.exe" /Run UPGTool Command Re Boot O4 - HKCU\..\Run: [update Mgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\Adobe Update Ac Rd B7_0_9O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\O4 - Startup: Auto O4 - Global Startup: Adobe Reader Speed = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_O4 - Global Startup: HP Digital Imaging = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08O4 - Global Startup: Motorola Wireless USB = ? - C:\Program Files\i Pod\bin\i Pod O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32O23 - Service: Softex Omni Pass Service (omniserv) - Unknown owner - C:\Program Files\Softex\Omni Pass\O23 - Service: Ventrilo - Unknown owner - C:\Program Files\Vent Srv\ventrilo_O23 - Service: Windows Network Log Manage - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\MSInfo\Smit Fraud Fix v2.166Scan done at .25, Fri 04/13/2007Run from C:\Documents and Settings\Owner\Desktop\Smitfraud Fix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NTThe filesystem type is NTFSFix run in safe mode Shared Task Scheduler Before Smit Fraud Fix!!! Alexa][Alexa Toolbar]127.0.0.1 #[Backdoor-CIE]127.0.0.1 ads.as4#[Ticketmaster]127.0.0.1 net127.0.0.1 net127.0.0.1 ads.amazingmedia.com127.0.0.1 bohema.#[Trojan. H]127.0.0.1 adserver04.#[Real Media]127.0.0.1 ads.antionline.com127.0.0.1 net127.0.0.1 banner.arttoday.com127.0.0.1 #[amazon.com]127.0.0.1 #[UCSearch][W32. Surebar]127.0.0.1 ads.ezcybersearch.com127.0.0.1 everyone.net127.0.0.1 Search]127.0.0.1 ads.au127.0.0.1 au127.0.0.1 redirect.au127.0.0.1 campaigns.f2au127.0.0.1 Search][TROJ_STARTPAG. Bi Spy.o]127.0.0.1 mvtracker.com127.0.0.1 mvr3#[Nav Excel\n-CASE]127.0.0.1 #[Parasite. No Adware]127.0.0.1 ad.nobreak.com127.0.0.1 #[spam][server down? O4 - Global Startup: Quicken Scheduled = C:\Program Files\Quicken\O4 - Global Startup: Updates from = C:\Program Files\Updates from HP\137903\Program\Back Web-137903O8 - Extra context menu item: &Yahoo! Attention, following keys are not inevitably infected!!! Ri Search Shared Task Scheduler's .dll[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Explorer\Shared Task Scheduler]""="frisbee"[HKEY_CLASSES_ROOT\CLSID\\In Proc Server32]@="C:\WINDOWS\system32\ygjun.dll"[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\\In Proc Server32]@="C:\WINDOWS\system32\ygjun.dll" Killing process hosts127.0.0.1 downloads.aaa1#[Bargin Buddy]127.0.0.1 dl.aaascreensavers.com127.0.0.1 abcsearch.com127.0.0.1 admin.abcsearch.com127.0.0.1 www3.#[Browseraid]127.0.0.1 abc517#[Trojan. Nav Excel]127.0.0.1 us127.0.0.1 ads.mydailyhoroscope.net127.0.0.1 Horoscope]127.0.0.1 com127.0.0.1 myhitlogger.com127.0.0.1 #[Parasite. My Page Finder]127.0.0.1 hit.namimedia.com127.0.0.1 ads.nandomedia.com127.0.0.1 #[Adware. Needed Ware]127.0.0.1 www6.netbroadcaster.com127.0.0.1 code.au127.0.0.1 money2.netfirms.com127.0.0.1 partner.netmechanic.com127.0.0.1 tracker.netmechanic.com127.0.0.1 counter.netmore.net127.0.0.1 ads.netsol.com127.0.0.1 ads.uk127.0.0.1 adq.nextag.com127.0.0.1 #[TROJ_DELF.

||

EXE\"""Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide""One Care UI"="\"C:\\Program Files\\Microsoft Windows One Care Live\\winssnotify.exe\"" [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]"DWQueued Reporting"="\"C:\\PROGRA~1\\COMMON~1\\MICROS~1\\DW\\dwtrig20.exe\" -t"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"Disable Task Mgr"=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]""="frisbee"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]""="Microsoft Anti Malware Shell Execute Hook"HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]"Security Providers"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages REG_MULTI_SZ msv1_0\0\0 Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0 Notification Packages REG_MULTI_SZ scecli\0\0HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\One Care MP [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\Current Version\Svchost]Local Service REG_MULTI_SZ Alerter\0Web Client\0Lm Hosts\0Remote Registry\0upnphost\0SSDPSRV\0\0Network Service REG_MULTI_SZ Dns Cache\0\0rpcss REG_MULTI_SZ Rpc Ss\0\0imgsvc REG_MULTI_SZ Sti Svc\0\0termsvcs REG_MULTI_SZ Term Service\0\0HTTPFilter REG_MULTI_SZ HTTPFilter\0\0Dcom Launch REG_MULTI_SZ Dcom Launch\0Term Service\0\0Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\MP Scheduled Quick C:\WINDOWS\tasks\MP Scheduled C:\WINDOWS\tasks\MP Scheduled Signature C:\WINDOWS\tasks\Symantec Net Detect.job********************************************************************catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006 hidden processes ...scanning hidden services ...scanning hidden autostart entries ...scanning hidden files ..completed successfullyhidden processes: 0hidden services: 0hidden files: 0********************************************************************Completion time: 07-04-13 C:\Combo ... EXEO4 - HKLM\..\Run: [Storage Guard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [Tk Bell Exe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Auto TKit] C:\hp\bin\AUTOTKIT. EXE C:\WINDOWS\System32\Nv Cpl.dll, Nv Startup O4 - HKLM\..\Run: [nwiz] /installquiet /keeploaded /nodetect O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\O4 - HKLM\..\Run: [Alcx Monitor] ALCXMNTR. DLLO18 - Protocol: msnim - - C:\PROGRA~1\MSNMES~1\MSGRAP~1. Adtomi]127.0.0.1 downldcl.adtoolsinc.com127.0.0.1 survey.advantageresearch.com127.0.0.1 ad.tw127.0.0.1 ads.advertise.net127.0.0.1 #[Adware. Arm Bender]127.0.0.1 audiogalaxy.com127.0.0.1 Zone site]127.0.0.1 adserving.autotrader.com127.0.0.1 Moe Money]127.0.0.1 Page-DA]127.0.0.1 c.#[ah-ha.com]127.0.0.1 #[xzoomy.com]127.0.0.1 epeople.com127.0.0.1 errorpage404#[JS_TRAFFICHBAR. Tiny Bar]127.0.0.1 er.errorplace.com127.0.0.1 vipuk.#[123Messenger Hijacker]127.0.0.1 antivirus spyware]127.0.0.1 Page-EZ][server down? Meerhits.nl]127.0.0.1 pokpok.meerhits.nl127.0.0.1 exit.megago.com127.0.0.1 squatter]127.0.0.1 Zone site]127.0.0.1

If so, click it, then click the next icon right below and select "Move incurable". Please copy/paste the content of that report into your next reply.*****************************Launch HJThis,click 'Open the Misc Tools Section'. EXEC:\Program Files\Microsoft Windows One Care Live\Firewall\C:\Program Files\Microsoft Windows One Care Live\C:\Program Files\Softex\Omni Pass\C:\WINDOWS\Explorer. Download Plus]127.0.0.1 ad.tomshardware.com127.0.0.1 #[IEDLL.

EXEC:\windows\system\C:\WINDOWS\System32\C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\C:\Program Files\HP\HP Software Update\HPWu C:\WINDOWS\System32\hphmon05C:\HP\KBD\KBD.

07-04-13 Hijack logs Logfile of Hijack This v1.99.1Scan saved at AM, on 4/13/2007Platform: Windows XP SP2 (Win NT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16414)Running processes: C:\WINDOWS\System32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\Program Files\Microsoft Windows One Care Live\Antivirus\Ms Mp C:\WINDOWS\system32\C:\Program Files\Softex\Omni Pass\C:\WINDOWS\C:\Documents and Settings\Owner\Desktop\Hijack R1 - HKCU\Software\Microsoft\Internet Connection Wizard, Shell Next = - HKCU\Software\Microsoft\Windows\Current Version\Internet Settings, Proxy Override = localhost R3 - URLSearch Hook: Yahoo! EXEO4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD. EXEO4 - HKLM\..\Run: [Igfx Tray] C:\WINDOWS\System32\O4 - HKLM\..\Run: [Quick Time Task] "C:\Program Files\Quick Time\qttask.exe" -atboottime O4 - HKLM\..\Run: [i Tunes Helper] "C:\Program Files\i Tunes\i Tunes Helper.exe"O4 - HKLM\..\Run: [Quick Finder Scheduler] "c:\Program Files\Word Perfect Office 11\Programs\QFSCHD110. DLLO20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\Omni Pass\O20 - Winlogon Notify: Wga Logon - C:\WINDOWS\SYSTEM32\Wga O23 - Service: i Pod Service - Apple Computer, Inc. Advision]127.0.0.1 adviva.com127.0.0.1 ads.adviva.net127.0.0.1 adstats.adviva.net127.0.0.1 tracker.#[msvrl.dll]127.0.0.1 banners.affiliatefuel.com127.0.0.1 affiliatetarget.com127.0.0.1 fcds.affiliatetracking.net127.0.0.1 our.affiliatetracking.net127.0.0.1 partner.#[Troj/Subsear-A][Adware-SSF.dr]127.0.0.1 adserver.aim4media.com127.0.0.1 adtest.aim4media.com127.0.0.1 pops.aim4media.com127.0.0.1 crs.akamai.com127.0.0.1 soap.#[Spyware. Auto Startup]127.0.0.1 cploving.#[Trojan Clicker. ]127.0.0.1 perso.estat.com127.0.0.1 prof.estat.com127.0.0.1 Zone site]127.0.0.1 eu-adcenter.net127.0.0.1 thinknyc.eu-adcenter.net127.0.0.1 ugo.#[evidence-eliminator.com]127.0.0.1 Bar][Installer X Class]127.0.0.1 engage.everyone.net127.0.0.1 static.everyone.net127.0.0.1 exitexchange.com127.0.0.1 count.exitexchange.com127.0.0.1 images.exitexchange.com127.0.0.1 Zone site]127.0.0.1 #[EZCyber Search. A]127.0.0.1 net #[Grolier Network]127.0.0.1 micorsoft.com127.0.0.1 hijacker]127.0.0.1 adserver.mindshare.de127.0.0.1 Mini-Player]127.0.0.1 banner.missingkids.com127.0.0.1 ads.monster.com127.0.0.1 adserver.monster.com127.0.0.1 adserver.monster.com127.0.0.1 ads.monstermoving.com127.0.0.1 cookie.monster.com127.0.0.1 mp3today.net127.0.0.1 mpamexit.com127.0.0.1 msgtag.com127.0.0.1 img.#[Restricted Zone site]127.0.0.1 multi1co.uk127.0.0.1 #[Multimpp Obj Class][Adv Ware. Now Box]127.0.0.1 mediatickets.nubela.net127.0.0.1 nz127.0.0.1 okcounter.com127.0.0.1 net #[Trojan. C]127.0.0.1 stat.onestat.com127.0.0.1 one.ru127.0.0.1 ru127.0.0.1 stats0ru127.0.0.1 stats1ru127.0.0.1 stats2ru127.0.0.1 server1.opentracker.net127.0.0.1 ccc00.opinionlab.com127.0.0.1 rate.opinionlab.com127.0.0.1 net127.0.0.1 Organizer Class]127.0.0.1 com127.0.0.1 com127.0.0.1 otx5.otxresearch.com127.0.0.1 otx.#[OTXMedia.dll]127.0.0.1 Class]127.0.0.1 adpopper.#[bargain-buddy.net]127.0.0.1 click.payserve.com127.0.0.1 ad1com127.0.0.1 ad3com127.0.0.1 com127.0.0.1 ad4com127.0.0.1 ads5com127.0.0.1 com127.0.0.1 net127.0.0.1 ads.#[addynamix.com]127.0.0.1 banners.pennyweb.com127.0.0.1 D]127.0.0.1 ads.photosight.ru127.0.0.1 phpadsnew.com127.0.0.1 #[Backdoor.

EXE"O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [One Care UI] "C:\Program Files\Microsoft Windows One Care Live\winssnotify.exe"O4 - HKCU\..\Run: [Backup Notify] c:\Program Files\Hewlett-Packard\Digital Imaging\bin\O4 - HKCU\..\Run: [NVIEW] rundll32nview.dll,n View Load Hook O4 - HKCU\..\Run: [Real Player] "C:\Program Files\Real\Real One Player\realplay.exe" /Run UPGTool Command Re Boot O4 - HKCU\..\Run: [update Mgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\Adobe Update Ac Rd B7_0_9O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\O4 - Startup: Auto O4 - Global Startup: Adobe Reader Speed = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_O4 - Global Startup: HP Digital Imaging = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08O4 - Global Startup: Motorola Wireless USB = ? - C:\Program Files\i Pod\bin\i Pod O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32O23 - Service: Softex Omni Pass Service (omniserv) - Unknown owner - C:\Program Files\Softex\Omni Pass\O23 - Service: Ventrilo - Unknown owner - C:\Program Files\Vent Srv\ventrilo_O23 - Service: Windows Network Log Manage - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\MSInfo\Smit Fraud Fix v2.166Scan done at .25, Fri 04/13/2007Run from C:\Documents and Settings\Owner\Desktop\Smitfraud Fix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NTThe filesystem type is NTFSFix run in safe mode Shared Task Scheduler Before Smit Fraud Fix!!! Alexa][Alexa Toolbar]127.0.0.1 #[Backdoor-CIE]127.0.0.1 ads.as4#[Ticketmaster]127.0.0.1 net127.0.0.1 net127.0.0.1 ads.amazingmedia.com127.0.0.1 bohema.#[Trojan. H]127.0.0.1 adserver04.#[Real Media]127.0.0.1 ads.antionline.com127.0.0.1 net127.0.0.1 banner.arttoday.com127.0.0.1 #[amazon.com]127.0.0.1 #[UCSearch][W32. Surebar]127.0.0.1 ads.ezcybersearch.com127.0.0.1 everyone.net127.0.0.1 Search]127.0.0.1 ads.au127.0.0.1 au127.0.0.1 redirect.au127.0.0.1 campaigns.f2au127.0.0.1 Search][TROJ_STARTPAG. Bi Spy.o]127.0.0.1 mvtracker.com127.0.0.1 mvr3#[Nav Excel\n-CASE]127.0.0.1 #[Parasite. No Adware]127.0.0.1 ad.nobreak.com127.0.0.1 #[spam][server down?

O4 - Global Startup: Quicken Scheduled = C:\Program Files\Quicken\O4 - Global Startup: Updates from = C:\Program Files\Updates from HP\137903\Program\Back Web-137903O8 - Extra context menu item: &Yahoo! Attention, following keys are not inevitably infected!!! Ri Search Shared Task Scheduler's .dll[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Explorer\Shared Task Scheduler]""="frisbee"[HKEY_CLASSES_ROOT\CLSID\\In Proc Server32]@="C:\WINDOWS\system32\ygjun.dll"[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\\In Proc Server32]@="C:\WINDOWS\system32\ygjun.dll" Killing process hosts127.0.0.1 downloads.aaa1#[Bargin Buddy]127.0.0.1 dl.aaascreensavers.com127.0.0.1 abcsearch.com127.0.0.1 admin.abcsearch.com127.0.0.1 www3.#[Browseraid]127.0.0.1 abc517#[Trojan. Nav Excel]127.0.0.1 us127.0.0.1 ads.mydailyhoroscope.net127.0.0.1 Horoscope]127.0.0.1 com127.0.0.1 myhitlogger.com127.0.0.1 #[Parasite. My Page Finder]127.0.0.1 hit.namimedia.com127.0.0.1 ads.nandomedia.com127.0.0.1 #[Adware. Needed Ware]127.0.0.1 www6.netbroadcaster.com127.0.0.1 code.au127.0.0.1 money2.netfirms.com127.0.0.1 partner.netmechanic.com127.0.0.1 tracker.netmechanic.com127.0.0.1 counter.netmore.net127.0.0.1 ads.netsol.com127.0.0.1 ads.uk127.0.0.1 adq.nextag.com127.0.0.1 #[TROJ_DELF.

]]Web Client[[

EXE\"""Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide""One Care UI"="\"C:\\Program Files\\Microsoft Windows One Care Live\\winssnotify.exe\"" [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]"DWQueued Reporting"="\"C:\\PROGRA~1\\COMMON~1\\MICROS~1\\DW\\dwtrig20.exe\" -t"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"Disable Task Mgr"=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]""="frisbee"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]""="Microsoft Anti Malware Shell Execute Hook"HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]"Security Providers"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages REG_MULTI_SZ msv1_0\0\0 Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0 Notification Packages REG_MULTI_SZ scecli\0\0HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\One Care MP [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\Current Version\Svchost]Local Service REG_MULTI_SZ Alerter\0Web Client\0Lm Hosts\0Remote Registry\0upnphost\0SSDPSRV\0\0Network Service REG_MULTI_SZ Dns Cache\0\0rpcss REG_MULTI_SZ Rpc Ss\0\0imgsvc REG_MULTI_SZ Sti Svc\0\0termsvcs REG_MULTI_SZ Term Service\0\0HTTPFilter REG_MULTI_SZ HTTPFilter\0\0Dcom Launch REG_MULTI_SZ Dcom Launch\0Term Service\0\0Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\MP Scheduled Quick C:\WINDOWS\tasks\MP Scheduled C:\WINDOWS\tasks\MP Scheduled Signature C:\WINDOWS\tasks\Symantec Net Detect.job********************************************************************catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006 hidden processes ...scanning hidden services ...scanning hidden autostart entries ...scanning hidden files ..completed successfullyhidden processes: 0hidden services: 0hidden files: 0********************************************************************Completion time: 07-04-13 C:\Combo ... EXEO4 - HKLM\..\Run: [Storage Guard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [Tk Bell Exe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Auto TKit] C:\hp\bin\AUTOTKIT. EXE C:\WINDOWS\System32\Nv Cpl.dll, Nv Startup O4 - HKLM\..\Run: [nwiz] /installquiet /keeploaded /nodetect O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\O4 - HKLM\..\Run: [Alcx Monitor] ALCXMNTR. DLLO18 - Protocol: msnim - - C:\PROGRA~1\MSNMES~1\MSGRAP~1. Adtomi]127.0.0.1 downldcl.adtoolsinc.com127.0.0.1 survey.advantageresearch.com127.0.0.1 ad.tw127.0.0.1 ads.advertise.net127.0.0.1 #[Adware. Arm Bender]127.0.0.1 audiogalaxy.com127.0.0.1 Zone site]127.0.0.1 adserving.autotrader.com127.0.0.1 Moe Money]127.0.0.1 Page-DA]127.0.0.1 c.#[ah-ha.com]127.0.0.1 #[xzoomy.com]127.0.0.1 epeople.com127.0.0.1 errorpage404#[JS_TRAFFICHBAR. Tiny Bar]127.0.0.1 er.errorplace.com127.0.0.1 vipuk.#[123Messenger Hijacker]127.0.0.1 antivirus spyware]127.0.0.1 Page-EZ][server down? Meerhits.nl]127.0.0.1 pokpok.meerhits.nl127.0.0.1 exit.megago.com127.0.0.1 squatter]127.0.0.1 Zone site]127.0.0.1 If so, click it, then click the next icon right below and select "Move incurable". Please copy/paste the content of that report into your next reply.*****************************Launch HJThis,click 'Open the Misc Tools Section'. EXEC:\Program Files\Microsoft Windows One Care Live\Firewall\C:\Program Files\Microsoft Windows One Care Live\C:\Program Files\Softex\Omni Pass\C:\WINDOWS\Explorer. Download Plus]127.0.0.1 ad.tomshardware.com127.0.0.1 #[IEDLL. EXEC:\windows\system\C:\WINDOWS\System32\C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\C:\Program Files\HP\HP Software Update\HPWu C:\WINDOWS\System32\hphmon05C:\HP\KBD\KBD. 07-04-13 Hijack logs Logfile of Hijack This v1.99.1Scan saved at AM, on 4/13/2007Platform: Windows XP SP2 (Win NT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16414)Running processes: C:\WINDOWS\System32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\Program Files\Microsoft Windows One Care Live\Antivirus\Ms Mp C:\WINDOWS\system32\C:\Program Files\Softex\Omni Pass\C:\WINDOWS\C:\Documents and Settings\Owner\Desktop\Hijack R1 - HKCU\Software\Microsoft\Internet Connection Wizard, Shell Next = - HKCU\Software\Microsoft\Windows\Current Version\Internet Settings, Proxy Override = localhost R3 - URLSearch Hook: Yahoo! EXEO4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD. EXEO4 - HKLM\..\Run: [Igfx Tray] C:\WINDOWS\System32\O4 - HKLM\..\Run: [Quick Time Task] "C:\Program Files\Quick Time\qttask.exe" -atboottime O4 - HKLM\..\Run: [i Tunes Helper] "C:\Program Files\i Tunes\i Tunes Helper.exe"O4 - HKLM\..\Run: [Quick Finder Scheduler] "c:\Program Files\Word Perfect Office 11\Programs\QFSCHD110. DLLO20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\Omni Pass\O20 - Winlogon Notify: Wga Logon - C:\WINDOWS\SYSTEM32\Wga O23 - Service: i Pod Service - Apple Computer, Inc. Advision]127.0.0.1 adviva.com127.0.0.1 ads.adviva.net127.0.0.1 adstats.adviva.net127.0.0.1 tracker.#[msvrl.dll]127.0.0.1 banners.affiliatefuel.com127.0.0.1 affiliatetarget.com127.0.0.1 fcds.affiliatetracking.net127.0.0.1 our.affiliatetracking.net127.0.0.1 partner.#[Troj/Subsear-A][Adware-SSF.dr]127.0.0.1 adserver.aim4media.com127.0.0.1 adtest.aim4media.com127.0.0.1 pops.aim4media.com127.0.0.1 crs.akamai.com127.0.0.1 soap.#[Spyware. Auto Startup]127.0.0.1 cploving.#[Trojan Clicker. ]127.0.0.1 perso.estat.com127.0.0.1 prof.estat.com127.0.0.1 Zone site]127.0.0.1 eu-adcenter.net127.0.0.1 thinknyc.eu-adcenter.net127.0.0.1 ugo.#[evidence-eliminator.com]127.0.0.1 Bar][Installer X Class]127.0.0.1 engage.everyone.net127.0.0.1 static.everyone.net127.0.0.1 exitexchange.com127.0.0.1 count.exitexchange.com127.0.0.1 images.exitexchange.com127.0.0.1 Zone site]127.0.0.1 #[EZCyber Search. A]127.0.0.1 net #[Grolier Network]127.0.0.1 micorsoft.com127.0.0.1 hijacker]127.0.0.1 adserver.mindshare.de127.0.0.1 Mini-Player]127.0.0.1 banner.missingkids.com127.0.0.1 ads.monster.com127.0.0.1 adserver.monster.com127.0.0.1 adserver.monster.com127.0.0.1 ads.monstermoving.com127.0.0.1 cookie.monster.com127.0.0.1 mp3today.net127.0.0.1 mpamexit.com127.0.0.1 msgtag.com127.0.0.1 img.#[Restricted Zone site]127.0.0.1 multi1co.uk127.0.0.1 #[Multimpp Obj Class][Adv Ware. Now Box]127.0.0.1 mediatickets.nubela.net127.0.0.1 nz127.0.0.1 okcounter.com127.0.0.1 net #[Trojan. C]127.0.0.1 stat.onestat.com127.0.0.1 one.ru127.0.0.1 ru127.0.0.1 stats0ru127.0.0.1 stats1ru127.0.0.1 stats2ru127.0.0.1 server1.opentracker.net127.0.0.1 ccc00.opinionlab.com127.0.0.1 rate.opinionlab.com127.0.0.1 net127.0.0.1 Organizer Class]127.0.0.1 com127.0.0.1 com127.0.0.1 otx5.otxresearch.com127.0.0.1 otx.#[OTXMedia.dll]127.0.0.1 Class]127.0.0.1 adpopper.#[bargain-buddy.net]127.0.0.1 click.payserve.com127.0.0.1 ad1com127.0.0.1 ad3com127.0.0.1 com127.0.0.1 ad4com127.0.0.1 ads5com127.0.0.1 com127.0.0.1 net127.0.0.1 ads.#[addynamix.com]127.0.0.1 banners.pennyweb.com127.0.0.1 D]127.0.0.1 ads.photosight.ru127.0.0.1 phpadsnew.com127.0.0.1 #[Backdoor. EXE"O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [One Care UI] "C:\Program Files\Microsoft Windows One Care Live\winssnotify.exe"O4 - HKCU\..\Run: [Backup Notify] c:\Program Files\Hewlett-Packard\Digital Imaging\bin\O4 - HKCU\..\Run: [NVIEW] rundll32nview.dll,n View Load Hook O4 - HKCU\..\Run: [Real Player] "C:\Program Files\Real\Real One Player\realplay.exe" /Run UPGTool Command Re Boot O4 - HKCU\..\Run: [update Mgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\Adobe Update Ac Rd B7_0_9O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\O4 - Startup: Auto O4 - Global Startup: Adobe Reader Speed = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_O4 - Global Startup: HP Digital Imaging = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08O4 - Global Startup: Motorola Wireless USB = ? - C:\Program Files\i Pod\bin\i Pod O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32O23 - Service: Softex Omni Pass Service (omniserv) - Unknown owner - C:\Program Files\Softex\Omni Pass\O23 - Service: Ventrilo - Unknown owner - C:\Program Files\Vent Srv\ventrilo_O23 - Service: Windows Network Log Manage - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\MSInfo\Smit Fraud Fix v2.166Scan done at .25, Fri 04/13/2007Run from C:\Documents and Settings\Owner\Desktop\Smitfraud Fix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NTThe filesystem type is NTFSFix run in safe mode Shared Task Scheduler Before Smit Fraud Fix!!! Alexa][Alexa Toolbar]127.0.0.1 #[Backdoor-CIE]127.0.0.1 ads.as4#[Ticketmaster]127.0.0.1 net127.0.0.1 net127.0.0.1 ads.amazingmedia.com127.0.0.1 bohema.#[Trojan. H]127.0.0.1 adserver04.#[Real Media]127.0.0.1 ads.antionline.com127.0.0.1 net127.0.0.1 banner.arttoday.com127.0.0.1 #[amazon.com]127.0.0.1 #[UCSearch][W32. Surebar]127.0.0.1 ads.ezcybersearch.com127.0.0.1 everyone.net127.0.0.1 Search]127.0.0.1 ads.au127.0.0.1 au127.0.0.1 redirect.au127.0.0.1 campaigns.f2au127.0.0.1 Search][TROJ_STARTPAG. Bi Spy.o]127.0.0.1 mvtracker.com127.0.0.1 mvr3#[Nav Excel\n-CASE]127.0.0.1 #[Parasite. No Adware]127.0.0.1 ad.nobreak.com127.0.0.1 #[spam][server down? O4 - Global Startup: Quicken Scheduled = C:\Program Files\Quicken\O4 - Global Startup: Updates from = C:\Program Files\Updates from HP\137903\Program\Back Web-137903O8 - Extra context menu item: &Yahoo! Attention, following keys are not inevitably infected!!! Ri Search Shared Task Scheduler's .dll[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Explorer\Shared Task Scheduler]""="frisbee"[HKEY_CLASSES_ROOT\CLSID\\In Proc Server32]@="C:\WINDOWS\system32\ygjun.dll"[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\\In Proc Server32]@="C:\WINDOWS\system32\ygjun.dll" Killing process hosts127.0.0.1 downloads.aaa1#[Bargin Buddy]127.0.0.1 dl.aaascreensavers.com127.0.0.1 abcsearch.com127.0.0.1 admin.abcsearch.com127.0.0.1 www3.#[Browseraid]127.0.0.1 abc517#[Trojan. Nav Excel]127.0.0.1 us127.0.0.1 ads.mydailyhoroscope.net127.0.0.1 Horoscope]127.0.0.1 com127.0.0.1 myhitlogger.com127.0.0.1 #[Parasite. My Page Finder]127.0.0.1 hit.namimedia.com127.0.0.1 ads.nandomedia.com127.0.0.1 #[Adware. Needed Ware]127.0.0.1 www6.netbroadcaster.com127.0.0.1 code.au127.0.0.1 money2.netfirms.com127.0.0.1 partner.netmechanic.com127.0.0.1 tracker.netmechanic.com127.0.0.1 counter.netmore.net127.0.0.1 ads.netsol.com127.0.0.1 ads.uk127.0.0.1 adq.nextag.com127.0.0.1 #[TROJ_DELF.

||

EXE\"""Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide""One Care UI"="\"C:\\Program Files\\Microsoft Windows One Care Live\\winssnotify.exe\"" [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]"DWQueued Reporting"="\"C:\\PROGRA~1\\COMMON~1\\MICROS~1\\DW\\dwtrig20.exe\" -t"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"Disable Task Mgr"=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]""="frisbee"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]""="Microsoft Anti Malware Shell Execute Hook"HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]"Security Providers"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages REG_MULTI_SZ msv1_0\0\0 Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0 Notification Packages REG_MULTI_SZ scecli\0\0HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\One Care MP [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\Current Version\Svchost]Local Service REG_MULTI_SZ Alerter\0Web Client\0Lm Hosts\0Remote Registry\0upnphost\0SSDPSRV\0\0Network Service REG_MULTI_SZ Dns Cache\0\0rpcss REG_MULTI_SZ Rpc Ss\0\0imgsvc REG_MULTI_SZ Sti Svc\0\0termsvcs REG_MULTI_SZ Term Service\0\0HTTPFilter REG_MULTI_SZ HTTPFilter\0\0Dcom Launch REG_MULTI_SZ Dcom Launch\0Term Service\0\0Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\MP Scheduled Quick C:\WINDOWS\tasks\MP Scheduled C:\WINDOWS\tasks\MP Scheduled Signature C:\WINDOWS\tasks\Symantec Net Detect.job********************************************************************catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006 hidden processes ...scanning hidden services ...scanning hidden autostart entries ...scanning hidden files ..completed successfullyhidden processes: 0hidden services: 0hidden files: 0********************************************************************Completion time: 07-04-13 C:\Combo ... EXEO4 - HKLM\..\Run: [Storage Guard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [Tk Bell Exe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Auto TKit] C:\hp\bin\AUTOTKIT. EXE C:\WINDOWS\System32\Nv Cpl.dll, Nv Startup O4 - HKLM\..\Run: [nwiz] /installquiet /keeploaded /nodetect O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\O4 - HKLM\..\Run: [Alcx Monitor] ALCXMNTR. DLLO18 - Protocol: msnim - - C:\PROGRA~1\MSNMES~1\MSGRAP~1. Adtomi]127.0.0.1 downldcl.adtoolsinc.com127.0.0.1 survey.advantageresearch.com127.0.0.1 ad.tw127.0.0.1 ads.advertise.net127.0.0.1 #[Adware. Arm Bender]127.0.0.1 audiogalaxy.com127.0.0.1 Zone site]127.0.0.1 adserving.autotrader.com127.0.0.1 Moe Money]127.0.0.1 Page-DA]127.0.0.1 c.#[ah-ha.com]127.0.0.1 #[xzoomy.com]127.0.0.1 epeople.com127.0.0.1 errorpage404#[JS_TRAFFICHBAR. Tiny Bar]127.0.0.1 er.errorplace.com127.0.0.1 vipuk.#[123Messenger Hijacker]127.0.0.1 antivirus spyware]127.0.0.1 Page-EZ][server down? Meerhits.nl]127.0.0.1 pokpok.meerhits.nl127.0.0.1 exit.megago.com127.0.0.1 squatter]127.0.0.1 Zone site]127.0.0.1

If so, click it, then click the next icon right below and select "Move incurable". Please copy/paste the content of that report into your next reply.*****************************Launch HJThis,click 'Open the Misc Tools Section'. EXEC:\Program Files\Microsoft Windows One Care Live\Firewall\C:\Program Files\Microsoft Windows One Care Live\C:\Program Files\Softex\Omni Pass\C:\WINDOWS\Explorer. Download Plus]127.0.0.1 ad.tomshardware.com127.0.0.1 #[IEDLL.

EXEC:\windows\system\C:\WINDOWS\System32\C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\C:\Program Files\HP\HP Software Update\HPWu C:\WINDOWS\System32\hphmon05C:\HP\KBD\KBD.

07-04-13 Hijack logs Logfile of Hijack This v1.99.1Scan saved at AM, on 4/13/2007Platform: Windows XP SP2 (Win NT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16414)Running processes: C:\WINDOWS\System32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\Program Files\Microsoft Windows One Care Live\Antivirus\Ms Mp C:\WINDOWS\system32\C:\Program Files\Softex\Omni Pass\C:\WINDOWS\C:\Documents and Settings\Owner\Desktop\Hijack R1 - HKCU\Software\Microsoft\Internet Connection Wizard, Shell Next = - HKCU\Software\Microsoft\Windows\Current Version\Internet Settings, Proxy Override = localhost R3 - URLSearch Hook: Yahoo! EXEO4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD. EXEO4 - HKLM\..\Run: [Igfx Tray] C:\WINDOWS\System32\O4 - HKLM\..\Run: [Quick Time Task] "C:\Program Files\Quick Time\qttask.exe" -atboottime O4 - HKLM\..\Run: [i Tunes Helper] "C:\Program Files\i Tunes\i Tunes Helper.exe"O4 - HKLM\..\Run: [Quick Finder Scheduler] "c:\Program Files\Word Perfect Office 11\Programs\QFSCHD110. DLLO20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\Omni Pass\O20 - Winlogon Notify: Wga Logon - C:\WINDOWS\SYSTEM32\Wga O23 - Service: i Pod Service - Apple Computer, Inc. Advision]127.0.0.1 adviva.com127.0.0.1 ads.adviva.net127.0.0.1 adstats.adviva.net127.0.0.1 tracker.#[msvrl.dll]127.0.0.1 banners.affiliatefuel.com127.0.0.1 affiliatetarget.com127.0.0.1 fcds.affiliatetracking.net127.0.0.1 our.affiliatetracking.net127.0.0.1 partner.#[Troj/Subsear-A][Adware-SSF.dr]127.0.0.1 adserver.aim4media.com127.0.0.1 adtest.aim4media.com127.0.0.1 pops.aim4media.com127.0.0.1 crs.akamai.com127.0.0.1 soap.#[Spyware. Auto Startup]127.0.0.1 cploving.#[Trojan Clicker. ]127.0.0.1 perso.estat.com127.0.0.1 prof.estat.com127.0.0.1 Zone site]127.0.0.1 eu-adcenter.net127.0.0.1 thinknyc.eu-adcenter.net127.0.0.1 ugo.#[evidence-eliminator.com]127.0.0.1 Bar][Installer X Class]127.0.0.1 engage.everyone.net127.0.0.1 static.everyone.net127.0.0.1 exitexchange.com127.0.0.1 count.exitexchange.com127.0.0.1 images.exitexchange.com127.0.0.1 Zone site]127.0.0.1 #[EZCyber Search. A]127.0.0.1 net #[Grolier Network]127.0.0.1 micorsoft.com127.0.0.1 hijacker]127.0.0.1 adserver.mindshare.de127.0.0.1 Mini-Player]127.0.0.1 banner.missingkids.com127.0.0.1 ads.monster.com127.0.0.1 adserver.monster.com127.0.0.1 adserver.monster.com127.0.0.1 ads.monstermoving.com127.0.0.1 cookie.monster.com127.0.0.1 mp3today.net127.0.0.1 mpamexit.com127.0.0.1 msgtag.com127.0.0.1 img.#[Restricted Zone site]127.0.0.1 multi1co.uk127.0.0.1 #[Multimpp Obj Class][Adv Ware. Now Box]127.0.0.1 mediatickets.nubela.net127.0.0.1 nz127.0.0.1 okcounter.com127.0.0.1 net #[Trojan. C]127.0.0.1 stat.onestat.com127.0.0.1 one.ru127.0.0.1 ru127.0.0.1 stats0ru127.0.0.1 stats1ru127.0.0.1 stats2ru127.0.0.1 server1.opentracker.net127.0.0.1 ccc00.opinionlab.com127.0.0.1 rate.opinionlab.com127.0.0.1 net127.0.0.1 Organizer Class]127.0.0.1 com127.0.0.1 com127.0.0.1 otx5.otxresearch.com127.0.0.1 otx.#[OTXMedia.dll]127.0.0.1 Class]127.0.0.1 adpopper.#[bargain-buddy.net]127.0.0.1 click.payserve.com127.0.0.1 ad1com127.0.0.1 ad3com127.0.0.1 com127.0.0.1 ad4com127.0.0.1 ads5com127.0.0.1 com127.0.0.1 net127.0.0.1 ads.#[addynamix.com]127.0.0.1 banners.pennyweb.com127.0.0.1 D]127.0.0.1 ads.photosight.ru127.0.0.1 phpadsnew.com127.0.0.1 #[Backdoor.

EXE"O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [One Care UI] "C:\Program Files\Microsoft Windows One Care Live\winssnotify.exe"O4 - HKCU\..\Run: [Backup Notify] c:\Program Files\Hewlett-Packard\Digital Imaging\bin\O4 - HKCU\..\Run: [NVIEW] rundll32nview.dll,n View Load Hook O4 - HKCU\..\Run: [Real Player] "C:\Program Files\Real\Real One Player\realplay.exe" /Run UPGTool Command Re Boot O4 - HKCU\..\Run: [update Mgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\Adobe Update Ac Rd B7_0_9O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\O4 - Startup: Auto O4 - Global Startup: Adobe Reader Speed = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_O4 - Global Startup: HP Digital Imaging = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08O4 - Global Startup: Motorola Wireless USB = ? - C:\Program Files\i Pod\bin\i Pod O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32O23 - Service: Softex Omni Pass Service (omniserv) - Unknown owner - C:\Program Files\Softex\Omni Pass\O23 - Service: Ventrilo - Unknown owner - C:\Program Files\Vent Srv\ventrilo_O23 - Service: Windows Network Log Manage - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\MSInfo\Smit Fraud Fix v2.166Scan done at .25, Fri 04/13/2007Run from C:\Documents and Settings\Owner\Desktop\Smitfraud Fix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NTThe filesystem type is NTFSFix run in safe mode Shared Task Scheduler Before Smit Fraud Fix!!! Alexa][Alexa Toolbar]127.0.0.1 #[Backdoor-CIE]127.0.0.1 ads.as4#[Ticketmaster]127.0.0.1 net127.0.0.1 net127.0.0.1 ads.amazingmedia.com127.0.0.1 bohema.#[Trojan. H]127.0.0.1 adserver04.#[Real Media]127.0.0.1 ads.antionline.com127.0.0.1 net127.0.0.1 banner.arttoday.com127.0.0.1 #[amazon.com]127.0.0.1 #[UCSearch][W32. Surebar]127.0.0.1 ads.ezcybersearch.com127.0.0.1 everyone.net127.0.0.1 Search]127.0.0.1 ads.au127.0.0.1 au127.0.0.1 redirect.au127.0.0.1 campaigns.f2au127.0.0.1 Search][TROJ_STARTPAG. Bi Spy.o]127.0.0.1 mvtracker.com127.0.0.1 mvr3#[Nav Excel\n-CASE]127.0.0.1 #[Parasite. No Adware]127.0.0.1 ad.nobreak.com127.0.0.1 #[spam][server down?

O4 - Global Startup: Quicken Scheduled = C:\Program Files\Quicken\O4 - Global Startup: Updates from = C:\Program Files\Updates from HP\137903\Program\Back Web-137903O8 - Extra context menu item: &Yahoo! Attention, following keys are not inevitably infected!!! Ri Search Shared Task Scheduler's .dll[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Explorer\Shared Task Scheduler]""="frisbee"[HKEY_CLASSES_ROOT\CLSID\\In Proc Server32]@="C:\WINDOWS\system32\ygjun.dll"[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\\In Proc Server32]@="C:\WINDOWS\system32\ygjun.dll" Killing process hosts127.0.0.1 downloads.aaa1#[Bargin Buddy]127.0.0.1 dl.aaascreensavers.com127.0.0.1 abcsearch.com127.0.0.1 admin.abcsearch.com127.0.0.1 www3.#[Browseraid]127.0.0.1 abc517#[Trojan. Nav Excel]127.0.0.1 us127.0.0.1 ads.mydailyhoroscope.net127.0.0.1 Horoscope]127.0.0.1 com127.0.0.1 myhitlogger.com127.0.0.1 #[Parasite. My Page Finder]127.0.0.1 hit.namimedia.com127.0.0.1 ads.nandomedia.com127.0.0.1 #[Adware. Needed Ware]127.0.0.1 www6.netbroadcaster.com127.0.0.1 code.au127.0.0.1 money2.netfirms.com127.0.0.1 partner.netmechanic.com127.0.0.1 tracker.netmechanic.com127.0.0.1 counter.netmore.net127.0.0.1 ads.netsol.com127.0.0.1 ads.uk127.0.0.1 adq.nextag.com127.0.0.1 #[TROJ_DELF.

]]Lm Hosts[[

EXE\"""Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide""One Care UI"="\"C:\\Program Files\\Microsoft Windows One Care Live\\winssnotify.exe\"" [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]"DWQueued Reporting"="\"C:\\PROGRA~1\\COMMON~1\\MICROS~1\\DW\\dwtrig20.exe\" -t"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"Disable Task Mgr"=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]""="frisbee"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]""="Microsoft Anti Malware Shell Execute Hook"HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]"Security Providers"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages REG_MULTI_SZ msv1_0\0\0 Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0 Notification Packages REG_MULTI_SZ scecli\0\0HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\One Care MP [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\Current Version\Svchost]Local Service REG_MULTI_SZ Alerter\0Web Client\0Lm Hosts\0Remote Registry\0upnphost\0SSDPSRV\0\0Network Service REG_MULTI_SZ Dns Cache\0\0rpcss REG_MULTI_SZ Rpc Ss\0\0imgsvc REG_MULTI_SZ Sti Svc\0\0termsvcs REG_MULTI_SZ Term Service\0\0HTTPFilter REG_MULTI_SZ HTTPFilter\0\0Dcom Launch REG_MULTI_SZ Dcom Launch\0Term Service\0\0Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\MP Scheduled Quick C:\WINDOWS\tasks\MP Scheduled C:\WINDOWS\tasks\MP Scheduled Signature C:\WINDOWS\tasks\Symantec Net Detect.job********************************************************************catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006 hidden processes ...scanning hidden services ...scanning hidden autostart entries ...scanning hidden files ..completed successfullyhidden processes: 0hidden services: 0hidden files: 0********************************************************************Completion time: 07-04-13 C:\Combo ... EXEO4 - HKLM\..\Run: [Storage Guard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [Tk Bell Exe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Auto TKit] C:\hp\bin\AUTOTKIT. EXE C:\WINDOWS\System32\Nv Cpl.dll, Nv Startup O4 - HKLM\..\Run: [nwiz] /installquiet /keeploaded /nodetect O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\O4 - HKLM\..\Run: [Alcx Monitor] ALCXMNTR. DLLO18 - Protocol: msnim - - C:\PROGRA~1\MSNMES~1\MSGRAP~1. Adtomi]127.0.0.1 downldcl.adtoolsinc.com127.0.0.1 survey.advantageresearch.com127.0.0.1 ad.tw127.0.0.1 ads.advertise.net127.0.0.1 #[Adware. Arm Bender]127.0.0.1 audiogalaxy.com127.0.0.1 Zone site]127.0.0.1 adserving.autotrader.com127.0.0.1 Moe Money]127.0.0.1 Page-DA]127.0.0.1 c.#[ah-ha.com]127.0.0.1 #[xzoomy.com]127.0.0.1 epeople.com127.0.0.1 errorpage404#[JS_TRAFFICHBAR. Tiny Bar]127.0.0.1 er.errorplace.com127.0.0.1 vipuk.#[123Messenger Hijacker]127.0.0.1 antivirus spyware]127.0.0.1 Page-EZ][server down? Meerhits.nl]127.0.0.1 pokpok.meerhits.nl127.0.0.1 exit.megago.com127.0.0.1 squatter]127.0.0.1 Zone site]127.0.0.1 If so, click it, then click the next icon right below and select "Move incurable". Please copy/paste the content of that report into your next reply.*****************************Launch HJThis,click 'Open the Misc Tools Section'. EXEC:\Program Files\Microsoft Windows One Care Live\Firewall\C:\Program Files\Microsoft Windows One Care Live\C:\Program Files\Softex\Omni Pass\C:\WINDOWS\Explorer. Download Plus]127.0.0.1 ad.tomshardware.com127.0.0.1 #[IEDLL. EXEC:\windows\system\C:\WINDOWS\System32\C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\C:\Program Files\HP\HP Software Update\HPWu C:\WINDOWS\System32\hphmon05C:\HP\KBD\KBD. 07-04-13 Hijack logs Logfile of Hijack This v1.99.1Scan saved at AM, on 4/13/2007Platform: Windows XP SP2 (Win NT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16414)Running processes: C:\WINDOWS\System32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\Program Files\Microsoft Windows One Care Live\Antivirus\Ms Mp C:\WINDOWS\system32\C:\Program Files\Softex\Omni Pass\C:\WINDOWS\C:\Documents and Settings\Owner\Desktop\Hijack R1 - HKCU\Software\Microsoft\Internet Connection Wizard, Shell Next = - HKCU\Software\Microsoft\Windows\Current Version\Internet Settings, Proxy Override = localhost R3 - URLSearch Hook: Yahoo! EXEO4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD. EXEO4 - HKLM\..\Run: [Igfx Tray] C:\WINDOWS\System32\O4 - HKLM\..\Run: [Quick Time Task] "C:\Program Files\Quick Time\qttask.exe" -atboottime O4 - HKLM\..\Run: [i Tunes Helper] "C:\Program Files\i Tunes\i Tunes Helper.exe"O4 - HKLM\..\Run: [Quick Finder Scheduler] "c:\Program Files\Word Perfect Office 11\Programs\QFSCHD110. DLLO20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\Omni Pass\O20 - Winlogon Notify: Wga Logon - C:\WINDOWS\SYSTEM32\Wga O23 - Service: i Pod Service - Apple Computer, Inc. Advision]127.0.0.1 adviva.com127.0.0.1 ads.adviva.net127.0.0.1 adstats.adviva.net127.0.0.1 tracker.#[msvrl.dll]127.0.0.1 banners.affiliatefuel.com127.0.0.1 affiliatetarget.com127.0.0.1 fcds.affiliatetracking.net127.0.0.1 our.affiliatetracking.net127.0.0.1 partner.#[Troj/Subsear-A][Adware-SSF.dr]127.0.0.1 adserver.aim4media.com127.0.0.1 adtest.aim4media.com127.0.0.1 pops.aim4media.com127.0.0.1 crs.akamai.com127.0.0.1 soap.#[Spyware. Auto Startup]127.0.0.1 cploving.#[Trojan Clicker. ]127.0.0.1 perso.estat.com127.0.0.1 prof.estat.com127.0.0.1 Zone site]127.0.0.1 eu-adcenter.net127.0.0.1 thinknyc.eu-adcenter.net127.0.0.1 ugo.#[evidence-eliminator.com]127.0.0.1 Bar][Installer X Class]127.0.0.1 engage.everyone.net127.0.0.1 static.everyone.net127.0.0.1 exitexchange.com127.0.0.1 count.exitexchange.com127.0.0.1 images.exitexchange.com127.0.0.1 Zone site]127.0.0.1 #[EZCyber Search. A]127.0.0.1 net #[Grolier Network]127.0.0.1 micorsoft.com127.0.0.1 hijacker]127.0.0.1 adserver.mindshare.de127.0.0.1 Mini-Player]127.0.0.1 banner.missingkids.com127.0.0.1 ads.monster.com127.0.0.1 adserver.monster.com127.0.0.1 adserver.monster.com127.0.0.1 ads.monstermoving.com127.0.0.1 cookie.monster.com127.0.0.1 mp3today.net127.0.0.1 mpamexit.com127.0.0.1 msgtag.com127.0.0.1 img.#[Restricted Zone site]127.0.0.1 multi1co.uk127.0.0.1 #[Multimpp Obj Class][Adv Ware. Now Box]127.0.0.1 mediatickets.nubela.net127.0.0.1 nz127.0.0.1 okcounter.com127.0.0.1 net #[Trojan. C]127.0.0.1 stat.onestat.com127.0.0.1 one.ru127.0.0.1 ru127.0.0.1 stats0ru127.0.0.1 stats1ru127.0.0.1 stats2ru127.0.0.1 server1.opentracker.net127.0.0.1 ccc00.opinionlab.com127.0.0.1 rate.opinionlab.com127.0.0.1 net127.0.0.1 Organizer Class]127.0.0.1 com127.0.0.1 com127.0.0.1 otx5.otxresearch.com127.0.0.1 otx.#[OTXMedia.dll]127.0.0.1 Class]127.0.0.1 adpopper.#[bargain-buddy.net]127.0.0.1 click.payserve.com127.0.0.1 ad1com127.0.0.1 ad3com127.0.0.1 com127.0.0.1 ad4com127.0.0.1 ads5com127.0.0.1 com127.0.0.1 net127.0.0.1 ads.#[addynamix.com]127.0.0.1 banners.pennyweb.com127.0.0.1 D]127.0.0.1 ads.photosight.ru127.0.0.1 phpadsnew.com127.0.0.1 #[Backdoor. EXE"O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [One Care UI] "C:\Program Files\Microsoft Windows One Care Live\winssnotify.exe"O4 - HKCU\..\Run: [Backup Notify] c:\Program Files\Hewlett-Packard\Digital Imaging\bin\O4 - HKCU\..\Run: [NVIEW] rundll32nview.dll,n View Load Hook O4 - HKCU\..\Run: [Real Player] "C:\Program Files\Real\Real One Player\realplay.exe" /Run UPGTool Command Re Boot O4 - HKCU\..\Run: [update Mgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\Adobe Update Ac Rd B7_0_9O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\O4 - Startup: Auto O4 - Global Startup: Adobe Reader Speed = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_O4 - Global Startup: HP Digital Imaging = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08O4 - Global Startup: Motorola Wireless USB = ? - C:\Program Files\i Pod\bin\i Pod O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32O23 - Service: Softex Omni Pass Service (omniserv) - Unknown owner - C:\Program Files\Softex\Omni Pass\O23 - Service: Ventrilo - Unknown owner - C:\Program Files\Vent Srv\ventrilo_O23 - Service: Windows Network Log Manage - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\MSInfo\Smit Fraud Fix v2.166Scan done at .25, Fri 04/13/2007Run from C:\Documents and Settings\Owner\Desktop\Smitfraud Fix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NTThe filesystem type is NTFSFix run in safe mode Shared Task Scheduler Before Smit Fraud Fix!!! Alexa][Alexa Toolbar]127.0.0.1 #[Backdoor-CIE]127.0.0.1 ads.as4#[Ticketmaster]127.0.0.1 net127.0.0.1 net127.0.0.1 ads.amazingmedia.com127.0.0.1 bohema.#[Trojan. H]127.0.0.1 adserver04.#[Real Media]127.0.0.1 ads.antionline.com127.0.0.1 net127.0.0.1 banner.arttoday.com127.0.0.1 #[amazon.com]127.0.0.1 #[UCSearch][W32. Surebar]127.0.0.1 ads.ezcybersearch.com127.0.0.1 everyone.net127.0.0.1 Search]127.0.0.1 ads.au127.0.0.1 au127.0.0.1 redirect.au127.0.0.1 campaigns.f2au127.0.0.1 Search][TROJ_STARTPAG. Bi Spy.o]127.0.0.1 mvtracker.com127.0.0.1 mvr3#[Nav Excel\n-CASE]127.0.0.1 #[Parasite. No Adware]127.0.0.1 ad.nobreak.com127.0.0.1 #[spam][server down? O4 - Global Startup: Quicken Scheduled = C:\Program Files\Quicken\O4 - Global Startup: Updates from = C:\Program Files\Updates from HP\137903\Program\Back Web-137903O8 - Extra context menu item: &Yahoo! Attention, following keys are not inevitably infected!!! Ri Search Shared Task Scheduler's .dll[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Explorer\Shared Task Scheduler]""="frisbee"[HKEY_CLASSES_ROOT\CLSID\\In Proc Server32]@="C:\WINDOWS\system32\ygjun.dll"[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\\In Proc Server32]@="C:\WINDOWS\system32\ygjun.dll" Killing process hosts127.0.0.1 downloads.aaa1#[Bargin Buddy]127.0.0.1 dl.aaascreensavers.com127.0.0.1 abcsearch.com127.0.0.1 admin.abcsearch.com127.0.0.1 www3.#[Browseraid]127.0.0.1 abc517#[Trojan. Nav Excel]127.0.0.1 us127.0.0.1 ads.mydailyhoroscope.net127.0.0.1 Horoscope]127.0.0.1 com127.0.0.1 myhitlogger.com127.0.0.1 #[Parasite. My Page Finder]127.0.0.1 hit.namimedia.com127.0.0.1 ads.nandomedia.com127.0.0.1 #[Adware. Needed Ware]127.0.0.1 www6.netbroadcaster.com127.0.0.1 code.au127.0.0.1 money2.netfirms.com127.0.0.1 partner.netmechanic.com127.0.0.1 tracker.netmechanic.com127.0.0.1 counter.netmore.net127.0.0.1 ads.netsol.com127.0.0.1 ads.uk127.0.0.1 adq.nextag.com127.0.0.1 #[TROJ_DELF.

||

EXE\"""Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide""One Care UI"="\"C:\\Program Files\\Microsoft Windows One Care Live\\winssnotify.exe\"" [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]"DWQueued Reporting"="\"C:\\PROGRA~1\\COMMON~1\\MICROS~1\\DW\\dwtrig20.exe\" -t"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"Disable Task Mgr"=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]""="frisbee"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]""="Microsoft Anti Malware Shell Execute Hook"HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]"Security Providers"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages REG_MULTI_SZ msv1_0\0\0 Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0 Notification Packages REG_MULTI_SZ scecli\0\0HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\One Care MP [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\Current Version\Svchost]Local Service REG_MULTI_SZ Alerter\0Web Client\0Lm Hosts\0Remote Registry\0upnphost\0SSDPSRV\0\0Network Service REG_MULTI_SZ Dns Cache\0\0rpcss REG_MULTI_SZ Rpc Ss\0\0imgsvc REG_MULTI_SZ Sti Svc\0\0termsvcs REG_MULTI_SZ Term Service\0\0HTTPFilter REG_MULTI_SZ HTTPFilter\0\0Dcom Launch REG_MULTI_SZ Dcom Launch\0Term Service\0\0Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\MP Scheduled Quick C:\WINDOWS\tasks\MP Scheduled C:\WINDOWS\tasks\MP Scheduled Signature C:\WINDOWS\tasks\Symantec Net Detect.job********************************************************************catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006 hidden processes ...scanning hidden services ...scanning hidden autostart entries ...scanning hidden files ..completed successfullyhidden processes: 0hidden services: 0hidden files: 0********************************************************************Completion time: 07-04-13 C:\Combo ... EXEO4 - HKLM\..\Run: [Storage Guard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [Tk Bell Exe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Auto TKit] C:\hp\bin\AUTOTKIT. EXE C:\WINDOWS\System32\Nv Cpl.dll, Nv Startup O4 - HKLM\..\Run: [nwiz] /installquiet /keeploaded /nodetect O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\O4 - HKLM\..\Run: [Alcx Monitor] ALCXMNTR. DLLO18 - Protocol: msnim - - C:\PROGRA~1\MSNMES~1\MSGRAP~1. Adtomi]127.0.0.1 downldcl.adtoolsinc.com127.0.0.1 survey.advantageresearch.com127.0.0.1 ad.tw127.0.0.1 ads.advertise.net127.0.0.1 #[Adware. Arm Bender]127.0.0.1 audiogalaxy.com127.0.0.1 Zone site]127.0.0.1 adserving.autotrader.com127.0.0.1 Moe Money]127.0.0.1 Page-DA]127.0.0.1 c.#[ah-ha.com]127.0.0.1 #[xzoomy.com]127.0.0.1 epeople.com127.0.0.1 errorpage404#[JS_TRAFFICHBAR. Tiny Bar]127.0.0.1 er.errorplace.com127.0.0.1 vipuk.#[123Messenger Hijacker]127.0.0.1 antivirus spyware]127.0.0.1 Page-EZ][server down? Meerhits.nl]127.0.0.1 pokpok.meerhits.nl127.0.0.1 exit.megago.com127.0.0.1 squatter]127.0.0.1 Zone site]127.0.0.1

If so, click it, then click the next icon right below and select "Move incurable". Please copy/paste the content of that report into your next reply.*****************************Launch HJThis,click 'Open the Misc Tools Section'. EXEC:\Program Files\Microsoft Windows One Care Live\Firewall\C:\Program Files\Microsoft Windows One Care Live\C:\Program Files\Softex\Omni Pass\C:\WINDOWS\Explorer. Download Plus]127.0.0.1 ad.tomshardware.com127.0.0.1 #[IEDLL.

EXEC:\windows\system\C:\WINDOWS\System32\C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\C:\Program Files\HP\HP Software Update\HPWu C:\WINDOWS\System32\hphmon05C:\HP\KBD\KBD.

07-04-13 Hijack logs Logfile of Hijack This v1.99.1Scan saved at AM, on 4/13/2007Platform: Windows XP SP2 (Win NT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16414)Running processes: C:\WINDOWS\System32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\Program Files\Microsoft Windows One Care Live\Antivirus\Ms Mp C:\WINDOWS\system32\C:\Program Files\Softex\Omni Pass\C:\WINDOWS\C:\Documents and Settings\Owner\Desktop\Hijack R1 - HKCU\Software\Microsoft\Internet Connection Wizard, Shell Next = - HKCU\Software\Microsoft\Windows\Current Version\Internet Settings, Proxy Override = localhost R3 - URLSearch Hook: Yahoo! EXEO4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD. EXEO4 - HKLM\..\Run: [Igfx Tray] C:\WINDOWS\System32\O4 - HKLM\..\Run: [Quick Time Task] "C:\Program Files\Quick Time\qttask.exe" -atboottime O4 - HKLM\..\Run: [i Tunes Helper] "C:\Program Files\i Tunes\i Tunes Helper.exe"O4 - HKLM\..\Run: [Quick Finder Scheduler] "c:\Program Files\Word Perfect Office 11\Programs\QFSCHD110. DLLO20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\Omni Pass\O20 - Winlogon Notify: Wga Logon - C:\WINDOWS\SYSTEM32\Wga O23 - Service: i Pod Service - Apple Computer, Inc. Advision]127.0.0.1 adviva.com127.0.0.1 ads.adviva.net127.0.0.1 adstats.adviva.net127.0.0.1 tracker.#[msvrl.dll]127.0.0.1 banners.affiliatefuel.com127.0.0.1 affiliatetarget.com127.0.0.1 fcds.affiliatetracking.net127.0.0.1 our.affiliatetracking.net127.0.0.1 partner.#[Troj/Subsear-A][Adware-SSF.dr]127.0.0.1 adserver.aim4media.com127.0.0.1 adtest.aim4media.com127.0.0.1 pops.aim4media.com127.0.0.1 crs.akamai.com127.0.0.1 soap.#[Spyware. Auto Startup]127.0.0.1 cploving.#[Trojan Clicker. ]127.0.0.1 perso.estat.com127.0.0.1 prof.estat.com127.0.0.1 Zone site]127.0.0.1 eu-adcenter.net127.0.0.1 thinknyc.eu-adcenter.net127.0.0.1 ugo.#[evidence-eliminator.com]127.0.0.1 Bar][Installer X Class]127.0.0.1 engage.everyone.net127.0.0.1 static.everyone.net127.0.0.1 exitexchange.com127.0.0.1 count.exitexchange.com127.0.0.1 images.exitexchange.com127.0.0.1 Zone site]127.0.0.1 #[EZCyber Search. A]127.0.0.1 net #[Grolier Network]127.0.0.1 micorsoft.com127.0.0.1 hijacker]127.0.0.1 adserver.mindshare.de127.0.0.1 Mini-Player]127.0.0.1 banner.missingkids.com127.0.0.1 ads.monster.com127.0.0.1 adserver.monster.com127.0.0.1 adserver.monster.com127.0.0.1 ads.monstermoving.com127.0.0.1 cookie.monster.com127.0.0.1 mp3today.net127.0.0.1 mpamexit.com127.0.0.1 msgtag.com127.0.0.1 img.#[Restricted Zone site]127.0.0.1 multi1co.uk127.0.0.1 #[Multimpp Obj Class][Adv Ware. Now Box]127.0.0.1 mediatickets.nubela.net127.0.0.1 nz127.0.0.1 okcounter.com127.0.0.1 net #[Trojan. C]127.0.0.1 stat.onestat.com127.0.0.1 one.ru127.0.0.1 ru127.0.0.1 stats0ru127.0.0.1 stats1ru127.0.0.1 stats2ru127.0.0.1 server1.opentracker.net127.0.0.1 ccc00.opinionlab.com127.0.0.1 rate.opinionlab.com127.0.0.1 net127.0.0.1 Organizer Class]127.0.0.1 com127.0.0.1 com127.0.0.1 otx5.otxresearch.com127.0.0.1 otx.#[OTXMedia.dll]127.0.0.1 Class]127.0.0.1 adpopper.#[bargain-buddy.net]127.0.0.1 click.payserve.com127.0.0.1 ad1com127.0.0.1 ad3com127.0.0.1 com127.0.0.1 ad4com127.0.0.1 ads5com127.0.0.1 com127.0.0.1 net127.0.0.1 ads.#[addynamix.com]127.0.0.1 banners.pennyweb.com127.0.0.1 D]127.0.0.1 ads.photosight.ru127.0.0.1 phpadsnew.com127.0.0.1 #[Backdoor.

EXE"O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [One Care UI] "C:\Program Files\Microsoft Windows One Care Live\winssnotify.exe"O4 - HKCU\..\Run: [Backup Notify] c:\Program Files\Hewlett-Packard\Digital Imaging\bin\O4 - HKCU\..\Run: [NVIEW] rundll32nview.dll,n View Load Hook O4 - HKCU\..\Run: [Real Player] "C:\Program Files\Real\Real One Player\realplay.exe" /Run UPGTool Command Re Boot O4 - HKCU\..\Run: [update Mgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\Adobe Update Ac Rd B7_0_9O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\O4 - Startup: Auto O4 - Global Startup: Adobe Reader Speed = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_O4 - Global Startup: HP Digital Imaging = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08O4 - Global Startup: Motorola Wireless USB = ? - C:\Program Files\i Pod\bin\i Pod O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32O23 - Service: Softex Omni Pass Service (omniserv) - Unknown owner - C:\Program Files\Softex\Omni Pass\O23 - Service: Ventrilo - Unknown owner - C:\Program Files\Vent Srv\ventrilo_O23 - Service: Windows Network Log Manage - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\MSInfo\Smit Fraud Fix v2.166Scan done at .25, Fri 04/13/2007Run from C:\Documents and Settings\Owner\Desktop\Smitfraud Fix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NTThe filesystem type is NTFSFix run in safe mode Shared Task Scheduler Before Smit Fraud Fix!!! Alexa][Alexa Toolbar]127.0.0.1 #[Backdoor-CIE]127.0.0.1 ads.as4#[Ticketmaster]127.0.0.1 net127.0.0.1 net127.0.0.1 ads.amazingmedia.com127.0.0.1 bohema.#[Trojan. H]127.0.0.1 adserver04.#[Real Media]127.0.0.1 ads.antionline.com127.0.0.1 net127.0.0.1 banner.arttoday.com127.0.0.1 #[amazon.com]127.0.0.1 #[UCSearch][W32. Surebar]127.0.0.1 ads.ezcybersearch.com127.0.0.1 everyone.net127.0.0.1 Search]127.0.0.1 ads.au127.0.0.1 au127.0.0.1 redirect.au127.0.0.1 campaigns.f2au127.0.0.1 Search][TROJ_STARTPAG. Bi Spy.o]127.0.0.1 mvtracker.com127.0.0.1 mvr3#[Nav Excel\n-CASE]127.0.0.1 #[Parasite. No Adware]127.0.0.1 ad.nobreak.com127.0.0.1 #[spam][server down?

O4 - Global Startup: Quicken Scheduled = C:\Program Files\Quicken\O4 - Global Startup: Updates from = C:\Program Files\Updates from HP\137903\Program\Back Web-137903O8 - Extra context menu item: &Yahoo! Attention, following keys are not inevitably infected!!! Ri Search Shared Task Scheduler's .dll[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Explorer\Shared Task Scheduler]""="frisbee"[HKEY_CLASSES_ROOT\CLSID\\In Proc Server32]@="C:\WINDOWS\system32\ygjun.dll"[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\\In Proc Server32]@="C:\WINDOWS\system32\ygjun.dll" Killing process hosts127.0.0.1 downloads.aaa1#[Bargin Buddy]127.0.0.1 dl.aaascreensavers.com127.0.0.1 abcsearch.com127.0.0.1 admin.abcsearch.com127.0.0.1 www3.#[Browseraid]127.0.0.1 abc517#[Trojan. Nav Excel]127.0.0.1 us127.0.0.1 ads.mydailyhoroscope.net127.0.0.1 Horoscope]127.0.0.1 com127.0.0.1 myhitlogger.com127.0.0.1 #[Parasite. My Page Finder]127.0.0.1 hit.namimedia.com127.0.0.1 ads.nandomedia.com127.0.0.1 #[Adware. Needed Ware]127.0.0.1 www6.netbroadcaster.com127.0.0.1 code.au127.0.0.1 money2.netfirms.com127.0.0.1 partner.netmechanic.com127.0.0.1 tracker.netmechanic.com127.0.0.1 counter.netmore.net127.0.0.1 ads.netsol.com127.0.0.1 ads.uk127.0.0.1 adq.nextag.com127.0.0.1 #[TROJ_DELF.

]]Remote Registry[[

EXE\"""Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide""One Care UI"="\"C:\\Program Files\\Microsoft Windows One Care Live\\winssnotify.exe\"" [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]"DWQueued Reporting"="\"C:\\PROGRA~1\\COMMON~1\\MICROS~1\\DW\\dwtrig20.exe\" -t"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"Disable Task Mgr"=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]""="frisbee"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]""="Microsoft Anti Malware Shell Execute Hook"HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]"Security Providers"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages REG_MULTI_SZ msv1_0\0\0 Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0 Notification Packages REG_MULTI_SZ scecli\0\0HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\One Care MP [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\Current Version\Svchost]Local Service REG_MULTI_SZ Alerter\0Web Client\0Lm Hosts\0Remote Registry\0upnphost\0SSDPSRV\0\0Network Service REG_MULTI_SZ Dns Cache\0\0rpcss REG_MULTI_SZ Rpc Ss\0\0imgsvc REG_MULTI_SZ Sti Svc\0\0termsvcs REG_MULTI_SZ Term Service\0\0HTTPFilter REG_MULTI_SZ HTTPFilter\0\0Dcom Launch REG_MULTI_SZ Dcom Launch\0Term Service\0\0Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\MP Scheduled Quick C:\WINDOWS\tasks\MP Scheduled C:\WINDOWS\tasks\MP Scheduled Signature C:\WINDOWS\tasks\Symantec Net Detect.job********************************************************************catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006 hidden processes ...scanning hidden services ...scanning hidden autostart entries ...scanning hidden files ..completed successfullyhidden processes: 0hidden services: 0hidden files: 0********************************************************************Completion time: 07-04-13 C:\Combo ... EXEO4 - HKLM\..\Run: [Storage Guard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [Tk Bell Exe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Auto TKit] C:\hp\bin\AUTOTKIT. EXE C:\WINDOWS\System32\Nv Cpl.dll, Nv Startup O4 - HKLM\..\Run: [nwiz] /installquiet /keeploaded /nodetect O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\O4 - HKLM\..\Run: [Alcx Monitor] ALCXMNTR. DLLO18 - Protocol: msnim - - C:\PROGRA~1\MSNMES~1\MSGRAP~1. Adtomi]127.0.0.1 downldcl.adtoolsinc.com127.0.0.1 survey.advantageresearch.com127.0.0.1 ad.tw127.0.0.1 ads.advertise.net127.0.0.1 #[Adware. Arm Bender]127.0.0.1 audiogalaxy.com127.0.0.1 Zone site]127.0.0.1 adserving.autotrader.com127.0.0.1 Moe Money]127.0.0.1 Page-DA]127.0.0.1 c.#[ah-ha.com]127.0.0.1 #[xzoomy.com]127.0.0.1 epeople.com127.0.0.1 errorpage404#[JS_TRAFFICHBAR. Tiny Bar]127.0.0.1 er.errorplace.com127.0.0.1 vipuk.#[123Messenger Hijacker]127.0.0.1 antivirus spyware]127.0.0.1 Page-EZ][server down? Meerhits.nl]127.0.0.1 pokpok.meerhits.nl127.0.0.1 exit.megago.com127.0.0.1 squatter]127.0.0.1 Zone site]127.0.0.1 If so, click it, then click the next icon right below and select "Move incurable". Please copy/paste the content of that report into your next reply.*****************************Launch HJThis,click 'Open the Misc Tools Section'. EXEC:\Program Files\Microsoft Windows One Care Live\Firewall\C:\Program Files\Microsoft Windows One Care Live\C:\Program Files\Softex\Omni Pass\C:\WINDOWS\Explorer. Download Plus]127.0.0.1 ad.tomshardware.com127.0.0.1 #[IEDLL. EXEC:\windows\system\C:\WINDOWS\System32\C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\C:\Program Files\HP\HP Software Update\HPWu C:\WINDOWS\System32\hphmon05C:\HP\KBD\KBD. 07-04-13 Hijack logs Logfile of Hijack This v1.99.1Scan saved at AM, on 4/13/2007Platform: Windows XP SP2 (Win NT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16414)Running processes: C:\WINDOWS\System32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\Program Files\Microsoft Windows One Care Live\Antivirus\Ms Mp C:\WINDOWS\system32\C:\Program Files\Softex\Omni Pass\C:\WINDOWS\C:\Documents and Settings\Owner\Desktop\Hijack R1 - HKCU\Software\Microsoft\Internet Connection Wizard, Shell Next = - HKCU\Software\Microsoft\Windows\Current Version\Internet Settings, Proxy Override = localhost R3 - URLSearch Hook: Yahoo! EXEO4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD. EXEO4 - HKLM\..\Run: [Igfx Tray] C:\WINDOWS\System32\O4 - HKLM\..\Run: [Quick Time Task] "C:\Program Files\Quick Time\qttask.exe" -atboottime O4 - HKLM\..\Run: [i Tunes Helper] "C:\Program Files\i Tunes\i Tunes Helper.exe"O4 - HKLM\..\Run: [Quick Finder Scheduler] "c:\Program Files\Word Perfect Office 11\Programs\QFSCHD110. DLLO20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\Omni Pass\O20 - Winlogon Notify: Wga Logon - C:\WINDOWS\SYSTEM32\Wga O23 - Service: i Pod Service - Apple Computer, Inc. Advision]127.0.0.1 adviva.com127.0.0.1 ads.adviva.net127.0.0.1 adstats.adviva.net127.0.0.1 tracker.#[msvrl.dll]127.0.0.1 banners.affiliatefuel.com127.0.0.1 affiliatetarget.com127.0.0.1 fcds.affiliatetracking.net127.0.0.1 our.affiliatetracking.net127.0.0.1 partner.#[Troj/Subsear-A][Adware-SSF.dr]127.0.0.1 adserver.aim4media.com127.0.0.1 adtest.aim4media.com127.0.0.1 pops.aim4media.com127.0.0.1 crs.akamai.com127.0.0.1 soap.#[Spyware. Auto Startup]127.0.0.1 cploving.#[Trojan Clicker. ]127.0.0.1 perso.estat.com127.0.0.1 prof.estat.com127.0.0.1 Zone site]127.0.0.1 eu-adcenter.net127.0.0.1 thinknyc.eu-adcenter.net127.0.0.1 ugo.#[evidence-eliminator.com]127.0.0.1 Bar][Installer X Class]127.0.0.1 engage.everyone.net127.0.0.1 static.everyone.net127.0.0.1 exitexchange.com127.0.0.1 count.exitexchange.com127.0.0.1 images.exitexchange.com127.0.0.1 Zone site]127.0.0.1 #[EZCyber Search. A]127.0.0.1 net #[Grolier Network]127.0.0.1 micorsoft.com127.0.0.1 hijacker]127.0.0.1 adserver.mindshare.de127.0.0.1 Mini-Player]127.0.0.1 banner.missingkids.com127.0.0.1 ads.monster.com127.0.0.1 adserver.monster.com127.0.0.1 adserver.monster.com127.0.0.1 ads.monstermoving.com127.0.0.1 cookie.monster.com127.0.0.1 mp3today.net127.0.0.1 mpamexit.com127.0.0.1 msgtag.com127.0.0.1 img.#[Restricted Zone site]127.0.0.1 multi1co.uk127.0.0.1 #[Multimpp Obj Class][Adv Ware. Now Box]127.0.0.1 mediatickets.nubela.net127.0.0.1 nz127.0.0.1 okcounter.com127.0.0.1 net #[Trojan. C]127.0.0.1 stat.onestat.com127.0.0.1 one.ru127.0.0.1 ru127.0.0.1 stats0ru127.0.0.1 stats1ru127.0.0.1 stats2ru127.0.0.1 server1.opentracker.net127.0.0.1 ccc00.opinionlab.com127.0.0.1 rate.opinionlab.com127.0.0.1 net127.0.0.1 Organizer Class]127.0.0.1 com127.0.0.1 com127.0.0.1 otx5.otxresearch.com127.0.0.1 otx.#[OTXMedia.dll]127.0.0.1 Class]127.0.0.1 adpopper.#[bargain-buddy.net]127.0.0.1 click.payserve.com127.0.0.1 ad1com127.0.0.1 ad3com127.0.0.1 com127.0.0.1 ad4com127.0.0.1 ads5com127.0.0.1 com127.0.0.1 net127.0.0.1 ads.#[addynamix.com]127.0.0.1 banners.pennyweb.com127.0.0.1 D]127.0.0.1 ads.photosight.ru127.0.0.1 phpadsnew.com127.0.0.1 #[Backdoor. EXE"O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [One Care UI] "C:\Program Files\Microsoft Windows One Care Live\winssnotify.exe"O4 - HKCU\..\Run: [Backup Notify] c:\Program Files\Hewlett-Packard\Digital Imaging\bin\O4 - HKCU\..\Run: [NVIEW] rundll32nview.dll,n View Load Hook O4 - HKCU\..\Run: [Real Player] "C:\Program Files\Real\Real One Player\realplay.exe" /Run UPGTool Command Re Boot O4 - HKCU\..\Run: [update Mgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\Adobe Update Ac Rd B7_0_9O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\O4 - Startup: Auto O4 - Global Startup: Adobe Reader Speed = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_O4 - Global Startup: HP Digital Imaging = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08O4 - Global Startup: Motorola Wireless USB = ? - C:\Program Files\i Pod\bin\i Pod O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32O23 - Service: Softex Omni Pass Service (omniserv) - Unknown owner - C:\Program Files\Softex\Omni Pass\O23 - Service: Ventrilo - Unknown owner - C:\Program Files\Vent Srv\ventrilo_O23 - Service: Windows Network Log Manage - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\MSInfo\Smit Fraud Fix v2.166Scan done at .25, Fri 04/13/2007Run from C:\Documents and Settings\Owner\Desktop\Smitfraud Fix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NTThe filesystem type is NTFSFix run in safe mode Shared Task Scheduler Before Smit Fraud Fix!!! Alexa][Alexa Toolbar]127.0.0.1 #[Backdoor-CIE]127.0.0.1 ads.as4#[Ticketmaster]127.0.0.1 net127.0.0.1 net127.0.0.1 ads.amazingmedia.com127.0.0.1 bohema.#[Trojan. H]127.0.0.1 adserver04.#[Real Media]127.0.0.1 ads.antionline.com127.0.0.1 net127.0.0.1 banner.arttoday.com127.0.0.1 #[amazon.com]127.0.0.1 #[UCSearch][W32. Surebar]127.0.0.1 ads.ezcybersearch.com127.0.0.1 everyone.net127.0.0.1 Search]127.0.0.1 ads.au127.0.0.1 au127.0.0.1 redirect.au127.0.0.1 campaigns.f2au127.0.0.1 Search][TROJ_STARTPAG. Bi Spy.o]127.0.0.1 mvtracker.com127.0.0.1 mvr3#[Nav Excel\n-CASE]127.0.0.1 #[Parasite. No Adware]127.0.0.1 ad.nobreak.com127.0.0.1 #[spam][server down? O4 - Global Startup: Quicken Scheduled = C:\Program Files\Quicken\O4 - Global Startup: Updates from = C:\Program Files\Updates from HP\137903\Program\Back Web-137903O8 - Extra context menu item: &Yahoo! Attention, following keys are not inevitably infected!!! Ri Search Shared Task Scheduler's .dll[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Explorer\Shared Task Scheduler]""="frisbee"[HKEY_CLASSES_ROOT\CLSID\\In Proc Server32]@="C:\WINDOWS\system32\ygjun.dll"[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\\In Proc Server32]@="C:\WINDOWS\system32\ygjun.dll" Killing process hosts127.0.0.1 downloads.aaa1#[Bargin Buddy]127.0.0.1 dl.aaascreensavers.com127.0.0.1 abcsearch.com127.0.0.1 admin.abcsearch.com127.0.0.1 www3.#[Browseraid]127.0.0.1 abc517#[Trojan. Nav Excel]127.0.0.1 us127.0.0.1 ads.mydailyhoroscope.net127.0.0.1 Horoscope]127.0.0.1 com127.0.0.1 myhitlogger.com127.0.0.1 #[Parasite. My Page Finder]127.0.0.1 hit.namimedia.com127.0.0.1 ads.nandomedia.com127.0.0.1 #[Adware. Needed Ware]127.0.0.1 www6.netbroadcaster.com127.0.0.1 code.au127.0.0.1 money2.netfirms.com127.0.0.1 partner.netmechanic.com127.0.0.1 tracker.netmechanic.com127.0.0.1 counter.netmore.net127.0.0.1 ads.netsol.com127.0.0.1 ads.uk127.0.0.1 adq.nextag.com127.0.0.1 #[TROJ_DELF.

||

EXE\"""Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide""One Care UI"="\"C:\\Program Files\\Microsoft Windows One Care Live\\winssnotify.exe\"" [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]"DWQueued Reporting"="\"C:\\PROGRA~1\\COMMON~1\\MICROS~1\\DW\\dwtrig20.exe\" -t"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"Disable Task Mgr"=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]""="frisbee"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]""="Microsoft Anti Malware Shell Execute Hook"HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]"Security Providers"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages REG_MULTI_SZ msv1_0\0\0 Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0 Notification Packages REG_MULTI_SZ scecli\0\0HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\One Care MP [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\Current Version\Svchost]Local Service REG_MULTI_SZ Alerter\0Web Client\0Lm Hosts\0Remote Registry\0upnphost\0SSDPSRV\0\0Network Service REG_MULTI_SZ Dns Cache\0\0rpcss REG_MULTI_SZ Rpc Ss\0\0imgsvc REG_MULTI_SZ Sti Svc\0\0termsvcs REG_MULTI_SZ Term Service\0\0HTTPFilter REG_MULTI_SZ HTTPFilter\0\0Dcom Launch REG_MULTI_SZ Dcom Launch\0Term Service\0\0Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\MP Scheduled Quick C:\WINDOWS\tasks\MP Scheduled C:\WINDOWS\tasks\MP Scheduled Signature C:\WINDOWS\tasks\Symantec Net Detect.job********************************************************************catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006 hidden processes ...scanning hidden services ...scanning hidden autostart entries ...scanning hidden files ..completed successfullyhidden processes: 0hidden services: 0hidden files: 0********************************************************************Completion time: 07-04-13 C:\Combo ... EXEO4 - HKLM\..\Run: [Storage Guard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [Tk Bell Exe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Auto TKit] C:\hp\bin\AUTOTKIT. EXE C:\WINDOWS\System32\Nv Cpl.dll, Nv Startup O4 - HKLM\..\Run: [nwiz] /installquiet /keeploaded /nodetect O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\O4 - HKLM\..\Run: [Alcx Monitor] ALCXMNTR. DLLO18 - Protocol: msnim - - C:\PROGRA~1\MSNMES~1\MSGRAP~1. Adtomi]127.0.0.1 downldcl.adtoolsinc.com127.0.0.1 survey.advantageresearch.com127.0.0.1 ad.tw127.0.0.1 ads.advertise.net127.0.0.1 #[Adware. Arm Bender]127.0.0.1 audiogalaxy.com127.0.0.1 Zone site]127.0.0.1 adserving.autotrader.com127.0.0.1 Moe Money]127.0.0.1 Page-DA]127.0.0.1 c.#[ah-ha.com]127.0.0.1 #[xzoomy.com]127.0.0.1 epeople.com127.0.0.1 errorpage404#[JS_TRAFFICHBAR. Tiny Bar]127.0.0.1 er.errorplace.com127.0.0.1 vipuk.#[123Messenger Hijacker]127.0.0.1 antivirus spyware]127.0.0.1 Page-EZ][server down? Meerhits.nl]127.0.0.1 pokpok.meerhits.nl127.0.0.1 exit.megago.com127.0.0.1 squatter]127.0.0.1 Zone site]127.0.0.1

If so, click it, then click the next icon right below and select "Move incurable". Please copy/paste the content of that report into your next reply.*****************************Launch HJThis,click 'Open the Misc Tools Section'. EXEC:\Program Files\Microsoft Windows One Care Live\Firewall\C:\Program Files\Microsoft Windows One Care Live\C:\Program Files\Softex\Omni Pass\C:\WINDOWS\Explorer. Download Plus]127.0.0.1 ad.tomshardware.com127.0.0.1 #[IEDLL.

EXEC:\windows\system\C:\WINDOWS\System32\C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\C:\Program Files\HP\HP Software Update\HPWu C:\WINDOWS\System32\hphmon05C:\HP\KBD\KBD.

07-04-13 Hijack logs Logfile of Hijack This v1.99.1Scan saved at AM, on 4/13/2007Platform: Windows XP SP2 (Win NT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16414)Running processes: C:\WINDOWS\System32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\Program Files\Microsoft Windows One Care Live\Antivirus\Ms Mp C:\WINDOWS\system32\C:\Program Files\Softex\Omni Pass\C:\WINDOWS\C:\Documents and Settings\Owner\Desktop\Hijack R1 - HKCU\Software\Microsoft\Internet Connection Wizard, Shell Next = - HKCU\Software\Microsoft\Windows\Current Version\Internet Settings, Proxy Override = localhost R3 - URLSearch Hook: Yahoo! EXEO4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD. EXEO4 - HKLM\..\Run: [Igfx Tray] C:\WINDOWS\System32\O4 - HKLM\..\Run: [Quick Time Task] "C:\Program Files\Quick Time\qttask.exe" -atboottime O4 - HKLM\..\Run: [i Tunes Helper] "C:\Program Files\i Tunes\i Tunes Helper.exe"O4 - HKLM\..\Run: [Quick Finder Scheduler] "c:\Program Files\Word Perfect Office 11\Programs\QFSCHD110. DLLO20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\Omni Pass\O20 - Winlogon Notify: Wga Logon - C:\WINDOWS\SYSTEM32\Wga O23 - Service: i Pod Service - Apple Computer, Inc. Advision]127.0.0.1 adviva.com127.0.0.1 ads.adviva.net127.0.0.1 adstats.adviva.net127.0.0.1 tracker.#[msvrl.dll]127.0.0.1 banners.affiliatefuel.com127.0.0.1 affiliatetarget.com127.0.0.1 fcds.affiliatetracking.net127.0.0.1 our.affiliatetracking.net127.0.0.1 partner.#[Troj/Subsear-A][Adware-SSF.dr]127.0.0.1 adserver.aim4media.com127.0.0.1 adtest.aim4media.com127.0.0.1 pops.aim4media.com127.0.0.1 crs.akamai.com127.0.0.1 soap.#[Spyware. Auto Startup]127.0.0.1 cploving.#[Trojan Clicker. ]127.0.0.1 perso.estat.com127.0.0.1 prof.estat.com127.0.0.1 Zone site]127.0.0.1 eu-adcenter.net127.0.0.1 thinknyc.eu-adcenter.net127.0.0.1 ugo.#[evidence-eliminator.com]127.0.0.1 Bar][Installer X Class]127.0.0.1 engage.everyone.net127.0.0.1 static.everyone.net127.0.0.1 exitexchange.com127.0.0.1 count.exitexchange.com127.0.0.1 images.exitexchange.com127.0.0.1 Zone site]127.0.0.1 #[EZCyber Search. A]127.0.0.1 net #[Grolier Network]127.0.0.1 micorsoft.com127.0.0.1 hijacker]127.0.0.1 adserver.mindshare.de127.0.0.1 Mini-Player]127.0.0.1 banner.missingkids.com127.0.0.1 ads.monster.com127.0.0.1 adserver.monster.com127.0.0.1 adserver.monster.com127.0.0.1 ads.monstermoving.com127.0.0.1 cookie.monster.com127.0.0.1 mp3today.net127.0.0.1 mpamexit.com127.0.0.1 msgtag.com127.0.0.1 img.#[Restricted Zone site]127.0.0.1 multi1co.uk127.0.0.1 #[Multimpp Obj Class][Adv Ware. Now Box]127.0.0.1 mediatickets.nubela.net127.0.0.1 nz127.0.0.1 okcounter.com127.0.0.1 net #[Trojan. C]127.0.0.1 stat.onestat.com127.0.0.1 one.ru127.0.0.1 ru127.0.0.1 stats0ru127.0.0.1 stats1ru127.0.0.1 stats2ru127.0.0.1 server1.opentracker.net127.0.0.1 ccc00.opinionlab.com127.0.0.1 rate.opinionlab.com127.0.0.1 net127.0.0.1 Organizer Class]127.0.0.1 com127.0.0.1 com127.0.0.1 otx5.otxresearch.com127.0.0.1 otx.#[OTXMedia.dll]127.0.0.1 Class]127.0.0.1 adpopper.#[bargain-buddy.net]127.0.0.1 click.payserve.com127.0.0.1 ad1com127.0.0.1 ad3com127.0.0.1 com127.0.0.1 ad4com127.0.0.1 ads5com127.0.0.1 com127.0.0.1 net127.0.0.1 ads.#[addynamix.com]127.0.0.1 banners.pennyweb.com127.0.0.1 D]127.0.0.1 ads.photosight.ru127.0.0.1 phpadsnew.com127.0.0.1 #[Backdoor.

EXE"O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [One Care UI] "C:\Program Files\Microsoft Windows One Care Live\winssnotify.exe"O4 - HKCU\..\Run: [Backup Notify] c:\Program Files\Hewlett-Packard\Digital Imaging\bin\O4 - HKCU\..\Run: [NVIEW] rundll32nview.dll,n View Load Hook O4 - HKCU\..\Run: [Real Player] "C:\Program Files\Real\Real One Player\realplay.exe" /Run UPGTool Command Re Boot O4 - HKCU\..\Run: [update Mgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\Adobe Update Ac Rd B7_0_9O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\O4 - Startup: Auto O4 - Global Startup: Adobe Reader Speed = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_O4 - Global Startup: HP Digital Imaging = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08O4 - Global Startup: Motorola Wireless USB = ? - C:\Program Files\i Pod\bin\i Pod O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32O23 - Service: Softex Omni Pass Service (omniserv) - Unknown owner - C:\Program Files\Softex\Omni Pass\O23 - Service: Ventrilo - Unknown owner - C:\Program Files\Vent Srv\ventrilo_O23 - Service: Windows Network Log Manage - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\MSInfo\Smit Fraud Fix v2.166Scan done at .25, Fri 04/13/2007Run from C:\Documents and Settings\Owner\Desktop\Smitfraud Fix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NTThe filesystem type is NTFSFix run in safe mode Shared Task Scheduler Before Smit Fraud Fix!!! Alexa][Alexa Toolbar]127.0.0.1 #[Backdoor-CIE]127.0.0.1 ads.as4#[Ticketmaster]127.0.0.1 net127.0.0.1 net127.0.0.1 ads.amazingmedia.com127.0.0.1 bohema.#[Trojan. H]127.0.0.1 adserver04.#[Real Media]127.0.0.1 ads.antionline.com127.0.0.1 net127.0.0.1 banner.arttoday.com127.0.0.1 #[amazon.com]127.0.0.1 #[UCSearch][W32. Surebar]127.0.0.1 ads.ezcybersearch.com127.0.0.1 everyone.net127.0.0.1 Search]127.0.0.1 ads.au127.0.0.1 au127.0.0.1 redirect.au127.0.0.1 campaigns.f2au127.0.0.1 Search][TROJ_STARTPAG. Bi Spy.o]127.0.0.1 mvtracker.com127.0.0.1 mvr3#[Nav Excel\n-CASE]127.0.0.1 #[Parasite. No Adware]127.0.0.1 ad.nobreak.com127.0.0.1 #[spam][server down?

O4 - Global Startup: Quicken Scheduled = C:\Program Files\Quicken\O4 - Global Startup: Updates from = C:\Program Files\Updates from HP\137903\Program\Back Web-137903O8 - Extra context menu item: &Yahoo! Attention, following keys are not inevitably infected!!! Ri Search Shared Task Scheduler's .dll[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Explorer\Shared Task Scheduler]""="frisbee"[HKEY_CLASSES_ROOT\CLSID\\In Proc Server32]@="C:\WINDOWS\system32\ygjun.dll"[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\\In Proc Server32]@="C:\WINDOWS\system32\ygjun.dll" Killing process hosts127.0.0.1 downloads.aaa1#[Bargin Buddy]127.0.0.1 dl.aaascreensavers.com127.0.0.1 abcsearch.com127.0.0.1 admin.abcsearch.com127.0.0.1 www3.#[Browseraid]127.0.0.1 abc517#[Trojan. Nav Excel]127.0.0.1 us127.0.0.1 ads.mydailyhoroscope.net127.0.0.1 Horoscope]127.0.0.1 com127.0.0.1 myhitlogger.com127.0.0.1 #[Parasite. My Page Finder]127.0.0.1 hit.namimedia.com127.0.0.1 ads.nandomedia.com127.0.0.1 #[Adware. Needed Ware]127.0.0.1 www6.netbroadcaster.com127.0.0.1 code.au127.0.0.1 money2.netfirms.com127.0.0.1 partner.netmechanic.com127.0.0.1 tracker.netmechanic.com127.0.0.1 counter.netmore.net127.0.0.1 ads.netsol.com127.0.0.1 ads.uk127.0.0.1 adq.nextag.com127.0.0.1 #[TROJ_DELF.

]]upnphost[[

EXE\"""Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide""One Care UI"="\"C:\\Program Files\\Microsoft Windows One Care Live\\winssnotify.exe\"" [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]"DWQueued Reporting"="\"C:\\PROGRA~1\\COMMON~1\\MICROS~1\\DW\\dwtrig20.exe\" -t"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"Disable Task Mgr"=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]""="frisbee"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]""="Microsoft Anti Malware Shell Execute Hook"HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]"Security Providers"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages REG_MULTI_SZ msv1_0\0\0 Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0 Notification Packages REG_MULTI_SZ scecli\0\0HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\One Care MP [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\Current Version\Svchost]Local Service REG_MULTI_SZ Alerter\0Web Client\0Lm Hosts\0Remote Registry\0upnphost\0SSDPSRV\0\0Network Service REG_MULTI_SZ Dns Cache\0\0rpcss REG_MULTI_SZ Rpc Ss\0\0imgsvc REG_MULTI_SZ Sti Svc\0\0termsvcs REG_MULTI_SZ Term Service\0\0HTTPFilter REG_MULTI_SZ HTTPFilter\0\0Dcom Launch REG_MULTI_SZ Dcom Launch\0Term Service\0\0Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\MP Scheduled Quick C:\WINDOWS\tasks\MP Scheduled C:\WINDOWS\tasks\MP Scheduled Signature C:\WINDOWS\tasks\Symantec Net Detect.job********************************************************************catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006 hidden processes ...scanning hidden services ...scanning hidden autostart entries ...scanning hidden files ..completed successfullyhidden processes: 0hidden services: 0hidden files: 0********************************************************************Completion time: 07-04-13 C:\Combo ... EXEO4 - HKLM\..\Run: [Storage Guard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [Tk Bell Exe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Auto TKit] C:\hp\bin\AUTOTKIT. EXE C:\WINDOWS\System32\Nv Cpl.dll, Nv Startup O4 - HKLM\..\Run: [nwiz] /installquiet /keeploaded /nodetect O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\O4 - HKLM\..\Run: [Alcx Monitor] ALCXMNTR. DLLO18 - Protocol: msnim - - C:\PROGRA~1\MSNMES~1\MSGRAP~1. Adtomi]127.0.0.1 downldcl.adtoolsinc.com127.0.0.1 survey.advantageresearch.com127.0.0.1 ad.tw127.0.0.1 ads.advertise.net127.0.0.1 #[Adware. Arm Bender]127.0.0.1 audiogalaxy.com127.0.0.1 Zone site]127.0.0.1 adserving.autotrader.com127.0.0.1 Moe Money]127.0.0.1 Page-DA]127.0.0.1 c.#[ah-ha.com]127.0.0.1 #[xzoomy.com]127.0.0.1 epeople.com127.0.0.1 errorpage404#[JS_TRAFFICHBAR. Tiny Bar]127.0.0.1 er.errorplace.com127.0.0.1 vipuk.#[123Messenger Hijacker]127.0.0.1 antivirus spyware]127.0.0.1 Page-EZ][server down? Meerhits.nl]127.0.0.1 pokpok.meerhits.nl127.0.0.1 exit.megago.com127.0.0.1 squatter]127.0.0.1 Zone site]127.0.0.1 If so, click it, then click the next icon right below and select "Move incurable". Please copy/paste the content of that report into your next reply.*****************************Launch HJThis,click 'Open the Misc Tools Section'. EXEC:\Program Files\Microsoft Windows One Care Live\Firewall\C:\Program Files\Microsoft Windows One Care Live\C:\Program Files\Softex\Omni Pass\C:\WINDOWS\Explorer. Download Plus]127.0.0.1 ad.tomshardware.com127.0.0.1 #[IEDLL. EXEC:\windows\system\C:\WINDOWS\System32\C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\C:\Program Files\HP\HP Software Update\HPWu C:\WINDOWS\System32\hphmon05C:\HP\KBD\KBD. 07-04-13 Hijack logs Logfile of Hijack This v1.99.1Scan saved at AM, on 4/13/2007Platform: Windows XP SP2 (Win NT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16414)Running processes: C:\WINDOWS\System32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\Program Files\Microsoft Windows One Care Live\Antivirus\Ms Mp C:\WINDOWS\system32\C:\Program Files\Softex\Omni Pass\C:\WINDOWS\C:\Documents and Settings\Owner\Desktop\Hijack R1 - HKCU\Software\Microsoft\Internet Connection Wizard, Shell Next = - HKCU\Software\Microsoft\Windows\Current Version\Internet Settings, Proxy Override = localhost R3 - URLSearch Hook: Yahoo! EXEO4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD. EXEO4 - HKLM\..\Run: [Igfx Tray] C:\WINDOWS\System32\O4 - HKLM\..\Run: [Quick Time Task] "C:\Program Files\Quick Time\qttask.exe" -atboottime O4 - HKLM\..\Run: [i Tunes Helper] "C:\Program Files\i Tunes\i Tunes Helper.exe"O4 - HKLM\..\Run: [Quick Finder Scheduler] "c:\Program Files\Word Perfect Office 11\Programs\QFSCHD110. DLLO20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\Omni Pass\O20 - Winlogon Notify: Wga Logon - C:\WINDOWS\SYSTEM32\Wga O23 - Service: i Pod Service - Apple Computer, Inc. Advision]127.0.0.1 adviva.com127.0.0.1 ads.adviva.net127.0.0.1 adstats.adviva.net127.0.0.1 tracker.#[msvrl.dll]127.0.0.1 banners.affiliatefuel.com127.0.0.1 affiliatetarget.com127.0.0.1 fcds.affiliatetracking.net127.0.0.1 our.affiliatetracking.net127.0.0.1 partner.#[Troj/Subsear-A][Adware-SSF.dr]127.0.0.1 adserver.aim4media.com127.0.0.1 adtest.aim4media.com127.0.0.1 pops.aim4media.com127.0.0.1 crs.akamai.com127.0.0.1 soap.#[Spyware. Auto Startup]127.0.0.1 cploving.#[Trojan Clicker. ]127.0.0.1 perso.estat.com127.0.0.1 prof.estat.com127.0.0.1 Zone site]127.0.0.1 eu-adcenter.net127.0.0.1 thinknyc.eu-adcenter.net127.0.0.1 ugo.#[evidence-eliminator.com]127.0.0.1 Bar][Installer X Class]127.0.0.1 engage.everyone.net127.0.0.1 static.everyone.net127.0.0.1 exitexchange.com127.0.0.1 count.exitexchange.com127.0.0.1 images.exitexchange.com127.0.0.1 Zone site]127.0.0.1 #[EZCyber Search. A]127.0.0.1 net #[Grolier Network]127.0.0.1 micorsoft.com127.0.0.1 hijacker]127.0.0.1 adserver.mindshare.de127.0.0.1 Mini-Player]127.0.0.1 banner.missingkids.com127.0.0.1 ads.monster.com127.0.0.1 adserver.monster.com127.0.0.1 adserver.monster.com127.0.0.1 ads.monstermoving.com127.0.0.1 cookie.monster.com127.0.0.1 mp3today.net127.0.0.1 mpamexit.com127.0.0.1 msgtag.com127.0.0.1 img.#[Restricted Zone site]127.0.0.1 multi1co.uk127.0.0.1 #[Multimpp Obj Class][Adv Ware. Now Box]127.0.0.1 mediatickets.nubela.net127.0.0.1 nz127.0.0.1 okcounter.com127.0.0.1 net #[Trojan. C]127.0.0.1 stat.onestat.com127.0.0.1 one.ru127.0.0.1 ru127.0.0.1 stats0ru127.0.0.1 stats1ru127.0.0.1 stats2ru127.0.0.1 server1.opentracker.net127.0.0.1 ccc00.opinionlab.com127.0.0.1 rate.opinionlab.com127.0.0.1 net127.0.0.1 Organizer Class]127.0.0.1 com127.0.0.1 com127.0.0.1 otx5.otxresearch.com127.0.0.1 otx.#[OTXMedia.dll]127.0.0.1 Class]127.0.0.1 adpopper.#[bargain-buddy.net]127.0.0.1 click.payserve.com127.0.0.1 ad1com127.0.0.1 ad3com127.0.0.1 com127.0.0.1 ad4com127.0.0.1 ads5com127.0.0.1 com127.0.0.1 net127.0.0.1 ads.#[addynamix.com]127.0.0.1 banners.pennyweb.com127.0.0.1 D]127.0.0.1 ads.photosight.ru127.0.0.1 phpadsnew.com127.0.0.1 #[Backdoor. EXE"O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [One Care UI] "C:\Program Files\Microsoft Windows One Care Live\winssnotify.exe"O4 - HKCU\..\Run: [Backup Notify] c:\Program Files\Hewlett-Packard\Digital Imaging\bin\O4 - HKCU\..\Run: [NVIEW] rundll32nview.dll,n View Load Hook O4 - HKCU\..\Run: [Real Player] "C:\Program Files\Real\Real One Player\realplay.exe" /Run UPGTool Command Re Boot O4 - HKCU\..\Run: [update Mgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\Adobe Update Ac Rd B7_0_9O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\O4 - Startup: Auto O4 - Global Startup: Adobe Reader Speed = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_O4 - Global Startup: HP Digital Imaging = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08O4 - Global Startup: Motorola Wireless USB = ? - C:\Program Files\i Pod\bin\i Pod O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32O23 - Service: Softex Omni Pass Service (omniserv) - Unknown owner - C:\Program Files\Softex\Omni Pass\O23 - Service: Ventrilo - Unknown owner - C:\Program Files\Vent Srv\ventrilo_O23 - Service: Windows Network Log Manage - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\MSInfo\Smit Fraud Fix v2.166Scan done at .25, Fri 04/13/2007Run from C:\Documents and Settings\Owner\Desktop\Smitfraud Fix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NTThe filesystem type is NTFSFix run in safe mode Shared Task Scheduler Before Smit Fraud Fix!!! Alexa][Alexa Toolbar]127.0.0.1 #[Backdoor-CIE]127.0.0.1 ads.as4#[Ticketmaster]127.0.0.1 net127.0.0.1 net127.0.0.1 ads.amazingmedia.com127.0.0.1 bohema.#[Trojan. H]127.0.0.1 adserver04.#[Real Media]127.0.0.1 ads.antionline.com127.0.0.1 net127.0.0.1 banner.arttoday.com127.0.0.1 #[amazon.com]127.0.0.1 #[UCSearch][W32. Surebar]127.0.0.1 ads.ezcybersearch.com127.0.0.1 everyone.net127.0.0.1 Search]127.0.0.1 ads.au127.0.0.1 au127.0.0.1 redirect.au127.0.0.1 campaigns.f2au127.0.0.1 Search][TROJ_STARTPAG. Bi Spy.o]127.0.0.1 mvtracker.com127.0.0.1 mvr3#[Nav Excel\n-CASE]127.0.0.1 #[Parasite. No Adware]127.0.0.1 ad.nobreak.com127.0.0.1 #[spam][server down? O4 - Global Startup: Quicken Scheduled = C:\Program Files\Quicken\O4 - Global Startup: Updates from = C:\Program Files\Updates from HP\137903\Program\Back Web-137903O8 - Extra context menu item: &Yahoo! Attention, following keys are not inevitably infected!!! Ri Search Shared Task Scheduler's .dll[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Explorer\Shared Task Scheduler]""="frisbee"[HKEY_CLASSES_ROOT\CLSID\\In Proc Server32]@="C:\WINDOWS\system32\ygjun.dll"[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\\In Proc Server32]@="C:\WINDOWS\system32\ygjun.dll" Killing process hosts127.0.0.1 downloads.aaa1#[Bargin Buddy]127.0.0.1 dl.aaascreensavers.com127.0.0.1 abcsearch.com127.0.0.1 admin.abcsearch.com127.0.0.1 www3.#[Browseraid]127.0.0.1 abc517#[Trojan. Nav Excel]127.0.0.1 us127.0.0.1 ads.mydailyhoroscope.net127.0.0.1 Horoscope]127.0.0.1 com127.0.0.1 myhitlogger.com127.0.0.1 #[Parasite. My Page Finder]127.0.0.1 hit.namimedia.com127.0.0.1 ads.nandomedia.com127.0.0.1 #[Adware. Needed Ware]127.0.0.1 www6.netbroadcaster.com127.0.0.1 code.au127.0.0.1 money2.netfirms.com127.0.0.1 partner.netmechanic.com127.0.0.1 tracker.netmechanic.com127.0.0.1 counter.netmore.net127.0.0.1 ads.netsol.com127.0.0.1 ads.uk127.0.0.1 adq.nextag.com127.0.0.1 #[TROJ_DELF.

||

EXE\"""Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide""One Care UI"="\"C:\\Program Files\\Microsoft Windows One Care Live\\winssnotify.exe\"" [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]"DWQueued Reporting"="\"C:\\PROGRA~1\\COMMON~1\\MICROS~1\\DW\\dwtrig20.exe\" -t"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"Disable Task Mgr"=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]""="frisbee"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]""="Microsoft Anti Malware Shell Execute Hook"HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]"Security Providers"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages REG_MULTI_SZ msv1_0\0\0 Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0 Notification Packages REG_MULTI_SZ scecli\0\0HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\One Care MP [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\Current Version\Svchost]Local Service REG_MULTI_SZ Alerter\0Web Client\0Lm Hosts\0Remote Registry\0upnphost\0SSDPSRV\0\0Network Service REG_MULTI_SZ Dns Cache\0\0rpcss REG_MULTI_SZ Rpc Ss\0\0imgsvc REG_MULTI_SZ Sti Svc\0\0termsvcs REG_MULTI_SZ Term Service\0\0HTTPFilter REG_MULTI_SZ HTTPFilter\0\0Dcom Launch REG_MULTI_SZ Dcom Launch\0Term Service\0\0Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\MP Scheduled Quick C:\WINDOWS\tasks\MP Scheduled C:\WINDOWS\tasks\MP Scheduled Signature C:\WINDOWS\tasks\Symantec Net Detect.job********************************************************************catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006 hidden processes ...scanning hidden services ...scanning hidden autostart entries ...scanning hidden files ..completed successfullyhidden processes: 0hidden services: 0hidden files: 0********************************************************************Completion time: 07-04-13 C:\Combo ... EXEO4 - HKLM\..\Run: [Storage Guard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [Tk Bell Exe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Auto TKit] C:\hp\bin\AUTOTKIT. EXE C:\WINDOWS\System32\Nv Cpl.dll, Nv Startup O4 - HKLM\..\Run: [nwiz] /installquiet /keeploaded /nodetect O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\O4 - HKLM\..\Run: [Alcx Monitor] ALCXMNTR. DLLO18 - Protocol: msnim - - C:\PROGRA~1\MSNMES~1\MSGRAP~1. Adtomi]127.0.0.1 downldcl.adtoolsinc.com127.0.0.1 survey.advantageresearch.com127.0.0.1 ad.tw127.0.0.1 ads.advertise.net127.0.0.1 #[Adware. Arm Bender]127.0.0.1 audiogalaxy.com127.0.0.1 Zone site]127.0.0.1 adserving.autotrader.com127.0.0.1 Moe Money]127.0.0.1 Page-DA]127.0.0.1 c.#[ah-ha.com]127.0.0.1 #[xzoomy.com]127.0.0.1 epeople.com127.0.0.1 errorpage404#[JS_TRAFFICHBAR. Tiny Bar]127.0.0.1 er.errorplace.com127.0.0.1 vipuk.#[123Messenger Hijacker]127.0.0.1 antivirus spyware]127.0.0.1 Page-EZ][server down? Meerhits.nl]127.0.0.1 pokpok.meerhits.nl127.0.0.1 exit.megago.com127.0.0.1 squatter]127.0.0.1 Zone site]127.0.0.1

If so, click it, then click the next icon right below and select "Move incurable". Please copy/paste the content of that report into your next reply.*****************************Launch HJThis,click 'Open the Misc Tools Section'. EXEC:\Program Files\Microsoft Windows One Care Live\Firewall\C:\Program Files\Microsoft Windows One Care Live\C:\Program Files\Softex\Omni Pass\C:\WINDOWS\Explorer. Download Plus]127.0.0.1 ad.tomshardware.com127.0.0.1 #[IEDLL.

EXEC:\windows\system\C:\WINDOWS\System32\C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\C:\Program Files\HP\HP Software Update\HPWu C:\WINDOWS\System32\hphmon05C:\HP\KBD\KBD.

07-04-13 Hijack logs Logfile of Hijack This v1.99.1Scan saved at AM, on 4/13/2007Platform: Windows XP SP2 (Win NT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16414)Running processes: C:\WINDOWS\System32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\Program Files\Microsoft Windows One Care Live\Antivirus\Ms Mp C:\WINDOWS\system32\C:\Program Files\Softex\Omni Pass\C:\WINDOWS\C:\Documents and Settings\Owner\Desktop\Hijack R1 - HKCU\Software\Microsoft\Internet Connection Wizard, Shell Next = - HKCU\Software\Microsoft\Windows\Current Version\Internet Settings, Proxy Override = localhost R3 - URLSearch Hook: Yahoo! EXEO4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD. EXEO4 - HKLM\..\Run: [Igfx Tray] C:\WINDOWS\System32\O4 - HKLM\..\Run: [Quick Time Task] "C:\Program Files\Quick Time\qttask.exe" -atboottime O4 - HKLM\..\Run: [i Tunes Helper] "C:\Program Files\i Tunes\i Tunes Helper.exe"O4 - HKLM\..\Run: [Quick Finder Scheduler] "c:\Program Files\Word Perfect Office 11\Programs\QFSCHD110. DLLO20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\Omni Pass\O20 - Winlogon Notify: Wga Logon - C:\WINDOWS\SYSTEM32\Wga O23 - Service: i Pod Service - Apple Computer, Inc. Advision]127.0.0.1 adviva.com127.0.0.1 ads.adviva.net127.0.0.1 adstats.adviva.net127.0.0.1 tracker.#[msvrl.dll]127.0.0.1 banners.affiliatefuel.com127.0.0.1 affiliatetarget.com127.0.0.1 fcds.affiliatetracking.net127.0.0.1 our.affiliatetracking.net127.0.0.1 partner.#[Troj/Subsear-A][Adware-SSF.dr]127.0.0.1 adserver.aim4media.com127.0.0.1 adtest.aim4media.com127.0.0.1 pops.aim4media.com127.0.0.1 crs.akamai.com127.0.0.1 soap.#[Spyware. Auto Startup]127.0.0.1 cploving.#[Trojan Clicker. ]127.0.0.1 perso.estat.com127.0.0.1 prof.estat.com127.0.0.1 Zone site]127.0.0.1 eu-adcenter.net127.0.0.1 thinknyc.eu-adcenter.net127.0.0.1 ugo.#[evidence-eliminator.com]127.0.0.1 Bar][Installer X Class]127.0.0.1 engage.everyone.net127.0.0.1 static.everyone.net127.0.0.1 exitexchange.com127.0.0.1 count.exitexchange.com127.0.0.1 images.exitexchange.com127.0.0.1 Zone site]127.0.0.1 #[EZCyber Search. A]127.0.0.1 net #[Grolier Network]127.0.0.1 micorsoft.com127.0.0.1 hijacker]127.0.0.1 adserver.mindshare.de127.0.0.1 Mini-Player]127.0.0.1 banner.missingkids.com127.0.0.1 ads.monster.com127.0.0.1 adserver.monster.com127.0.0.1 adserver.monster.com127.0.0.1 ads.monstermoving.com127.0.0.1 cookie.monster.com127.0.0.1 mp3today.net127.0.0.1 mpamexit.com127.0.0.1 msgtag.com127.0.0.1 img.#[Restricted Zone site]127.0.0.1 multi1co.uk127.0.0.1 #[Multimpp Obj Class][Adv Ware. Now Box]127.0.0.1 mediatickets.nubela.net127.0.0.1 nz127.0.0.1 okcounter.com127.0.0.1 net #[Trojan. C]127.0.0.1 stat.onestat.com127.0.0.1 one.ru127.0.0.1 ru127.0.0.1 stats0ru127.0.0.1 stats1ru127.0.0.1 stats2ru127.0.0.1 server1.opentracker.net127.0.0.1 ccc00.opinionlab.com127.0.0.1 rate.opinionlab.com127.0.0.1 net127.0.0.1 Organizer Class]127.0.0.1 com127.0.0.1 com127.0.0.1 otx5.otxresearch.com127.0.0.1 otx.#[OTXMedia.dll]127.0.0.1 Class]127.0.0.1 adpopper.#[bargain-buddy.net]127.0.0.1 click.payserve.com127.0.0.1 ad1com127.0.0.1 ad3com127.0.0.1 com127.0.0.1 ad4com127.0.0.1 ads5com127.0.0.1 com127.0.0.1 net127.0.0.1 ads.#[addynamix.com]127.0.0.1 banners.pennyweb.com127.0.0.1 D]127.0.0.1 ads.photosight.ru127.0.0.1 phpadsnew.com127.0.0.1 #[Backdoor.

EXE"O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [One Care UI] "C:\Program Files\Microsoft Windows One Care Live\winssnotify.exe"O4 - HKCU\..\Run: [Backup Notify] c:\Program Files\Hewlett-Packard\Digital Imaging\bin\O4 - HKCU\..\Run: [NVIEW] rundll32nview.dll,n View Load Hook O4 - HKCU\..\Run: [Real Player] "C:\Program Files\Real\Real One Player\realplay.exe" /Run UPGTool Command Re Boot O4 - HKCU\..\Run: [update Mgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\Adobe Update Ac Rd B7_0_9O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\O4 - Startup: Auto O4 - Global Startup: Adobe Reader Speed = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_O4 - Global Startup: HP Digital Imaging = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08O4 - Global Startup: Motorola Wireless USB = ? - C:\Program Files\i Pod\bin\i Pod O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32O23 - Service: Softex Omni Pass Service (omniserv) - Unknown owner - C:\Program Files\Softex\Omni Pass\O23 - Service: Ventrilo - Unknown owner - C:\Program Files\Vent Srv\ventrilo_O23 - Service: Windows Network Log Manage - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\MSInfo\Smit Fraud Fix v2.166Scan done at .25, Fri 04/13/2007Run from C:\Documents and Settings\Owner\Desktop\Smitfraud Fix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NTThe filesystem type is NTFSFix run in safe mode Shared Task Scheduler Before Smit Fraud Fix!!! Alexa][Alexa Toolbar]127.0.0.1 #[Backdoor-CIE]127.0.0.1 ads.as4#[Ticketmaster]127.0.0.1 net127.0.0.1 net127.0.0.1 ads.amazingmedia.com127.0.0.1 bohema.#[Trojan. H]127.0.0.1 adserver04.#[Real Media]127.0.0.1 ads.antionline.com127.0.0.1 net127.0.0.1 banner.arttoday.com127.0.0.1 #[amazon.com]127.0.0.1 #[UCSearch][W32. Surebar]127.0.0.1 ads.ezcybersearch.com127.0.0.1 everyone.net127.0.0.1 Search]127.0.0.1 ads.au127.0.0.1 au127.0.0.1 redirect.au127.0.0.1 campaigns.f2au127.0.0.1 Search][TROJ_STARTPAG. Bi Spy.o]127.0.0.1 mvtracker.com127.0.0.1 mvr3#[Nav Excel\n-CASE]127.0.0.1 #[Parasite. No Adware]127.0.0.1 ad.nobreak.com127.0.0.1 #[spam][server down?

O4 - Global Startup: Quicken Scheduled = C:\Program Files\Quicken\O4 - Global Startup: Updates from = C:\Program Files\Updates from HP\137903\Program\Back Web-137903O8 - Extra context menu item: &Yahoo! Attention, following keys are not inevitably infected!!! Ri Search Shared Task Scheduler's .dll[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Explorer\Shared Task Scheduler]""="frisbee"[HKEY_CLASSES_ROOT\CLSID\\In Proc Server32]@="C:\WINDOWS\system32\ygjun.dll"[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\\In Proc Server32]@="C:\WINDOWS\system32\ygjun.dll" Killing process hosts127.0.0.1 downloads.aaa1#[Bargin Buddy]127.0.0.1 dl.aaascreensavers.com127.0.0.1 abcsearch.com127.0.0.1 admin.abcsearch.com127.0.0.1 www3.#[Browseraid]127.0.0.1 abc517#[Trojan. Nav Excel]127.0.0.1 us127.0.0.1 ads.mydailyhoroscope.net127.0.0.1 Horoscope]127.0.0.1 com127.0.0.1 myhitlogger.com127.0.0.1 #[Parasite. My Page Finder]127.0.0.1 hit.namimedia.com127.0.0.1 ads.nandomedia.com127.0.0.1 #[Adware. Needed Ware]127.0.0.1 www6.netbroadcaster.com127.0.0.1 code.au127.0.0.1 money2.netfirms.com127.0.0.1 partner.netmechanic.com127.0.0.1 tracker.netmechanic.com127.0.0.1 counter.netmore.net127.0.0.1 ads.netsol.com127.0.0.1 ads.uk127.0.0.1 adq.nextag.com127.0.0.1 #[TROJ_DELF.

]]SSDPSRV[[

EXE\"""Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide""One Care UI"="\"C:\\Program Files\\Microsoft Windows One Care Live\\winssnotify.exe\"" [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]"DWQueued Reporting"="\"C:\\PROGRA~1\\COMMON~1\\MICROS~1\\DW\\dwtrig20.exe\" -t"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"Disable Task Mgr"=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]""="frisbee"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]""="Microsoft Anti Malware Shell Execute Hook"HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]"Security Providers"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages REG_MULTI_SZ msv1_0\0\0 Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0 Notification Packages REG_MULTI_SZ scecli\0\0HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\One Care MP [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\Current Version\Svchost]Local Service REG_MULTI_SZ Alerter\0Web Client\0Lm Hosts\0Remote Registry\0upnphost\0SSDPSRV\0\0Network Service REG_MULTI_SZ Dns Cache\0\0rpcss REG_MULTI_SZ Rpc Ss\0\0imgsvc REG_MULTI_SZ Sti Svc\0\0termsvcs REG_MULTI_SZ Term Service\0\0HTTPFilter REG_MULTI_SZ HTTPFilter\0\0Dcom Launch REG_MULTI_SZ Dcom Launch\0Term Service\0\0Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\MP Scheduled Quick C:\WINDOWS\tasks\MP Scheduled C:\WINDOWS\tasks\MP Scheduled Signature C:\WINDOWS\tasks\Symantec Net Detect.job********************************************************************catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006 hidden processes ...scanning hidden services ...scanning hidden autostart entries ...scanning hidden files ..completed successfullyhidden processes: 0hidden services: 0hidden files: 0********************************************************************Completion time: 07-04-13 C:\Combo ... EXEO4 - HKLM\..\Run: [Storage Guard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [Tk Bell Exe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Auto TKit] C:\hp\bin\AUTOTKIT. EXE C:\WINDOWS\System32\Nv Cpl.dll, Nv Startup O4 - HKLM\..\Run: [nwiz] /installquiet /keeploaded /nodetect O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\O4 - HKLM\..\Run: [Alcx Monitor] ALCXMNTR. DLLO18 - Protocol: msnim - - C:\PROGRA~1\MSNMES~1\MSGRAP~1. Adtomi]127.0.0.1 downldcl.adtoolsinc.com127.0.0.1 survey.advantageresearch.com127.0.0.1 ad.tw127.0.0.1 ads.advertise.net127.0.0.1 #[Adware. Arm Bender]127.0.0.1 audiogalaxy.com127.0.0.1 Zone site]127.0.0.1 adserving.autotrader.com127.0.0.1 Moe Money]127.0.0.1 Page-DA]127.0.0.1 c.#[ah-ha.com]127.0.0.1 #[xzoomy.com]127.0.0.1 epeople.com127.0.0.1 errorpage404#[JS_TRAFFICHBAR. Tiny Bar]127.0.0.1 er.errorplace.com127.0.0.1 vipuk.#[123Messenger Hijacker]127.0.0.1 antivirus spyware]127.0.0.1 Page-EZ][server down? Meerhits.nl]127.0.0.1 pokpok.meerhits.nl127.0.0.1 exit.megago.com127.0.0.1 squatter]127.0.0.1 Zone site]127.0.0.1 If so, click it, then click the next icon right below and select "Move incurable". Please copy/paste the content of that report into your next reply.*****************************Launch HJThis,click 'Open the Misc Tools Section'. EXEC:\Program Files\Microsoft Windows One Care Live\Firewall\C:\Program Files\Microsoft Windows One Care Live\C:\Program Files\Softex\Omni Pass\C:\WINDOWS\Explorer. Download Plus]127.0.0.1 ad.tomshardware.com127.0.0.1 #[IEDLL. EXEC:\windows\system\C:\WINDOWS\System32\C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\C:\Program Files\HP\HP Software Update\HPWu C:\WINDOWS\System32\hphmon05C:\HP\KBD\KBD. 07-04-13 Hijack logs Logfile of Hijack This v1.99.1Scan saved at AM, on 4/13/2007Platform: Windows XP SP2 (Win NT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16414)Running processes: C:\WINDOWS\System32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\Program Files\Microsoft Windows One Care Live\Antivirus\Ms Mp C:\WINDOWS\system32\C:\Program Files\Softex\Omni Pass\C:\WINDOWS\C:\Documents and Settings\Owner\Desktop\Hijack R1 - HKCU\Software\Microsoft\Internet Connection Wizard, Shell Next = - HKCU\Software\Microsoft\Windows\Current Version\Internet Settings, Proxy Override = localhost R3 - URLSearch Hook: Yahoo! EXEO4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD. EXEO4 - HKLM\..\Run: [Igfx Tray] C:\WINDOWS\System32\O4 - HKLM\..\Run: [Quick Time Task] "C:\Program Files\Quick Time\qttask.exe" -atboottime O4 - HKLM\..\Run: [i Tunes Helper] "C:\Program Files\i Tunes\i Tunes Helper.exe"O4 - HKLM\..\Run: [Quick Finder Scheduler] "c:\Program Files\Word Perfect Office 11\Programs\QFSCHD110. DLLO20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\Omni Pass\O20 - Winlogon Notify: Wga Logon - C:\WINDOWS\SYSTEM32\Wga O23 - Service: i Pod Service - Apple Computer, Inc. Advision]127.0.0.1 adviva.com127.0.0.1 ads.adviva.net127.0.0.1 adstats.adviva.net127.0.0.1 tracker.#[msvrl.dll]127.0.0.1 banners.affiliatefuel.com127.0.0.1 affiliatetarget.com127.0.0.1 fcds.affiliatetracking.net127.0.0.1 our.affiliatetracking.net127.0.0.1 partner.#[Troj/Subsear-A][Adware-SSF.dr]127.0.0.1 adserver.aim4media.com127.0.0.1 adtest.aim4media.com127.0.0.1 pops.aim4media.com127.0.0.1 crs.akamai.com127.0.0.1 soap.#[Spyware. Auto Startup]127.0.0.1 cploving.#[Trojan Clicker. ]127.0.0.1 perso.estat.com127.0.0.1 prof.estat.com127.0.0.1 Zone site]127.0.0.1 eu-adcenter.net127.0.0.1 thinknyc.eu-adcenter.net127.0.0.1 ugo.#[evidence-eliminator.com]127.0.0.1 Bar][Installer X Class]127.0.0.1 engage.everyone.net127.0.0.1 static.everyone.net127.0.0.1 exitexchange.com127.0.0.1 count.exitexchange.com127.0.0.1 images.exitexchange.com127.0.0.1 Zone site]127.0.0.1 #[EZCyber Search. A]127.0.0.1 net #[Grolier Network]127.0.0.1 micorsoft.com127.0.0.1 hijacker]127.0.0.1 adserver.mindshare.de127.0.0.1 Mini-Player]127.0.0.1 banner.missingkids.com127.0.0.1 ads.monster.com127.0.0.1 adserver.monster.com127.0.0.1 adserver.monster.com127.0.0.1 ads.monstermoving.com127.0.0.1 cookie.monster.com127.0.0.1 mp3today.net127.0.0.1 mpamexit.com127.0.0.1 msgtag.com127.0.0.1 img.#[Restricted Zone site]127.0.0.1 multi1co.uk127.0.0.1 #[Multimpp Obj Class][Adv Ware. Now Box]127.0.0.1 mediatickets.nubela.net127.0.0.1 nz127.0.0.1 okcounter.com127.0.0.1 net #[Trojan. C]127.0.0.1 stat.onestat.com127.0.0.1 one.ru127.0.0.1 ru127.0.0.1 stats0ru127.0.0.1 stats1ru127.0.0.1 stats2ru127.0.0.1 server1.opentracker.net127.0.0.1 ccc00.opinionlab.com127.0.0.1 rate.opinionlab.com127.0.0.1 net127.0.0.1 Organizer Class]127.0.0.1 com127.0.0.1 com127.0.0.1 otx5.otxresearch.com127.0.0.1 otx.#[OTXMedia.dll]127.0.0.1 Class]127.0.0.1 adpopper.#[bargain-buddy.net]127.0.0.1 click.payserve.com127.0.0.1 ad1com127.0.0.1 ad3com127.0.0.1 com127.0.0.1 ad4com127.0.0.1 ads5com127.0.0.1 com127.0.0.1 net127.0.0.1 ads.#[addynamix.com]127.0.0.1 banners.pennyweb.com127.0.0.1 D]127.0.0.1 ads.photosight.ru127.0.0.1 phpadsnew.com127.0.0.1 #[Backdoor. EXE"O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [One Care UI] "C:\Program Files\Microsoft Windows One Care Live\winssnotify.exe"O4 - HKCU\..\Run: [Backup Notify] c:\Program Files\Hewlett-Packard\Digital Imaging\bin\O4 - HKCU\..\Run: [NVIEW] rundll32nview.dll,n View Load Hook O4 - HKCU\..\Run: [Real Player] "C:\Program Files\Real\Real One Player\realplay.exe" /Run UPGTool Command Re Boot O4 - HKCU\..\Run: [update Mgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\Adobe Update Ac Rd B7_0_9O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\O4 - Startup: Auto O4 - Global Startup: Adobe Reader Speed = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_O4 - Global Startup: HP Digital Imaging = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08O4 - Global Startup: Motorola Wireless USB = ? - C:\Program Files\i Pod\bin\i Pod O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32O23 - Service: Softex Omni Pass Service (omniserv) - Unknown owner - C:\Program Files\Softex\Omni Pass\O23 - Service: Ventrilo - Unknown owner - C:\Program Files\Vent Srv\ventrilo_O23 - Service: Windows Network Log Manage - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\MSInfo\Smit Fraud Fix v2.166Scan done at .25, Fri 04/13/2007Run from C:\Documents and Settings\Owner\Desktop\Smitfraud Fix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NTThe filesystem type is NTFSFix run in safe mode Shared Task Scheduler Before Smit Fraud Fix!!! Alexa][Alexa Toolbar]127.0.0.1 #[Backdoor-CIE]127.0.0.1 ads.as4#[Ticketmaster]127.0.0.1 net127.0.0.1 net127.0.0.1 ads.amazingmedia.com127.0.0.1 bohema.#[Trojan. H]127.0.0.1 adserver04.#[Real Media]127.0.0.1 ads.antionline.com127.0.0.1 net127.0.0.1 banner.arttoday.com127.0.0.1 #[amazon.com]127.0.0.1 #[UCSearch][W32. Surebar]127.0.0.1 ads.ezcybersearch.com127.0.0.1 everyone.net127.0.0.1 Search]127.0.0.1 ads.au127.0.0.1 au127.0.0.1 redirect.au127.0.0.1 campaigns.f2au127.0.0.1 Search][TROJ_STARTPAG. Bi Spy.o]127.0.0.1 mvtracker.com127.0.0.1 mvr3#[Nav Excel\n-CASE]127.0.0.1 #[Parasite. No Adware]127.0.0.1 ad.nobreak.com127.0.0.1 #[spam][server down? O4 - Global Startup: Quicken Scheduled = C:\Program Files\Quicken\O4 - Global Startup: Updates from = C:\Program Files\Updates from HP\137903\Program\Back Web-137903O8 - Extra context menu item: &Yahoo! Attention, following keys are not inevitably infected!!! Ri Search Shared Task Scheduler's .dll[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Explorer\Shared Task Scheduler]""="frisbee"[HKEY_CLASSES_ROOT\CLSID\\In Proc Server32]@="C:\WINDOWS\system32\ygjun.dll"[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\\In Proc Server32]@="C:\WINDOWS\system32\ygjun.dll" Killing process hosts127.0.0.1 downloads.aaa1#[Bargin Buddy]127.0.0.1 dl.aaascreensavers.com127.0.0.1 abcsearch.com127.0.0.1 admin.abcsearch.com127.0.0.1 www3.#[Browseraid]127.0.0.1 abc517#[Trojan. Nav Excel]127.0.0.1 us127.0.0.1 ads.mydailyhoroscope.net127.0.0.1 Horoscope]127.0.0.1 com127.0.0.1 myhitlogger.com127.0.0.1 #[Parasite. My Page Finder]127.0.0.1 hit.namimedia.com127.0.0.1 ads.nandomedia.com127.0.0.1 #[Adware. Needed Ware]127.0.0.1 www6.netbroadcaster.com127.0.0.1 code.au127.0.0.1 money2.netfirms.com127.0.0.1 partner.netmechanic.com127.0.0.1 tracker.netmechanic.com127.0.0.1 counter.netmore.net127.0.0.1 ads.netsol.com127.0.0.1 ads.uk127.0.0.1 adq.nextag.com127.0.0.1 #[TROJ_DELF.

||

EXE\"""Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide""One Care UI"="\"C:\\Program Files\\Microsoft Windows One Care Live\\winssnotify.exe\"" [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]"DWQueued Reporting"="\"C:\\PROGRA~1\\COMMON~1\\MICROS~1\\DW\\dwtrig20.exe\" -t"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"Disable Task Mgr"=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]""="frisbee"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]""="Microsoft Anti Malware Shell Execute Hook"HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]"Security Providers"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages REG_MULTI_SZ msv1_0\0\0 Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0 Notification Packages REG_MULTI_SZ scecli\0\0HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\One Care MP [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\Current Version\Svchost]Local Service REG_MULTI_SZ Alerter\0Web Client\0Lm Hosts\0Remote Registry\0upnphost\0SSDPSRV\0\0Network Service REG_MULTI_SZ Dns Cache\0\0rpcss REG_MULTI_SZ Rpc Ss\0\0imgsvc REG_MULTI_SZ Sti Svc\0\0termsvcs REG_MULTI_SZ Term Service\0\0HTTPFilter REG_MULTI_SZ HTTPFilter\0\0Dcom Launch REG_MULTI_SZ Dcom Launch\0Term Service\0\0Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\MP Scheduled Quick C:\WINDOWS\tasks\MP Scheduled C:\WINDOWS\tasks\MP Scheduled Signature C:\WINDOWS\tasks\Symantec Net Detect.job********************************************************************catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006 hidden processes ...scanning hidden services ...scanning hidden autostart entries ...scanning hidden files ..completed successfullyhidden processes: 0hidden services: 0hidden files: 0********************************************************************Completion time: 07-04-13 C:\Combo ... EXEO4 - HKLM\..\Run: [Storage Guard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [Tk Bell Exe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Auto TKit] C:\hp\bin\AUTOTKIT. EXE C:\WINDOWS\System32\Nv Cpl.dll, Nv Startup O4 - HKLM\..\Run: [nwiz] /installquiet /keeploaded /nodetect O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\O4 - HKLM\..\Run: [Alcx Monitor] ALCXMNTR. DLLO18 - Protocol: msnim - - C:\PROGRA~1\MSNMES~1\MSGRAP~1. Adtomi]127.0.0.1 downldcl.adtoolsinc.com127.0.0.1 survey.advantageresearch.com127.0.0.1 ad.tw127.0.0.1 ads.advertise.net127.0.0.1 #[Adware. Arm Bender]127.0.0.1 audiogalaxy.com127.0.0.1 Zone site]127.0.0.1 adserving.autotrader.com127.0.0.1 Moe Money]127.0.0.1 Page-DA]127.0.0.1 c.#[ah-ha.com]127.0.0.1 #[xzoomy.com]127.0.0.1 epeople.com127.0.0.1 errorpage404#[JS_TRAFFICHBAR. Tiny Bar]127.0.0.1 er.errorplace.com127.0.0.1 vipuk.#[123Messenger Hijacker]127.0.0.1 antivirus spyware]127.0.0.1 Page-EZ][server down? Meerhits.nl]127.0.0.1 pokpok.meerhits.nl127.0.0.1 exit.megago.com127.0.0.1 squatter]127.0.0.1 Zone site]127.0.0.1

If so, click it, then click the next icon right below and select "Move incurable". Please copy/paste the content of that report into your next reply.*****************************Launch HJThis,click 'Open the Misc Tools Section'. EXEC:\Program Files\Microsoft Windows One Care Live\Firewall\C:\Program Files\Microsoft Windows One Care Live\C:\Program Files\Softex\Omni Pass\C:\WINDOWS\Explorer. Download Plus]127.0.0.1 ad.tomshardware.com127.0.0.1 #[IEDLL.

EXEC:\windows\system\C:\WINDOWS\System32\C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\C:\Program Files\HP\HP Software Update\HPWu C:\WINDOWS\System32\hphmon05C:\HP\KBD\KBD.

07-04-13 Hijack logs Logfile of Hijack This v1.99.1Scan saved at AM, on 4/13/2007Platform: Windows XP SP2 (Win NT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16414)Running processes: C:\WINDOWS\System32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\Program Files\Microsoft Windows One Care Live\Antivirus\Ms Mp C:\WINDOWS\system32\C:\Program Files\Softex\Omni Pass\C:\WINDOWS\C:\Documents and Settings\Owner\Desktop\Hijack R1 - HKCU\Software\Microsoft\Internet Connection Wizard, Shell Next = - HKCU\Software\Microsoft\Windows\Current Version\Internet Settings, Proxy Override = localhost R3 - URLSearch Hook: Yahoo! EXEO4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD. EXEO4 - HKLM\..\Run: [Igfx Tray] C:\WINDOWS\System32\O4 - HKLM\..\Run: [Quick Time Task] "C:\Program Files\Quick Time\qttask.exe" -atboottime O4 - HKLM\..\Run: [i Tunes Helper] "C:\Program Files\i Tunes\i Tunes Helper.exe"O4 - HKLM\..\Run: [Quick Finder Scheduler] "c:\Program Files\Word Perfect Office 11\Programs\QFSCHD110. DLLO20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\Omni Pass\O20 - Winlogon Notify: Wga Logon - C:\WINDOWS\SYSTEM32\Wga O23 - Service: i Pod Service - Apple Computer, Inc. Advision]127.0.0.1 adviva.com127.0.0.1 ads.adviva.net127.0.0.1 adstats.adviva.net127.0.0.1 tracker.#[msvrl.dll]127.0.0.1 banners.affiliatefuel.com127.0.0.1 affiliatetarget.com127.0.0.1 fcds.affiliatetracking.net127.0.0.1 our.affiliatetracking.net127.0.0.1 partner.#[Troj/Subsear-A][Adware-SSF.dr]127.0.0.1 adserver.aim4media.com127.0.0.1 adtest.aim4media.com127.0.0.1 pops.aim4media.com127.0.0.1 crs.akamai.com127.0.0.1 soap.#[Spyware. Auto Startup]127.0.0.1 cploving.#[Trojan Clicker. ]127.0.0.1 perso.estat.com127.0.0.1 prof.estat.com127.0.0.1 Zone site]127.0.0.1 eu-adcenter.net127.0.0.1 thinknyc.eu-adcenter.net127.0.0.1 ugo.#[evidence-eliminator.com]127.0.0.1 Bar][Installer X Class]127.0.0.1 engage.everyone.net127.0.0.1 static.everyone.net127.0.0.1 exitexchange.com127.0.0.1 count.exitexchange.com127.0.0.1 images.exitexchange.com127.0.0.1 Zone site]127.0.0.1 #[EZCyber Search. A]127.0.0.1 net #[Grolier Network]127.0.0.1 micorsoft.com127.0.0.1 hijacker]127.0.0.1 adserver.mindshare.de127.0.0.1 Mini-Player]127.0.0.1 banner.missingkids.com127.0.0.1 ads.monster.com127.0.0.1 adserver.monster.com127.0.0.1 adserver.monster.com127.0.0.1 ads.monstermoving.com127.0.0.1 cookie.monster.com127.0.0.1 mp3today.net127.0.0.1 mpamexit.com127.0.0.1 msgtag.com127.0.0.1 img.#[Restricted Zone site]127.0.0.1 multi1co.uk127.0.0.1 #[Multimpp Obj Class][Adv Ware. Now Box]127.0.0.1 mediatickets.nubela.net127.0.0.1 nz127.0.0.1 okcounter.com127.0.0.1 net #[Trojan. C]127.0.0.1 stat.onestat.com127.0.0.1 one.ru127.0.0.1 ru127.0.0.1 stats0ru127.0.0.1 stats1ru127.0.0.1 stats2ru127.0.0.1 server1.opentracker.net127.0.0.1 ccc00.opinionlab.com127.0.0.1 rate.opinionlab.com127.0.0.1 net127.0.0.1 Organizer Class]127.0.0.1 com127.0.0.1 com127.0.0.1 otx5.otxresearch.com127.0.0.1 otx.#[OTXMedia.dll]127.0.0.1 Class]127.0.0.1 adpopper.#[bargain-buddy.net]127.0.0.1 click.payserve.com127.0.0.1 ad1com127.0.0.1 ad3com127.0.0.1 com127.0.0.1 ad4com127.0.0.1 ads5com127.0.0.1 com127.0.0.1 net127.0.0.1 ads.#[addynamix.com]127.0.0.1 banners.pennyweb.com127.0.0.1 D]127.0.0.1 ads.photosight.ru127.0.0.1 phpadsnew.com127.0.0.1 #[Backdoor.

EXE"O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [One Care UI] "C:\Program Files\Microsoft Windows One Care Live\winssnotify.exe"O4 - HKCU\..\Run: [Backup Notify] c:\Program Files\Hewlett-Packard\Digital Imaging\bin\O4 - HKCU\..\Run: [NVIEW] rundll32nview.dll,n View Load Hook O4 - HKCU\..\Run: [Real Player] "C:\Program Files\Real\Real One Player\realplay.exe" /Run UPGTool Command Re Boot O4 - HKCU\..\Run: [update Mgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\Adobe Update Ac Rd B7_0_9O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\O4 - Startup: Auto O4 - Global Startup: Adobe Reader Speed = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_O4 - Global Startup: HP Digital Imaging = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08O4 - Global Startup: Motorola Wireless USB = ? - C:\Program Files\i Pod\bin\i Pod O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32O23 - Service: Softex Omni Pass Service (omniserv) - Unknown owner - C:\Program Files\Softex\Omni Pass\O23 - Service: Ventrilo - Unknown owner - C:\Program Files\Vent Srv\ventrilo_O23 - Service: Windows Network Log Manage - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\MSInfo\Smit Fraud Fix v2.166Scan done at .25, Fri 04/13/2007Run from C:\Documents and Settings\Owner\Desktop\Smitfraud Fix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NTThe filesystem type is NTFSFix run in safe mode Shared Task Scheduler Before Smit Fraud Fix!!! Alexa][Alexa Toolbar]127.0.0.1 #[Backdoor-CIE]127.0.0.1 ads.as4#[Ticketmaster]127.0.0.1 net127.0.0.1 net127.0.0.1 ads.amazingmedia.com127.0.0.1 bohema.#[Trojan. H]127.0.0.1 adserver04.#[Real Media]127.0.0.1 ads.antionline.com127.0.0.1 net127.0.0.1 banner.arttoday.com127.0.0.1 #[amazon.com]127.0.0.1 #[UCSearch][W32. Surebar]127.0.0.1 ads.ezcybersearch.com127.0.0.1 everyone.net127.0.0.1 Search]127.0.0.1 ads.au127.0.0.1 au127.0.0.1 redirect.au127.0.0.1 campaigns.f2au127.0.0.1 Search][TROJ_STARTPAG. Bi Spy.o]127.0.0.1 mvtracker.com127.0.0.1 mvr3#[Nav Excel\n-CASE]127.0.0.1 #[Parasite. No Adware]127.0.0.1 ad.nobreak.com127.0.0.1 #[spam][server down?

O4 - Global Startup: Quicken Scheduled = C:\Program Files\Quicken\O4 - Global Startup: Updates from = C:\Program Files\Updates from HP\137903\Program\Back Web-137903O8 - Extra context menu item: &Yahoo! Attention, following keys are not inevitably infected!!! Ri Search Shared Task Scheduler's .dll[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Explorer\Shared Task Scheduler]""="frisbee"[HKEY_CLASSES_ROOT\CLSID\\In Proc Server32]@="C:\WINDOWS\system32\ygjun.dll"[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\\In Proc Server32]@="C:\WINDOWS\system32\ygjun.dll" Killing process hosts127.0.0.1 downloads.aaa1#[Bargin Buddy]127.0.0.1 dl.aaascreensavers.com127.0.0.1 abcsearch.com127.0.0.1 admin.abcsearch.com127.0.0.1 www3.#[Browseraid]127.0.0.1 abc517#[Trojan. Nav Excel]127.0.0.1 us127.0.0.1 ads.mydailyhoroscope.net127.0.0.1 Horoscope]127.0.0.1 com127.0.0.1 myhitlogger.com127.0.0.1 #[Parasite. My Page Finder]127.0.0.1 hit.namimedia.com127.0.0.1 ads.nandomedia.com127.0.0.1 #[Adware. Needed Ware]127.0.0.1 www6.netbroadcaster.com127.0.0.1 code.au127.0.0.1 money2.netfirms.com127.0.0.1 partner.netmechanic.com127.0.0.1 tracker.netmechanic.com127.0.0.1 counter.netmore.net127.0.0.1 ads.netsol.com127.0.0.1 ads.uk127.0.0.1 adq.nextag.com127.0.0.1 #[TROJ_DELF.

]][[

EXE\"""Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide""One Care UI"="\"C:\\Program Files\\Microsoft Windows One Care Live\\winssnotify.exe\"" [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]"DWQueued Reporting"="\"C:\\PROGRA~1\\COMMON~1\\MICROS~1\\DW\\dwtrig20.exe\" -t"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"Disable Task Mgr"=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]""="frisbee"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]""="Microsoft Anti Malware Shell Execute Hook"HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]"Security Providers"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages REG_MULTI_SZ msv1_0\0\0 Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0 Notification Packages REG_MULTI_SZ scecli\0\0HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\One Care MP [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\Current Version\Svchost]Local Service REG_MULTI_SZ Alerter\0Web Client\0Lm Hosts\0Remote Registry\0upnphost\0SSDPSRV\0\0Network Service REG_MULTI_SZ Dns Cache\0\0rpcss REG_MULTI_SZ Rpc Ss\0\0imgsvc REG_MULTI_SZ Sti Svc\0\0termsvcs REG_MULTI_SZ Term Service\0\0HTTPFilter REG_MULTI_SZ HTTPFilter\0\0Dcom Launch REG_MULTI_SZ Dcom Launch\0Term Service\0\0Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\MP Scheduled Quick C:\WINDOWS\tasks\MP Scheduled C:\WINDOWS\tasks\MP Scheduled Signature C:\WINDOWS\tasks\Symantec Net Detect.job********************************************************************catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006 hidden processes ...scanning hidden services ...scanning hidden autostart entries ...scanning hidden files ..completed successfullyhidden processes: 0hidden services: 0hidden files: 0********************************************************************Completion time: 07-04-13 C:\Combo ... EXEO4 - HKLM\..\Run: [Storage Guard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [Tk Bell Exe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Auto TKit] C:\hp\bin\AUTOTKIT. EXE C:\WINDOWS\System32\Nv Cpl.dll, Nv Startup O4 - HKLM\..\Run: [nwiz] /installquiet /keeploaded /nodetect O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\O4 - HKLM\..\Run: [Alcx Monitor] ALCXMNTR. DLLO18 - Protocol: msnim - - C:\PROGRA~1\MSNMES~1\MSGRAP~1. Adtomi]127.0.0.1 downldcl.adtoolsinc.com127.0.0.1 survey.advantageresearch.com127.0.0.1 ad.tw127.0.0.1 ads.advertise.net127.0.0.1 #[Adware. Arm Bender]127.0.0.1 audiogalaxy.com127.0.0.1 Zone site]127.0.0.1 adserving.autotrader.com127.0.0.1 Moe Money]127.0.0.1 Page-DA]127.0.0.1 c.#[ah-ha.com]127.0.0.1 #[xzoomy.com]127.0.0.1 epeople.com127.0.0.1 errorpage404#[JS_TRAFFICHBAR. Tiny Bar]127.0.0.1 er.errorplace.com127.0.0.1 vipuk.#[123Messenger Hijacker]127.0.0.1 antivirus spyware]127.0.0.1 Page-EZ][server down? Meerhits.nl]127.0.0.1 pokpok.meerhits.nl127.0.0.1 exit.megago.com127.0.0.1 squatter]127.0.0.1 Zone site]127.0.0.1 If so, click it, then click the next icon right below and select "Move incurable". Please copy/paste the content of that report into your next reply.*****************************Launch HJThis,click 'Open the Misc Tools Section'. EXEC:\Program Files\Microsoft Windows One Care Live\Firewall\C:\Program Files\Microsoft Windows One Care Live\C:\Program Files\Softex\Omni Pass\C:\WINDOWS\Explorer. Download Plus]127.0.0.1 ad.tomshardware.com127.0.0.1 #[IEDLL. EXEC:\windows\system\C:\WINDOWS\System32\C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\C:\Program Files\HP\HP Software Update\HPWu C:\WINDOWS\System32\hphmon05C:\HP\KBD\KBD. 07-04-13 Hijack logs Logfile of Hijack This v1.99.1Scan saved at AM, on 4/13/2007Platform: Windows XP SP2 (Win NT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16414)Running processes: C:\WINDOWS\System32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\Program Files\Microsoft Windows One Care Live\Antivirus\Ms Mp C:\WINDOWS\system32\C:\Program Files\Softex\Omni Pass\C:\WINDOWS\C:\Documents and Settings\Owner\Desktop\Hijack R1 - HKCU\Software\Microsoft\Internet Connection Wizard, Shell Next = - HKCU\Software\Microsoft\Windows\Current Version\Internet Settings, Proxy Override = localhost R3 - URLSearch Hook: Yahoo! EXEO4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD. EXEO4 - HKLM\..\Run: [Igfx Tray] C:\WINDOWS\System32\O4 - HKLM\..\Run: [Quick Time Task] "C:\Program Files\Quick Time\qttask.exe" -atboottime O4 - HKLM\..\Run: [i Tunes Helper] "C:\Program Files\i Tunes\i Tunes Helper.exe"O4 - HKLM\..\Run: [Quick Finder Scheduler] "c:\Program Files\Word Perfect Office 11\Programs\QFSCHD110. DLLO20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\Omni Pass\O20 - Winlogon Notify: Wga Logon - C:\WINDOWS\SYSTEM32\Wga O23 - Service: i Pod Service - Apple Computer, Inc. Advision]127.0.0.1 adviva.com127.0.0.1 ads.adviva.net127.0.0.1 adstats.adviva.net127.0.0.1 tracker.#[msvrl.dll]127.0.0.1 banners.affiliatefuel.com127.0.0.1 affiliatetarget.com127.0.0.1 fcds.affiliatetracking.net127.0.0.1 our.affiliatetracking.net127.0.0.1 partner.#[Troj/Subsear-A][Adware-SSF.dr]127.0.0.1 adserver.aim4media.com127.0.0.1 adtest.aim4media.com127.0.0.1 pops.aim4media.com127.0.0.1 crs.akamai.com127.0.0.1 soap.#[Spyware. Auto Startup]127.0.0.1 cploving.#[Trojan Clicker. ]127.0.0.1 perso.estat.com127.0.0.1 prof.estat.com127.0.0.1 Zone site]127.0.0.1 eu-adcenter.net127.0.0.1 thinknyc.eu-adcenter.net127.0.0.1 ugo.#[evidence-eliminator.com]127.0.0.1 Bar][Installer X Class]127.0.0.1 engage.everyone.net127.0.0.1 static.everyone.net127.0.0.1 exitexchange.com127.0.0.1 count.exitexchange.com127.0.0.1 images.exitexchange.com127.0.0.1 Zone site]127.0.0.1 #[EZCyber Search. A]127.0.0.1 net #[Grolier Network]127.0.0.1 micorsoft.com127.0.0.1 hijacker]127.0.0.1 adserver.mindshare.de127.0.0.1 Mini-Player]127.0.0.1 banner.missingkids.com127.0.0.1 ads.monster.com127.0.0.1 adserver.monster.com127.0.0.1 adserver.monster.com127.0.0.1 ads.monstermoving.com127.0.0.1 cookie.monster.com127.0.0.1 mp3today.net127.0.0.1 mpamexit.com127.0.0.1 msgtag.com127.0.0.1 img.#[Restricted Zone site]127.0.0.1 multi1co.uk127.0.0.1 #[Multimpp Obj Class][Adv Ware. Now Box]127.0.0.1 mediatickets.nubela.net127.0.0.1 nz127.0.0.1 okcounter.com127.0.0.1 net #[Trojan. C]127.0.0.1 stat.onestat.com127.0.0.1 one.ru127.0.0.1 ru127.0.0.1 stats0ru127.0.0.1 stats1ru127.0.0.1 stats2ru127.0.0.1 server1.opentracker.net127.0.0.1 ccc00.opinionlab.com127.0.0.1 rate.opinionlab.com127.0.0.1 net127.0.0.1 Organizer Class]127.0.0.1 com127.0.0.1 com127.0.0.1 otx5.otxresearch.com127.0.0.1 otx.#[OTXMedia.dll]127.0.0.1 Class]127.0.0.1 adpopper.#[bargain-buddy.net]127.0.0.1 click.payserve.com127.0.0.1 ad1com127.0.0.1 ad3com127.0.0.1 com127.0.0.1 ad4com127.0.0.1 ads5com127.0.0.1 com127.0.0.1 net127.0.0.1 ads.#[addynamix.com]127.0.0.1 banners.pennyweb.com127.0.0.1 D]127.0.0.1 ads.photosight.ru127.0.0.1 phpadsnew.com127.0.0.1 #[Backdoor. EXE"O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [One Care UI] "C:\Program Files\Microsoft Windows One Care Live\winssnotify.exe"O4 - HKCU\..\Run: [Backup Notify] c:\Program Files\Hewlett-Packard\Digital Imaging\bin\O4 - HKCU\..\Run: [NVIEW] rundll32nview.dll,n View Load Hook O4 - HKCU\..\Run: [Real Player] "C:\Program Files\Real\Real One Player\realplay.exe" /Run UPGTool Command Re Boot O4 - HKCU\..\Run: [update Mgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\Adobe Update Ac Rd B7_0_9O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\O4 - Startup: Auto O4 - Global Startup: Adobe Reader Speed = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_O4 - Global Startup: HP Digital Imaging = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08O4 - Global Startup: Motorola Wireless USB = ? - C:\Program Files\i Pod\bin\i Pod O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32O23 - Service: Softex Omni Pass Service (omniserv) - Unknown owner - C:\Program Files\Softex\Omni Pass\O23 - Service: Ventrilo - Unknown owner - C:\Program Files\Vent Srv\ventrilo_O23 - Service: Windows Network Log Manage - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\MSInfo\Smit Fraud Fix v2.166Scan done at .25, Fri 04/13/2007Run from C:\Documents and Settings\Owner\Desktop\Smitfraud Fix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NTThe filesystem type is NTFSFix run in safe mode Shared Task Scheduler Before Smit Fraud Fix!!! Alexa][Alexa Toolbar]127.0.0.1 #[Backdoor-CIE]127.0.0.1 ads.as4#[Ticketmaster]127.0.0.1 net127.0.0.1 net127.0.0.1 ads.amazingmedia.com127.0.0.1 bohema.#[Trojan. H]127.0.0.1 adserver04.#[Real Media]127.0.0.1 ads.antionline.com127.0.0.1 net127.0.0.1 banner.arttoday.com127.0.0.1 #[amazon.com]127.0.0.1 #[UCSearch][W32. Surebar]127.0.0.1 ads.ezcybersearch.com127.0.0.1 everyone.net127.0.0.1 Search]127.0.0.1 ads.au127.0.0.1 au127.0.0.1 redirect.au127.0.0.1 campaigns.f2au127.0.0.1 Search][TROJ_STARTPAG. Bi Spy.o]127.0.0.1 mvtracker.com127.0.0.1 mvr3#[Nav Excel\n-CASE]127.0.0.1 #[Parasite. No Adware]127.0.0.1 ad.nobreak.com127.0.0.1 #[spam][server down? O4 - Global Startup: Quicken Scheduled = C:\Program Files\Quicken\O4 - Global Startup: Updates from = C:\Program Files\Updates from HP\137903\Program\Back Web-137903O8 - Extra context menu item: &Yahoo! Attention, following keys are not inevitably infected!!! Ri Search Shared Task Scheduler's .dll[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Explorer\Shared Task Scheduler]""="frisbee"[HKEY_CLASSES_ROOT\CLSID\\In Proc Server32]@="C:\WINDOWS\system32\ygjun.dll"[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\\In Proc Server32]@="C:\WINDOWS\system32\ygjun.dll" Killing process hosts127.0.0.1 downloads.aaa1#[Bargin Buddy]127.0.0.1 dl.aaascreensavers.com127.0.0.1 abcsearch.com127.0.0.1 admin.abcsearch.com127.0.0.1 www3.#[Browseraid]127.0.0.1 abc517#[Trojan. Nav Excel]127.0.0.1 us127.0.0.1 ads.mydailyhoroscope.net127.0.0.1 Horoscope]127.0.0.1 com127.0.0.1 myhitlogger.com127.0.0.1 #[Parasite. My Page Finder]127.0.0.1 hit.namimedia.com127.0.0.1 ads.nandomedia.com127.0.0.1 #[Adware. Needed Ware]127.0.0.1 www6.netbroadcaster.com127.0.0.1 code.au127.0.0.1 money2.netfirms.com127.0.0.1 partner.netmechanic.com127.0.0.1 tracker.netmechanic.com127.0.0.1 counter.netmore.net127.0.0.1 ads.netsol.com127.0.0.1 ads.uk127.0.0.1 adq.nextag.com127.0.0.1 #[TROJ_DELF.

||

EXE\"""Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide""One Care UI"="\"C:\\Program Files\\Microsoft Windows One Care Live\\winssnotify.exe\"" [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]"DWQueued Reporting"="\"C:\\PROGRA~1\\COMMON~1\\MICROS~1\\DW\\dwtrig20.exe\" -t"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"Disable Task Mgr"=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]""="frisbee"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]""="Microsoft Anti Malware Shell Execute Hook"HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]"Security Providers"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages REG_MULTI_SZ msv1_0\0\0 Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0 Notification Packages REG_MULTI_SZ scecli\0\0HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\One Care MP [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\Current Version\Svchost]Local Service REG_MULTI_SZ Alerter\0Web Client\0Lm Hosts\0Remote Registry\0upnphost\0SSDPSRV\0\0Network Service REG_MULTI_SZ Dns Cache\0\0rpcss REG_MULTI_SZ Rpc Ss\0\0imgsvc REG_MULTI_SZ Sti Svc\0\0termsvcs REG_MULTI_SZ Term Service\0\0HTTPFilter REG_MULTI_SZ HTTPFilter\0\0Dcom Launch REG_MULTI_SZ Dcom Launch\0Term Service\0\0Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\MP Scheduled Quick C:\WINDOWS\tasks\MP Scheduled C:\WINDOWS\tasks\MP Scheduled Signature C:\WINDOWS\tasks\Symantec Net Detect.job********************************************************************catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006 hidden processes ...scanning hidden services ...scanning hidden autostart entries ...scanning hidden files ..completed successfullyhidden processes: 0hidden services: 0hidden files: 0********************************************************************Completion time: 07-04-13 C:\Combo ... EXEO4 - HKLM\..\Run: [Storage Guard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [Tk Bell Exe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Auto TKit] C:\hp\bin\AUTOTKIT. EXE C:\WINDOWS\System32\Nv Cpl.dll, Nv Startup O4 - HKLM\..\Run: [nwiz] /installquiet /keeploaded /nodetect O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\O4 - HKLM\..\Run: [Alcx Monitor] ALCXMNTR. DLLO18 - Protocol: msnim - - C:\PROGRA~1\MSNMES~1\MSGRAP~1. Adtomi]127.0.0.1 downldcl.adtoolsinc.com127.0.0.1 survey.advantageresearch.com127.0.0.1 ad.tw127.0.0.1 ads.advertise.net127.0.0.1 #[Adware. Arm Bender]127.0.0.1 audiogalaxy.com127.0.0.1 Zone site]127.0.0.1 adserving.autotrader.com127.0.0.1 Moe Money]127.0.0.1 Page-DA]127.0.0.1 c.#[ah-ha.com]127.0.0.1 #[xzoomy.com]127.0.0.1 epeople.com127.0.0.1 errorpage404#[JS_TRAFFICHBAR. Tiny Bar]127.0.0.1 er.errorplace.com127.0.0.1 vipuk.#[123Messenger Hijacker]127.0.0.1 antivirus spyware]127.0.0.1 Page-EZ][server down? Meerhits.nl]127.0.0.1 pokpok.meerhits.nl127.0.0.1 exit.megago.com127.0.0.1 squatter]127.0.0.1 Zone site]127.0.0.1

If so, click it, then click the next icon right below and select "Move incurable". Please copy/paste the content of that report into your next reply.*****************************Launch HJThis,click 'Open the Misc Tools Section'. EXEC:\Program Files\Microsoft Windows One Care Live\Firewall\C:\Program Files\Microsoft Windows One Care Live\C:\Program Files\Softex\Omni Pass\C:\WINDOWS\Explorer. Download Plus]127.0.0.1 ad.tomshardware.com127.0.0.1 #[IEDLL.

EXEC:\windows\system\C:\WINDOWS\System32\C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\C:\Program Files\HP\HP Software Update\HPWu C:\WINDOWS\System32\hphmon05C:\HP\KBD\KBD.

07-04-13 Hijack logs Logfile of Hijack This v1.99.1Scan saved at AM, on 4/13/2007Platform: Windows XP SP2 (Win NT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16414)Running processes: C:\WINDOWS\System32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\Program Files\Microsoft Windows One Care Live\Antivirus\Ms Mp C:\WINDOWS\system32\C:\Program Files\Softex\Omni Pass\C:\WINDOWS\C:\Documents and Settings\Owner\Desktop\Hijack R1 - HKCU\Software\Microsoft\Internet Connection Wizard, Shell Next = - HKCU\Software\Microsoft\Windows\Current Version\Internet Settings, Proxy Override = localhost R3 - URLSearch Hook: Yahoo! EXEO4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD. EXEO4 - HKLM\..\Run: [Igfx Tray] C:\WINDOWS\System32\O4 - HKLM\..\Run: [Quick Time Task] "C:\Program Files\Quick Time\qttask.exe" -atboottime O4 - HKLM\..\Run: [i Tunes Helper] "C:\Program Files\i Tunes\i Tunes Helper.exe"O4 - HKLM\..\Run: [Quick Finder Scheduler] "c:\Program Files\Word Perfect Office 11\Programs\QFSCHD110. DLLO20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\Omni Pass\O20 - Winlogon Notify: Wga Logon - C:\WINDOWS\SYSTEM32\Wga O23 - Service: i Pod Service - Apple Computer, Inc. Advision]127.0.0.1 adviva.com127.0.0.1 ads.adviva.net127.0.0.1 adstats.adviva.net127.0.0.1 tracker.#[msvrl.dll]127.0.0.1 banners.affiliatefuel.com127.0.0.1 affiliatetarget.com127.0.0.1 fcds.affiliatetracking.net127.0.0.1 our.affiliatetracking.net127.0.0.1 partner.#[Troj/Subsear-A][Adware-SSF.dr]127.0.0.1 adserver.aim4media.com127.0.0.1 adtest.aim4media.com127.0.0.1 pops.aim4media.com127.0.0.1 crs.akamai.com127.0.0.1 soap.#[Spyware. Auto Startup]127.0.0.1 cploving.#[Trojan Clicker. ]127.0.0.1 perso.estat.com127.0.0.1 prof.estat.com127.0.0.1 Zone site]127.0.0.1 eu-adcenter.net127.0.0.1 thinknyc.eu-adcenter.net127.0.0.1 ugo.#[evidence-eliminator.com]127.0.0.1 Bar][Installer X Class]127.0.0.1 engage.everyone.net127.0.0.1 static.everyone.net127.0.0.1 exitexchange.com127.0.0.1 count.exitexchange.com127.0.0.1 images.exitexchange.com127.0.0.1 Zone site]127.0.0.1 #[EZCyber Search. A]127.0.0.1 net #[Grolier Network]127.0.0.1 micorsoft.com127.0.0.1 hijacker]127.0.0.1 adserver.mindshare.de127.0.0.1 Mini-Player]127.0.0.1 banner.missingkids.com127.0.0.1 ads.monster.com127.0.0.1 adserver.monster.com127.0.0.1 adserver.monster.com127.0.0.1 ads.monstermoving.com127.0.0.1 cookie.monster.com127.0.0.1 mp3today.net127.0.0.1 mpamexit.com127.0.0.1 msgtag.com127.0.0.1 img.#[Restricted Zone site]127.0.0.1 multi1co.uk127.0.0.1 #[Multimpp Obj Class][Adv Ware. Now Box]127.0.0.1 mediatickets.nubela.net127.0.0.1 nz127.0.0.1 okcounter.com127.0.0.1 net #[Trojan. C]127.0.0.1 stat.onestat.com127.0.0.1 one.ru127.0.0.1 ru127.0.0.1 stats0ru127.0.0.1 stats1ru127.0.0.1 stats2ru127.0.0.1 server1.opentracker.net127.0.0.1 ccc00.opinionlab.com127.0.0.1 rate.opinionlab.com127.0.0.1 net127.0.0.1 Organizer Class]127.0.0.1 com127.0.0.1 com127.0.0.1 otx5.otxresearch.com127.0.0.1 otx.#[OTXMedia.dll]127.0.0.1 Class]127.0.0.1 adpopper.#[bargain-buddy.net]127.0.0.1 click.payserve.com127.0.0.1 ad1com127.0.0.1 ad3com127.0.0.1 com127.0.0.1 ad4com127.0.0.1 ads5com127.0.0.1 com127.0.0.1 net127.0.0.1 ads.#[addynamix.com]127.0.0.1 banners.pennyweb.com127.0.0.1 D]127.0.0.1 ads.photosight.ru127.0.0.1 phpadsnew.com127.0.0.1 #[Backdoor.

EXE"O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [One Care UI] "C:\Program Files\Microsoft Windows One Care Live\winssnotify.exe"O4 - HKCU\..\Run: [Backup Notify] c:\Program Files\Hewlett-Packard\Digital Imaging\bin\O4 - HKCU\..\Run: [NVIEW] rundll32nview.dll,n View Load Hook O4 - HKCU\..\Run: [Real Player] "C:\Program Files\Real\Real One Player\realplay.exe" /Run UPGTool Command Re Boot O4 - HKCU\..\Run: [update Mgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\Adobe Update Ac Rd B7_0_9O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\O4 - Startup: Auto O4 - Global Startup: Adobe Reader Speed = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_O4 - Global Startup: HP Digital Imaging = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08O4 - Global Startup: Motorola Wireless USB = ? - C:\Program Files\i Pod\bin\i Pod O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32O23 - Service: Softex Omni Pass Service (omniserv) - Unknown owner - C:\Program Files\Softex\Omni Pass\O23 - Service: Ventrilo - Unknown owner - C:\Program Files\Vent Srv\ventrilo_O23 - Service: Windows Network Log Manage - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\MSInfo\Smit Fraud Fix v2.166Scan done at .25, Fri 04/13/2007Run from C:\Documents and Settings\Owner\Desktop\Smitfraud Fix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NTThe filesystem type is NTFSFix run in safe mode Shared Task Scheduler Before Smit Fraud Fix!!! Alexa][Alexa Toolbar]127.0.0.1 #[Backdoor-CIE]127.0.0.1 ads.as4#[Ticketmaster]127.0.0.1 net127.0.0.1 net127.0.0.1 ads.amazingmedia.com127.0.0.1 bohema.#[Trojan. H]127.0.0.1 adserver04.#[Real Media]127.0.0.1 ads.antionline.com127.0.0.1 net127.0.0.1 banner.arttoday.com127.0.0.1 #[amazon.com]127.0.0.1 #[UCSearch][W32. Surebar]127.0.0.1 ads.ezcybersearch.com127.0.0.1 everyone.net127.0.0.1 Search]127.0.0.1 ads.au127.0.0.1 au127.0.0.1 redirect.au127.0.0.1 campaigns.f2au127.0.0.1 Search][TROJ_STARTPAG. Bi Spy.o]127.0.0.1 mvtracker.com127.0.0.1 mvr3#[Nav Excel\n-CASE]127.0.0.1 #[Parasite. No Adware]127.0.0.1 ad.nobreak.com127.0.0.1 #[spam][server down?

O4 - Global Startup: Quicken Scheduled = C:\Program Files\Quicken\O4 - Global Startup: Updates from = C:\Program Files\Updates from HP\137903\Program\Back Web-137903O8 - Extra context menu item: &Yahoo! Attention, following keys are not inevitably infected!!! Ri Search Shared Task Scheduler's .dll[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Explorer\Shared Task Scheduler]""="frisbee"[HKEY_CLASSES_ROOT\CLSID\\In Proc Server32]@="C:\WINDOWS\system32\ygjun.dll"[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\\In Proc Server32]@="C:\WINDOWS\system32\ygjun.dll" Killing process hosts127.0.0.1 downloads.aaa1#[Bargin Buddy]127.0.0.1 dl.aaascreensavers.com127.0.0.1 abcsearch.com127.0.0.1 admin.abcsearch.com127.0.0.1 www3.#[Browseraid]127.0.0.1 abc517#[Trojan. Nav Excel]127.0.0.1 us127.0.0.1 ads.mydailyhoroscope.net127.0.0.1 Horoscope]127.0.0.1 com127.0.0.1 myhitlogger.com127.0.0.1 #[Parasite. My Page Finder]127.0.0.1 hit.namimedia.com127.0.0.1 ads.nandomedia.com127.0.0.1 #[Adware. Needed Ware]127.0.0.1 www6.netbroadcaster.com127.0.0.1 code.au127.0.0.1 money2.netfirms.com127.0.0.1 partner.netmechanic.com127.0.0.1 tracker.netmechanic.com127.0.0.1 counter.netmore.net127.0.0.1 ads.netsol.com127.0.0.1 ads.uk127.0.0.1 adq.nextag.com127.0.0.1 #[TROJ_DELF.

]]Network Service REG_MULTI_SZ Dns Cache[[

EXE\"""Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide""One Care UI"="\"C:\\Program Files\\Microsoft Windows One Care Live\\winssnotify.exe\"" [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]"DWQueued Reporting"="\"C:\\PROGRA~1\\COMMON~1\\MICROS~1\\DW\\dwtrig20.exe\" -t"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"Disable Task Mgr"=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]""="frisbee"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]""="Microsoft Anti Malware Shell Execute Hook"HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]"Security Providers"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages REG_MULTI_SZ msv1_0\0\0 Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0 Notification Packages REG_MULTI_SZ scecli\0\0HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\One Care MP [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\Current Version\Svchost]Local Service REG_MULTI_SZ Alerter\0Web Client\0Lm Hosts\0Remote Registry\0upnphost\0SSDPSRV\0\0Network Service REG_MULTI_SZ Dns Cache\0\0rpcss REG_MULTI_SZ Rpc Ss\0\0imgsvc REG_MULTI_SZ Sti Svc\0\0termsvcs REG_MULTI_SZ Term Service\0\0HTTPFilter REG_MULTI_SZ HTTPFilter\0\0Dcom Launch REG_MULTI_SZ Dcom Launch\0Term Service\0\0Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\MP Scheduled Quick C:\WINDOWS\tasks\MP Scheduled C:\WINDOWS\tasks\MP Scheduled Signature C:\WINDOWS\tasks\Symantec Net Detect.job********************************************************************catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006 hidden processes ...scanning hidden services ...scanning hidden autostart entries ...scanning hidden files ..completed successfullyhidden processes: 0hidden services: 0hidden files: 0********************************************************************Completion time: 07-04-13 C:\Combo ... EXEO4 - HKLM\..\Run: [Storage Guard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [Tk Bell Exe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Auto TKit] C:\hp\bin\AUTOTKIT. EXE C:\WINDOWS\System32\Nv Cpl.dll, Nv Startup O4 - HKLM\..\Run: [nwiz] /installquiet /keeploaded /nodetect O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\O4 - HKLM\..\Run: [Alcx Monitor] ALCXMNTR. DLLO18 - Protocol: msnim - - C:\PROGRA~1\MSNMES~1\MSGRAP~1. Adtomi]127.0.0.1 downldcl.adtoolsinc.com127.0.0.1 survey.advantageresearch.com127.0.0.1 ad.tw127.0.0.1 ads.advertise.net127.0.0.1 #[Adware. Arm Bender]127.0.0.1 audiogalaxy.com127.0.0.1 Zone site]127.0.0.1 adserving.autotrader.com127.0.0.1 Moe Money]127.0.0.1 Page-DA]127.0.0.1 c.#[ah-ha.com]127.0.0.1 #[xzoomy.com]127.0.0.1 epeople.com127.0.0.1 errorpage404#[JS_TRAFFICHBAR. Tiny Bar]127.0.0.1 er.errorplace.com127.0.0.1 vipuk.#[123Messenger Hijacker]127.0.0.1 antivirus spyware]127.0.0.1 Page-EZ][server down? Meerhits.nl]127.0.0.1 pokpok.meerhits.nl127.0.0.1 exit.megago.com127.0.0.1 squatter]127.0.0.1 Zone site]127.0.0.1 If so, click it, then click the next icon right below and select "Move incurable". Please copy/paste the content of that report into your next reply.*****************************Launch HJThis,click 'Open the Misc Tools Section'. EXEC:\Program Files\Microsoft Windows One Care Live\Firewall\C:\Program Files\Microsoft Windows One Care Live\C:\Program Files\Softex\Omni Pass\C:\WINDOWS\Explorer. Download Plus]127.0.0.1 ad.tomshardware.com127.0.0.1 #[IEDLL. EXEC:\windows\system\C:\WINDOWS\System32\C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\C:\Program Files\HP\HP Software Update\HPWu C:\WINDOWS\System32\hphmon05C:\HP\KBD\KBD. 07-04-13 Hijack logs Logfile of Hijack This v1.99.1Scan saved at AM, on 4/13/2007Platform: Windows XP SP2 (Win NT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16414)Running processes: C:\WINDOWS\System32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\Program Files\Microsoft Windows One Care Live\Antivirus\Ms Mp C:\WINDOWS\system32\C:\Program Files\Softex\Omni Pass\C:\WINDOWS\C:\Documents and Settings\Owner\Desktop\Hijack R1 - HKCU\Software\Microsoft\Internet Connection Wizard, Shell Next = - HKCU\Software\Microsoft\Windows\Current Version\Internet Settings, Proxy Override = localhost R3 - URLSearch Hook: Yahoo! EXEO4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD. EXEO4 - HKLM\..\Run: [Igfx Tray] C:\WINDOWS\System32\O4 - HKLM\..\Run: [Quick Time Task] "C:\Program Files\Quick Time\qttask.exe" -atboottime O4 - HKLM\..\Run: [i Tunes Helper] "C:\Program Files\i Tunes\i Tunes Helper.exe"O4 - HKLM\..\Run: [Quick Finder Scheduler] "c:\Program Files\Word Perfect Office 11\Programs\QFSCHD110. DLLO20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\Omni Pass\O20 - Winlogon Notify: Wga Logon - C:\WINDOWS\SYSTEM32\Wga O23 - Service: i Pod Service - Apple Computer, Inc. Advision]127.0.0.1 adviva.com127.0.0.1 ads.adviva.net127.0.0.1 adstats.adviva.net127.0.0.1 tracker.#[msvrl.dll]127.0.0.1 banners.affiliatefuel.com127.0.0.1 affiliatetarget.com127.0.0.1 fcds.affiliatetracking.net127.0.0.1 our.affiliatetracking.net127.0.0.1 partner.#[Troj/Subsear-A][Adware-SSF.dr]127.0.0.1 adserver.aim4media.com127.0.0.1 adtest.aim4media.com127.0.0.1 pops.aim4media.com127.0.0.1 crs.akamai.com127.0.0.1 soap.#[Spyware. Auto Startup]127.0.0.1 cploving.#[Trojan Clicker. ]127.0.0.1 perso.estat.com127.0.0.1 prof.estat.com127.0.0.1 Zone site]127.0.0.1 eu-adcenter.net127.0.0.1 thinknyc.eu-adcenter.net127.0.0.1 ugo.#[evidence-eliminator.com]127.0.0.1 Bar][Installer X Class]127.0.0.1 engage.everyone.net127.0.0.1 static.everyone.net127.0.0.1 exitexchange.com127.0.0.1 count.exitexchange.com127.0.0.1 images.exitexchange.com127.0.0.1 Zone site]127.0.0.1 #[EZCyber Search. A]127.0.0.1 net #[Grolier Network]127.0.0.1 micorsoft.com127.0.0.1 hijacker]127.0.0.1 adserver.mindshare.de127.0.0.1 Mini-Player]127.0.0.1 banner.missingkids.com127.0.0.1 ads.monster.com127.0.0.1 adserver.monster.com127.0.0.1 adserver.monster.com127.0.0.1 ads.monstermoving.com127.0.0.1 cookie.monster.com127.0.0.1 mp3today.net127.0.0.1 mpamexit.com127.0.0.1 msgtag.com127.0.0.1 img.#[Restricted Zone site]127.0.0.1 multi1co.uk127.0.0.1 #[Multimpp Obj Class][Adv Ware. Now Box]127.0.0.1 mediatickets.nubela.net127.0.0.1 nz127.0.0.1 okcounter.com127.0.0.1 net #[Trojan. C]127.0.0.1 stat.onestat.com127.0.0.1 one.ru127.0.0.1 ru127.0.0.1 stats0ru127.0.0.1 stats1ru127.0.0.1 stats2ru127.0.0.1 server1.opentracker.net127.0.0.1 ccc00.opinionlab.com127.0.0.1 rate.opinionlab.com127.0.0.1 net127.0.0.1 Organizer Class]127.0.0.1 com127.0.0.1 com127.0.0.1 otx5.otxresearch.com127.0.0.1 otx.#[OTXMedia.dll]127.0.0.1 Class]127.0.0.1 adpopper.#[bargain-buddy.net]127.0.0.1 click.payserve.com127.0.0.1 ad1com127.0.0.1 ad3com127.0.0.1 com127.0.0.1 ad4com127.0.0.1 ads5com127.0.0.1 com127.0.0.1 net127.0.0.1 ads.#[addynamix.com]127.0.0.1 banners.pennyweb.com127.0.0.1 D]127.0.0.1 ads.photosight.ru127.0.0.1 phpadsnew.com127.0.0.1 #[Backdoor. EXE"O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [One Care UI] "C:\Program Files\Microsoft Windows One Care Live\winssnotify.exe"O4 - HKCU\..\Run: [Backup Notify] c:\Program Files\Hewlett-Packard\Digital Imaging\bin\O4 - HKCU\..\Run: [NVIEW] rundll32nview.dll,n View Load Hook O4 - HKCU\..\Run: [Real Player] "C:\Program Files\Real\Real One Player\realplay.exe" /Run UPGTool Command Re Boot O4 - HKCU\..\Run: [update Mgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\Adobe Update Ac Rd B7_0_9O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\O4 - Startup: Auto O4 - Global Startup: Adobe Reader Speed = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_O4 - Global Startup: HP Digital Imaging = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08O4 - Global Startup: Motorola Wireless USB = ? - C:\Program Files\i Pod\bin\i Pod O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32O23 - Service: Softex Omni Pass Service (omniserv) - Unknown owner - C:\Program Files\Softex\Omni Pass\O23 - Service: Ventrilo - Unknown owner - C:\Program Files\Vent Srv\ventrilo_O23 - Service: Windows Network Log Manage - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\MSInfo\Smit Fraud Fix v2.166Scan done at .25, Fri 04/13/2007Run from C:\Documents and Settings\Owner\Desktop\Smitfraud Fix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NTThe filesystem type is NTFSFix run in safe mode Shared Task Scheduler Before Smit Fraud Fix!!! Alexa][Alexa Toolbar]127.0.0.1 #[Backdoor-CIE]127.0.0.1 ads.as4#[Ticketmaster]127.0.0.1 net127.0.0.1 net127.0.0.1 ads.amazingmedia.com127.0.0.1 bohema.#[Trojan. H]127.0.0.1 adserver04.#[Real Media]127.0.0.1 ads.antionline.com127.0.0.1 net127.0.0.1 banner.arttoday.com127.0.0.1 #[amazon.com]127.0.0.1 #[UCSearch][W32. Surebar]127.0.0.1 ads.ezcybersearch.com127.0.0.1 everyone.net127.0.0.1 Search]127.0.0.1 ads.au127.0.0.1 au127.0.0.1 redirect.au127.0.0.1 campaigns.f2au127.0.0.1 Search][TROJ_STARTPAG. Bi Spy.o]127.0.0.1 mvtracker.com127.0.0.1 mvr3#[Nav Excel\n-CASE]127.0.0.1 #[Parasite. No Adware]127.0.0.1 ad.nobreak.com127.0.0.1 #[spam][server down? O4 - Global Startup: Quicken Scheduled = C:\Program Files\Quicken\O4 - Global Startup: Updates from = C:\Program Files\Updates from HP\137903\Program\Back Web-137903O8 - Extra context menu item: &Yahoo! Attention, following keys are not inevitably infected!!! Ri Search Shared Task Scheduler's .dll[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Explorer\Shared Task Scheduler]""="frisbee"[HKEY_CLASSES_ROOT\CLSID\\In Proc Server32]@="C:\WINDOWS\system32\ygjun.dll"[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\\In Proc Server32]@="C:\WINDOWS\system32\ygjun.dll" Killing process hosts127.0.0.1 downloads.aaa1#[Bargin Buddy]127.0.0.1 dl.aaascreensavers.com127.0.0.1 abcsearch.com127.0.0.1 admin.abcsearch.com127.0.0.1 www3.#[Browseraid]127.0.0.1 abc517#[Trojan. Nav Excel]127.0.0.1 us127.0.0.1 ads.mydailyhoroscope.net127.0.0.1 Horoscope]127.0.0.1 com127.0.0.1 myhitlogger.com127.0.0.1 #[Parasite. My Page Finder]127.0.0.1 hit.namimedia.com127.0.0.1 ads.nandomedia.com127.0.0.1 #[Adware. Needed Ware]127.0.0.1 www6.netbroadcaster.com127.0.0.1 code.au127.0.0.1 money2.netfirms.com127.0.0.1 partner.netmechanic.com127.0.0.1 tracker.netmechanic.com127.0.0.1 counter.netmore.net127.0.0.1 ads.netsol.com127.0.0.1 ads.uk127.0.0.1 adq.nextag.com127.0.0.1 #[TROJ_DELF.

||

EXE\"""Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide""One Care UI"="\"C:\\Program Files\\Microsoft Windows One Care Live\\winssnotify.exe\"" [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]"DWQueued Reporting"="\"C:\\PROGRA~1\\COMMON~1\\MICROS~1\\DW\\dwtrig20.exe\" -t"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"Disable Task Mgr"=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]""="frisbee"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]""="Microsoft Anti Malware Shell Execute Hook"HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]"Security Providers"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages REG_MULTI_SZ msv1_0\0\0 Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0 Notification Packages REG_MULTI_SZ scecli\0\0HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\One Care MP [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\Current Version\Svchost]Local Service REG_MULTI_SZ Alerter\0Web Client\0Lm Hosts\0Remote Registry\0upnphost\0SSDPSRV\0\0Network Service REG_MULTI_SZ Dns Cache\0\0rpcss REG_MULTI_SZ Rpc Ss\0\0imgsvc REG_MULTI_SZ Sti Svc\0\0termsvcs REG_MULTI_SZ Term Service\0\0HTTPFilter REG_MULTI_SZ HTTPFilter\0\0Dcom Launch REG_MULTI_SZ Dcom Launch\0Term Service\0\0Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\MP Scheduled Quick C:\WINDOWS\tasks\MP Scheduled C:\WINDOWS\tasks\MP Scheduled Signature C:\WINDOWS\tasks\Symantec Net Detect.job********************************************************************catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006 hidden processes ...scanning hidden services ...scanning hidden autostart entries ...scanning hidden files ..completed successfullyhidden processes: 0hidden services: 0hidden files: 0********************************************************************Completion time: 07-04-13 C:\Combo ... EXEO4 - HKLM\..\Run: [Storage Guard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [Tk Bell Exe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Auto TKit] C:\hp\bin\AUTOTKIT. EXE C:\WINDOWS\System32\Nv Cpl.dll, Nv Startup O4 - HKLM\..\Run: [nwiz] /installquiet /keeploaded /nodetect O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\O4 - HKLM\..\Run: [Alcx Monitor] ALCXMNTR. DLLO18 - Protocol: msnim - - C:\PROGRA~1\MSNMES~1\MSGRAP~1. Adtomi]127.0.0.1 downldcl.adtoolsinc.com127.0.0.1 survey.advantageresearch.com127.0.0.1 ad.tw127.0.0.1 ads.advertise.net127.0.0.1 #[Adware. Arm Bender]127.0.0.1 audiogalaxy.com127.0.0.1 Zone site]127.0.0.1 adserving.autotrader.com127.0.0.1 Moe Money]127.0.0.1 Page-DA]127.0.0.1 c.#[ah-ha.com]127.0.0.1 #[xzoomy.com]127.0.0.1 epeople.com127.0.0.1 errorpage404#[JS_TRAFFICHBAR. Tiny Bar]127.0.0.1 er.errorplace.com127.0.0.1 vipuk.#[123Messenger Hijacker]127.0.0.1 antivirus spyware]127.0.0.1 Page-EZ][server down? Meerhits.nl]127.0.0.1 pokpok.meerhits.nl127.0.0.1 exit.megago.com127.0.0.1 squatter]127.0.0.1 Zone site]127.0.0.1

If so, click it, then click the next icon right below and select "Move incurable". Please copy/paste the content of that report into your next reply.*****************************Launch HJThis,click 'Open the Misc Tools Section'. EXEC:\Program Files\Microsoft Windows One Care Live\Firewall\C:\Program Files\Microsoft Windows One Care Live\C:\Program Files\Softex\Omni Pass\C:\WINDOWS\Explorer. Download Plus]127.0.0.1 ad.tomshardware.com127.0.0.1 #[IEDLL.

EXEC:\windows\system\C:\WINDOWS\System32\C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\C:\Program Files\HP\HP Software Update\HPWu C:\WINDOWS\System32\hphmon05C:\HP\KBD\KBD.

07-04-13 Hijack logs Logfile of Hijack This v1.99.1Scan saved at AM, on 4/13/2007Platform: Windows XP SP2 (Win NT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16414)Running processes: C:\WINDOWS\System32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\Program Files\Microsoft Windows One Care Live\Antivirus\Ms Mp C:\WINDOWS\system32\C:\Program Files\Softex\Omni Pass\C:\WINDOWS\C:\Documents and Settings\Owner\Desktop\Hijack R1 - HKCU\Software\Microsoft\Internet Connection Wizard, Shell Next = - HKCU\Software\Microsoft\Windows\Current Version\Internet Settings, Proxy Override = localhost R3 - URLSearch Hook: Yahoo! EXEO4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD. EXEO4 - HKLM\..\Run: [Igfx Tray] C:\WINDOWS\System32\O4 - HKLM\..\Run: [Quick Time Task] "C:\Program Files\Quick Time\qttask.exe" -atboottime O4 - HKLM\..\Run: [i Tunes Helper] "C:\Program Files\i Tunes\i Tunes Helper.exe"O4 - HKLM\..\Run: [Quick Finder Scheduler] "c:\Program Files\Word Perfect Office 11\Programs\QFSCHD110. DLLO20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\Omni Pass\O20 - Winlogon Notify: Wga Logon - C:\WINDOWS\SYSTEM32\Wga O23 - Service: i Pod Service - Apple Computer, Inc. Advision]127.0.0.1 adviva.com127.0.0.1 ads.adviva.net127.0.0.1 adstats.adviva.net127.0.0.1 tracker.#[msvrl.dll]127.0.0.1 banners.affiliatefuel.com127.0.0.1 affiliatetarget.com127.0.0.1 fcds.affiliatetracking.net127.0.0.1 our.affiliatetracking.net127.0.0.1 partner.#[Troj/Subsear-A][Adware-SSF.dr]127.0.0.1 adserver.aim4media.com127.0.0.1 adtest.aim4media.com127.0.0.1 pops.aim4media.com127.0.0.1 crs.akamai.com127.0.0.1 soap.#[Spyware. Auto Startup]127.0.0.1 cploving.#[Trojan Clicker. ]127.0.0.1 perso.estat.com127.0.0.1 prof.estat.com127.0.0.1 Zone site]127.0.0.1 eu-adcenter.net127.0.0.1 thinknyc.eu-adcenter.net127.0.0.1 ugo.#[evidence-eliminator.com]127.0.0.1 Bar][Installer X Class]127.0.0.1 engage.everyone.net127.0.0.1 static.everyone.net127.0.0.1 exitexchange.com127.0.0.1 count.exitexchange.com127.0.0.1 images.exitexchange.com127.0.0.1 Zone site]127.0.0.1 #[EZCyber Search. A]127.0.0.1 net #[Grolier Network]127.0.0.1 micorsoft.com127.0.0.1 hijacker]127.0.0.1 adserver.mindshare.de127.0.0.1 Mini-Player]127.0.0.1 banner.missingkids.com127.0.0.1 ads.monster.com127.0.0.1 adserver.monster.com127.0.0.1 adserver.monster.com127.0.0.1 ads.monstermoving.com127.0.0.1 cookie.monster.com127.0.0.1 mp3today.net127.0.0.1 mpamexit.com127.0.0.1 msgtag.com127.0.0.1 img.#[Restricted Zone site]127.0.0.1 multi1co.uk127.0.0.1 #[Multimpp Obj Class][Adv Ware. Now Box]127.0.0.1 mediatickets.nubela.net127.0.0.1 nz127.0.0.1 okcounter.com127.0.0.1 net #[Trojan. C]127.0.0.1 stat.onestat.com127.0.0.1 one.ru127.0.0.1 ru127.0.0.1 stats0ru127.0.0.1 stats1ru127.0.0.1 stats2ru127.0.0.1 server1.opentracker.net127.0.0.1 ccc00.opinionlab.com127.0.0.1 rate.opinionlab.com127.0.0.1 net127.0.0.1 Organizer Class]127.0.0.1 com127.0.0.1 com127.0.0.1 otx5.otxresearch.com127.0.0.1 otx.#[OTXMedia.dll]127.0.0.1 Class]127.0.0.1 adpopper.#[bargain-buddy.net]127.0.0.1 click.payserve.com127.0.0.1 ad1com127.0.0.1 ad3com127.0.0.1 com127.0.0.1 ad4com127.0.0.1 ads5com127.0.0.1 com127.0.0.1 net127.0.0.1 ads.#[addynamix.com]127.0.0.1 banners.pennyweb.com127.0.0.1 D]127.0.0.1 ads.photosight.ru127.0.0.1 phpadsnew.com127.0.0.1 #[Backdoor.

EXE"O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [One Care UI] "C:\Program Files\Microsoft Windows One Care Live\winssnotify.exe"O4 - HKCU\..\Run: [Backup Notify] c:\Program Files\Hewlett-Packard\Digital Imaging\bin\O4 - HKCU\..\Run: [NVIEW] rundll32nview.dll,n View Load Hook O4 - HKCU\..\Run: [Real Player] "C:\Program Files\Real\Real One Player\realplay.exe" /Run UPGTool Command Re Boot O4 - HKCU\..\Run: [update Mgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\Adobe Update Ac Rd B7_0_9O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\O4 - Startup: Auto O4 - Global Startup: Adobe Reader Speed = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_O4 - Global Startup: HP Digital Imaging = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08O4 - Global Startup: Motorola Wireless USB = ? - C:\Program Files\i Pod\bin\i Pod O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32O23 - Service: Softex Omni Pass Service (omniserv) - Unknown owner - C:\Program Files\Softex\Omni Pass\O23 - Service: Ventrilo - Unknown owner - C:\Program Files\Vent Srv\ventrilo_O23 - Service: Windows Network Log Manage - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\MSInfo\Smit Fraud Fix v2.166Scan done at .25, Fri 04/13/2007Run from C:\Documents and Settings\Owner\Desktop\Smitfraud Fix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NTThe filesystem type is NTFSFix run in safe mode Shared Task Scheduler Before Smit Fraud Fix!!! Alexa][Alexa Toolbar]127.0.0.1 #[Backdoor-CIE]127.0.0.1 ads.as4#[Ticketmaster]127.0.0.1 net127.0.0.1 net127.0.0.1 ads.amazingmedia.com127.0.0.1 bohema.#[Trojan. H]127.0.0.1 adserver04.#[Real Media]127.0.0.1 ads.antionline.com127.0.0.1 net127.0.0.1 banner.arttoday.com127.0.0.1 #[amazon.com]127.0.0.1 #[UCSearch][W32. Surebar]127.0.0.1 ads.ezcybersearch.com127.0.0.1 everyone.net127.0.0.1 Search]127.0.0.1 ads.au127.0.0.1 au127.0.0.1 redirect.au127.0.0.1 campaigns.f2au127.0.0.1 Search][TROJ_STARTPAG. Bi Spy.o]127.0.0.1 mvtracker.com127.0.0.1 mvr3#[Nav Excel\n-CASE]127.0.0.1 #[Parasite. No Adware]127.0.0.1 ad.nobreak.com127.0.0.1 #[spam][server down?

O4 - Global Startup: Quicken Scheduled = C:\Program Files\Quicken\O4 - Global Startup: Updates from = C:\Program Files\Updates from HP\137903\Program\Back Web-137903O8 - Extra context menu item: &Yahoo! Attention, following keys are not inevitably infected!!! Ri Search Shared Task Scheduler's .dll[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Explorer\Shared Task Scheduler]""="frisbee"[HKEY_CLASSES_ROOT\CLSID\\In Proc Server32]@="C:\WINDOWS\system32\ygjun.dll"[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\\In Proc Server32]@="C:\WINDOWS\system32\ygjun.dll" Killing process hosts127.0.0.1 downloads.aaa1#[Bargin Buddy]127.0.0.1 dl.aaascreensavers.com127.0.0.1 abcsearch.com127.0.0.1 admin.abcsearch.com127.0.0.1 www3.#[Browseraid]127.0.0.1 abc517#[Trojan. Nav Excel]127.0.0.1 us127.0.0.1 ads.mydailyhoroscope.net127.0.0.1 Horoscope]127.0.0.1 com127.0.0.1 myhitlogger.com127.0.0.1 #[Parasite. My Page Finder]127.0.0.1 hit.namimedia.com127.0.0.1 ads.nandomedia.com127.0.0.1 #[Adware. Needed Ware]127.0.0.1 www6.netbroadcaster.com127.0.0.1 code.au127.0.0.1 money2.netfirms.com127.0.0.1 partner.netmechanic.com127.0.0.1 tracker.netmechanic.com127.0.0.1 counter.netmore.net127.0.0.1 ads.netsol.com127.0.0.1 ads.uk127.0.0.1 adq.nextag.com127.0.0.1 #[TROJ_DELF.

]][[

EXE\"""Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide""One Care UI"="\"C:\\Program Files\\Microsoft Windows One Care Live\\winssnotify.exe\"" [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]"DWQueued Reporting"="\"C:\\PROGRA~1\\COMMON~1\\MICROS~1\\DW\\dwtrig20.exe\" -t"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"Disable Task Mgr"=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]""="frisbee"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]""="Microsoft Anti Malware Shell Execute Hook"HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]"Security Providers"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages REG_MULTI_SZ msv1_0\0\0 Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0 Notification Packages REG_MULTI_SZ scecli\0\0HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\One Care MP [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\Current Version\Svchost]Local Service REG_MULTI_SZ Alerter\0Web Client\0Lm Hosts\0Remote Registry\0upnphost\0SSDPSRV\0\0Network Service REG_MULTI_SZ Dns Cache\0\0rpcss REG_MULTI_SZ Rpc Ss\0\0imgsvc REG_MULTI_SZ Sti Svc\0\0termsvcs REG_MULTI_SZ Term Service\0\0HTTPFilter REG_MULTI_SZ HTTPFilter\0\0Dcom Launch REG_MULTI_SZ Dcom Launch\0Term Service\0\0Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\MP Scheduled Quick C:\WINDOWS\tasks\MP Scheduled C:\WINDOWS\tasks\MP Scheduled Signature C:\WINDOWS\tasks\Symantec Net Detect.job********************************************************************catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006 hidden processes ...scanning hidden services ...scanning hidden autostart entries ...scanning hidden files ..completed successfullyhidden processes: 0hidden services: 0hidden files: 0********************************************************************Completion time: 07-04-13 C:\Combo ... EXEO4 - HKLM\..\Run: [Storage Guard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [Tk Bell Exe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Auto TKit] C:\hp\bin\AUTOTKIT. EXE C:\WINDOWS\System32\Nv Cpl.dll, Nv Startup O4 - HKLM\..\Run: [nwiz] /installquiet /keeploaded /nodetect O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\O4 - HKLM\..\Run: [Alcx Monitor] ALCXMNTR. DLLO18 - Protocol: msnim - - C:\PROGRA~1\MSNMES~1\MSGRAP~1. Adtomi]127.0.0.1 downldcl.adtoolsinc.com127.0.0.1 survey.advantageresearch.com127.0.0.1 ad.tw127.0.0.1 ads.advertise.net127.0.0.1 #[Adware. Arm Bender]127.0.0.1 audiogalaxy.com127.0.0.1 Zone site]127.0.0.1 adserving.autotrader.com127.0.0.1 Moe Money]127.0.0.1 Page-DA]127.0.0.1 c.#[ah-ha.com]127.0.0.1 #[xzoomy.com]127.0.0.1 epeople.com127.0.0.1 errorpage404#[JS_TRAFFICHBAR. Tiny Bar]127.0.0.1 er.errorplace.com127.0.0.1 vipuk.#[123Messenger Hijacker]127.0.0.1 antivirus spyware]127.0.0.1 Page-EZ][server down? Meerhits.nl]127.0.0.1 pokpok.meerhits.nl127.0.0.1 exit.megago.com127.0.0.1 squatter]127.0.0.1 Zone site]127.0.0.1 If so, click it, then click the next icon right below and select "Move incurable". Please copy/paste the content of that report into your next reply.*****************************Launch HJThis,click 'Open the Misc Tools Section'. EXEC:\Program Files\Microsoft Windows One Care Live\Firewall\C:\Program Files\Microsoft Windows One Care Live\C:\Program Files\Softex\Omni Pass\C:\WINDOWS\Explorer. Download Plus]127.0.0.1 ad.tomshardware.com127.0.0.1 #[IEDLL. EXEC:\windows\system\C:\WINDOWS\System32\C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\C:\Program Files\HP\HP Software Update\HPWu C:\WINDOWS\System32\hphmon05C:\HP\KBD\KBD. 07-04-13 Hijack logs Logfile of Hijack This v1.99.1Scan saved at AM, on 4/13/2007Platform: Windows XP SP2 (Win NT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16414)Running processes: C:\WINDOWS\System32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\Program Files\Microsoft Windows One Care Live\Antivirus\Ms Mp C:\WINDOWS\system32\C:\Program Files\Softex\Omni Pass\C:\WINDOWS\C:\Documents and Settings\Owner\Desktop\Hijack R1 - HKCU\Software\Microsoft\Internet Connection Wizard, Shell Next = - HKCU\Software\Microsoft\Windows\Current Version\Internet Settings, Proxy Override = localhost R3 - URLSearch Hook: Yahoo! EXEO4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD. EXEO4 - HKLM\..\Run: [Igfx Tray] C:\WINDOWS\System32\O4 - HKLM\..\Run: [Quick Time Task] "C:\Program Files\Quick Time\qttask.exe" -atboottime O4 - HKLM\..\Run: [i Tunes Helper] "C:\Program Files\i Tunes\i Tunes Helper.exe"O4 - HKLM\..\Run: [Quick Finder Scheduler] "c:\Program Files\Word Perfect Office 11\Programs\QFSCHD110. DLLO20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\Omni Pass\O20 - Winlogon Notify: Wga Logon - C:\WINDOWS\SYSTEM32\Wga O23 - Service: i Pod Service - Apple Computer, Inc. Advision]127.0.0.1 adviva.com127.0.0.1 ads.adviva.net127.0.0.1 adstats.adviva.net127.0.0.1 tracker.#[msvrl.dll]127.0.0.1 banners.affiliatefuel.com127.0.0.1 affiliatetarget.com127.0.0.1 fcds.affiliatetracking.net127.0.0.1 our.affiliatetracking.net127.0.0.1 partner.#[Troj/Subsear-A][Adware-SSF.dr]127.0.0.1 adserver.aim4media.com127.0.0.1 adtest.aim4media.com127.0.0.1 pops.aim4media.com127.0.0.1 crs.akamai.com127.0.0.1 soap.#[Spyware. Auto Startup]127.0.0.1 cploving.#[Trojan Clicker. ]127.0.0.1 perso.estat.com127.0.0.1 prof.estat.com127.0.0.1 Zone site]127.0.0.1 eu-adcenter.net127.0.0.1 thinknyc.eu-adcenter.net127.0.0.1 ugo.#[evidence-eliminator.com]127.0.0.1 Bar][Installer X Class]127.0.0.1 engage.everyone.net127.0.0.1 static.everyone.net127.0.0.1 exitexchange.com127.0.0.1 count.exitexchange.com127.0.0.1 images.exitexchange.com127.0.0.1 Zone site]127.0.0.1 #[EZCyber Search. A]127.0.0.1 net #[Grolier Network]127.0.0.1 micorsoft.com127.0.0.1 hijacker]127.0.0.1 adserver.mindshare.de127.0.0.1 Mini-Player]127.0.0.1 banner.missingkids.com127.0.0.1 ads.monster.com127.0.0.1 adserver.monster.com127.0.0.1 adserver.monster.com127.0.0.1 ads.monstermoving.com127.0.0.1 cookie.monster.com127.0.0.1 mp3today.net127.0.0.1 mpamexit.com127.0.0.1 msgtag.com127.0.0.1 img.#[Restricted Zone site]127.0.0.1 multi1co.uk127.0.0.1 #[Multimpp Obj Class][Adv Ware. Now Box]127.0.0.1 mediatickets.nubela.net127.0.0.1 nz127.0.0.1 okcounter.com127.0.0.1 net #[Trojan. C]127.0.0.1 stat.onestat.com127.0.0.1 one.ru127.0.0.1 ru127.0.0.1 stats0ru127.0.0.1 stats1ru127.0.0.1 stats2ru127.0.0.1 server1.opentracker.net127.0.0.1 ccc00.opinionlab.com127.0.0.1 rate.opinionlab.com127.0.0.1 net127.0.0.1 Organizer Class]127.0.0.1 com127.0.0.1 com127.0.0.1 otx5.otxresearch.com127.0.0.1 otx.#[OTXMedia.dll]127.0.0.1 Class]127.0.0.1 adpopper.#[bargain-buddy.net]127.0.0.1 click.payserve.com127.0.0.1 ad1com127.0.0.1 ad3com127.0.0.1 com127.0.0.1 ad4com127.0.0.1 ads5com127.0.0.1 com127.0.0.1 net127.0.0.1 ads.#[addynamix.com]127.0.0.1 banners.pennyweb.com127.0.0.1 D]127.0.0.1 ads.photosight.ru127.0.0.1 phpadsnew.com127.0.0.1 #[Backdoor. EXE"O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [One Care UI] "C:\Program Files\Microsoft Windows One Care Live\winssnotify.exe"O4 - HKCU\..\Run: [Backup Notify] c:\Program Files\Hewlett-Packard\Digital Imaging\bin\O4 - HKCU\..\Run: [NVIEW] rundll32nview.dll,n View Load Hook O4 - HKCU\..\Run: [Real Player] "C:\Program Files\Real\Real One Player\realplay.exe" /Run UPGTool Command Re Boot O4 - HKCU\..\Run: [update Mgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\Adobe Update Ac Rd B7_0_9O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\O4 - Startup: Auto O4 - Global Startup: Adobe Reader Speed = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_O4 - Global Startup: HP Digital Imaging = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08O4 - Global Startup: Motorola Wireless USB = ? - C:\Program Files\i Pod\bin\i Pod O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32O23 - Service: Softex Omni Pass Service (omniserv) - Unknown owner - C:\Program Files\Softex\Omni Pass\O23 - Service: Ventrilo - Unknown owner - C:\Program Files\Vent Srv\ventrilo_O23 - Service: Windows Network Log Manage - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\MSInfo\Smit Fraud Fix v2.166Scan done at .25, Fri 04/13/2007Run from C:\Documents and Settings\Owner\Desktop\Smitfraud Fix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NTThe filesystem type is NTFSFix run in safe mode Shared Task Scheduler Before Smit Fraud Fix!!! Alexa][Alexa Toolbar]127.0.0.1 #[Backdoor-CIE]127.0.0.1 ads.as4#[Ticketmaster]127.0.0.1 net127.0.0.1 net127.0.0.1 ads.amazingmedia.com127.0.0.1 bohema.#[Trojan. H]127.0.0.1 adserver04.#[Real Media]127.0.0.1 ads.antionline.com127.0.0.1 net127.0.0.1 banner.arttoday.com127.0.0.1 #[amazon.com]127.0.0.1 #[UCSearch][W32. Surebar]127.0.0.1 ads.ezcybersearch.com127.0.0.1 everyone.net127.0.0.1 Search]127.0.0.1 ads.au127.0.0.1 au127.0.0.1 redirect.au127.0.0.1 campaigns.f2au127.0.0.1 Search][TROJ_STARTPAG. Bi Spy.o]127.0.0.1 mvtracker.com127.0.0.1 mvr3#[Nav Excel\n-CASE]127.0.0.1 #[Parasite. No Adware]127.0.0.1 ad.nobreak.com127.0.0.1 #[spam][server down? O4 - Global Startup: Quicken Scheduled = C:\Program Files\Quicken\O4 - Global Startup: Updates from = C:\Program Files\Updates from HP\137903\Program\Back Web-137903O8 - Extra context menu item: &Yahoo! Attention, following keys are not inevitably infected!!! Ri Search Shared Task Scheduler's .dll[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Explorer\Shared Task Scheduler]""="frisbee"[HKEY_CLASSES_ROOT\CLSID\\In Proc Server32]@="C:\WINDOWS\system32\ygjun.dll"[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\\In Proc Server32]@="C:\WINDOWS\system32\ygjun.dll" Killing process hosts127.0.0.1 downloads.aaa1#[Bargin Buddy]127.0.0.1 dl.aaascreensavers.com127.0.0.1 abcsearch.com127.0.0.1 admin.abcsearch.com127.0.0.1 www3.#[Browseraid]127.0.0.1 abc517#[Trojan. Nav Excel]127.0.0.1 us127.0.0.1 ads.mydailyhoroscope.net127.0.0.1 Horoscope]127.0.0.1 com127.0.0.1 myhitlogger.com127.0.0.1 #[Parasite. My Page Finder]127.0.0.1 hit.namimedia.com127.0.0.1 ads.nandomedia.com127.0.0.1 #[Adware. Needed Ware]127.0.0.1 www6.netbroadcaster.com127.0.0.1 code.au127.0.0.1 money2.netfirms.com127.0.0.1 partner.netmechanic.com127.0.0.1 tracker.netmechanic.com127.0.0.1 counter.netmore.net127.0.0.1 ads.netsol.com127.0.0.1 ads.uk127.0.0.1 adq.nextag.com127.0.0.1 #[TROJ_DELF.

||

EXE\"""Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide""One Care UI"="\"C:\\Program Files\\Microsoft Windows One Care Live\\winssnotify.exe\"" [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]"DWQueued Reporting"="\"C:\\PROGRA~1\\COMMON~1\\MICROS~1\\DW\\dwtrig20.exe\" -t"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"Disable Task Mgr"=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]""="frisbee"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]""="Microsoft Anti Malware Shell Execute Hook"HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]"Security Providers"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages REG_MULTI_SZ msv1_0\0\0 Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0 Notification Packages REG_MULTI_SZ scecli\0\0HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\One Care MP [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\Current Version\Svchost]Local Service REG_MULTI_SZ Alerter\0Web Client\0Lm Hosts\0Remote Registry\0upnphost\0SSDPSRV\0\0Network Service REG_MULTI_SZ Dns Cache\0\0rpcss REG_MULTI_SZ Rpc Ss\0\0imgsvc REG_MULTI_SZ Sti Svc\0\0termsvcs REG_MULTI_SZ Term Service\0\0HTTPFilter REG_MULTI_SZ HTTPFilter\0\0Dcom Launch REG_MULTI_SZ Dcom Launch\0Term Service\0\0Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\MP Scheduled Quick C:\WINDOWS\tasks\MP Scheduled C:\WINDOWS\tasks\MP Scheduled Signature C:\WINDOWS\tasks\Symantec Net Detect.job********************************************************************catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006 hidden processes ...scanning hidden services ...scanning hidden autostart entries ...scanning hidden files ..completed successfullyhidden processes: 0hidden services: 0hidden files: 0********************************************************************Completion time: 07-04-13 C:\Combo ... EXEO4 - HKLM\..\Run: [Storage Guard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [Tk Bell Exe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Auto TKit] C:\hp\bin\AUTOTKIT. EXE C:\WINDOWS\System32\Nv Cpl.dll, Nv Startup O4 - HKLM\..\Run: [nwiz] /installquiet /keeploaded /nodetect O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\O4 - HKLM\..\Run: [Alcx Monitor] ALCXMNTR. DLLO18 - Protocol: msnim - - C:\PROGRA~1\MSNMES~1\MSGRAP~1. Adtomi]127.0.0.1 downldcl.adtoolsinc.com127.0.0.1 survey.advantageresearch.com127.0.0.1 ad.tw127.0.0.1 ads.advertise.net127.0.0.1 #[Adware. Arm Bender]127.0.0.1 audiogalaxy.com127.0.0.1 Zone site]127.0.0.1 adserving.autotrader.com127.0.0.1 Moe Money]127.0.0.1 Page-DA]127.0.0.1 c.#[ah-ha.com]127.0.0.1 #[xzoomy.com]127.0.0.1 epeople.com127.0.0.1 errorpage404#[JS_TRAFFICHBAR. Tiny Bar]127.0.0.1 er.errorplace.com127.0.0.1 vipuk.#[123Messenger Hijacker]127.0.0.1 antivirus spyware]127.0.0.1 Page-EZ][server down? Meerhits.nl]127.0.0.1 pokpok.meerhits.nl127.0.0.1 exit.megago.com127.0.0.1 squatter]127.0.0.1 Zone site]127.0.0.1

If so, click it, then click the next icon right below and select "Move incurable". Please copy/paste the content of that report into your next reply.*****************************Launch HJThis,click 'Open the Misc Tools Section'. EXEC:\Program Files\Microsoft Windows One Care Live\Firewall\C:\Program Files\Microsoft Windows One Care Live\C:\Program Files\Softex\Omni Pass\C:\WINDOWS\Explorer. Download Plus]127.0.0.1 ad.tomshardware.com127.0.0.1 #[IEDLL.

EXEC:\windows\system\C:\WINDOWS\System32\C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\C:\Program Files\HP\HP Software Update\HPWu C:\WINDOWS\System32\hphmon05C:\HP\KBD\KBD.

07-04-13 Hijack logs Logfile of Hijack This v1.99.1Scan saved at AM, on 4/13/2007Platform: Windows XP SP2 (Win NT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16414)Running processes: C:\WINDOWS\System32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\Program Files\Microsoft Windows One Care Live\Antivirus\Ms Mp C:\WINDOWS\system32\C:\Program Files\Softex\Omni Pass\C:\WINDOWS\C:\Documents and Settings\Owner\Desktop\Hijack R1 - HKCU\Software\Microsoft\Internet Connection Wizard, Shell Next = - HKCU\Software\Microsoft\Windows\Current Version\Internet Settings, Proxy Override = localhost R3 - URLSearch Hook: Yahoo! EXEO4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD. EXEO4 - HKLM\..\Run: [Igfx Tray] C:\WINDOWS\System32\O4 - HKLM\..\Run: [Quick Time Task] "C:\Program Files\Quick Time\qttask.exe" -atboottime O4 - HKLM\..\Run: [i Tunes Helper] "C:\Program Files\i Tunes\i Tunes Helper.exe"O4 - HKLM\..\Run: [Quick Finder Scheduler] "c:\Program Files\Word Perfect Office 11\Programs\QFSCHD110. DLLO20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\Omni Pass\O20 - Winlogon Notify: Wga Logon - C:\WINDOWS\SYSTEM32\Wga O23 - Service: i Pod Service - Apple Computer, Inc. Advision]127.0.0.1 adviva.com127.0.0.1 ads.adviva.net127.0.0.1 adstats.adviva.net127.0.0.1 tracker.#[msvrl.dll]127.0.0.1 banners.affiliatefuel.com127.0.0.1 affiliatetarget.com127.0.0.1 fcds.affiliatetracking.net127.0.0.1 our.affiliatetracking.net127.0.0.1 partner.#[Troj/Subsear-A][Adware-SSF.dr]127.0.0.1 adserver.aim4media.com127.0.0.1 adtest.aim4media.com127.0.0.1 pops.aim4media.com127.0.0.1 crs.akamai.com127.0.0.1 soap.#[Spyware. Auto Startup]127.0.0.1 cploving.#[Trojan Clicker. ]127.0.0.1 perso.estat.com127.0.0.1 prof.estat.com127.0.0.1 Zone site]127.0.0.1 eu-adcenter.net127.0.0.1 thinknyc.eu-adcenter.net127.0.0.1 ugo.#[evidence-eliminator.com]127.0.0.1 Bar][Installer X Class]127.0.0.1 engage.everyone.net127.0.0.1 static.everyone.net127.0.0.1 exitexchange.com127.0.0.1 count.exitexchange.com127.0.0.1 images.exitexchange.com127.0.0.1 Zone site]127.0.0.1 #[EZCyber Search. A]127.0.0.1 net #[Grolier Network]127.0.0.1 micorsoft.com127.0.0.1 hijacker]127.0.0.1 adserver.mindshare.de127.0.0.1 Mini-Player]127.0.0.1 banner.missingkids.com127.0.0.1 ads.monster.com127.0.0.1 adserver.monster.com127.0.0.1 adserver.monster.com127.0.0.1 ads.monstermoving.com127.0.0.1 cookie.monster.com127.0.0.1 mp3today.net127.0.0.1 mpamexit.com127.0.0.1 msgtag.com127.0.0.1 img.#[Restricted Zone site]127.0.0.1 multi1co.uk127.0.0.1 #[Multimpp Obj Class][Adv Ware. Now Box]127.0.0.1 mediatickets.nubela.net127.0.0.1 nz127.0.0.1 okcounter.com127.0.0.1 net #[Trojan. C]127.0.0.1 stat.onestat.com127.0.0.1 one.ru127.0.0.1 ru127.0.0.1 stats0ru127.0.0.1 stats1ru127.0.0.1 stats2ru127.0.0.1 server1.opentracker.net127.0.0.1 ccc00.opinionlab.com127.0.0.1 rate.opinionlab.com127.0.0.1 net127.0.0.1 Organizer Class]127.0.0.1 com127.0.0.1 com127.0.0.1 otx5.otxresearch.com127.0.0.1 otx.#[OTXMedia.dll]127.0.0.1 Class]127.0.0.1 adpopper.#[bargain-buddy.net]127.0.0.1 click.payserve.com127.0.0.1 ad1com127.0.0.1 ad3com127.0.0.1 com127.0.0.1 ad4com127.0.0.1 ads5com127.0.0.1 com127.0.0.1 net127.0.0.1 ads.#[addynamix.com]127.0.0.1 banners.pennyweb.com127.0.0.1 D]127.0.0.1 ads.photosight.ru127.0.0.1 phpadsnew.com127.0.0.1 #[Backdoor.

EXE"O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [One Care UI] "C:\Program Files\Microsoft Windows One Care Live\winssnotify.exe"O4 - HKCU\..\Run: [Backup Notify] c:\Program Files\Hewlett-Packard\Digital Imaging\bin\O4 - HKCU\..\Run: [NVIEW] rundll32nview.dll,n View Load Hook O4 - HKCU\..\Run: [Real Player] "C:\Program Files\Real\Real One Player\realplay.exe" /Run UPGTool Command Re Boot O4 - HKCU\..\Run: [update Mgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\Adobe Update Ac Rd B7_0_9O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\O4 - Startup: Auto O4 - Global Startup: Adobe Reader Speed = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_O4 - Global Startup: HP Digital Imaging = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08O4 - Global Startup: Motorola Wireless USB = ? - C:\Program Files\i Pod\bin\i Pod O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32O23 - Service: Softex Omni Pass Service (omniserv) - Unknown owner - C:\Program Files\Softex\Omni Pass\O23 - Service: Ventrilo - Unknown owner - C:\Program Files\Vent Srv\ventrilo_O23 - Service: Windows Network Log Manage - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\MSInfo\Smit Fraud Fix v2.166Scan done at .25, Fri 04/13/2007Run from C:\Documents and Settings\Owner\Desktop\Smitfraud Fix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NTThe filesystem type is NTFSFix run in safe mode Shared Task Scheduler Before Smit Fraud Fix!!! Alexa][Alexa Toolbar]127.0.0.1 #[Backdoor-CIE]127.0.0.1 ads.as4#[Ticketmaster]127.0.0.1 net127.0.0.1 net127.0.0.1 ads.amazingmedia.com127.0.0.1 bohema.#[Trojan. H]127.0.0.1 adserver04.#[Real Media]127.0.0.1 ads.antionline.com127.0.0.1 net127.0.0.1 banner.arttoday.com127.0.0.1 #[amazon.com]127.0.0.1 #[UCSearch][W32. Surebar]127.0.0.1 ads.ezcybersearch.com127.0.0.1 everyone.net127.0.0.1 Search]127.0.0.1 ads.au127.0.0.1 au127.0.0.1 redirect.au127.0.0.1 campaigns.f2au127.0.0.1 Search][TROJ_STARTPAG. Bi Spy.o]127.0.0.1 mvtracker.com127.0.0.1 mvr3#[Nav Excel\n-CASE]127.0.0.1 #[Parasite. No Adware]127.0.0.1 ad.nobreak.com127.0.0.1 #[spam][server down?

O4 - Global Startup: Quicken Scheduled = C:\Program Files\Quicken\O4 - Global Startup: Updates from = C:\Program Files\Updates from HP\137903\Program\Back Web-137903O8 - Extra context menu item: &Yahoo! Attention, following keys are not inevitably infected!!! Ri Search Shared Task Scheduler's .dll[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Explorer\Shared Task Scheduler]""="frisbee"[HKEY_CLASSES_ROOT\CLSID\\In Proc Server32]@="C:\WINDOWS\system32\ygjun.dll"[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\\In Proc Server32]@="C:\WINDOWS\system32\ygjun.dll" Killing process hosts127.0.0.1 downloads.aaa1#[Bargin Buddy]127.0.0.1 dl.aaascreensavers.com127.0.0.1 abcsearch.com127.0.0.1 admin.abcsearch.com127.0.0.1 www3.#[Browseraid]127.0.0.1 abc517#[Trojan. Nav Excel]127.0.0.1 us127.0.0.1 ads.mydailyhoroscope.net127.0.0.1 Horoscope]127.0.0.1 com127.0.0.1 myhitlogger.com127.0.0.1 #[Parasite. My Page Finder]127.0.0.1 hit.namimedia.com127.0.0.1 ads.nandomedia.com127.0.0.1 #[Adware. Needed Ware]127.0.0.1 www6.netbroadcaster.com127.0.0.1 code.au127.0.0.1 money2.netfirms.com127.0.0.1 partner.netmechanic.com127.0.0.1 tracker.netmechanic.com127.0.0.1 counter.netmore.net127.0.0.1 ads.netsol.com127.0.0.1 ads.uk127.0.0.1 adq.nextag.com127.0.0.1 #[TROJ_DELF.

]]rpcss REG_MULTI_SZ Rpc Ss[[

EXE\"""Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide""One Care UI"="\"C:\\Program Files\\Microsoft Windows One Care Live\\winssnotify.exe\"" [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]"DWQueued Reporting"="\"C:\\PROGRA~1\\COMMON~1\\MICROS~1\\DW\\dwtrig20.exe\" -t"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"Disable Task Mgr"=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]""="frisbee"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]""="Microsoft Anti Malware Shell Execute Hook"HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]"Security Providers"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages REG_MULTI_SZ msv1_0\0\0 Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0 Notification Packages REG_MULTI_SZ scecli\0\0HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\One Care MP [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\Current Version\Svchost]Local Service REG_MULTI_SZ Alerter\0Web Client\0Lm Hosts\0Remote Registry\0upnphost\0SSDPSRV\0\0Network Service REG_MULTI_SZ Dns Cache\0\0rpcss REG_MULTI_SZ Rpc Ss\0\0imgsvc REG_MULTI_SZ Sti Svc\0\0termsvcs REG_MULTI_SZ Term Service\0\0HTTPFilter REG_MULTI_SZ HTTPFilter\0\0Dcom Launch REG_MULTI_SZ Dcom Launch\0Term Service\0\0Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\MP Scheduled Quick C:\WINDOWS\tasks\MP Scheduled C:\WINDOWS\tasks\MP Scheduled Signature C:\WINDOWS\tasks\Symantec Net Detect.job********************************************************************catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006 hidden processes ...scanning hidden services ...scanning hidden autostart entries ...scanning hidden files ..completed successfullyhidden processes: 0hidden services: 0hidden files: 0********************************************************************Completion time: 07-04-13 C:\Combo ... EXEO4 - HKLM\..\Run: [Storage Guard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [Tk Bell Exe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Auto TKit] C:\hp\bin\AUTOTKIT. EXE C:\WINDOWS\System32\Nv Cpl.dll, Nv Startup O4 - HKLM\..\Run: [nwiz] /installquiet /keeploaded /nodetect O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\O4 - HKLM\..\Run: [Alcx Monitor] ALCXMNTR. DLLO18 - Protocol: msnim - - C:\PROGRA~1\MSNMES~1\MSGRAP~1. Adtomi]127.0.0.1 downldcl.adtoolsinc.com127.0.0.1 survey.advantageresearch.com127.0.0.1 ad.tw127.0.0.1 ads.advertise.net127.0.0.1 #[Adware. Arm Bender]127.0.0.1 audiogalaxy.com127.0.0.1 Zone site]127.0.0.1 adserving.autotrader.com127.0.0.1 Moe Money]127.0.0.1 Page-DA]127.0.0.1 c.#[ah-ha.com]127.0.0.1 #[xzoomy.com]127.0.0.1 epeople.com127.0.0.1 errorpage404#[JS_TRAFFICHBAR. Tiny Bar]127.0.0.1 er.errorplace.com127.0.0.1 vipuk.#[123Messenger Hijacker]127.0.0.1 antivirus spyware]127.0.0.1 Page-EZ][server down? Meerhits.nl]127.0.0.1 pokpok.meerhits.nl127.0.0.1 exit.megago.com127.0.0.1 squatter]127.0.0.1 Zone site]127.0.0.1 If so, click it, then click the next icon right below and select "Move incurable". Please copy/paste the content of that report into your next reply.*****************************Launch HJThis,click 'Open the Misc Tools Section'. EXEC:\Program Files\Microsoft Windows One Care Live\Firewall\C:\Program Files\Microsoft Windows One Care Live\C:\Program Files\Softex\Omni Pass\C:\WINDOWS\Explorer. Download Plus]127.0.0.1 ad.tomshardware.com127.0.0.1 #[IEDLL. EXEC:\windows\system\C:\WINDOWS\System32\C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\C:\Program Files\HP\HP Software Update\HPWu C:\WINDOWS\System32\hphmon05C:\HP\KBD\KBD. 07-04-13 Hijack logs Logfile of Hijack This v1.99.1Scan saved at AM, on 4/13/2007Platform: Windows XP SP2 (Win NT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16414)Running processes: C:\WINDOWS\System32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\Program Files\Microsoft Windows One Care Live\Antivirus\Ms Mp C:\WINDOWS\system32\C:\Program Files\Softex\Omni Pass\C:\WINDOWS\C:\Documents and Settings\Owner\Desktop\Hijack R1 - HKCU\Software\Microsoft\Internet Connection Wizard, Shell Next = - HKCU\Software\Microsoft\Windows\Current Version\Internet Settings, Proxy Override = localhost R3 - URLSearch Hook: Yahoo! EXEO4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD. EXEO4 - HKLM\..\Run: [Igfx Tray] C:\WINDOWS\System32\O4 - HKLM\..\Run: [Quick Time Task] "C:\Program Files\Quick Time\qttask.exe" -atboottime O4 - HKLM\..\Run: [i Tunes Helper] "C:\Program Files\i Tunes\i Tunes Helper.exe"O4 - HKLM\..\Run: [Quick Finder Scheduler] "c:\Program Files\Word Perfect Office 11\Programs\QFSCHD110. DLLO20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\Omni Pass\O20 - Winlogon Notify: Wga Logon - C:\WINDOWS\SYSTEM32\Wga O23 - Service: i Pod Service - Apple Computer, Inc. Advision]127.0.0.1 adviva.com127.0.0.1 ads.adviva.net127.0.0.1 adstats.adviva.net127.0.0.1 tracker.#[msvrl.dll]127.0.0.1 banners.affiliatefuel.com127.0.0.1 affiliatetarget.com127.0.0.1 fcds.affiliatetracking.net127.0.0.1 our.affiliatetracking.net127.0.0.1 partner.#[Troj/Subsear-A][Adware-SSF.dr]127.0.0.1 adserver.aim4media.com127.0.0.1 adtest.aim4media.com127.0.0.1 pops.aim4media.com127.0.0.1 crs.akamai.com127.0.0.1 soap.#[Spyware. Auto Startup]127.0.0.1 cploving.#[Trojan Clicker. ]127.0.0.1 perso.estat.com127.0.0.1 prof.estat.com127.0.0.1 Zone site]127.0.0.1 eu-adcenter.net127.0.0.1 thinknyc.eu-adcenter.net127.0.0.1 ugo.#[evidence-eliminator.com]127.0.0.1 Bar][Installer X Class]127.0.0.1 engage.everyone.net127.0.0.1 static.everyone.net127.0.0.1 exitexchange.com127.0.0.1 count.exitexchange.com127.0.0.1 images.exitexchange.com127.0.0.1 Zone site]127.0.0.1 #[EZCyber Search. A]127.0.0.1 net #[Grolier Network]127.0.0.1 micorsoft.com127.0.0.1 hijacker]127.0.0.1 adserver.mindshare.de127.0.0.1 Mini-Player]127.0.0.1 banner.missingkids.com127.0.0.1 ads.monster.com127.0.0.1 adserver.monster.com127.0.0.1 adserver.monster.com127.0.0.1 ads.monstermoving.com127.0.0.1 cookie.monster.com127.0.0.1 mp3today.net127.0.0.1 mpamexit.com127.0.0.1 msgtag.com127.0.0.1 img.#[Restricted Zone site]127.0.0.1 multi1co.uk127.0.0.1 #[Multimpp Obj Class][Adv Ware. Now Box]127.0.0.1 mediatickets.nubela.net127.0.0.1 nz127.0.0.1 okcounter.com127.0.0.1 net #[Trojan. C]127.0.0.1 stat.onestat.com127.0.0.1 one.ru127.0.0.1 ru127.0.0.1 stats0ru127.0.0.1 stats1ru127.0.0.1 stats2ru127.0.0.1 server1.opentracker.net127.0.0.1 ccc00.opinionlab.com127.0.0.1 rate.opinionlab.com127.0.0.1 net127.0.0.1 Organizer Class]127.0.0.1 com127.0.0.1 com127.0.0.1 otx5.otxresearch.com127.0.0.1 otx.#[OTXMedia.dll]127.0.0.1 Class]127.0.0.1 adpopper.#[bargain-buddy.net]127.0.0.1 click.payserve.com127.0.0.1 ad1com127.0.0.1 ad3com127.0.0.1 com127.0.0.1 ad4com127.0.0.1 ads5com127.0.0.1 com127.0.0.1 net127.0.0.1 ads.#[addynamix.com]127.0.0.1 banners.pennyweb.com127.0.0.1 D]127.0.0.1 ads.photosight.ru127.0.0.1 phpadsnew.com127.0.0.1 #[Backdoor. EXE"O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [One Care UI] "C:\Program Files\Microsoft Windows One Care Live\winssnotify.exe"O4 - HKCU\..\Run: [Backup Notify] c:\Program Files\Hewlett-Packard\Digital Imaging\bin\O4 - HKCU\..\Run: [NVIEW] rundll32nview.dll,n View Load Hook O4 - HKCU\..\Run: [Real Player] "C:\Program Files\Real\Real One Player\realplay.exe" /Run UPGTool Command Re Boot O4 - HKCU\..\Run: [update Mgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\Adobe Update Ac Rd B7_0_9O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\O4 - Startup: Auto O4 - Global Startup: Adobe Reader Speed = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_O4 - Global Startup: HP Digital Imaging = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08O4 - Global Startup: Motorola Wireless USB = ? - C:\Program Files\i Pod\bin\i Pod O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32O23 - Service: Softex Omni Pass Service (omniserv) - Unknown owner - C:\Program Files\Softex\Omni Pass\O23 - Service: Ventrilo - Unknown owner - C:\Program Files\Vent Srv\ventrilo_O23 - Service: Windows Network Log Manage - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\MSInfo\Smit Fraud Fix v2.166Scan done at .25, Fri 04/13/2007Run from C:\Documents and Settings\Owner\Desktop\Smitfraud Fix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NTThe filesystem type is NTFSFix run in safe mode Shared Task Scheduler Before Smit Fraud Fix!!! Alexa][Alexa Toolbar]127.0.0.1 #[Backdoor-CIE]127.0.0.1 ads.as4#[Ticketmaster]127.0.0.1 net127.0.0.1 net127.0.0.1 ads.amazingmedia.com127.0.0.1 bohema.#[Trojan. H]127.0.0.1 adserver04.#[Real Media]127.0.0.1 ads.antionline.com127.0.0.1 net127.0.0.1 banner.arttoday.com127.0.0.1 #[amazon.com]127.0.0.1 #[UCSearch][W32. Surebar]127.0.0.1 ads.ezcybersearch.com127.0.0.1 everyone.net127.0.0.1 Search]127.0.0.1 ads.au127.0.0.1 au127.0.0.1 redirect.au127.0.0.1 campaigns.f2au127.0.0.1 Search][TROJ_STARTPAG. Bi Spy.o]127.0.0.1 mvtracker.com127.0.0.1 mvr3#[Nav Excel\n-CASE]127.0.0.1 #[Parasite. No Adware]127.0.0.1 ad.nobreak.com127.0.0.1 #[spam][server down? O4 - Global Startup: Quicken Scheduled = C:\Program Files\Quicken\O4 - Global Startup: Updates from = C:\Program Files\Updates from HP\137903\Program\Back Web-137903O8 - Extra context menu item: &Yahoo! Attention, following keys are not inevitably infected!!! Ri Search Shared Task Scheduler's .dll[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Explorer\Shared Task Scheduler]""="frisbee"[HKEY_CLASSES_ROOT\CLSID\\In Proc Server32]@="C:\WINDOWS\system32\ygjun.dll"[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\\In Proc Server32]@="C:\WINDOWS\system32\ygjun.dll" Killing process hosts127.0.0.1 downloads.aaa1#[Bargin Buddy]127.0.0.1 dl.aaascreensavers.com127.0.0.1 abcsearch.com127.0.0.1 admin.abcsearch.com127.0.0.1 www3.#[Browseraid]127.0.0.1 abc517#[Trojan. Nav Excel]127.0.0.1 us127.0.0.1 ads.mydailyhoroscope.net127.0.0.1 Horoscope]127.0.0.1 com127.0.0.1 myhitlogger.com127.0.0.1 #[Parasite. My Page Finder]127.0.0.1 hit.namimedia.com127.0.0.1 ads.nandomedia.com127.0.0.1 #[Adware. Needed Ware]127.0.0.1 www6.netbroadcaster.com127.0.0.1 code.au127.0.0.1 money2.netfirms.com127.0.0.1 partner.netmechanic.com127.0.0.1 tracker.netmechanic.com127.0.0.1 counter.netmore.net127.0.0.1 ads.netsol.com127.0.0.1 ads.uk127.0.0.1 adq.nextag.com127.0.0.1 #[TROJ_DELF.

||

EXE\"""Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide""One Care UI"="\"C:\\Program Files\\Microsoft Windows One Care Live\\winssnotify.exe\"" [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]"DWQueued Reporting"="\"C:\\PROGRA~1\\COMMON~1\\MICROS~1\\DW\\dwtrig20.exe\" -t"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"Disable Task Mgr"=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]""="frisbee"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]""="Microsoft Anti Malware Shell Execute Hook"HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]"Security Providers"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages REG_MULTI_SZ msv1_0\0\0 Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0 Notification Packages REG_MULTI_SZ scecli\0\0HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\One Care MP [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\Current Version\Svchost]Local Service REG_MULTI_SZ Alerter\0Web Client\0Lm Hosts\0Remote Registry\0upnphost\0SSDPSRV\0\0Network Service REG_MULTI_SZ Dns Cache\0\0rpcss REG_MULTI_SZ Rpc Ss\0\0imgsvc REG_MULTI_SZ Sti Svc\0\0termsvcs REG_MULTI_SZ Term Service\0\0HTTPFilter REG_MULTI_SZ HTTPFilter\0\0Dcom Launch REG_MULTI_SZ Dcom Launch\0Term Service\0\0Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\MP Scheduled Quick C:\WINDOWS\tasks\MP Scheduled C:\WINDOWS\tasks\MP Scheduled Signature C:\WINDOWS\tasks\Symantec Net Detect.job********************************************************************catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006 hidden processes ...scanning hidden services ...scanning hidden autostart entries ...scanning hidden files ..completed successfullyhidden processes: 0hidden services: 0hidden files: 0********************************************************************Completion time: 07-04-13 C:\Combo ... EXEO4 - HKLM\..\Run: [Storage Guard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [Tk Bell Exe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Auto TKit] C:\hp\bin\AUTOTKIT. EXE C:\WINDOWS\System32\Nv Cpl.dll, Nv Startup O4 - HKLM\..\Run: [nwiz] /installquiet /keeploaded /nodetect O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\O4 - HKLM\..\Run: [Alcx Monitor] ALCXMNTR. DLLO18 - Protocol: msnim - - C:\PROGRA~1\MSNMES~1\MSGRAP~1. Adtomi]127.0.0.1 downldcl.adtoolsinc.com127.0.0.1 survey.advantageresearch.com127.0.0.1 ad.tw127.0.0.1 ads.advertise.net127.0.0.1 #[Adware. Arm Bender]127.0.0.1 audiogalaxy.com127.0.0.1 Zone site]127.0.0.1 adserving.autotrader.com127.0.0.1 Moe Money]127.0.0.1 Page-DA]127.0.0.1 c.#[ah-ha.com]127.0.0.1 #[xzoomy.com]127.0.0.1 epeople.com127.0.0.1 errorpage404#[JS_TRAFFICHBAR. Tiny Bar]127.0.0.1 er.errorplace.com127.0.0.1 vipuk.#[123Messenger Hijacker]127.0.0.1 antivirus spyware]127.0.0.1 Page-EZ][server down? Meerhits.nl]127.0.0.1 pokpok.meerhits.nl127.0.0.1 exit.megago.com127.0.0.1 squatter]127.0.0.1 Zone site]127.0.0.1

If so, click it, then click the next icon right below and select "Move incurable". Please copy/paste the content of that report into your next reply.*****************************Launch HJThis,click 'Open the Misc Tools Section'. EXEC:\Program Files\Microsoft Windows One Care Live\Firewall\C:\Program Files\Microsoft Windows One Care Live\C:\Program Files\Softex\Omni Pass\C:\WINDOWS\Explorer. Download Plus]127.0.0.1 ad.tomshardware.com127.0.0.1 #[IEDLL.

EXEC:\windows\system\C:\WINDOWS\System32\C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\C:\Program Files\HP\HP Software Update\HPWu C:\WINDOWS\System32\hphmon05C:\HP\KBD\KBD.

07-04-13 Hijack logs Logfile of Hijack This v1.99.1Scan saved at AM, on 4/13/2007Platform: Windows XP SP2 (Win NT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16414)Running processes: C:\WINDOWS\System32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\Program Files\Microsoft Windows One Care Live\Antivirus\Ms Mp C:\WINDOWS\system32\C:\Program Files\Softex\Omni Pass\C:\WINDOWS\C:\Documents and Settings\Owner\Desktop\Hijack R1 - HKCU\Software\Microsoft\Internet Connection Wizard, Shell Next = - HKCU\Software\Microsoft\Windows\Current Version\Internet Settings, Proxy Override = localhost R3 - URLSearch Hook: Yahoo! EXEO4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD. EXEO4 - HKLM\..\Run: [Igfx Tray] C:\WINDOWS\System32\O4 - HKLM\..\Run: [Quick Time Task] "C:\Program Files\Quick Time\qttask.exe" -atboottime O4 - HKLM\..\Run: [i Tunes Helper] "C:\Program Files\i Tunes\i Tunes Helper.exe"O4 - HKLM\..\Run: [Quick Finder Scheduler] "c:\Program Files\Word Perfect Office 11\Programs\QFSCHD110. DLLO20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\Omni Pass\O20 - Winlogon Notify: Wga Logon - C:\WINDOWS\SYSTEM32\Wga O23 - Service: i Pod Service - Apple Computer, Inc. Advision]127.0.0.1 adviva.com127.0.0.1 ads.adviva.net127.0.0.1 adstats.adviva.net127.0.0.1 tracker.#[msvrl.dll]127.0.0.1 banners.affiliatefuel.com127.0.0.1 affiliatetarget.com127.0.0.1 fcds.affiliatetracking.net127.0.0.1 our.affiliatetracking.net127.0.0.1 partner.#[Troj/Subsear-A][Adware-SSF.dr]127.0.0.1 adserver.aim4media.com127.0.0.1 adtest.aim4media.com127.0.0.1 pops.aim4media.com127.0.0.1 crs.akamai.com127.0.0.1 soap.#[Spyware. Auto Startup]127.0.0.1 cploving.#[Trojan Clicker. ]127.0.0.1 perso.estat.com127.0.0.1 prof.estat.com127.0.0.1 Zone site]127.0.0.1 eu-adcenter.net127.0.0.1 thinknyc.eu-adcenter.net127.0.0.1 ugo.#[evidence-eliminator.com]127.0.0.1 Bar][Installer X Class]127.0.0.1 engage.everyone.net127.0.0.1 static.everyone.net127.0.0.1 exitexchange.com127.0.0.1 count.exitexchange.com127.0.0.1 images.exitexchange.com127.0.0.1 Zone site]127.0.0.1 #[EZCyber Search. A]127.0.0.1 net #[Grolier Network]127.0.0.1 micorsoft.com127.0.0.1 hijacker]127.0.0.1 adserver.mindshare.de127.0.0.1 Mini-Player]127.0.0.1 banner.missingkids.com127.0.0.1 ads.monster.com127.0.0.1 adserver.monster.com127.0.0.1 adserver.monster.com127.0.0.1 ads.monstermoving.com127.0.0.1 cookie.monster.com127.0.0.1 mp3today.net127.0.0.1 mpamexit.com127.0.0.1 msgtag.com127.0.0.1 img.#[Restricted Zone site]127.0.0.1 multi1co.uk127.0.0.1 #[Multimpp Obj Class][Adv Ware. Now Box]127.0.0.1 mediatickets.nubela.net127.0.0.1 nz127.0.0.1 okcounter.com127.0.0.1 net #[Trojan. C]127.0.0.1 stat.onestat.com127.0.0.1 one.ru127.0.0.1 ru127.0.0.1 stats0ru127.0.0.1 stats1ru127.0.0.1 stats2ru127.0.0.1 server1.opentracker.net127.0.0.1 ccc00.opinionlab.com127.0.0.1 rate.opinionlab.com127.0.0.1 net127.0.0.1 Organizer Class]127.0.0.1 com127.0.0.1 com127.0.0.1 otx5.otxresearch.com127.0.0.1 otx.#[OTXMedia.dll]127.0.0.1 Class]127.0.0.1 adpopper.#[bargain-buddy.net]127.0.0.1 click.payserve.com127.0.0.1 ad1com127.0.0.1 ad3com127.0.0.1 com127.0.0.1 ad4com127.0.0.1 ads5com127.0.0.1 com127.0.0.1 net127.0.0.1 ads.#[addynamix.com]127.0.0.1 banners.pennyweb.com127.0.0.1 D]127.0.0.1 ads.photosight.ru127.0.0.1 phpadsnew.com127.0.0.1 #[Backdoor.

EXE"O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [One Care UI] "C:\Program Files\Microsoft Windows One Care Live\winssnotify.exe"O4 - HKCU\..\Run: [Backup Notify] c:\Program Files\Hewlett-Packard\Digital Imaging\bin\O4 - HKCU\..\Run: [NVIEW] rundll32nview.dll,n View Load Hook O4 - HKCU\..\Run: [Real Player] "C:\Program Files\Real\Real One Player\realplay.exe" /Run UPGTool Command Re Boot O4 - HKCU\..\Run: [update Mgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\Adobe Update Ac Rd B7_0_9O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\O4 - Startup: Auto O4 - Global Startup: Adobe Reader Speed = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_O4 - Global Startup: HP Digital Imaging = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08O4 - Global Startup: Motorola Wireless USB = ? - C:\Program Files\i Pod\bin\i Pod O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32O23 - Service: Softex Omni Pass Service (omniserv) - Unknown owner - C:\Program Files\Softex\Omni Pass\O23 - Service: Ventrilo - Unknown owner - C:\Program Files\Vent Srv\ventrilo_O23 - Service: Windows Network Log Manage - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\MSInfo\Smit Fraud Fix v2.166Scan done at .25, Fri 04/13/2007Run from C:\Documents and Settings\Owner\Desktop\Smitfraud Fix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NTThe filesystem type is NTFSFix run in safe mode Shared Task Scheduler Before Smit Fraud Fix!!! Alexa][Alexa Toolbar]127.0.0.1 #[Backdoor-CIE]127.0.0.1 ads.as4#[Ticketmaster]127.0.0.1 net127.0.0.1 net127.0.0.1 ads.amazingmedia.com127.0.0.1 bohema.#[Trojan. H]127.0.0.1 adserver04.#[Real Media]127.0.0.1 ads.antionline.com127.0.0.1 net127.0.0.1 banner.arttoday.com127.0.0.1 #[amazon.com]127.0.0.1 #[UCSearch][W32. Surebar]127.0.0.1 ads.ezcybersearch.com127.0.0.1 everyone.net127.0.0.1 Search]127.0.0.1 ads.au127.0.0.1 au127.0.0.1 redirect.au127.0.0.1 campaigns.f2au127.0.0.1 Search][TROJ_STARTPAG. Bi Spy.o]127.0.0.1 mvtracker.com127.0.0.1 mvr3#[Nav Excel\n-CASE]127.0.0.1 #[Parasite. No Adware]127.0.0.1 ad.nobreak.com127.0.0.1 #[spam][server down?

O4 - Global Startup: Quicken Scheduled = C:\Program Files\Quicken\O4 - Global Startup: Updates from = C:\Program Files\Updates from HP\137903\Program\Back Web-137903O8 - Extra context menu item: &Yahoo! Attention, following keys are not inevitably infected!!! Ri Search Shared Task Scheduler's .dll[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Explorer\Shared Task Scheduler]""="frisbee"[HKEY_CLASSES_ROOT\CLSID\\In Proc Server32]@="C:\WINDOWS\system32\ygjun.dll"[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\\In Proc Server32]@="C:\WINDOWS\system32\ygjun.dll" Killing process hosts127.0.0.1 downloads.aaa1#[Bargin Buddy]127.0.0.1 dl.aaascreensavers.com127.0.0.1 abcsearch.com127.0.0.1 admin.abcsearch.com127.0.0.1 www3.#[Browseraid]127.0.0.1 abc517#[Trojan. Nav Excel]127.0.0.1 us127.0.0.1 ads.mydailyhoroscope.net127.0.0.1 Horoscope]127.0.0.1 com127.0.0.1 myhitlogger.com127.0.0.1 #[Parasite. My Page Finder]127.0.0.1 hit.namimedia.com127.0.0.1 ads.nandomedia.com127.0.0.1 #[Adware. Needed Ware]127.0.0.1 www6.netbroadcaster.com127.0.0.1 code.au127.0.0.1 money2.netfirms.com127.0.0.1 partner.netmechanic.com127.0.0.1 tracker.netmechanic.com127.0.0.1 counter.netmore.net127.0.0.1 ads.netsol.com127.0.0.1 ads.uk127.0.0.1 adq.nextag.com127.0.0.1 #[TROJ_DELF.

]][[

EXE\"""Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide""One Care UI"="\"C:\\Program Files\\Microsoft Windows One Care Live\\winssnotify.exe\"" [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]"DWQueued Reporting"="\"C:\\PROGRA~1\\COMMON~1\\MICROS~1\\DW\\dwtrig20.exe\" -t"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"Disable Task Mgr"=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]""="frisbee"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]""="Microsoft Anti Malware Shell Execute Hook"HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]"Security Providers"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages REG_MULTI_SZ msv1_0\0\0 Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0 Notification Packages REG_MULTI_SZ scecli\0\0HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\One Care MP [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\Current Version\Svchost]Local Service REG_MULTI_SZ Alerter\0Web Client\0Lm Hosts\0Remote Registry\0upnphost\0SSDPSRV\0\0Network Service REG_MULTI_SZ Dns Cache\0\0rpcss REG_MULTI_SZ Rpc Ss\0\0imgsvc REG_MULTI_SZ Sti Svc\0\0termsvcs REG_MULTI_SZ Term Service\0\0HTTPFilter REG_MULTI_SZ HTTPFilter\0\0Dcom Launch REG_MULTI_SZ Dcom Launch\0Term Service\0\0Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\MP Scheduled Quick C:\WINDOWS\tasks\MP Scheduled C:\WINDOWS\tasks\MP Scheduled Signature C:\WINDOWS\tasks\Symantec Net Detect.job********************************************************************catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006 hidden processes ...scanning hidden services ...scanning hidden autostart entries ...scanning hidden files ..completed successfullyhidden processes: 0hidden services: 0hidden files: 0********************************************************************Completion time: 07-04-13 C:\Combo ... EXEO4 - HKLM\..\Run: [Storage Guard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [Tk Bell Exe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Auto TKit] C:\hp\bin\AUTOTKIT. EXE C:\WINDOWS\System32\Nv Cpl.dll, Nv Startup O4 - HKLM\..\Run: [nwiz] /installquiet /keeploaded /nodetect O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\O4 - HKLM\..\Run: [Alcx Monitor] ALCXMNTR. DLLO18 - Protocol: msnim - - C:\PROGRA~1\MSNMES~1\MSGRAP~1. Adtomi]127.0.0.1 downldcl.adtoolsinc.com127.0.0.1 survey.advantageresearch.com127.0.0.1 ad.tw127.0.0.1 ads.advertise.net127.0.0.1 #[Adware. Arm Bender]127.0.0.1 audiogalaxy.com127.0.0.1 Zone site]127.0.0.1 adserving.autotrader.com127.0.0.1 Moe Money]127.0.0.1 Page-DA]127.0.0.1 c.#[ah-ha.com]127.0.0.1 #[xzoomy.com]127.0.0.1 epeople.com127.0.0.1 errorpage404#[JS_TRAFFICHBAR. Tiny Bar]127.0.0.1 er.errorplace.com127.0.0.1 vipuk.#[123Messenger Hijacker]127.0.0.1 antivirus spyware]127.0.0.1 Page-EZ][server down? Meerhits.nl]127.0.0.1 pokpok.meerhits.nl127.0.0.1 exit.megago.com127.0.0.1 squatter]127.0.0.1 Zone site]127.0.0.1 If so, click it, then click the next icon right below and select "Move incurable". Please copy/paste the content of that report into your next reply.*****************************Launch HJThis,click 'Open the Misc Tools Section'. EXEC:\Program Files\Microsoft Windows One Care Live\Firewall\C:\Program Files\Microsoft Windows One Care Live\C:\Program Files\Softex\Omni Pass\C:\WINDOWS\Explorer. Download Plus]127.0.0.1 ad.tomshardware.com127.0.0.1 #[IEDLL. EXEC:\windows\system\C:\WINDOWS\System32\C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\C:\Program Files\HP\HP Software Update\HPWu C:\WINDOWS\System32\hphmon05C:\HP\KBD\KBD. 07-04-13 Hijack logs Logfile of Hijack This v1.99.1Scan saved at AM, on 4/13/2007Platform: Windows XP SP2 (Win NT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16414)Running processes: C:\WINDOWS\System32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\Program Files\Microsoft Windows One Care Live\Antivirus\Ms Mp C:\WINDOWS\system32\C:\Program Files\Softex\Omni Pass\C:\WINDOWS\C:\Documents and Settings\Owner\Desktop\Hijack R1 - HKCU\Software\Microsoft\Internet Connection Wizard, Shell Next = - HKCU\Software\Microsoft\Windows\Current Version\Internet Settings, Proxy Override = localhost R3 - URLSearch Hook: Yahoo! EXEO4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD. EXEO4 - HKLM\..\Run: [Igfx Tray] C:\WINDOWS\System32\O4 - HKLM\..\Run: [Quick Time Task] "C:\Program Files\Quick Time\qttask.exe" -atboottime O4 - HKLM\..\Run: [i Tunes Helper] "C:\Program Files\i Tunes\i Tunes Helper.exe"O4 - HKLM\..\Run: [Quick Finder Scheduler] "c:\Program Files\Word Perfect Office 11\Programs\QFSCHD110. DLLO20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\Omni Pass\O20 - Winlogon Notify: Wga Logon - C:\WINDOWS\SYSTEM32\Wga O23 - Service: i Pod Service - Apple Computer, Inc. Advision]127.0.0.1 adviva.com127.0.0.1 ads.adviva.net127.0.0.1 adstats.adviva.net127.0.0.1 tracker.#[msvrl.dll]127.0.0.1 banners.affiliatefuel.com127.0.0.1 affiliatetarget.com127.0.0.1 fcds.affiliatetracking.net127.0.0.1 our.affiliatetracking.net127.0.0.1 partner.#[Troj/Subsear-A][Adware-SSF.dr]127.0.0.1 adserver.aim4media.com127.0.0.1 adtest.aim4media.com127.0.0.1 pops.aim4media.com127.0.0.1 crs.akamai.com127.0.0.1 soap.#[Spyware. Auto Startup]127.0.0.1 cploving.#[Trojan Clicker. ]127.0.0.1 perso.estat.com127.0.0.1 prof.estat.com127.0.0.1 Zone site]127.0.0.1 eu-adcenter.net127.0.0.1 thinknyc.eu-adcenter.net127.0.0.1 ugo.#[evidence-eliminator.com]127.0.0.1 Bar][Installer X Class]127.0.0.1 engage.everyone.net127.0.0.1 static.everyone.net127.0.0.1 exitexchange.com127.0.0.1 count.exitexchange.com127.0.0.1 images.exitexchange.com127.0.0.1 Zone site]127.0.0.1 #[EZCyber Search. A]127.0.0.1 net #[Grolier Network]127.0.0.1 micorsoft.com127.0.0.1 hijacker]127.0.0.1 adserver.mindshare.de127.0.0.1 Mini-Player]127.0.0.1 banner.missingkids.com127.0.0.1 ads.monster.com127.0.0.1 adserver.monster.com127.0.0.1 adserver.monster.com127.0.0.1 ads.monstermoving.com127.0.0.1 cookie.monster.com127.0.0.1 mp3today.net127.0.0.1 mpamexit.com127.0.0.1 msgtag.com127.0.0.1 img.#[Restricted Zone site]127.0.0.1 multi1co.uk127.0.0.1 #[Multimpp Obj Class][Adv Ware. Now Box]127.0.0.1 mediatickets.nubela.net127.0.0.1 nz127.0.0.1 okcounter.com127.0.0.1 net #[Trojan. C]127.0.0.1 stat.onestat.com127.0.0.1 one.ru127.0.0.1 ru127.0.0.1 stats0ru127.0.0.1 stats1ru127.0.0.1 stats2ru127.0.0.1 server1.opentracker.net127.0.0.1 ccc00.opinionlab.com127.0.0.1 rate.opinionlab.com127.0.0.1 net127.0.0.1 Organizer Class]127.0.0.1 com127.0.0.1 com127.0.0.1 otx5.otxresearch.com127.0.0.1 otx.#[OTXMedia.dll]127.0.0.1 Class]127.0.0.1 adpopper.#[bargain-buddy.net]127.0.0.1 click.payserve.com127.0.0.1 ad1com127.0.0.1 ad3com127.0.0.1 com127.0.0.1 ad4com127.0.0.1 ads5com127.0.0.1 com127.0.0.1 net127.0.0.1 ads.#[addynamix.com]127.0.0.1 banners.pennyweb.com127.0.0.1 D]127.0.0.1 ads.photosight.ru127.0.0.1 phpadsnew.com127.0.0.1 #[Backdoor. EXE"O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [One Care UI] "C:\Program Files\Microsoft Windows One Care Live\winssnotify.exe"O4 - HKCU\..\Run: [Backup Notify] c:\Program Files\Hewlett-Packard\Digital Imaging\bin\O4 - HKCU\..\Run: [NVIEW] rundll32nview.dll,n View Load Hook O4 - HKCU\..\Run: [Real Player] "C:\Program Files\Real\Real One Player\realplay.exe" /Run UPGTool Command Re Boot O4 - HKCU\..\Run: [update Mgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\Adobe Update Ac Rd B7_0_9O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\O4 - Startup: Auto O4 - Global Startup: Adobe Reader Speed = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_O4 - Global Startup: HP Digital Imaging = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08O4 - Global Startup: Motorola Wireless USB = ? - C:\Program Files\i Pod\bin\i Pod O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32O23 - Service: Softex Omni Pass Service (omniserv) - Unknown owner - C:\Program Files\Softex\Omni Pass\O23 - Service: Ventrilo - Unknown owner - C:\Program Files\Vent Srv\ventrilo_O23 - Service: Windows Network Log Manage - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\MSInfo\Smit Fraud Fix v2.166Scan done at .25, Fri 04/13/2007Run from C:\Documents and Settings\Owner\Desktop\Smitfraud Fix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NTThe filesystem type is NTFSFix run in safe mode Shared Task Scheduler Before Smit Fraud Fix!!! Alexa][Alexa Toolbar]127.0.0.1 #[Backdoor-CIE]127.0.0.1 ads.as4#[Ticketmaster]127.0.0.1 net127.0.0.1 net127.0.0.1 ads.amazingmedia.com127.0.0.1 bohema.#[Trojan. H]127.0.0.1 adserver04.#[Real Media]127.0.0.1 ads.antionline.com127.0.0.1 net127.0.0.1 banner.arttoday.com127.0.0.1 #[amazon.com]127.0.0.1 #[UCSearch][W32. Surebar]127.0.0.1 ads.ezcybersearch.com127.0.0.1 everyone.net127.0.0.1 Search]127.0.0.1 ads.au127.0.0.1 au127.0.0.1 redirect.au127.0.0.1 campaigns.f2au127.0.0.1 Search][TROJ_STARTPAG. Bi Spy.o]127.0.0.1 mvtracker.com127.0.0.1 mvr3#[Nav Excel\n-CASE]127.0.0.1 #[Parasite. No Adware]127.0.0.1 ad.nobreak.com127.0.0.1 #[spam][server down? O4 - Global Startup: Quicken Scheduled = C:\Program Files\Quicken\O4 - Global Startup: Updates from = C:\Program Files\Updates from HP\137903\Program\Back Web-137903O8 - Extra context menu item: &Yahoo! Attention, following keys are not inevitably infected!!! Ri Search Shared Task Scheduler's .dll[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Explorer\Shared Task Scheduler]""="frisbee"[HKEY_CLASSES_ROOT\CLSID\\In Proc Server32]@="C:\WINDOWS\system32\ygjun.dll"[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\\In Proc Server32]@="C:\WINDOWS\system32\ygjun.dll" Killing process hosts127.0.0.1 downloads.aaa1#[Bargin Buddy]127.0.0.1 dl.aaascreensavers.com127.0.0.1 abcsearch.com127.0.0.1 admin.abcsearch.com127.0.0.1 www3.#[Browseraid]127.0.0.1 abc517#[Trojan. Nav Excel]127.0.0.1 us127.0.0.1 ads.mydailyhoroscope.net127.0.0.1 Horoscope]127.0.0.1 com127.0.0.1 myhitlogger.com127.0.0.1 #[Parasite. My Page Finder]127.0.0.1 hit.namimedia.com127.0.0.1 ads.nandomedia.com127.0.0.1 #[Adware. Needed Ware]127.0.0.1 www6.netbroadcaster.com127.0.0.1 code.au127.0.0.1 money2.netfirms.com127.0.0.1 partner.netmechanic.com127.0.0.1 tracker.netmechanic.com127.0.0.1 counter.netmore.net127.0.0.1 ads.netsol.com127.0.0.1 ads.uk127.0.0.1 adq.nextag.com127.0.0.1 #[TROJ_DELF.

||

EXE\"""Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide""One Care UI"="\"C:\\Program Files\\Microsoft Windows One Care Live\\winssnotify.exe\"" [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]"DWQueued Reporting"="\"C:\\PROGRA~1\\COMMON~1\\MICROS~1\\DW\\dwtrig20.exe\" -t"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"Disable Task Mgr"=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]""="frisbee"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]""="Microsoft Anti Malware Shell Execute Hook"HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]"Security Providers"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages REG_MULTI_SZ msv1_0\0\0 Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0 Notification Packages REG_MULTI_SZ scecli\0\0HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\One Care MP [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\Current Version\Svchost]Local Service REG_MULTI_SZ Alerter\0Web Client\0Lm Hosts\0Remote Registry\0upnphost\0SSDPSRV\0\0Network Service REG_MULTI_SZ Dns Cache\0\0rpcss REG_MULTI_SZ Rpc Ss\0\0imgsvc REG_MULTI_SZ Sti Svc\0\0termsvcs REG_MULTI_SZ Term Service\0\0HTTPFilter REG_MULTI_SZ HTTPFilter\0\0Dcom Launch REG_MULTI_SZ Dcom Launch\0Term Service\0\0Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\MP Scheduled Quick C:\WINDOWS\tasks\MP Scheduled C:\WINDOWS\tasks\MP Scheduled Signature C:\WINDOWS\tasks\Symantec Net Detect.job********************************************************************catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006 hidden processes ...scanning hidden services ...scanning hidden autostart entries ...scanning hidden files ..completed successfullyhidden processes: 0hidden services: 0hidden files: 0********************************************************************Completion time: 07-04-13 C:\Combo ... EXEO4 - HKLM\..\Run: [Storage Guard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [Tk Bell Exe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Auto TKit] C:\hp\bin\AUTOTKIT. EXE C:\WINDOWS\System32\Nv Cpl.dll, Nv Startup O4 - HKLM\..\Run: [nwiz] /installquiet /keeploaded /nodetect O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\O4 - HKLM\..\Run: [Alcx Monitor] ALCXMNTR. DLLO18 - Protocol: msnim - - C:\PROGRA~1\MSNMES~1\MSGRAP~1. Adtomi]127.0.0.1 downldcl.adtoolsinc.com127.0.0.1 survey.advantageresearch.com127.0.0.1 ad.tw127.0.0.1 ads.advertise.net127.0.0.1 #[Adware. Arm Bender]127.0.0.1 audiogalaxy.com127.0.0.1 Zone site]127.0.0.1 adserving.autotrader.com127.0.0.1 Moe Money]127.0.0.1 Page-DA]127.0.0.1 c.#[ah-ha.com]127.0.0.1 #[xzoomy.com]127.0.0.1 epeople.com127.0.0.1 errorpage404#[JS_TRAFFICHBAR. Tiny Bar]127.0.0.1 er.errorplace.com127.0.0.1 vipuk.#[123Messenger Hijacker]127.0.0.1 antivirus spyware]127.0.0.1 Page-EZ][server down? Meerhits.nl]127.0.0.1 pokpok.meerhits.nl127.0.0.1 exit.megago.com127.0.0.1 squatter]127.0.0.1 Zone site]127.0.0.1

If so, click it, then click the next icon right below and select "Move incurable". Please copy/paste the content of that report into your next reply.*****************************Launch HJThis,click 'Open the Misc Tools Section'. EXEC:\Program Files\Microsoft Windows One Care Live\Firewall\C:\Program Files\Microsoft Windows One Care Live\C:\Program Files\Softex\Omni Pass\C:\WINDOWS\Explorer. Download Plus]127.0.0.1 ad.tomshardware.com127.0.0.1 #[IEDLL.

EXEC:\windows\system\C:\WINDOWS\System32\C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\C:\Program Files\HP\HP Software Update\HPWu C:\WINDOWS\System32\hphmon05C:\HP\KBD\KBD.

07-04-13 Hijack logs Logfile of Hijack This v1.99.1Scan saved at AM, on 4/13/2007Platform: Windows XP SP2 (Win NT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16414)Running processes: C:\WINDOWS\System32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\Program Files\Microsoft Windows One Care Live\Antivirus\Ms Mp C:\WINDOWS\system32\C:\Program Files\Softex\Omni Pass\C:\WINDOWS\C:\Documents and Settings\Owner\Desktop\Hijack R1 - HKCU\Software\Microsoft\Internet Connection Wizard, Shell Next = - HKCU\Software\Microsoft\Windows\Current Version\Internet Settings, Proxy Override = localhost R3 - URLSearch Hook: Yahoo! EXEO4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD. EXEO4 - HKLM\..\Run: [Igfx Tray] C:\WINDOWS\System32\O4 - HKLM\..\Run: [Quick Time Task] "C:\Program Files\Quick Time\qttask.exe" -atboottime O4 - HKLM\..\Run: [i Tunes Helper] "C:\Program Files\i Tunes\i Tunes Helper.exe"O4 - HKLM\..\Run: [Quick Finder Scheduler] "c:\Program Files\Word Perfect Office 11\Programs\QFSCHD110. DLLO20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\Omni Pass\O20 - Winlogon Notify: Wga Logon - C:\WINDOWS\SYSTEM32\Wga O23 - Service: i Pod Service - Apple Computer, Inc. Advision]127.0.0.1 adviva.com127.0.0.1 ads.adviva.net127.0.0.1 adstats.adviva.net127.0.0.1 tracker.#[msvrl.dll]127.0.0.1 banners.affiliatefuel.com127.0.0.1 affiliatetarget.com127.0.0.1 fcds.affiliatetracking.net127.0.0.1 our.affiliatetracking.net127.0.0.1 partner.#[Troj/Subsear-A][Adware-SSF.dr]127.0.0.1 adserver.aim4media.com127.0.0.1 adtest.aim4media.com127.0.0.1 pops.aim4media.com127.0.0.1 crs.akamai.com127.0.0.1 soap.#[Spyware. Auto Startup]127.0.0.1 cploving.#[Trojan Clicker. ]127.0.0.1 perso.estat.com127.0.0.1 prof.estat.com127.0.0.1 Zone site]127.0.0.1 eu-adcenter.net127.0.0.1 thinknyc.eu-adcenter.net127.0.0.1 ugo.#[evidence-eliminator.com]127.0.0.1 Bar][Installer X Class]127.0.0.1 engage.everyone.net127.0.0.1 static.everyone.net127.0.0.1 exitexchange.com127.0.0.1 count.exitexchange.com127.0.0.1 images.exitexchange.com127.0.0.1 Zone site]127.0.0.1 #[EZCyber Search. A]127.0.0.1 net #[Grolier Network]127.0.0.1 micorsoft.com127.0.0.1 hijacker]127.0.0.1 adserver.mindshare.de127.0.0.1 Mini-Player]127.0.0.1 banner.missingkids.com127.0.0.1 ads.monster.com127.0.0.1 adserver.monster.com127.0.0.1 adserver.monster.com127.0.0.1 ads.monstermoving.com127.0.0.1 cookie.monster.com127.0.0.1 mp3today.net127.0.0.1 mpamexit.com127.0.0.1 msgtag.com127.0.0.1 img.#[Restricted Zone site]127.0.0.1 multi1co.uk127.0.0.1 #[Multimpp Obj Class][Adv Ware. Now Box]127.0.0.1 mediatickets.nubela.net127.0.0.1 nz127.0.0.1 okcounter.com127.0.0.1 net #[Trojan. C]127.0.0.1 stat.onestat.com127.0.0.1 one.ru127.0.0.1 ru127.0.0.1 stats0ru127.0.0.1 stats1ru127.0.0.1 stats2ru127.0.0.1 server1.opentracker.net127.0.0.1 ccc00.opinionlab.com127.0.0.1 rate.opinionlab.com127.0.0.1 net127.0.0.1 Organizer Class]127.0.0.1 com127.0.0.1 com127.0.0.1 otx5.otxresearch.com127.0.0.1 otx.#[OTXMedia.dll]127.0.0.1 Class]127.0.0.1 adpopper.#[bargain-buddy.net]127.0.0.1 click.payserve.com127.0.0.1 ad1com127.0.0.1 ad3com127.0.0.1 com127.0.0.1 ad4com127.0.0.1 ads5com127.0.0.1 com127.0.0.1 net127.0.0.1 ads.#[addynamix.com]127.0.0.1 banners.pennyweb.com127.0.0.1 D]127.0.0.1 ads.photosight.ru127.0.0.1 phpadsnew.com127.0.0.1 #[Backdoor.

EXE"O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [One Care UI] "C:\Program Files\Microsoft Windows One Care Live\winssnotify.exe"O4 - HKCU\..\Run: [Backup Notify] c:\Program Files\Hewlett-Packard\Digital Imaging\bin\O4 - HKCU\..\Run: [NVIEW] rundll32nview.dll,n View Load Hook O4 - HKCU\..\Run: [Real Player] "C:\Program Files\Real\Real One Player\realplay.exe" /Run UPGTool Command Re Boot O4 - HKCU\..\Run: [update Mgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\Adobe Update Ac Rd B7_0_9O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\O4 - Startup: Auto O4 - Global Startup: Adobe Reader Speed = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_O4 - Global Startup: HP Digital Imaging = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08O4 - Global Startup: Motorola Wireless USB = ? - C:\Program Files\i Pod\bin\i Pod O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32O23 - Service: Softex Omni Pass Service (omniserv) - Unknown owner - C:\Program Files\Softex\Omni Pass\O23 - Service: Ventrilo - Unknown owner - C:\Program Files\Vent Srv\ventrilo_O23 - Service: Windows Network Log Manage - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\MSInfo\Smit Fraud Fix v2.166Scan done at .25, Fri 04/13/2007Run from C:\Documents and Settings\Owner\Desktop\Smitfraud Fix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NTThe filesystem type is NTFSFix run in safe mode Shared Task Scheduler Before Smit Fraud Fix!!! Alexa][Alexa Toolbar]127.0.0.1 #[Backdoor-CIE]127.0.0.1 ads.as4#[Ticketmaster]127.0.0.1 net127.0.0.1 net127.0.0.1 ads.amazingmedia.com127.0.0.1 bohema.#[Trojan. H]127.0.0.1 adserver04.#[Real Media]127.0.0.1 ads.antionline.com127.0.0.1 net127.0.0.1 banner.arttoday.com127.0.0.1 #[amazon.com]127.0.0.1 #[UCSearch][W32. Surebar]127.0.0.1 ads.ezcybersearch.com127.0.0.1 everyone.net127.0.0.1 Search]127.0.0.1 ads.au127.0.0.1 au127.0.0.1 redirect.au127.0.0.1 campaigns.f2au127.0.0.1 Search][TROJ_STARTPAG. Bi Spy.o]127.0.0.1 mvtracker.com127.0.0.1 mvr3#[Nav Excel\n-CASE]127.0.0.1 #[Parasite. No Adware]127.0.0.1 ad.nobreak.com127.0.0.1 #[spam][server down?

O4 - Global Startup: Quicken Scheduled = C:\Program Files\Quicken\O4 - Global Startup: Updates from = C:\Program Files\Updates from HP\137903\Program\Back Web-137903O8 - Extra context menu item: &Yahoo! Attention, following keys are not inevitably infected!!! Ri Search Shared Task Scheduler's .dll[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Explorer\Shared Task Scheduler]""="frisbee"[HKEY_CLASSES_ROOT\CLSID\\In Proc Server32]@="C:\WINDOWS\system32\ygjun.dll"[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\\In Proc Server32]@="C:\WINDOWS\system32\ygjun.dll" Killing process hosts127.0.0.1 downloads.aaa1#[Bargin Buddy]127.0.0.1 dl.aaascreensavers.com127.0.0.1 abcsearch.com127.0.0.1 admin.abcsearch.com127.0.0.1 www3.#[Browseraid]127.0.0.1 abc517#[Trojan. Nav Excel]127.0.0.1 us127.0.0.1 ads.mydailyhoroscope.net127.0.0.1 Horoscope]127.0.0.1 com127.0.0.1 myhitlogger.com127.0.0.1 #[Parasite. My Page Finder]127.0.0.1 hit.namimedia.com127.0.0.1 ads.nandomedia.com127.0.0.1 #[Adware. Needed Ware]127.0.0.1 www6.netbroadcaster.com127.0.0.1 code.au127.0.0.1 money2.netfirms.com127.0.0.1 partner.netmechanic.com127.0.0.1 tracker.netmechanic.com127.0.0.1 counter.netmore.net127.0.0.1 ads.netsol.com127.0.0.1 ads.uk127.0.0.1 adq.nextag.com127.0.0.1 #[TROJ_DELF.

]]imgsvc REG_MULTI_SZ Sti Svc[[

EXE\"""Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide""One Care UI"="\"C:\\Program Files\\Microsoft Windows One Care Live\\winssnotify.exe\"" [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]"DWQueued Reporting"="\"C:\\PROGRA~1\\COMMON~1\\MICROS~1\\DW\\dwtrig20.exe\" -t"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"Disable Task Mgr"=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]""="frisbee"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]""="Microsoft Anti Malware Shell Execute Hook"HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]"Security Providers"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages REG_MULTI_SZ msv1_0\0\0 Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0 Notification Packages REG_MULTI_SZ scecli\0\0HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\One Care MP [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\Current Version\Svchost]Local Service REG_MULTI_SZ Alerter\0Web Client\0Lm Hosts\0Remote Registry\0upnphost\0SSDPSRV\0\0Network Service REG_MULTI_SZ Dns Cache\0\0rpcss REG_MULTI_SZ Rpc Ss\0\0imgsvc REG_MULTI_SZ Sti Svc\0\0termsvcs REG_MULTI_SZ Term Service\0\0HTTPFilter REG_MULTI_SZ HTTPFilter\0\0Dcom Launch REG_MULTI_SZ Dcom Launch\0Term Service\0\0Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\MP Scheduled Quick C:\WINDOWS\tasks\MP Scheduled C:\WINDOWS\tasks\MP Scheduled Signature C:\WINDOWS\tasks\Symantec Net Detect.job********************************************************************catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006 hidden processes ...scanning hidden services ...scanning hidden autostart entries ...scanning hidden files ..completed successfullyhidden processes: 0hidden services: 0hidden files: 0********************************************************************Completion time: 07-04-13 C:\Combo ... EXEO4 - HKLM\..\Run: [Storage Guard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [Tk Bell Exe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Auto TKit] C:\hp\bin\AUTOTKIT. EXE C:\WINDOWS\System32\Nv Cpl.dll, Nv Startup O4 - HKLM\..\Run: [nwiz] /installquiet /keeploaded /nodetect O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\O4 - HKLM\..\Run: [Alcx Monitor] ALCXMNTR. DLLO18 - Protocol: msnim - - C:\PROGRA~1\MSNMES~1\MSGRAP~1. Adtomi]127.0.0.1 downldcl.adtoolsinc.com127.0.0.1 survey.advantageresearch.com127.0.0.1 ad.tw127.0.0.1 ads.advertise.net127.0.0.1 #[Adware. Arm Bender]127.0.0.1 audiogalaxy.com127.0.0.1 Zone site]127.0.0.1 adserving.autotrader.com127.0.0.1 Moe Money]127.0.0.1 Page-DA]127.0.0.1 c.#[ah-ha.com]127.0.0.1 #[xzoomy.com]127.0.0.1 epeople.com127.0.0.1 errorpage404#[JS_TRAFFICHBAR. Tiny Bar]127.0.0.1 er.errorplace.com127.0.0.1 vipuk.#[123Messenger Hijacker]127.0.0.1 antivirus spyware]127.0.0.1 Page-EZ][server down? Meerhits.nl]127.0.0.1 pokpok.meerhits.nl127.0.0.1 exit.megago.com127.0.0.1 squatter]127.0.0.1 Zone site]127.0.0.1 If so, click it, then click the next icon right below and select "Move incurable". Please copy/paste the content of that report into your next reply.*****************************Launch HJThis,click 'Open the Misc Tools Section'. EXEC:\Program Files\Microsoft Windows One Care Live\Firewall\C:\Program Files\Microsoft Windows One Care Live\C:\Program Files\Softex\Omni Pass\C:\WINDOWS\Explorer. Download Plus]127.0.0.1 ad.tomshardware.com127.0.0.1 #[IEDLL. EXEC:\windows\system\C:\WINDOWS\System32\C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\C:\Program Files\HP\HP Software Update\HPWu C:\WINDOWS\System32\hphmon05C:\HP\KBD\KBD. 07-04-13 Hijack logs Logfile of Hijack This v1.99.1Scan saved at AM, on 4/13/2007Platform: Windows XP SP2 (Win NT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16414)Running processes: C:\WINDOWS\System32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\Program Files\Microsoft Windows One Care Live\Antivirus\Ms Mp C:\WINDOWS\system32\C:\Program Files\Softex\Omni Pass\C:\WINDOWS\C:\Documents and Settings\Owner\Desktop\Hijack R1 - HKCU\Software\Microsoft\Internet Connection Wizard, Shell Next = - HKCU\Software\Microsoft\Windows\Current Version\Internet Settings, Proxy Override = localhost R3 - URLSearch Hook: Yahoo! EXEO4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD. EXEO4 - HKLM\..\Run: [Igfx Tray] C:\WINDOWS\System32\O4 - HKLM\..\Run: [Quick Time Task] "C:\Program Files\Quick Time\qttask.exe" -atboottime O4 - HKLM\..\Run: [i Tunes Helper] "C:\Program Files\i Tunes\i Tunes Helper.exe"O4 - HKLM\..\Run: [Quick Finder Scheduler] "c:\Program Files\Word Perfect Office 11\Programs\QFSCHD110. DLLO20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\Omni Pass\O20 - Winlogon Notify: Wga Logon - C:\WINDOWS\SYSTEM32\Wga O23 - Service: i Pod Service - Apple Computer, Inc. Advision]127.0.0.1 adviva.com127.0.0.1 ads.adviva.net127.0.0.1 adstats.adviva.net127.0.0.1 tracker.#[msvrl.dll]127.0.0.1 banners.affiliatefuel.com127.0.0.1 affiliatetarget.com127.0.0.1 fcds.affiliatetracking.net127.0.0.1 our.affiliatetracking.net127.0.0.1 partner.#[Troj/Subsear-A][Adware-SSF.dr]127.0.0.1 adserver.aim4media.com127.0.0.1 adtest.aim4media.com127.0.0.1 pops.aim4media.com127.0.0.1 crs.akamai.com127.0.0.1 soap.#[Spyware. Auto Startup]127.0.0.1 cploving.#[Trojan Clicker. ]127.0.0.1 perso.estat.com127.0.0.1 prof.estat.com127.0.0.1 Zone site]127.0.0.1 eu-adcenter.net127.0.0.1 thinknyc.eu-adcenter.net127.0.0.1 ugo.#[evidence-eliminator.com]127.0.0.1 Bar][Installer X Class]127.0.0.1 engage.everyone.net127.0.0.1 static.everyone.net127.0.0.1 exitexchange.com127.0.0.1 count.exitexchange.com127.0.0.1 images.exitexchange.com127.0.0.1 Zone site]127.0.0.1 #[EZCyber Search. A]127.0.0.1 net #[Grolier Network]127.0.0.1 micorsoft.com127.0.0.1 hijacker]127.0.0.1 adserver.mindshare.de127.0.0.1 Mini-Player]127.0.0.1 banner.missingkids.com127.0.0.1 ads.monster.com127.0.0.1 adserver.monster.com127.0.0.1 adserver.monster.com127.0.0.1 ads.monstermoving.com127.0.0.1 cookie.monster.com127.0.0.1 mp3today.net127.0.0.1 mpamexit.com127.0.0.1 msgtag.com127.0.0.1 img.#[Restricted Zone site]127.0.0.1 multi1co.uk127.0.0.1 #[Multimpp Obj Class][Adv Ware. Now Box]127.0.0.1 mediatickets.nubela.net127.0.0.1 nz127.0.0.1 okcounter.com127.0.0.1 net #[Trojan. C]127.0.0.1 stat.onestat.com127.0.0.1 one.ru127.0.0.1 ru127.0.0.1 stats0ru127.0.0.1 stats1ru127.0.0.1 stats2ru127.0.0.1 server1.opentracker.net127.0.0.1 ccc00.opinionlab.com127.0.0.1 rate.opinionlab.com127.0.0.1 net127.0.0.1 Organizer Class]127.0.0.1 com127.0.0.1 com127.0.0.1 otx5.otxresearch.com127.0.0.1 otx.#[OTXMedia.dll]127.0.0.1 Class]127.0.0.1 adpopper.#[bargain-buddy.net]127.0.0.1 click.payserve.com127.0.0.1 ad1com127.0.0.1 ad3com127.0.0.1 com127.0.0.1 ad4com127.0.0.1 ads5com127.0.0.1 com127.0.0.1 net127.0.0.1 ads.#[addynamix.com]127.0.0.1 banners.pennyweb.com127.0.0.1 D]127.0.0.1 ads.photosight.ru127.0.0.1 phpadsnew.com127.0.0.1 #[Backdoor. EXE"O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [One Care UI] "C:\Program Files\Microsoft Windows One Care Live\winssnotify.exe"O4 - HKCU\..\Run: [Backup Notify] c:\Program Files\Hewlett-Packard\Digital Imaging\bin\O4 - HKCU\..\Run: [NVIEW] rundll32nview.dll,n View Load Hook O4 - HKCU\..\Run: [Real Player] "C:\Program Files\Real\Real One Player\realplay.exe" /Run UPGTool Command Re Boot O4 - HKCU\..\Run: [update Mgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\Adobe Update Ac Rd B7_0_9O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\O4 - Startup: Auto O4 - Global Startup: Adobe Reader Speed = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_O4 - Global Startup: HP Digital Imaging = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08O4 - Global Startup: Motorola Wireless USB = ? - C:\Program Files\i Pod\bin\i Pod O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32O23 - Service: Softex Omni Pass Service (omniserv) - Unknown owner - C:\Program Files\Softex\Omni Pass\O23 - Service: Ventrilo - Unknown owner - C:\Program Files\Vent Srv\ventrilo_O23 - Service: Windows Network Log Manage - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\MSInfo\Smit Fraud Fix v2.166Scan done at .25, Fri 04/13/2007Run from C:\Documents and Settings\Owner\Desktop\Smitfraud Fix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NTThe filesystem type is NTFSFix run in safe mode Shared Task Scheduler Before Smit Fraud Fix!!! Alexa][Alexa Toolbar]127.0.0.1 #[Backdoor-CIE]127.0.0.1 ads.as4#[Ticketmaster]127.0.0.1 net127.0.0.1 net127.0.0.1 ads.amazingmedia.com127.0.0.1 bohema.#[Trojan. H]127.0.0.1 adserver04.#[Real Media]127.0.0.1 ads.antionline.com127.0.0.1 net127.0.0.1 banner.arttoday.com127.0.0.1 #[amazon.com]127.0.0.1 #[UCSearch][W32. Surebar]127.0.0.1 ads.ezcybersearch.com127.0.0.1 everyone.net127.0.0.1 Search]127.0.0.1 ads.au127.0.0.1 au127.0.0.1 redirect.au127.0.0.1 campaigns.f2au127.0.0.1 Search][TROJ_STARTPAG. Bi Spy.o]127.0.0.1 mvtracker.com127.0.0.1 mvr3#[Nav Excel\n-CASE]127.0.0.1 #[Parasite. No Adware]127.0.0.1 ad.nobreak.com127.0.0.1 #[spam][server down? O4 - Global Startup: Quicken Scheduled = C:\Program Files\Quicken\O4 - Global Startup: Updates from = C:\Program Files\Updates from HP\137903\Program\Back Web-137903O8 - Extra context menu item: &Yahoo! Attention, following keys are not inevitably infected!!! Ri Search Shared Task Scheduler's .dll[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Explorer\Shared Task Scheduler]""="frisbee"[HKEY_CLASSES_ROOT\CLSID\\In Proc Server32]@="C:\WINDOWS\system32\ygjun.dll"[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\\In Proc Server32]@="C:\WINDOWS\system32\ygjun.dll" Killing process hosts127.0.0.1 downloads.aaa1#[Bargin Buddy]127.0.0.1 dl.aaascreensavers.com127.0.0.1 abcsearch.com127.0.0.1 admin.abcsearch.com127.0.0.1 www3.#[Browseraid]127.0.0.1 abc517#[Trojan. Nav Excel]127.0.0.1 us127.0.0.1 ads.mydailyhoroscope.net127.0.0.1 Horoscope]127.0.0.1 com127.0.0.1 myhitlogger.com127.0.0.1 #[Parasite. My Page Finder]127.0.0.1 hit.namimedia.com127.0.0.1 ads.nandomedia.com127.0.0.1 #[Adware. Needed Ware]127.0.0.1 www6.netbroadcaster.com127.0.0.1 code.au127.0.0.1 money2.netfirms.com127.0.0.1 partner.netmechanic.com127.0.0.1 tracker.netmechanic.com127.0.0.1 counter.netmore.net127.0.0.1 ads.netsol.com127.0.0.1 ads.uk127.0.0.1 adq.nextag.com127.0.0.1 #[TROJ_DELF.

||

EXE\"""Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide""One Care UI"="\"C:\\Program Files\\Microsoft Windows One Care Live\\winssnotify.exe\"" [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]"DWQueued Reporting"="\"C:\\PROGRA~1\\COMMON~1\\MICROS~1\\DW\\dwtrig20.exe\" -t"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"Disable Task Mgr"=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]""="frisbee"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]""="Microsoft Anti Malware Shell Execute Hook"HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]"Security Providers"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages REG_MULTI_SZ msv1_0\0\0 Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0 Notification Packages REG_MULTI_SZ scecli\0\0HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\One Care MP [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\Current Version\Svchost]Local Service REG_MULTI_SZ Alerter\0Web Client\0Lm Hosts\0Remote Registry\0upnphost\0SSDPSRV\0\0Network Service REG_MULTI_SZ Dns Cache\0\0rpcss REG_MULTI_SZ Rpc Ss\0\0imgsvc REG_MULTI_SZ Sti Svc\0\0termsvcs REG_MULTI_SZ Term Service\0\0HTTPFilter REG_MULTI_SZ HTTPFilter\0\0Dcom Launch REG_MULTI_SZ Dcom Launch\0Term Service\0\0Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\MP Scheduled Quick C:\WINDOWS\tasks\MP Scheduled C:\WINDOWS\tasks\MP Scheduled Signature C:\WINDOWS\tasks\Symantec Net Detect.job********************************************************************catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006 hidden processes ...scanning hidden services ...scanning hidden autostart entries ...scanning hidden files ..completed successfullyhidden processes: 0hidden services: 0hidden files: 0********************************************************************Completion time: 07-04-13 C:\Combo ... EXEO4 - HKLM\..\Run: [Storage Guard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [Tk Bell Exe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Auto TKit] C:\hp\bin\AUTOTKIT. EXE C:\WINDOWS\System32\Nv Cpl.dll, Nv Startup O4 - HKLM\..\Run: [nwiz] /installquiet /keeploaded /nodetect O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\O4 - HKLM\..\Run: [Alcx Monitor] ALCXMNTR. DLLO18 - Protocol: msnim - - C:\PROGRA~1\MSNMES~1\MSGRAP~1. Adtomi]127.0.0.1 downldcl.adtoolsinc.com127.0.0.1 survey.advantageresearch.com127.0.0.1 ad.tw127.0.0.1 ads.advertise.net127.0.0.1 #[Adware. Arm Bender]127.0.0.1 audiogalaxy.com127.0.0.1 Zone site]127.0.0.1 adserving.autotrader.com127.0.0.1 Moe Money]127.0.0.1 Page-DA]127.0.0.1 c.#[ah-ha.com]127.0.0.1 #[xzoomy.com]127.0.0.1 epeople.com127.0.0.1 errorpage404#[JS_TRAFFICHBAR. Tiny Bar]127.0.0.1 er.errorplace.com127.0.0.1 vipuk.#[123Messenger Hijacker]127.0.0.1 antivirus spyware]127.0.0.1 Page-EZ][server down? Meerhits.nl]127.0.0.1 pokpok.meerhits.nl127.0.0.1 exit.megago.com127.0.0.1 squatter]127.0.0.1 Zone site]127.0.0.1

If so, click it, then click the next icon right below and select "Move incurable". Please copy/paste the content of that report into your next reply.*****************************Launch HJThis,click 'Open the Misc Tools Section'. EXEC:\Program Files\Microsoft Windows One Care Live\Firewall\C:\Program Files\Microsoft Windows One Care Live\C:\Program Files\Softex\Omni Pass\C:\WINDOWS\Explorer. Download Plus]127.0.0.1 ad.tomshardware.com127.0.0.1 #[IEDLL.

EXEC:\windows\system\C:\WINDOWS\System32\C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\C:\Program Files\HP\HP Software Update\HPWu C:\WINDOWS\System32\hphmon05C:\HP\KBD\KBD.

07-04-13 Hijack logs Logfile of Hijack This v1.99.1Scan saved at AM, on 4/13/2007Platform: Windows XP SP2 (Win NT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16414)Running processes: C:\WINDOWS\System32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\Program Files\Microsoft Windows One Care Live\Antivirus\Ms Mp C:\WINDOWS\system32\C:\Program Files\Softex\Omni Pass\C:\WINDOWS\C:\Documents and Settings\Owner\Desktop\Hijack R1 - HKCU\Software\Microsoft\Internet Connection Wizard, Shell Next = - HKCU\Software\Microsoft\Windows\Current Version\Internet Settings, Proxy Override = localhost R3 - URLSearch Hook: Yahoo! EXEO4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD. EXEO4 - HKLM\..\Run: [Igfx Tray] C:\WINDOWS\System32\O4 - HKLM\..\Run: [Quick Time Task] "C:\Program Files\Quick Time\qttask.exe" -atboottime O4 - HKLM\..\Run: [i Tunes Helper] "C:\Program Files\i Tunes\i Tunes Helper.exe"O4 - HKLM\..\Run: [Quick Finder Scheduler] "c:\Program Files\Word Perfect Office 11\Programs\QFSCHD110. DLLO20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\Omni Pass\O20 - Winlogon Notify: Wga Logon - C:\WINDOWS\SYSTEM32\Wga O23 - Service: i Pod Service - Apple Computer, Inc. Advision]127.0.0.1 adviva.com127.0.0.1 ads.adviva.net127.0.0.1 adstats.adviva.net127.0.0.1 tracker.#[msvrl.dll]127.0.0.1 banners.affiliatefuel.com127.0.0.1 affiliatetarget.com127.0.0.1 fcds.affiliatetracking.net127.0.0.1 our.affiliatetracking.net127.0.0.1 partner.#[Troj/Subsear-A][Adware-SSF.dr]127.0.0.1 adserver.aim4media.com127.0.0.1 adtest.aim4media.com127.0.0.1 pops.aim4media.com127.0.0.1 crs.akamai.com127.0.0.1 soap.#[Spyware. Auto Startup]127.0.0.1 cploving.#[Trojan Clicker. ]127.0.0.1 perso.estat.com127.0.0.1 prof.estat.com127.0.0.1 Zone site]127.0.0.1 eu-adcenter.net127.0.0.1 thinknyc.eu-adcenter.net127.0.0.1 ugo.#[evidence-eliminator.com]127.0.0.1 Bar][Installer X Class]127.0.0.1 engage.everyone.net127.0.0.1 static.everyone.net127.0.0.1 exitexchange.com127.0.0.1 count.exitexchange.com127.0.0.1 images.exitexchange.com127.0.0.1 Zone site]127.0.0.1 #[EZCyber Search. A]127.0.0.1 net #[Grolier Network]127.0.0.1 micorsoft.com127.0.0.1 hijacker]127.0.0.1 adserver.mindshare.de127.0.0.1 Mini-Player]127.0.0.1 banner.missingkids.com127.0.0.1 ads.monster.com127.0.0.1 adserver.monster.com127.0.0.1 adserver.monster.com127.0.0.1 ads.monstermoving.com127.0.0.1 cookie.monster.com127.0.0.1 mp3today.net127.0.0.1 mpamexit.com127.0.0.1 msgtag.com127.0.0.1 img.#[Restricted Zone site]127.0.0.1 multi1co.uk127.0.0.1 #[Multimpp Obj Class][Adv Ware. Now Box]127.0.0.1 mediatickets.nubela.net127.0.0.1 nz127.0.0.1 okcounter.com127.0.0.1 net #[Trojan. C]127.0.0.1 stat.onestat.com127.0.0.1 one.ru127.0.0.1 ru127.0.0.1 stats0ru127.0.0.1 stats1ru127.0.0.1 stats2ru127.0.0.1 server1.opentracker.net127.0.0.1 ccc00.opinionlab.com127.0.0.1 rate.opinionlab.com127.0.0.1 net127.0.0.1 Organizer Class]127.0.0.1 com127.0.0.1 com127.0.0.1 otx5.otxresearch.com127.0.0.1 otx.#[OTXMedia.dll]127.0.0.1 Class]127.0.0.1 adpopper.#[bargain-buddy.net]127.0.0.1 click.payserve.com127.0.0.1 ad1com127.0.0.1 ad3com127.0.0.1 com127.0.0.1 ad4com127.0.0.1 ads5com127.0.0.1 com127.0.0.1 net127.0.0.1 ads.#[addynamix.com]127.0.0.1 banners.pennyweb.com127.0.0.1 D]127.0.0.1 ads.photosight.ru127.0.0.1 phpadsnew.com127.0.0.1 #[Backdoor.

EXE"O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [One Care UI] "C:\Program Files\Microsoft Windows One Care Live\winssnotify.exe"O4 - HKCU\..\Run: [Backup Notify] c:\Program Files\Hewlett-Packard\Digital Imaging\bin\O4 - HKCU\..\Run: [NVIEW] rundll32nview.dll,n View Load Hook O4 - HKCU\..\Run: [Real Player] "C:\Program Files\Real\Real One Player\realplay.exe" /Run UPGTool Command Re Boot O4 - HKCU\..\Run: [update Mgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\Adobe Update Ac Rd B7_0_9O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\O4 - Startup: Auto O4 - Global Startup: Adobe Reader Speed = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_O4 - Global Startup: HP Digital Imaging = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08O4 - Global Startup: Motorola Wireless USB = ? - C:\Program Files\i Pod\bin\i Pod O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32O23 - Service: Softex Omni Pass Service (omniserv) - Unknown owner - C:\Program Files\Softex\Omni Pass\O23 - Service: Ventrilo - Unknown owner - C:\Program Files\Vent Srv\ventrilo_O23 - Service: Windows Network Log Manage - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\MSInfo\Smit Fraud Fix v2.166Scan done at .25, Fri 04/13/2007Run from C:\Documents and Settings\Owner\Desktop\Smitfraud Fix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NTThe filesystem type is NTFSFix run in safe mode Shared Task Scheduler Before Smit Fraud Fix!!! Alexa][Alexa Toolbar]127.0.0.1 #[Backdoor-CIE]127.0.0.1 ads.as4#[Ticketmaster]127.0.0.1 net127.0.0.1 net127.0.0.1 ads.amazingmedia.com127.0.0.1 bohema.#[Trojan. H]127.0.0.1 adserver04.#[Real Media]127.0.0.1 ads.antionline.com127.0.0.1 net127.0.0.1 banner.arttoday.com127.0.0.1 #[amazon.com]127.0.0.1 #[UCSearch][W32. Surebar]127.0.0.1 ads.ezcybersearch.com127.0.0.1 everyone.net127.0.0.1 Search]127.0.0.1 ads.au127.0.0.1 au127.0.0.1 redirect.au127.0.0.1 campaigns.f2au127.0.0.1 Search][TROJ_STARTPAG. Bi Spy.o]127.0.0.1 mvtracker.com127.0.0.1 mvr3#[Nav Excel\n-CASE]127.0.0.1 #[Parasite. No Adware]127.0.0.1 ad.nobreak.com127.0.0.1 #[spam][server down?

O4 - Global Startup: Quicken Scheduled = C:\Program Files\Quicken\O4 - Global Startup: Updates from = C:\Program Files\Updates from HP\137903\Program\Back Web-137903O8 - Extra context menu item: &Yahoo! Attention, following keys are not inevitably infected!!! Ri Search Shared Task Scheduler's .dll[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Explorer\Shared Task Scheduler]""="frisbee"[HKEY_CLASSES_ROOT\CLSID\\In Proc Server32]@="C:\WINDOWS\system32\ygjun.dll"[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\\In Proc Server32]@="C:\WINDOWS\system32\ygjun.dll" Killing process hosts127.0.0.1 downloads.aaa1#[Bargin Buddy]127.0.0.1 dl.aaascreensavers.com127.0.0.1 abcsearch.com127.0.0.1 admin.abcsearch.com127.0.0.1 www3.#[Browseraid]127.0.0.1 abc517#[Trojan. Nav Excel]127.0.0.1 us127.0.0.1 ads.mydailyhoroscope.net127.0.0.1 Horoscope]127.0.0.1 com127.0.0.1 myhitlogger.com127.0.0.1 #[Parasite. My Page Finder]127.0.0.1 hit.namimedia.com127.0.0.1 ads.nandomedia.com127.0.0.1 #[Adware. Needed Ware]127.0.0.1 www6.netbroadcaster.com127.0.0.1 code.au127.0.0.1 money2.netfirms.com127.0.0.1 partner.netmechanic.com127.0.0.1 tracker.netmechanic.com127.0.0.1 counter.netmore.net127.0.0.1 ads.netsol.com127.0.0.1 ads.uk127.0.0.1 adq.nextag.com127.0.0.1 #[TROJ_DELF.

]][[

EXE\"""Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide""One Care UI"="\"C:\\Program Files\\Microsoft Windows One Care Live\\winssnotify.exe\"" [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]"DWQueued Reporting"="\"C:\\PROGRA~1\\COMMON~1\\MICROS~1\\DW\\dwtrig20.exe\" -t"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"Disable Task Mgr"=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]""="frisbee"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]""="Microsoft Anti Malware Shell Execute Hook"HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]"Security Providers"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages REG_MULTI_SZ msv1_0\0\0 Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0 Notification Packages REG_MULTI_SZ scecli\0\0HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\One Care MP [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\Current Version\Svchost]Local Service REG_MULTI_SZ Alerter\0Web Client\0Lm Hosts\0Remote Registry\0upnphost\0SSDPSRV\0\0Network Service REG_MULTI_SZ Dns Cache\0\0rpcss REG_MULTI_SZ Rpc Ss\0\0imgsvc REG_MULTI_SZ Sti Svc\0\0termsvcs REG_MULTI_SZ Term Service\0\0HTTPFilter REG_MULTI_SZ HTTPFilter\0\0Dcom Launch REG_MULTI_SZ Dcom Launch\0Term Service\0\0Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\MP Scheduled Quick C:\WINDOWS\tasks\MP Scheduled C:\WINDOWS\tasks\MP Scheduled Signature C:\WINDOWS\tasks\Symantec Net Detect.job********************************************************************catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006 hidden processes ...scanning hidden services ...scanning hidden autostart entries ...scanning hidden files ..completed successfullyhidden processes: 0hidden services: 0hidden files: 0********************************************************************Completion time: 07-04-13 C:\Combo ... EXEO4 - HKLM\..\Run: [Storage Guard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [Tk Bell Exe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Auto TKit] C:\hp\bin\AUTOTKIT. EXE C:\WINDOWS\System32\Nv Cpl.dll, Nv Startup O4 - HKLM\..\Run: [nwiz] /installquiet /keeploaded /nodetect O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\O4 - HKLM\..\Run: [Alcx Monitor] ALCXMNTR. DLLO18 - Protocol: msnim - - C:\PROGRA~1\MSNMES~1\MSGRAP~1. Adtomi]127.0.0.1 downldcl.adtoolsinc.com127.0.0.1 survey.advantageresearch.com127.0.0.1 ad.tw127.0.0.1 ads.advertise.net127.0.0.1 #[Adware. Arm Bender]127.0.0.1 audiogalaxy.com127.0.0.1 Zone site]127.0.0.1 adserving.autotrader.com127.0.0.1 Moe Money]127.0.0.1 Page-DA]127.0.0.1 c.#[ah-ha.com]127.0.0.1 #[xzoomy.com]127.0.0.1 epeople.com127.0.0.1 errorpage404#[JS_TRAFFICHBAR. Tiny Bar]127.0.0.1 er.errorplace.com127.0.0.1 vipuk.#[123Messenger Hijacker]127.0.0.1 antivirus spyware]127.0.0.1 Page-EZ][server down? Meerhits.nl]127.0.0.1 pokpok.meerhits.nl127.0.0.1 exit.megago.com127.0.0.1 squatter]127.0.0.1 Zone site]127.0.0.1 If so, click it, then click the next icon right below and select "Move incurable". Please copy/paste the content of that report into your next reply.*****************************Launch HJThis,click 'Open the Misc Tools Section'. EXEC:\Program Files\Microsoft Windows One Care Live\Firewall\C:\Program Files\Microsoft Windows One Care Live\C:\Program Files\Softex\Omni Pass\C:\WINDOWS\Explorer. Download Plus]127.0.0.1 ad.tomshardware.com127.0.0.1 #[IEDLL. EXEC:\windows\system\C:\WINDOWS\System32\C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\C:\Program Files\HP\HP Software Update\HPWu C:\WINDOWS\System32\hphmon05C:\HP\KBD\KBD. 07-04-13 Hijack logs Logfile of Hijack This v1.99.1Scan saved at AM, on 4/13/2007Platform: Windows XP SP2 (Win NT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16414)Running processes: C:\WINDOWS\System32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\Program Files\Microsoft Windows One Care Live\Antivirus\Ms Mp C:\WINDOWS\system32\C:\Program Files\Softex\Omni Pass\C:\WINDOWS\C:\Documents and Settings\Owner\Desktop\Hijack R1 - HKCU\Software\Microsoft\Internet Connection Wizard, Shell Next = - HKCU\Software\Microsoft\Windows\Current Version\Internet Settings, Proxy Override = localhost R3 - URLSearch Hook: Yahoo! EXEO4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD. EXEO4 - HKLM\..\Run: [Igfx Tray] C:\WINDOWS\System32\O4 - HKLM\..\Run: [Quick Time Task] "C:\Program Files\Quick Time\qttask.exe" -atboottime O4 - HKLM\..\Run: [i Tunes Helper] "C:\Program Files\i Tunes\i Tunes Helper.exe"O4 - HKLM\..\Run: [Quick Finder Scheduler] "c:\Program Files\Word Perfect Office 11\Programs\QFSCHD110. DLLO20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\Omni Pass\O20 - Winlogon Notify: Wga Logon - C:\WINDOWS\SYSTEM32\Wga O23 - Service: i Pod Service - Apple Computer, Inc. Advision]127.0.0.1 adviva.com127.0.0.1 ads.adviva.net127.0.0.1 adstats.adviva.net127.0.0.1 tracker.#[msvrl.dll]127.0.0.1 banners.affiliatefuel.com127.0.0.1 affiliatetarget.com127.0.0.1 fcds.affiliatetracking.net127.0.0.1 our.affiliatetracking.net127.0.0.1 partner.#[Troj/Subsear-A][Adware-SSF.dr]127.0.0.1 adserver.aim4media.com127.0.0.1 adtest.aim4media.com127.0.0.1 pops.aim4media.com127.0.0.1 crs.akamai.com127.0.0.1 soap.#[Spyware. Auto Startup]127.0.0.1 cploving.#[Trojan Clicker. ]127.0.0.1 perso.estat.com127.0.0.1 prof.estat.com127.0.0.1 Zone site]127.0.0.1 eu-adcenter.net127.0.0.1 thinknyc.eu-adcenter.net127.0.0.1 ugo.#[evidence-eliminator.com]127.0.0.1 Bar][Installer X Class]127.0.0.1 engage.everyone.net127.0.0.1 static.everyone.net127.0.0.1 exitexchange.com127.0.0.1 count.exitexchange.com127.0.0.1 images.exitexchange.com127.0.0.1 Zone site]127.0.0.1 #[EZCyber Search. A]127.0.0.1 net #[Grolier Network]127.0.0.1 micorsoft.com127.0.0.1 hijacker]127.0.0.1 adserver.mindshare.de127.0.0.1 Mini-Player]127.0.0.1 banner.missingkids.com127.0.0.1 ads.monster.com127.0.0.1 adserver.monster.com127.0.0.1 adserver.monster.com127.0.0.1 ads.monstermoving.com127.0.0.1 cookie.monster.com127.0.0.1 mp3today.net127.0.0.1 mpamexit.com127.0.0.1 msgtag.com127.0.0.1 img.#[Restricted Zone site]127.0.0.1 multi1co.uk127.0.0.1 #[Multimpp Obj Class][Adv Ware. Now Box]127.0.0.1 mediatickets.nubela.net127.0.0.1 nz127.0.0.1 okcounter.com127.0.0.1 net #[Trojan. C]127.0.0.1 stat.onestat.com127.0.0.1 one.ru127.0.0.1 ru127.0.0.1 stats0ru127.0.0.1 stats1ru127.0.0.1 stats2ru127.0.0.1 server1.opentracker.net127.0.0.1 ccc00.opinionlab.com127.0.0.1 rate.opinionlab.com127.0.0.1 net127.0.0.1 Organizer Class]127.0.0.1 com127.0.0.1 com127.0.0.1 otx5.otxresearch.com127.0.0.1 otx.#[OTXMedia.dll]127.0.0.1 Class]127.0.0.1 adpopper.#[bargain-buddy.net]127.0.0.1 click.payserve.com127.0.0.1 ad1com127.0.0.1 ad3com127.0.0.1 com127.0.0.1 ad4com127.0.0.1 ads5com127.0.0.1 com127.0.0.1 net127.0.0.1 ads.#[addynamix.com]127.0.0.1 banners.pennyweb.com127.0.0.1 D]127.0.0.1 ads.photosight.ru127.0.0.1 phpadsnew.com127.0.0.1 #[Backdoor. EXE"O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [One Care UI] "C:\Program Files\Microsoft Windows One Care Live\winssnotify.exe"O4 - HKCU\..\Run: [Backup Notify] c:\Program Files\Hewlett-Packard\Digital Imaging\bin\O4 - HKCU\..\Run: [NVIEW] rundll32nview.dll,n View Load Hook O4 - HKCU\..\Run: [Real Player] "C:\Program Files\Real\Real One Player\realplay.exe" /Run UPGTool Command Re Boot O4 - HKCU\..\Run: [update Mgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\Adobe Update Ac Rd B7_0_9O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\O4 - Startup: Auto O4 - Global Startup: Adobe Reader Speed = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_O4 - Global Startup: HP Digital Imaging = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08O4 - Global Startup: Motorola Wireless USB = ? - C:\Program Files\i Pod\bin\i Pod O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32O23 - Service: Softex Omni Pass Service (omniserv) - Unknown owner - C:\Program Files\Softex\Omni Pass\O23 - Service: Ventrilo - Unknown owner - C:\Program Files\Vent Srv\ventrilo_O23 - Service: Windows Network Log Manage - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\MSInfo\Smit Fraud Fix v2.166Scan done at .25, Fri 04/13/2007Run from C:\Documents and Settings\Owner\Desktop\Smitfraud Fix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NTThe filesystem type is NTFSFix run in safe mode Shared Task Scheduler Before Smit Fraud Fix!!! Alexa][Alexa Toolbar]127.0.0.1 #[Backdoor-CIE]127.0.0.1 ads.as4#[Ticketmaster]127.0.0.1 net127.0.0.1 net127.0.0.1 ads.amazingmedia.com127.0.0.1 bohema.#[Trojan. H]127.0.0.1 adserver04.#[Real Media]127.0.0.1 ads.antionline.com127.0.0.1 net127.0.0.1 banner.arttoday.com127.0.0.1 #[amazon.com]127.0.0.1 #[UCSearch][W32. Surebar]127.0.0.1 ads.ezcybersearch.com127.0.0.1 everyone.net127.0.0.1 Search]127.0.0.1 ads.au127.0.0.1 au127.0.0.1 redirect.au127.0.0.1 campaigns.f2au127.0.0.1 Search][TROJ_STARTPAG. Bi Spy.o]127.0.0.1 mvtracker.com127.0.0.1 mvr3#[Nav Excel\n-CASE]127.0.0.1 #[Parasite. No Adware]127.0.0.1 ad.nobreak.com127.0.0.1 #[spam][server down? O4 - Global Startup: Quicken Scheduled = C:\Program Files\Quicken\O4 - Global Startup: Updates from = C:\Program Files\Updates from HP\137903\Program\Back Web-137903O8 - Extra context menu item: &Yahoo! Attention, following keys are not inevitably infected!!! Ri Search Shared Task Scheduler's .dll[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Explorer\Shared Task Scheduler]""="frisbee"[HKEY_CLASSES_ROOT\CLSID\\In Proc Server32]@="C:\WINDOWS\system32\ygjun.dll"[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\\In Proc Server32]@="C:\WINDOWS\system32\ygjun.dll" Killing process hosts127.0.0.1 downloads.aaa1#[Bargin Buddy]127.0.0.1 dl.aaascreensavers.com127.0.0.1 abcsearch.com127.0.0.1 admin.abcsearch.com127.0.0.1 www3.#[Browseraid]127.0.0.1 abc517#[Trojan. Nav Excel]127.0.0.1 us127.0.0.1 ads.mydailyhoroscope.net127.0.0.1 Horoscope]127.0.0.1 com127.0.0.1 myhitlogger.com127.0.0.1 #[Parasite. My Page Finder]127.0.0.1 hit.namimedia.com127.0.0.1 ads.nandomedia.com127.0.0.1 #[Adware. Needed Ware]127.0.0.1 www6.netbroadcaster.com127.0.0.1 code.au127.0.0.1 money2.netfirms.com127.0.0.1 partner.netmechanic.com127.0.0.1 tracker.netmechanic.com127.0.0.1 counter.netmore.net127.0.0.1 ads.netsol.com127.0.0.1 ads.uk127.0.0.1 adq.nextag.com127.0.0.1 #[TROJ_DELF.

||

EXE\"""Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide""One Care UI"="\"C:\\Program Files\\Microsoft Windows One Care Live\\winssnotify.exe\"" [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]"DWQueued Reporting"="\"C:\\PROGRA~1\\COMMON~1\\MICROS~1\\DW\\dwtrig20.exe\" -t"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"Disable Task Mgr"=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]""="frisbee"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]""="Microsoft Anti Malware Shell Execute Hook"HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]"Security Providers"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages REG_MULTI_SZ msv1_0\0\0 Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0 Notification Packages REG_MULTI_SZ scecli\0\0HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\One Care MP [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\Current Version\Svchost]Local Service REG_MULTI_SZ Alerter\0Web Client\0Lm Hosts\0Remote Registry\0upnphost\0SSDPSRV\0\0Network Service REG_MULTI_SZ Dns Cache\0\0rpcss REG_MULTI_SZ Rpc Ss\0\0imgsvc REG_MULTI_SZ Sti Svc\0\0termsvcs REG_MULTI_SZ Term Service\0\0HTTPFilter REG_MULTI_SZ HTTPFilter\0\0Dcom Launch REG_MULTI_SZ Dcom Launch\0Term Service\0\0Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\MP Scheduled Quick C:\WINDOWS\tasks\MP Scheduled C:\WINDOWS\tasks\MP Scheduled Signature C:\WINDOWS\tasks\Symantec Net Detect.job********************************************************************catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006 hidden processes ...scanning hidden services ...scanning hidden autostart entries ...scanning hidden files ..completed successfullyhidden processes: 0hidden services: 0hidden files: 0********************************************************************Completion time: 07-04-13 C:\Combo ... EXEO4 - HKLM\..\Run: [Storage Guard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [Tk Bell Exe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Auto TKit] C:\hp\bin\AUTOTKIT. EXE C:\WINDOWS\System32\Nv Cpl.dll, Nv Startup O4 - HKLM\..\Run: [nwiz] /installquiet /keeploaded /nodetect O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\O4 - HKLM\..\Run: [Alcx Monitor] ALCXMNTR. DLLO18 - Protocol: msnim - - C:\PROGRA~1\MSNMES~1\MSGRAP~1. Adtomi]127.0.0.1 downldcl.adtoolsinc.com127.0.0.1 survey.advantageresearch.com127.0.0.1 ad.tw127.0.0.1 ads.advertise.net127.0.0.1 #[Adware. Arm Bender]127.0.0.1 audiogalaxy.com127.0.0.1 Zone site]127.0.0.1 adserving.autotrader.com127.0.0.1 Moe Money]127.0.0.1 Page-DA]127.0.0.1 c.#[ah-ha.com]127.0.0.1 #[xzoomy.com]127.0.0.1 epeople.com127.0.0.1 errorpage404#[JS_TRAFFICHBAR. Tiny Bar]127.0.0.1 er.errorplace.com127.0.0.1 vipuk.#[123Messenger Hijacker]127.0.0.1 antivirus spyware]127.0.0.1 Page-EZ][server down? Meerhits.nl]127.0.0.1 pokpok.meerhits.nl127.0.0.1 exit.megago.com127.0.0.1 squatter]127.0.0.1 Zone site]127.0.0.1

If so, click it, then click the next icon right below and select "Move incurable". Please copy/paste the content of that report into your next reply.*****************************Launch HJThis,click 'Open the Misc Tools Section'. EXEC:\Program Files\Microsoft Windows One Care Live\Firewall\C:\Program Files\Microsoft Windows One Care Live\C:\Program Files\Softex\Omni Pass\C:\WINDOWS\Explorer. Download Plus]127.0.0.1 ad.tomshardware.com127.0.0.1 #[IEDLL.

EXEC:\windows\system\C:\WINDOWS\System32\C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\C:\Program Files\HP\HP Software Update\HPWu C:\WINDOWS\System32\hphmon05C:\HP\KBD\KBD.

07-04-13 Hijack logs Logfile of Hijack This v1.99.1Scan saved at AM, on 4/13/2007Platform: Windows XP SP2 (Win NT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16414)Running processes: C:\WINDOWS\System32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\Program Files\Microsoft Windows One Care Live\Antivirus\Ms Mp C:\WINDOWS\system32\C:\Program Files\Softex\Omni Pass\C:\WINDOWS\C:\Documents and Settings\Owner\Desktop\Hijack R1 - HKCU\Software\Microsoft\Internet Connection Wizard, Shell Next = - HKCU\Software\Microsoft\Windows\Current Version\Internet Settings, Proxy Override = localhost R3 - URLSearch Hook: Yahoo! EXEO4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD. EXEO4 - HKLM\..\Run: [Igfx Tray] C:\WINDOWS\System32\O4 - HKLM\..\Run: [Quick Time Task] "C:\Program Files\Quick Time\qttask.exe" -atboottime O4 - HKLM\..\Run: [i Tunes Helper] "C:\Program Files\i Tunes\i Tunes Helper.exe"O4 - HKLM\..\Run: [Quick Finder Scheduler] "c:\Program Files\Word Perfect Office 11\Programs\QFSCHD110. DLLO20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\Omni Pass\O20 - Winlogon Notify: Wga Logon - C:\WINDOWS\SYSTEM32\Wga O23 - Service: i Pod Service - Apple Computer, Inc. Advision]127.0.0.1 adviva.com127.0.0.1 ads.adviva.net127.0.0.1 adstats.adviva.net127.0.0.1 tracker.#[msvrl.dll]127.0.0.1 banners.affiliatefuel.com127.0.0.1 affiliatetarget.com127.0.0.1 fcds.affiliatetracking.net127.0.0.1 our.affiliatetracking.net127.0.0.1 partner.#[Troj/Subsear-A][Adware-SSF.dr]127.0.0.1 adserver.aim4media.com127.0.0.1 adtest.aim4media.com127.0.0.1 pops.aim4media.com127.0.0.1 crs.akamai.com127.0.0.1 soap.#[Spyware. Auto Startup]127.0.0.1 cploving.#[Trojan Clicker. ]127.0.0.1 perso.estat.com127.0.0.1 prof.estat.com127.0.0.1 Zone site]127.0.0.1 eu-adcenter.net127.0.0.1 thinknyc.eu-adcenter.net127.0.0.1 ugo.#[evidence-eliminator.com]127.0.0.1 Bar][Installer X Class]127.0.0.1 engage.everyone.net127.0.0.1 static.everyone.net127.0.0.1 exitexchange.com127.0.0.1 count.exitexchange.com127.0.0.1 images.exitexchange.com127.0.0.1 Zone site]127.0.0.1 #[EZCyber Search. A]127.0.0.1 net #[Grolier Network]127.0.0.1 micorsoft.com127.0.0.1 hijacker]127.0.0.1 adserver.mindshare.de127.0.0.1 Mini-Player]127.0.0.1 banner.missingkids.com127.0.0.1 ads.monster.com127.0.0.1 adserver.monster.com127.0.0.1 adserver.monster.com127.0.0.1 ads.monstermoving.com127.0.0.1 cookie.monster.com127.0.0.1 mp3today.net127.0.0.1 mpamexit.com127.0.0.1 msgtag.com127.0.0.1 img.#[Restricted Zone site]127.0.0.1 multi1co.uk127.0.0.1 #[Multimpp Obj Class][Adv Ware. Now Box]127.0.0.1 mediatickets.nubela.net127.0.0.1 nz127.0.0.1 okcounter.com127.0.0.1 net #[Trojan. C]127.0.0.1 stat.onestat.com127.0.0.1 one.ru127.0.0.1 ru127.0.0.1 stats0ru127.0.0.1 stats1ru127.0.0.1 stats2ru127.0.0.1 server1.opentracker.net127.0.0.1 ccc00.opinionlab.com127.0.0.1 rate.opinionlab.com127.0.0.1 net127.0.0.1 Organizer Class]127.0.0.1 com127.0.0.1 com127.0.0.1 otx5.otxresearch.com127.0.0.1 otx.#[OTXMedia.dll]127.0.0.1 Class]127.0.0.1 adpopper.#[bargain-buddy.net]127.0.0.1 click.payserve.com127.0.0.1 ad1com127.0.0.1 ad3com127.0.0.1 com127.0.0.1 ad4com127.0.0.1 ads5com127.0.0.1 com127.0.0.1 net127.0.0.1 ads.#[addynamix.com]127.0.0.1 banners.pennyweb.com127.0.0.1 D]127.0.0.1 ads.photosight.ru127.0.0.1 phpadsnew.com127.0.0.1 #[Backdoor.

EXE"O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [One Care UI] "C:\Program Files\Microsoft Windows One Care Live\winssnotify.exe"O4 - HKCU\..\Run: [Backup Notify] c:\Program Files\Hewlett-Packard\Digital Imaging\bin\O4 - HKCU\..\Run: [NVIEW] rundll32nview.dll,n View Load Hook O4 - HKCU\..\Run: [Real Player] "C:\Program Files\Real\Real One Player\realplay.exe" /Run UPGTool Command Re Boot O4 - HKCU\..\Run: [update Mgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\Adobe Update Ac Rd B7_0_9O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\O4 - Startup: Auto O4 - Global Startup: Adobe Reader Speed = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_O4 - Global Startup: HP Digital Imaging = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08O4 - Global Startup: Motorola Wireless USB = ? - C:\Program Files\i Pod\bin\i Pod O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32O23 - Service: Softex Omni Pass Service (omniserv) - Unknown owner - C:\Program Files\Softex\Omni Pass\O23 - Service: Ventrilo - Unknown owner - C:\Program Files\Vent Srv\ventrilo_O23 - Service: Windows Network Log Manage - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\MSInfo\Smit Fraud Fix v2.166Scan done at .25, Fri 04/13/2007Run from C:\Documents and Settings\Owner\Desktop\Smitfraud Fix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NTThe filesystem type is NTFSFix run in safe mode Shared Task Scheduler Before Smit Fraud Fix!!! Alexa][Alexa Toolbar]127.0.0.1 #[Backdoor-CIE]127.0.0.1 ads.as4#[Ticketmaster]127.0.0.1 net127.0.0.1 net127.0.0.1 ads.amazingmedia.com127.0.0.1 bohema.#[Trojan. H]127.0.0.1 adserver04.#[Real Media]127.0.0.1 ads.antionline.com127.0.0.1 net127.0.0.1 banner.arttoday.com127.0.0.1 #[amazon.com]127.0.0.1 #[UCSearch][W32. Surebar]127.0.0.1 ads.ezcybersearch.com127.0.0.1 everyone.net127.0.0.1 Search]127.0.0.1 ads.au127.0.0.1 au127.0.0.1 redirect.au127.0.0.1 campaigns.f2au127.0.0.1 Search][TROJ_STARTPAG. Bi Spy.o]127.0.0.1 mvtracker.com127.0.0.1 mvr3#[Nav Excel\n-CASE]127.0.0.1 #[Parasite. No Adware]127.0.0.1 ad.nobreak.com127.0.0.1 #[spam][server down?

O4 - Global Startup: Quicken Scheduled = C:\Program Files\Quicken\O4 - Global Startup: Updates from = C:\Program Files\Updates from HP\137903\Program\Back Web-137903O8 - Extra context menu item: &Yahoo! Attention, following keys are not inevitably infected!!! Ri Search Shared Task Scheduler's .dll[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Explorer\Shared Task Scheduler]""="frisbee"[HKEY_CLASSES_ROOT\CLSID\\In Proc Server32]@="C:\WINDOWS\system32\ygjun.dll"[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\\In Proc Server32]@="C:\WINDOWS\system32\ygjun.dll" Killing process hosts127.0.0.1 downloads.aaa1#[Bargin Buddy]127.0.0.1 dl.aaascreensavers.com127.0.0.1 abcsearch.com127.0.0.1 admin.abcsearch.com127.0.0.1 www3.#[Browseraid]127.0.0.1 abc517#[Trojan. Nav Excel]127.0.0.1 us127.0.0.1 ads.mydailyhoroscope.net127.0.0.1 Horoscope]127.0.0.1 com127.0.0.1 myhitlogger.com127.0.0.1 #[Parasite. My Page Finder]127.0.0.1 hit.namimedia.com127.0.0.1 ads.nandomedia.com127.0.0.1 #[Adware. Needed Ware]127.0.0.1 www6.netbroadcaster.com127.0.0.1 code.au127.0.0.1 money2.netfirms.com127.0.0.1 partner.netmechanic.com127.0.0.1 tracker.netmechanic.com127.0.0.1 counter.netmore.net127.0.0.1 ads.netsol.com127.0.0.1 ads.uk127.0.0.1 adq.nextag.com127.0.0.1 #[TROJ_DELF.

]]termsvcs REG_MULTI_SZ Term Service[[

EXE\"""Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide""One Care UI"="\"C:\\Program Files\\Microsoft Windows One Care Live\\winssnotify.exe\"" [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]"DWQueued Reporting"="\"C:\\PROGRA~1\\COMMON~1\\MICROS~1\\DW\\dwtrig20.exe\" -t"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"Disable Task Mgr"=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]""="frisbee"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]""="Microsoft Anti Malware Shell Execute Hook"HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]"Security Providers"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages REG_MULTI_SZ msv1_0\0\0 Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0 Notification Packages REG_MULTI_SZ scecli\0\0HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\One Care MP [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\Current Version\Svchost]Local Service REG_MULTI_SZ Alerter\0Web Client\0Lm Hosts\0Remote Registry\0upnphost\0SSDPSRV\0\0Network Service REG_MULTI_SZ Dns Cache\0\0rpcss REG_MULTI_SZ Rpc Ss\0\0imgsvc REG_MULTI_SZ Sti Svc\0\0termsvcs REG_MULTI_SZ Term Service\0\0HTTPFilter REG_MULTI_SZ HTTPFilter\0\0Dcom Launch REG_MULTI_SZ Dcom Launch\0Term Service\0\0Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\MP Scheduled Quick C:\WINDOWS\tasks\MP Scheduled C:\WINDOWS\tasks\MP Scheduled Signature C:\WINDOWS\tasks\Symantec Net Detect.job********************************************************************catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006 hidden processes ...scanning hidden services ...scanning hidden autostart entries ...scanning hidden files ..completed successfullyhidden processes: 0hidden services: 0hidden files: 0********************************************************************Completion time: 07-04-13 C:\Combo ... EXEO4 - HKLM\..\Run: [Storage Guard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [Tk Bell Exe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Auto TKit] C:\hp\bin\AUTOTKIT. EXE C:\WINDOWS\System32\Nv Cpl.dll, Nv Startup O4 - HKLM\..\Run: [nwiz] /installquiet /keeploaded /nodetect O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\O4 - HKLM\..\Run: [Alcx Monitor] ALCXMNTR. DLLO18 - Protocol: msnim - - C:\PROGRA~1\MSNMES~1\MSGRAP~1. Adtomi]127.0.0.1 downldcl.adtoolsinc.com127.0.0.1 survey.advantageresearch.com127.0.0.1 ad.tw127.0.0.1 ads.advertise.net127.0.0.1 #[Adware. Arm Bender]127.0.0.1 audiogalaxy.com127.0.0.1 Zone site]127.0.0.1 adserving.autotrader.com127.0.0.1 Moe Money]127.0.0.1 Page-DA]127.0.0.1 c.#[ah-ha.com]127.0.0.1 #[xzoomy.com]127.0.0.1 epeople.com127.0.0.1 errorpage404#[JS_TRAFFICHBAR. Tiny Bar]127.0.0.1 er.errorplace.com127.0.0.1 vipuk.#[123Messenger Hijacker]127.0.0.1 antivirus spyware]127.0.0.1 Page-EZ][server down? Meerhits.nl]127.0.0.1 pokpok.meerhits.nl127.0.0.1 exit.megago.com127.0.0.1 squatter]127.0.0.1 Zone site]127.0.0.1 If so, click it, then click the next icon right below and select "Move incurable". Please copy/paste the content of that report into your next reply.*****************************Launch HJThis,click 'Open the Misc Tools Section'. EXEC:\Program Files\Microsoft Windows One Care Live\Firewall\C:\Program Files\Microsoft Windows One Care Live\C:\Program Files\Softex\Omni Pass\C:\WINDOWS\Explorer. Download Plus]127.0.0.1 ad.tomshardware.com127.0.0.1 #[IEDLL. EXEC:\windows\system\C:\WINDOWS\System32\C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\C:\Program Files\HP\HP Software Update\HPWu C:\WINDOWS\System32\hphmon05C:\HP\KBD\KBD. 07-04-13 Hijack logs Logfile of Hijack This v1.99.1Scan saved at AM, on 4/13/2007Platform: Windows XP SP2 (Win NT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16414)Running processes: C:\WINDOWS\System32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\Program Files\Microsoft Windows One Care Live\Antivirus\Ms Mp C:\WINDOWS\system32\C:\Program Files\Softex\Omni Pass\C:\WINDOWS\C:\Documents and Settings\Owner\Desktop\Hijack R1 - HKCU\Software\Microsoft\Internet Connection Wizard, Shell Next = - HKCU\Software\Microsoft\Windows\Current Version\Internet Settings, Proxy Override = localhost R3 - URLSearch Hook: Yahoo! EXEO4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD. EXEO4 - HKLM\..\Run: [Igfx Tray] C:\WINDOWS\System32\O4 - HKLM\..\Run: [Quick Time Task] "C:\Program Files\Quick Time\qttask.exe" -atboottime O4 - HKLM\..\Run: [i Tunes Helper] "C:\Program Files\i Tunes\i Tunes Helper.exe"O4 - HKLM\..\Run: [Quick Finder Scheduler] "c:\Program Files\Word Perfect Office 11\Programs\QFSCHD110. DLLO20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\Omni Pass\O20 - Winlogon Notify: Wga Logon - C:\WINDOWS\SYSTEM32\Wga O23 - Service: i Pod Service - Apple Computer, Inc. Advision]127.0.0.1 adviva.com127.0.0.1 ads.adviva.net127.0.0.1 adstats.adviva.net127.0.0.1 tracker.#[msvrl.dll]127.0.0.1 banners.affiliatefuel.com127.0.0.1 affiliatetarget.com127.0.0.1 fcds.affiliatetracking.net127.0.0.1 our.affiliatetracking.net127.0.0.1 partner.#[Troj/Subsear-A][Adware-SSF.dr]127.0.0.1 adserver.aim4media.com127.0.0.1 adtest.aim4media.com127.0.0.1 pops.aim4media.com127.0.0.1 crs.akamai.com127.0.0.1 soap.#[Spyware. Auto Startup]127.0.0.1 cploving.#[Trojan Clicker. ]127.0.0.1 perso.estat.com127.0.0.1 prof.estat.com127.0.0.1 Zone site]127.0.0.1 eu-adcenter.net127.0.0.1 thinknyc.eu-adcenter.net127.0.0.1 ugo.#[evidence-eliminator.com]127.0.0.1 Bar][Installer X Class]127.0.0.1 engage.everyone.net127.0.0.1 static.everyone.net127.0.0.1 exitexchange.com127.0.0.1 count.exitexchange.com127.0.0.1 images.exitexchange.com127.0.0.1 Zone site]127.0.0.1 #[EZCyber Search. A]127.0.0.1 net #[Grolier Network]127.0.0.1 micorsoft.com127.0.0.1 hijacker]127.0.0.1 adserver.mindshare.de127.0.0.1 Mini-Player]127.0.0.1 banner.missingkids.com127.0.0.1 ads.monster.com127.0.0.1 adserver.monster.com127.0.0.1 adserver.monster.com127.0.0.1 ads.monstermoving.com127.0.0.1 cookie.monster.com127.0.0.1 mp3today.net127.0.0.1 mpamexit.com127.0.0.1 msgtag.com127.0.0.1 img.#[Restricted Zone site]127.0.0.1 multi1co.uk127.0.0.1 #[Multimpp Obj Class][Adv Ware. Now Box]127.0.0.1 mediatickets.nubela.net127.0.0.1 nz127.0.0.1 okcounter.com127.0.0.1 net #[Trojan. C]127.0.0.1 stat.onestat.com127.0.0.1 one.ru127.0.0.1 ru127.0.0.1 stats0ru127.0.0.1 stats1ru127.0.0.1 stats2ru127.0.0.1 server1.opentracker.net127.0.0.1 ccc00.opinionlab.com127.0.0.1 rate.opinionlab.com127.0.0.1 net127.0.0.1 Organizer Class]127.0.0.1 com127.0.0.1 com127.0.0.1 otx5.otxresearch.com127.0.0.1 otx.#[OTXMedia.dll]127.0.0.1 Class]127.0.0.1 adpopper.#[bargain-buddy.net]127.0.0.1 click.payserve.com127.0.0.1 ad1com127.0.0.1 ad3com127.0.0.1 com127.0.0.1 ad4com127.0.0.1 ads5com127.0.0.1 com127.0.0.1 net127.0.0.1 ads.#[addynamix.com]127.0.0.1 banners.pennyweb.com127.0.0.1 D]127.0.0.1 ads.photosight.ru127.0.0.1 phpadsnew.com127.0.0.1 #[Backdoor. EXE"O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [One Care UI] "C:\Program Files\Microsoft Windows One Care Live\winssnotify.exe"O4 - HKCU\..\Run: [Backup Notify] c:\Program Files\Hewlett-Packard\Digital Imaging\bin\O4 - HKCU\..\Run: [NVIEW] rundll32nview.dll,n View Load Hook O4 - HKCU\..\Run: [Real Player] "C:\Program Files\Real\Real One Player\realplay.exe" /Run UPGTool Command Re Boot O4 - HKCU\..\Run: [update Mgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\Adobe Update Ac Rd B7_0_9O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\O4 - Startup: Auto O4 - Global Startup: Adobe Reader Speed = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_O4 - Global Startup: HP Digital Imaging = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08O4 - Global Startup: Motorola Wireless USB = ? - C:\Program Files\i Pod\bin\i Pod O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32O23 - Service: Softex Omni Pass Service (omniserv) - Unknown owner - C:\Program Files\Softex\Omni Pass\O23 - Service: Ventrilo - Unknown owner - C:\Program Files\Vent Srv\ventrilo_O23 - Service: Windows Network Log Manage - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\MSInfo\Smit Fraud Fix v2.166Scan done at .25, Fri 04/13/2007Run from C:\Documents and Settings\Owner\Desktop\Smitfraud Fix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NTThe filesystem type is NTFSFix run in safe mode Shared Task Scheduler Before Smit Fraud Fix!!! Alexa][Alexa Toolbar]127.0.0.1 #[Backdoor-CIE]127.0.0.1 ads.as4#[Ticketmaster]127.0.0.1 net127.0.0.1 net127.0.0.1 ads.amazingmedia.com127.0.0.1 bohema.#[Trojan. H]127.0.0.1 adserver04.#[Real Media]127.0.0.1 ads.antionline.com127.0.0.1 net127.0.0.1 banner.arttoday.com127.0.0.1 #[amazon.com]127.0.0.1 #[UCSearch][W32. Surebar]127.0.0.1 ads.ezcybersearch.com127.0.0.1 everyone.net127.0.0.1 Search]127.0.0.1 ads.au127.0.0.1 au127.0.0.1 redirect.au127.0.0.1 campaigns.f2au127.0.0.1 Search][TROJ_STARTPAG. Bi Spy.o]127.0.0.1 mvtracker.com127.0.0.1 mvr3#[Nav Excel\n-CASE]127.0.0.1 #[Parasite. No Adware]127.0.0.1 ad.nobreak.com127.0.0.1 #[spam][server down? O4 - Global Startup: Quicken Scheduled = C:\Program Files\Quicken\O4 - Global Startup: Updates from = C:\Program Files\Updates from HP\137903\Program\Back Web-137903O8 - Extra context menu item: &Yahoo! Attention, following keys are not inevitably infected!!! Ri Search Shared Task Scheduler's .dll[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Explorer\Shared Task Scheduler]""="frisbee"[HKEY_CLASSES_ROOT\CLSID\\In Proc Server32]@="C:\WINDOWS\system32\ygjun.dll"[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\\In Proc Server32]@="C:\WINDOWS\system32\ygjun.dll" Killing process hosts127.0.0.1 downloads.aaa1#[Bargin Buddy]127.0.0.1 dl.aaascreensavers.com127.0.0.1 abcsearch.com127.0.0.1 admin.abcsearch.com127.0.0.1 www3.#[Browseraid]127.0.0.1 abc517#[Trojan. Nav Excel]127.0.0.1 us127.0.0.1 ads.mydailyhoroscope.net127.0.0.1 Horoscope]127.0.0.1 com127.0.0.1 myhitlogger.com127.0.0.1 #[Parasite. My Page Finder]127.0.0.1 hit.namimedia.com127.0.0.1 ads.nandomedia.com127.0.0.1 #[Adware. Needed Ware]127.0.0.1 www6.netbroadcaster.com127.0.0.1 code.au127.0.0.1 money2.netfirms.com127.0.0.1 partner.netmechanic.com127.0.0.1 tracker.netmechanic.com127.0.0.1 counter.netmore.net127.0.0.1 ads.netsol.com127.0.0.1 ads.uk127.0.0.1 adq.nextag.com127.0.0.1 #[TROJ_DELF.

||

EXE\"""Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide""One Care UI"="\"C:\\Program Files\\Microsoft Windows One Care Live\\winssnotify.exe\"" [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]"DWQueued Reporting"="\"C:\\PROGRA~1\\COMMON~1\\MICROS~1\\DW\\dwtrig20.exe\" -t"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"Disable Task Mgr"=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]""="frisbee"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]""="Microsoft Anti Malware Shell Execute Hook"HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]"Security Providers"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages REG_MULTI_SZ msv1_0\0\0 Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0 Notification Packages REG_MULTI_SZ scecli\0\0HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\One Care MP [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\Current Version\Svchost]Local Service REG_MULTI_SZ Alerter\0Web Client\0Lm Hosts\0Remote Registry\0upnphost\0SSDPSRV\0\0Network Service REG_MULTI_SZ Dns Cache\0\0rpcss REG_MULTI_SZ Rpc Ss\0\0imgsvc REG_MULTI_SZ Sti Svc\0\0termsvcs REG_MULTI_SZ Term Service\0\0HTTPFilter REG_MULTI_SZ HTTPFilter\0\0Dcom Launch REG_MULTI_SZ Dcom Launch\0Term Service\0\0Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\MP Scheduled Quick C:\WINDOWS\tasks\MP Scheduled C:\WINDOWS\tasks\MP Scheduled Signature C:\WINDOWS\tasks\Symantec Net Detect.job********************************************************************catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006 hidden processes ...scanning hidden services ...scanning hidden autostart entries ...scanning hidden files ..completed successfullyhidden processes: 0hidden services: 0hidden files: 0********************************************************************Completion time: 07-04-13 C:\Combo ... EXEO4 - HKLM\..\Run: [Storage Guard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [Tk Bell Exe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Auto TKit] C:\hp\bin\AUTOTKIT. EXE C:\WINDOWS\System32\Nv Cpl.dll, Nv Startup O4 - HKLM\..\Run: [nwiz] /installquiet /keeploaded /nodetect O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\O4 - HKLM\..\Run: [Alcx Monitor] ALCXMNTR. DLLO18 - Protocol: msnim - - C:\PROGRA~1\MSNMES~1\MSGRAP~1. Adtomi]127.0.0.1 downldcl.adtoolsinc.com127.0.0.1 survey.advantageresearch.com127.0.0.1 ad.tw127.0.0.1 ads.advertise.net127.0.0.1 #[Adware. Arm Bender]127.0.0.1 audiogalaxy.com127.0.0.1 Zone site]127.0.0.1 adserving.autotrader.com127.0.0.1 Moe Money]127.0.0.1 Page-DA]127.0.0.1 c.#[ah-ha.com]127.0.0.1 #[xzoomy.com]127.0.0.1 epeople.com127.0.0.1 errorpage404#[JS_TRAFFICHBAR. Tiny Bar]127.0.0.1 er.errorplace.com127.0.0.1 vipuk.#[123Messenger Hijacker]127.0.0.1 antivirus spyware]127.0.0.1 Page-EZ][server down? Meerhits.nl]127.0.0.1 pokpok.meerhits.nl127.0.0.1 exit.megago.com127.0.0.1 squatter]127.0.0.1 Zone site]127.0.0.1

If so, click it, then click the next icon right below and select "Move incurable". Please copy/paste the content of that report into your next reply.*****************************Launch HJThis,click 'Open the Misc Tools Section'. EXEC:\Program Files\Microsoft Windows One Care Live\Firewall\C:\Program Files\Microsoft Windows One Care Live\C:\Program Files\Softex\Omni Pass\C:\WINDOWS\Explorer. Download Plus]127.0.0.1 ad.tomshardware.com127.0.0.1 #[IEDLL.

EXEC:\windows\system\C:\WINDOWS\System32\C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\C:\Program Files\HP\HP Software Update\HPWu C:\WINDOWS\System32\hphmon05C:\HP\KBD\KBD.

07-04-13 Hijack logs Logfile of Hijack This v1.99.1Scan saved at AM, on 4/13/2007Platform: Windows XP SP2 (Win NT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16414)Running processes: C:\WINDOWS\System32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\Program Files\Microsoft Windows One Care Live\Antivirus\Ms Mp C:\WINDOWS\system32\C:\Program Files\Softex\Omni Pass\C:\WINDOWS\C:\Documents and Settings\Owner\Desktop\Hijack R1 - HKCU\Software\Microsoft\Internet Connection Wizard, Shell Next = - HKCU\Software\Microsoft\Windows\Current Version\Internet Settings, Proxy Override = localhost R3 - URLSearch Hook: Yahoo! EXEO4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD. EXEO4 - HKLM\..\Run: [Igfx Tray] C:\WINDOWS\System32\O4 - HKLM\..\Run: [Quick Time Task] "C:\Program Files\Quick Time\qttask.exe" -atboottime O4 - HKLM\..\Run: [i Tunes Helper] "C:\Program Files\i Tunes\i Tunes Helper.exe"O4 - HKLM\..\Run: [Quick Finder Scheduler] "c:\Program Files\Word Perfect Office 11\Programs\QFSCHD110. DLLO20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\Omni Pass\O20 - Winlogon Notify: Wga Logon - C:\WINDOWS\SYSTEM32\Wga O23 - Service: i Pod Service - Apple Computer, Inc. Advision]127.0.0.1 adviva.com127.0.0.1 ads.adviva.net127.0.0.1 adstats.adviva.net127.0.0.1 tracker.#[msvrl.dll]127.0.0.1 banners.affiliatefuel.com127.0.0.1 affiliatetarget.com127.0.0.1 fcds.affiliatetracking.net127.0.0.1 our.affiliatetracking.net127.0.0.1 partner.#[Troj/Subsear-A][Adware-SSF.dr]127.0.0.1 adserver.aim4media.com127.0.0.1 adtest.aim4media.com127.0.0.1 pops.aim4media.com127.0.0.1 crs.akamai.com127.0.0.1 soap.#[Spyware. Auto Startup]127.0.0.1 cploving.#[Trojan Clicker. ]127.0.0.1 perso.estat.com127.0.0.1 prof.estat.com127.0.0.1 Zone site]127.0.0.1 eu-adcenter.net127.0.0.1 thinknyc.eu-adcenter.net127.0.0.1 ugo.#[evidence-eliminator.com]127.0.0.1 Bar][Installer X Class]127.0.0.1 engage.everyone.net127.0.0.1 static.everyone.net127.0.0.1 exitexchange.com127.0.0.1 count.exitexchange.com127.0.0.1 images.exitexchange.com127.0.0.1 Zone site]127.0.0.1 #[EZCyber Search. A]127.0.0.1 net #[Grolier Network]127.0.0.1 micorsoft.com127.0.0.1 hijacker]127.0.0.1 adserver.mindshare.de127.0.0.1 Mini-Player]127.0.0.1 banner.missingkids.com127.0.0.1 ads.monster.com127.0.0.1 adserver.monster.com127.0.0.1 adserver.monster.com127.0.0.1 ads.monstermoving.com127.0.0.1 cookie.monster.com127.0.0.1 mp3today.net127.0.0.1 mpamexit.com127.0.0.1 msgtag.com127.0.0.1 img.#[Restricted Zone site]127.0.0.1 multi1co.uk127.0.0.1 #[Multimpp Obj Class][Adv Ware. Now Box]127.0.0.1 mediatickets.nubela.net127.0.0.1 nz127.0.0.1 okcounter.com127.0.0.1 net #[Trojan. C]127.0.0.1 stat.onestat.com127.0.0.1 one.ru127.0.0.1 ru127.0.0.1 stats0ru127.0.0.1 stats1ru127.0.0.1 stats2ru127.0.0.1 server1.opentracker.net127.0.0.1 ccc00.opinionlab.com127.0.0.1 rate.opinionlab.com127.0.0.1 net127.0.0.1 Organizer Class]127.0.0.1 com127.0.0.1 com127.0.0.1 otx5.otxresearch.com127.0.0.1 otx.#[OTXMedia.dll]127.0.0.1 Class]127.0.0.1 adpopper.#[bargain-buddy.net]127.0.0.1 click.payserve.com127.0.0.1 ad1com127.0.0.1 ad3com127.0.0.1 com127.0.0.1 ad4com127.0.0.1 ads5com127.0.0.1 com127.0.0.1 net127.0.0.1 ads.#[addynamix.com]127.0.0.1 banners.pennyweb.com127.0.0.1 D]127.0.0.1 ads.photosight.ru127.0.0.1 phpadsnew.com127.0.0.1 #[Backdoor.

EXE"O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [One Care UI] "C:\Program Files\Microsoft Windows One Care Live\winssnotify.exe"O4 - HKCU\..\Run: [Backup Notify] c:\Program Files\Hewlett-Packard\Digital Imaging\bin\O4 - HKCU\..\Run: [NVIEW] rundll32nview.dll,n View Load Hook O4 - HKCU\..\Run: [Real Player] "C:\Program Files\Real\Real One Player\realplay.exe" /Run UPGTool Command Re Boot O4 - HKCU\..\Run: [update Mgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\Adobe Update Ac Rd B7_0_9O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\O4 - Startup: Auto O4 - Global Startup: Adobe Reader Speed = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_O4 - Global Startup: HP Digital Imaging = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08O4 - Global Startup: Motorola Wireless USB = ? - C:\Program Files\i Pod\bin\i Pod O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32O23 - Service: Softex Omni Pass Service (omniserv) - Unknown owner - C:\Program Files\Softex\Omni Pass\O23 - Service: Ventrilo - Unknown owner - C:\Program Files\Vent Srv\ventrilo_O23 - Service: Windows Network Log Manage - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\MSInfo\Smit Fraud Fix v2.166Scan done at .25, Fri 04/13/2007Run from C:\Documents and Settings\Owner\Desktop\Smitfraud Fix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NTThe filesystem type is NTFSFix run in safe mode Shared Task Scheduler Before Smit Fraud Fix!!! Alexa][Alexa Toolbar]127.0.0.1 #[Backdoor-CIE]127.0.0.1 ads.as4#[Ticketmaster]127.0.0.1 net127.0.0.1 net127.0.0.1 ads.amazingmedia.com127.0.0.1 bohema.#[Trojan. H]127.0.0.1 adserver04.#[Real Media]127.0.0.1 ads.antionline.com127.0.0.1 net127.0.0.1 banner.arttoday.com127.0.0.1 #[amazon.com]127.0.0.1 #[UCSearch][W32. Surebar]127.0.0.1 ads.ezcybersearch.com127.0.0.1 everyone.net127.0.0.1 Search]127.0.0.1 ads.au127.0.0.1 au127.0.0.1 redirect.au127.0.0.1 campaigns.f2au127.0.0.1 Search][TROJ_STARTPAG. Bi Spy.o]127.0.0.1 mvtracker.com127.0.0.1 mvr3#[Nav Excel\n-CASE]127.0.0.1 #[Parasite. No Adware]127.0.0.1 ad.nobreak.com127.0.0.1 #[spam][server down?

O4 - Global Startup: Quicken Scheduled = C:\Program Files\Quicken\O4 - Global Startup: Updates from = C:\Program Files\Updates from HP\137903\Program\Back Web-137903O8 - Extra context menu item: &Yahoo! Attention, following keys are not inevitably infected!!! Ri Search Shared Task Scheduler's .dll[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Explorer\Shared Task Scheduler]""="frisbee"[HKEY_CLASSES_ROOT\CLSID\\In Proc Server32]@="C:\WINDOWS\system32\ygjun.dll"[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\\In Proc Server32]@="C:\WINDOWS\system32\ygjun.dll" Killing process hosts127.0.0.1 downloads.aaa1#[Bargin Buddy]127.0.0.1 dl.aaascreensavers.com127.0.0.1 abcsearch.com127.0.0.1 admin.abcsearch.com127.0.0.1 www3.#[Browseraid]127.0.0.1 abc517#[Trojan. Nav Excel]127.0.0.1 us127.0.0.1 ads.mydailyhoroscope.net127.0.0.1 Horoscope]127.0.0.1 com127.0.0.1 myhitlogger.com127.0.0.1 #[Parasite. My Page Finder]127.0.0.1 hit.namimedia.com127.0.0.1 ads.nandomedia.com127.0.0.1 #[Adware. Needed Ware]127.0.0.1 www6.netbroadcaster.com127.0.0.1 code.au127.0.0.1 money2.netfirms.com127.0.0.1 partner.netmechanic.com127.0.0.1 tracker.netmechanic.com127.0.0.1 counter.netmore.net127.0.0.1 ads.netsol.com127.0.0.1 ads.uk127.0.0.1 adq.nextag.com127.0.0.1 #[TROJ_DELF.

]][[

EXE\"""Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide""One Care UI"="\"C:\\Program Files\\Microsoft Windows One Care Live\\winssnotify.exe\"" [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]"DWQueued Reporting"="\"C:\\PROGRA~1\\COMMON~1\\MICROS~1\\DW\\dwtrig20.exe\" -t"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"Disable Task Mgr"=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]""="frisbee"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]""="Microsoft Anti Malware Shell Execute Hook"HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]"Security Providers"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages REG_MULTI_SZ msv1_0\0\0 Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0 Notification Packages REG_MULTI_SZ scecli\0\0HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\One Care MP [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\Current Version\Svchost]Local Service REG_MULTI_SZ Alerter\0Web Client\0Lm Hosts\0Remote Registry\0upnphost\0SSDPSRV\0\0Network Service REG_MULTI_SZ Dns Cache\0\0rpcss REG_MULTI_SZ Rpc Ss\0\0imgsvc REG_MULTI_SZ Sti Svc\0\0termsvcs REG_MULTI_SZ Term Service\0\0HTTPFilter REG_MULTI_SZ HTTPFilter\0\0Dcom Launch REG_MULTI_SZ Dcom Launch\0Term Service\0\0Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\MP Scheduled Quick C:\WINDOWS\tasks\MP Scheduled C:\WINDOWS\tasks\MP Scheduled Signature C:\WINDOWS\tasks\Symantec Net Detect.job********************************************************************catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006 hidden processes ...scanning hidden services ...scanning hidden autostart entries ...scanning hidden files ..completed successfullyhidden processes: 0hidden services: 0hidden files: 0********************************************************************Completion time: 07-04-13 C:\Combo ... EXEO4 - HKLM\..\Run: [Storage Guard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [Tk Bell Exe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Auto TKit] C:\hp\bin\AUTOTKIT. EXE C:\WINDOWS\System32\Nv Cpl.dll, Nv Startup O4 - HKLM\..\Run: [nwiz] /installquiet /keeploaded /nodetect O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\O4 - HKLM\..\Run: [Alcx Monitor] ALCXMNTR. DLLO18 - Protocol: msnim - - C:\PROGRA~1\MSNMES~1\MSGRAP~1. Adtomi]127.0.0.1 downldcl.adtoolsinc.com127.0.0.1 survey.advantageresearch.com127.0.0.1 ad.tw127.0.0.1 ads.advertise.net127.0.0.1 #[Adware. Arm Bender]127.0.0.1 audiogalaxy.com127.0.0.1 Zone site]127.0.0.1 adserving.autotrader.com127.0.0.1 Moe Money]127.0.0.1 Page-DA]127.0.0.1 c.#[ah-ha.com]127.0.0.1 #[xzoomy.com]127.0.0.1 epeople.com127.0.0.1 errorpage404#[JS_TRAFFICHBAR. Tiny Bar]127.0.0.1 er.errorplace.com127.0.0.1 vipuk.#[123Messenger Hijacker]127.0.0.1 antivirus spyware]127.0.0.1 Page-EZ][server down? Meerhits.nl]127.0.0.1 pokpok.meerhits.nl127.0.0.1 exit.megago.com127.0.0.1 squatter]127.0.0.1 Zone site]127.0.0.1 If so, click it, then click the next icon right below and select "Move incurable". Please copy/paste the content of that report into your next reply.*****************************Launch HJThis,click 'Open the Misc Tools Section'. EXEC:\Program Files\Microsoft Windows One Care Live\Firewall\C:\Program Files\Microsoft Windows One Care Live\C:\Program Files\Softex\Omni Pass\C:\WINDOWS\Explorer. Download Plus]127.0.0.1 ad.tomshardware.com127.0.0.1 #[IEDLL. EXEC:\windows\system\C:\WINDOWS\System32\C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\C:\Program Files\HP\HP Software Update\HPWu C:\WINDOWS\System32\hphmon05C:\HP\KBD\KBD. 07-04-13 Hijack logs Logfile of Hijack This v1.99.1Scan saved at AM, on 4/13/2007Platform: Windows XP SP2 (Win NT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16414)Running processes: C:\WINDOWS\System32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\Program Files\Microsoft Windows One Care Live\Antivirus\Ms Mp C:\WINDOWS\system32\C:\Program Files\Softex\Omni Pass\C:\WINDOWS\C:\Documents and Settings\Owner\Desktop\Hijack R1 - HKCU\Software\Microsoft\Internet Connection Wizard, Shell Next = - HKCU\Software\Microsoft\Windows\Current Version\Internet Settings, Proxy Override = localhost R3 - URLSearch Hook: Yahoo! EXEO4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD. EXEO4 - HKLM\..\Run: [Igfx Tray] C:\WINDOWS\System32\O4 - HKLM\..\Run: [Quick Time Task] "C:\Program Files\Quick Time\qttask.exe" -atboottime O4 - HKLM\..\Run: [i Tunes Helper] "C:\Program Files\i Tunes\i Tunes Helper.exe"O4 - HKLM\..\Run: [Quick Finder Scheduler] "c:\Program Files\Word Perfect Office 11\Programs\QFSCHD110. DLLO20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\Omni Pass\O20 - Winlogon Notify: Wga Logon - C:\WINDOWS\SYSTEM32\Wga O23 - Service: i Pod Service - Apple Computer, Inc. Advision]127.0.0.1 adviva.com127.0.0.1 ads.adviva.net127.0.0.1 adstats.adviva.net127.0.0.1 tracker.#[msvrl.dll]127.0.0.1 banners.affiliatefuel.com127.0.0.1 affiliatetarget.com127.0.0.1 fcds.affiliatetracking.net127.0.0.1 our.affiliatetracking.net127.0.0.1 partner.#[Troj/Subsear-A][Adware-SSF.dr]127.0.0.1 adserver.aim4media.com127.0.0.1 adtest.aim4media.com127.0.0.1 pops.aim4media.com127.0.0.1 crs.akamai.com127.0.0.1 soap.#[Spyware. Auto Startup]127.0.0.1 cploving.#[Trojan Clicker. ]127.0.0.1 perso.estat.com127.0.0.1 prof.estat.com127.0.0.1 Zone site]127.0.0.1 eu-adcenter.net127.0.0.1 thinknyc.eu-adcenter.net127.0.0.1 ugo.#[evidence-eliminator.com]127.0.0.1 Bar][Installer X Class]127.0.0.1 engage.everyone.net127.0.0.1 static.everyone.net127.0.0.1 exitexchange.com127.0.0.1 count.exitexchange.com127.0.0.1 images.exitexchange.com127.0.0.1 Zone site]127.0.0.1 #[EZCyber Search. A]127.0.0.1 net #[Grolier Network]127.0.0.1 micorsoft.com127.0.0.1 hijacker]127.0.0.1 adserver.mindshare.de127.0.0.1 Mini-Player]127.0.0.1 banner.missingkids.com127.0.0.1 ads.monster.com127.0.0.1 adserver.monster.com127.0.0.1 adserver.monster.com127.0.0.1 ads.monstermoving.com127.0.0.1 cookie.monster.com127.0.0.1 mp3today.net127.0.0.1 mpamexit.com127.0.0.1 msgtag.com127.0.0.1 img.#[Restricted Zone site]127.0.0.1 multi1co.uk127.0.0.1 #[Multimpp Obj Class][Adv Ware. Now Box]127.0.0.1 mediatickets.nubela.net127.0.0.1 nz127.0.0.1 okcounter.com127.0.0.1 net #[Trojan. C]127.0.0.1 stat.onestat.com127.0.0.1 one.ru127.0.0.1 ru127.0.0.1 stats0ru127.0.0.1 stats1ru127.0.0.1 stats2ru127.0.0.1 server1.opentracker.net127.0.0.1 ccc00.opinionlab.com127.0.0.1 rate.opinionlab.com127.0.0.1 net127.0.0.1 Organizer Class]127.0.0.1 com127.0.0.1 com127.0.0.1 otx5.otxresearch.com127.0.0.1 otx.#[OTXMedia.dll]127.0.0.1 Class]127.0.0.1 adpopper.#[bargain-buddy.net]127.0.0.1 click.payserve.com127.0.0.1 ad1com127.0.0.1 ad3com127.0.0.1 com127.0.0.1 ad4com127.0.0.1 ads5com127.0.0.1 com127.0.0.1 net127.0.0.1 ads.#[addynamix.com]127.0.0.1 banners.pennyweb.com127.0.0.1 D]127.0.0.1 ads.photosight.ru127.0.0.1 phpadsnew.com127.0.0.1 #[Backdoor. EXE"O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [One Care UI] "C:\Program Files\Microsoft Windows One Care Live\winssnotify.exe"O4 - HKCU\..\Run: [Backup Notify] c:\Program Files\Hewlett-Packard\Digital Imaging\bin\O4 - HKCU\..\Run: [NVIEW] rundll32nview.dll,n View Load Hook O4 - HKCU\..\Run: [Real Player] "C:\Program Files\Real\Real One Player\realplay.exe" /Run UPGTool Command Re Boot O4 - HKCU\..\Run: [update Mgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\Adobe Update Ac Rd B7_0_9O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\O4 - Startup: Auto O4 - Global Startup: Adobe Reader Speed = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_O4 - Global Startup: HP Digital Imaging = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08O4 - Global Startup: Motorola Wireless USB = ? - C:\Program Files\i Pod\bin\i Pod O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32O23 - Service: Softex Omni Pass Service (omniserv) - Unknown owner - C:\Program Files\Softex\Omni Pass\O23 - Service: Ventrilo - Unknown owner - C:\Program Files\Vent Srv\ventrilo_O23 - Service: Windows Network Log Manage - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\MSInfo\Smit Fraud Fix v2.166Scan done at .25, Fri 04/13/2007Run from C:\Documents and Settings\Owner\Desktop\Smitfraud Fix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NTThe filesystem type is NTFSFix run in safe mode Shared Task Scheduler Before Smit Fraud Fix!!! Alexa][Alexa Toolbar]127.0.0.1 #[Backdoor-CIE]127.0.0.1 ads.as4#[Ticketmaster]127.0.0.1 net127.0.0.1 net127.0.0.1 ads.amazingmedia.com127.0.0.1 bohema.#[Trojan. H]127.0.0.1 adserver04.#[Real Media]127.0.0.1 ads.antionline.com127.0.0.1 net127.0.0.1 banner.arttoday.com127.0.0.1 #[amazon.com]127.0.0.1 #[UCSearch][W32. Surebar]127.0.0.1 ads.ezcybersearch.com127.0.0.1 everyone.net127.0.0.1 Search]127.0.0.1 ads.au127.0.0.1 au127.0.0.1 redirect.au127.0.0.1 campaigns.f2au127.0.0.1 Search][TROJ_STARTPAG. Bi Spy.o]127.0.0.1 mvtracker.com127.0.0.1 mvr3#[Nav Excel\n-CASE]127.0.0.1 #[Parasite. No Adware]127.0.0.1 ad.nobreak.com127.0.0.1 #[spam][server down? O4 - Global Startup: Quicken Scheduled = C:\Program Files\Quicken\O4 - Global Startup: Updates from = C:\Program Files\Updates from HP\137903\Program\Back Web-137903O8 - Extra context menu item: &Yahoo! Attention, following keys are not inevitably infected!!! Ri Search Shared Task Scheduler's .dll[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Explorer\Shared Task Scheduler]""="frisbee"[HKEY_CLASSES_ROOT\CLSID\\In Proc Server32]@="C:\WINDOWS\system32\ygjun.dll"[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\\In Proc Server32]@="C:\WINDOWS\system32\ygjun.dll" Killing process hosts127.0.0.1 downloads.aaa1#[Bargin Buddy]127.0.0.1 dl.aaascreensavers.com127.0.0.1 abcsearch.com127.0.0.1 admin.abcsearch.com127.0.0.1 www3.#[Browseraid]127.0.0.1 abc517#[Trojan. Nav Excel]127.0.0.1 us127.0.0.1 ads.mydailyhoroscope.net127.0.0.1 Horoscope]127.0.0.1 com127.0.0.1 myhitlogger.com127.0.0.1 #[Parasite. My Page Finder]127.0.0.1 hit.namimedia.com127.0.0.1 ads.nandomedia.com127.0.0.1 #[Adware. Needed Ware]127.0.0.1 www6.netbroadcaster.com127.0.0.1 code.au127.0.0.1 money2.netfirms.com127.0.0.1 partner.netmechanic.com127.0.0.1 tracker.netmechanic.com127.0.0.1 counter.netmore.net127.0.0.1 ads.netsol.com127.0.0.1 ads.uk127.0.0.1 adq.nextag.com127.0.0.1 #[TROJ_DELF.

||

EXE\"""Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide""One Care UI"="\"C:\\Program Files\\Microsoft Windows One Care Live\\winssnotify.exe\"" [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]"DWQueued Reporting"="\"C:\\PROGRA~1\\COMMON~1\\MICROS~1\\DW\\dwtrig20.exe\" -t"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"Disable Task Mgr"=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]""="frisbee"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]""="Microsoft Anti Malware Shell Execute Hook"HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]"Security Providers"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages REG_MULTI_SZ msv1_0\0\0 Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0 Notification Packages REG_MULTI_SZ scecli\0\0HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\One Care MP [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\Current Version\Svchost]Local Service REG_MULTI_SZ Alerter\0Web Client\0Lm Hosts\0Remote Registry\0upnphost\0SSDPSRV\0\0Network Service REG_MULTI_SZ Dns Cache\0\0rpcss REG_MULTI_SZ Rpc Ss\0\0imgsvc REG_MULTI_SZ Sti Svc\0\0termsvcs REG_MULTI_SZ Term Service\0\0HTTPFilter REG_MULTI_SZ HTTPFilter\0\0Dcom Launch REG_MULTI_SZ Dcom Launch\0Term Service\0\0Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\MP Scheduled Quick C:\WINDOWS\tasks\MP Scheduled C:\WINDOWS\tasks\MP Scheduled Signature C:\WINDOWS\tasks\Symantec Net Detect.job********************************************************************catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006 hidden processes ...scanning hidden services ...scanning hidden autostart entries ...scanning hidden files ..completed successfullyhidden processes: 0hidden services: 0hidden files: 0********************************************************************Completion time: 07-04-13 C:\Combo ... EXEO4 - HKLM\..\Run: [Storage Guard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [Tk Bell Exe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Auto TKit] C:\hp\bin\AUTOTKIT. EXE C:\WINDOWS\System32\Nv Cpl.dll, Nv Startup O4 - HKLM\..\Run: [nwiz] /installquiet /keeploaded /nodetect O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\O4 - HKLM\..\Run: [Alcx Monitor] ALCXMNTR. DLLO18 - Protocol: msnim - - C:\PROGRA~1\MSNMES~1\MSGRAP~1. Adtomi]127.0.0.1 downldcl.adtoolsinc.com127.0.0.1 survey.advantageresearch.com127.0.0.1 ad.tw127.0.0.1 ads.advertise.net127.0.0.1 #[Adware. Arm Bender]127.0.0.1 audiogalaxy.com127.0.0.1 Zone site]127.0.0.1 adserving.autotrader.com127.0.0.1 Moe Money]127.0.0.1 Page-DA]127.0.0.1 c.#[ah-ha.com]127.0.0.1 #[xzoomy.com]127.0.0.1 epeople.com127.0.0.1 errorpage404#[JS_TRAFFICHBAR. Tiny Bar]127.0.0.1 er.errorplace.com127.0.0.1 vipuk.#[123Messenger Hijacker]127.0.0.1 antivirus spyware]127.0.0.1 Page-EZ][server down? Meerhits.nl]127.0.0.1 pokpok.meerhits.nl127.0.0.1 exit.megago.com127.0.0.1 squatter]127.0.0.1 Zone site]127.0.0.1

If so, click it, then click the next icon right below and select "Move incurable". Please copy/paste the content of that report into your next reply.*****************************Launch HJThis,click 'Open the Misc Tools Section'. EXEC:\Program Files\Microsoft Windows One Care Live\Firewall\C:\Program Files\Microsoft Windows One Care Live\C:\Program Files\Softex\Omni Pass\C:\WINDOWS\Explorer. Download Plus]127.0.0.1 ad.tomshardware.com127.0.0.1 #[IEDLL.

EXEC:\windows\system\C:\WINDOWS\System32\C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\C:\Program Files\HP\HP Software Update\HPWu C:\WINDOWS\System32\hphmon05C:\HP\KBD\KBD.

07-04-13 Hijack logs Logfile of Hijack This v1.99.1Scan saved at AM, on 4/13/2007Platform: Windows XP SP2 (Win NT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16414)Running processes: C:\WINDOWS\System32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\Program Files\Microsoft Windows One Care Live\Antivirus\Ms Mp C:\WINDOWS\system32\C:\Program Files\Softex\Omni Pass\C:\WINDOWS\C:\Documents and Settings\Owner\Desktop\Hijack R1 - HKCU\Software\Microsoft\Internet Connection Wizard, Shell Next = - HKCU\Software\Microsoft\Windows\Current Version\Internet Settings, Proxy Override = localhost R3 - URLSearch Hook: Yahoo! EXEO4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD. EXEO4 - HKLM\..\Run: [Igfx Tray] C:\WINDOWS\System32\O4 - HKLM\..\Run: [Quick Time Task] "C:\Program Files\Quick Time\qttask.exe" -atboottime O4 - HKLM\..\Run: [i Tunes Helper] "C:\Program Files\i Tunes\i Tunes Helper.exe"O4 - HKLM\..\Run: [Quick Finder Scheduler] "c:\Program Files\Word Perfect Office 11\Programs\QFSCHD110. DLLO20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\Omni Pass\O20 - Winlogon Notify: Wga Logon - C:\WINDOWS\SYSTEM32\Wga O23 - Service: i Pod Service - Apple Computer, Inc. Advision]127.0.0.1 adviva.com127.0.0.1 ads.adviva.net127.0.0.1 adstats.adviva.net127.0.0.1 tracker.#[msvrl.dll]127.0.0.1 banners.affiliatefuel.com127.0.0.1 affiliatetarget.com127.0.0.1 fcds.affiliatetracking.net127.0.0.1 our.affiliatetracking.net127.0.0.1 partner.#[Troj/Subsear-A][Adware-SSF.dr]127.0.0.1 adserver.aim4media.com127.0.0.1 adtest.aim4media.com127.0.0.1 pops.aim4media.com127.0.0.1 crs.akamai.com127.0.0.1 soap.#[Spyware. Auto Startup]127.0.0.1 cploving.#[Trojan Clicker. ]127.0.0.1 perso.estat.com127.0.0.1 prof.estat.com127.0.0.1 Zone site]127.0.0.1 eu-adcenter.net127.0.0.1 thinknyc.eu-adcenter.net127.0.0.1 ugo.#[evidence-eliminator.com]127.0.0.1 Bar][Installer X Class]127.0.0.1 engage.everyone.net127.0.0.1 static.everyone.net127.0.0.1 exitexchange.com127.0.0.1 count.exitexchange.com127.0.0.1 images.exitexchange.com127.0.0.1 Zone site]127.0.0.1 #[EZCyber Search. A]127.0.0.1 net #[Grolier Network]127.0.0.1 micorsoft.com127.0.0.1 hijacker]127.0.0.1 adserver.mindshare.de127.0.0.1 Mini-Player]127.0.0.1 banner.missingkids.com127.0.0.1 ads.monster.com127.0.0.1 adserver.monster.com127.0.0.1 adserver.monster.com127.0.0.1 ads.monstermoving.com127.0.0.1 cookie.monster.com127.0.0.1 mp3today.net127.0.0.1 mpamexit.com127.0.0.1 msgtag.com127.0.0.1 img.#[Restricted Zone site]127.0.0.1 multi1co.uk127.0.0.1 #[Multimpp Obj Class][Adv Ware. Now Box]127.0.0.1 mediatickets.nubela.net127.0.0.1 nz127.0.0.1 okcounter.com127.0.0.1 net #[Trojan. C]127.0.0.1 stat.onestat.com127.0.0.1 one.ru127.0.0.1 ru127.0.0.1 stats0ru127.0.0.1 stats1ru127.0.0.1 stats2ru127.0.0.1 server1.opentracker.net127.0.0.1 ccc00.opinionlab.com127.0.0.1 rate.opinionlab.com127.0.0.1 net127.0.0.1 Organizer Class]127.0.0.1 com127.0.0.1 com127.0.0.1 otx5.otxresearch.com127.0.0.1 otx.#[OTXMedia.dll]127.0.0.1 Class]127.0.0.1 adpopper.#[bargain-buddy.net]127.0.0.1 click.payserve.com127.0.0.1 ad1com127.0.0.1 ad3com127.0.0.1 com127.0.0.1 ad4com127.0.0.1 ads5com127.0.0.1 com127.0.0.1 net127.0.0.1 ads.#[addynamix.com]127.0.0.1 banners.pennyweb.com127.0.0.1 D]127.0.0.1 ads.photosight.ru127.0.0.1 phpadsnew.com127.0.0.1 #[Backdoor.

EXE"O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [One Care UI] "C:\Program Files\Microsoft Windows One Care Live\winssnotify.exe"O4 - HKCU\..\Run: [Backup Notify] c:\Program Files\Hewlett-Packard\Digital Imaging\bin\O4 - HKCU\..\Run: [NVIEW] rundll32nview.dll,n View Load Hook O4 - HKCU\..\Run: [Real Player] "C:\Program Files\Real\Real One Player\realplay.exe" /Run UPGTool Command Re Boot O4 - HKCU\..\Run: [update Mgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\Adobe Update Ac Rd B7_0_9O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\O4 - Startup: Auto O4 - Global Startup: Adobe Reader Speed = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_O4 - Global Startup: HP Digital Imaging = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08O4 - Global Startup: Motorola Wireless USB = ? - C:\Program Files\i Pod\bin\i Pod O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32O23 - Service: Softex Omni Pass Service (omniserv) - Unknown owner - C:\Program Files\Softex\Omni Pass\O23 - Service: Ventrilo - Unknown owner - C:\Program Files\Vent Srv\ventrilo_O23 - Service: Windows Network Log Manage - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\MSInfo\Smit Fraud Fix v2.166Scan done at .25, Fri 04/13/2007Run from C:\Documents and Settings\Owner\Desktop\Smitfraud Fix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NTThe filesystem type is NTFSFix run in safe mode Shared Task Scheduler Before Smit Fraud Fix!!! Alexa][Alexa Toolbar]127.0.0.1 #[Backdoor-CIE]127.0.0.1 ads.as4#[Ticketmaster]127.0.0.1 net127.0.0.1 net127.0.0.1 ads.amazingmedia.com127.0.0.1 bohema.#[Trojan. H]127.0.0.1 adserver04.#[Real Media]127.0.0.1 ads.antionline.com127.0.0.1 net127.0.0.1 banner.arttoday.com127.0.0.1 #[amazon.com]127.0.0.1 #[UCSearch][W32. Surebar]127.0.0.1 ads.ezcybersearch.com127.0.0.1 everyone.net127.0.0.1 Search]127.0.0.1 ads.au127.0.0.1 au127.0.0.1 redirect.au127.0.0.1 campaigns.f2au127.0.0.1 Search][TROJ_STARTPAG. Bi Spy.o]127.0.0.1 mvtracker.com127.0.0.1 mvr3#[Nav Excel\n-CASE]127.0.0.1 #[Parasite. No Adware]127.0.0.1 ad.nobreak.com127.0.0.1 #[spam][server down?

O4 - Global Startup: Quicken Scheduled = C:\Program Files\Quicken\O4 - Global Startup: Updates from = C:\Program Files\Updates from HP\137903\Program\Back Web-137903O8 - Extra context menu item: &Yahoo! Attention, following keys are not inevitably infected!!! Ri Search Shared Task Scheduler's .dll[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Explorer\Shared Task Scheduler]""="frisbee"[HKEY_CLASSES_ROOT\CLSID\\In Proc Server32]@="C:\WINDOWS\system32\ygjun.dll"[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\\In Proc Server32]@="C:\WINDOWS\system32\ygjun.dll" Killing process hosts127.0.0.1 downloads.aaa1#[Bargin Buddy]127.0.0.1 dl.aaascreensavers.com127.0.0.1 abcsearch.com127.0.0.1 admin.abcsearch.com127.0.0.1 www3.#[Browseraid]127.0.0.1 abc517#[Trojan. Nav Excel]127.0.0.1 us127.0.0.1 ads.mydailyhoroscope.net127.0.0.1 Horoscope]127.0.0.1 com127.0.0.1 myhitlogger.com127.0.0.1 #[Parasite. My Page Finder]127.0.0.1 hit.namimedia.com127.0.0.1 ads.nandomedia.com127.0.0.1 #[Adware. Needed Ware]127.0.0.1 www6.netbroadcaster.com127.0.0.1 code.au127.0.0.1 money2.netfirms.com127.0.0.1 partner.netmechanic.com127.0.0.1 tracker.netmechanic.com127.0.0.1 counter.netmore.net127.0.0.1 ads.netsol.com127.0.0.1 ads.uk127.0.0.1 adq.nextag.com127.0.0.1 #[TROJ_DELF.

]]HTTPFilter REG_MULTI_SZ HTTPFilter[[

EXE\"""Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide""One Care UI"="\"C:\\Program Files\\Microsoft Windows One Care Live\\winssnotify.exe\"" [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]"DWQueued Reporting"="\"C:\\PROGRA~1\\COMMON~1\\MICROS~1\\DW\\dwtrig20.exe\" -t"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"Disable Task Mgr"=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]""="frisbee"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]""="Microsoft Anti Malware Shell Execute Hook"HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]"Security Providers"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages REG_MULTI_SZ msv1_0\0\0 Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0 Notification Packages REG_MULTI_SZ scecli\0\0HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\One Care MP [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\Current Version\Svchost]Local Service REG_MULTI_SZ Alerter\0Web Client\0Lm Hosts\0Remote Registry\0upnphost\0SSDPSRV\0\0Network Service REG_MULTI_SZ Dns Cache\0\0rpcss REG_MULTI_SZ Rpc Ss\0\0imgsvc REG_MULTI_SZ Sti Svc\0\0termsvcs REG_MULTI_SZ Term Service\0\0HTTPFilter REG_MULTI_SZ HTTPFilter\0\0Dcom Launch REG_MULTI_SZ Dcom Launch\0Term Service\0\0Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\MP Scheduled Quick C:\WINDOWS\tasks\MP Scheduled C:\WINDOWS\tasks\MP Scheduled Signature C:\WINDOWS\tasks\Symantec Net Detect.job********************************************************************catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006 hidden processes ...scanning hidden services ...scanning hidden autostart entries ...scanning hidden files ..completed successfullyhidden processes: 0hidden services: 0hidden files: 0********************************************************************Completion time: 07-04-13 C:\Combo ... EXEO4 - HKLM\..\Run: [Storage Guard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [Tk Bell Exe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Auto TKit] C:\hp\bin\AUTOTKIT. EXE C:\WINDOWS\System32\Nv Cpl.dll, Nv Startup O4 - HKLM\..\Run: [nwiz] /installquiet /keeploaded /nodetect O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\O4 - HKLM\..\Run: [Alcx Monitor] ALCXMNTR. DLLO18 - Protocol: msnim - - C:\PROGRA~1\MSNMES~1\MSGRAP~1. Adtomi]127.0.0.1 downldcl.adtoolsinc.com127.0.0.1 survey.advantageresearch.com127.0.0.1 ad.tw127.0.0.1 ads.advertise.net127.0.0.1 #[Adware. Arm Bender]127.0.0.1 audiogalaxy.com127.0.0.1 Zone site]127.0.0.1 adserving.autotrader.com127.0.0.1 Moe Money]127.0.0.1 Page-DA]127.0.0.1 c.#[ah-ha.com]127.0.0.1 #[xzoomy.com]127.0.0.1 epeople.com127.0.0.1 errorpage404#[JS_TRAFFICHBAR. Tiny Bar]127.0.0.1 er.errorplace.com127.0.0.1 vipuk.#[123Messenger Hijacker]127.0.0.1 antivirus spyware]127.0.0.1 Page-EZ][server down? Meerhits.nl]127.0.0.1 pokpok.meerhits.nl127.0.0.1 exit.megago.com127.0.0.1 squatter]127.0.0.1 Zone site]127.0.0.1 If so, click it, then click the next icon right below and select "Move incurable". Please copy/paste the content of that report into your next reply.*****************************Launch HJThis,click 'Open the Misc Tools Section'. EXEC:\Program Files\Microsoft Windows One Care Live\Firewall\C:\Program Files\Microsoft Windows One Care Live\C:\Program Files\Softex\Omni Pass\C:\WINDOWS\Explorer. Download Plus]127.0.0.1 ad.tomshardware.com127.0.0.1 #[IEDLL. EXEC:\windows\system\C:\WINDOWS\System32\C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\C:\Program Files\HP\HP Software Update\HPWu C:\WINDOWS\System32\hphmon05C:\HP\KBD\KBD. 07-04-13 Hijack logs Logfile of Hijack This v1.99.1Scan saved at AM, on 4/13/2007Platform: Windows XP SP2 (Win NT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16414)Running processes: C:\WINDOWS\System32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\Program Files\Microsoft Windows One Care Live\Antivirus\Ms Mp C:\WINDOWS\system32\C:\Program Files\Softex\Omni Pass\C:\WINDOWS\C:\Documents and Settings\Owner\Desktop\Hijack R1 - HKCU\Software\Microsoft\Internet Connection Wizard, Shell Next = - HKCU\Software\Microsoft\Windows\Current Version\Internet Settings, Proxy Override = localhost R3 - URLSearch Hook: Yahoo! EXEO4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD. EXEO4 - HKLM\..\Run: [Igfx Tray] C:\WINDOWS\System32\O4 - HKLM\..\Run: [Quick Time Task] "C:\Program Files\Quick Time\qttask.exe" -atboottime O4 - HKLM\..\Run: [i Tunes Helper] "C:\Program Files\i Tunes\i Tunes Helper.exe"O4 - HKLM\..\Run: [Quick Finder Scheduler] "c:\Program Files\Word Perfect Office 11\Programs\QFSCHD110. DLLO20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\Omni Pass\O20 - Winlogon Notify: Wga Logon - C:\WINDOWS\SYSTEM32\Wga O23 - Service: i Pod Service - Apple Computer, Inc. Advision]127.0.0.1 adviva.com127.0.0.1 ads.adviva.net127.0.0.1 adstats.adviva.net127.0.0.1 tracker.#[msvrl.dll]127.0.0.1 banners.affiliatefuel.com127.0.0.1 affiliatetarget.com127.0.0.1 fcds.affiliatetracking.net127.0.0.1 our.affiliatetracking.net127.0.0.1 partner.#[Troj/Subsear-A][Adware-SSF.dr]127.0.0.1 adserver.aim4media.com127.0.0.1 adtest.aim4media.com127.0.0.1 pops.aim4media.com127.0.0.1 crs.akamai.com127.0.0.1 soap.#[Spyware. Auto Startup]127.0.0.1 cploving.#[Trojan Clicker. ]127.0.0.1 perso.estat.com127.0.0.1 prof.estat.com127.0.0.1 Zone site]127.0.0.1 eu-adcenter.net127.0.0.1 thinknyc.eu-adcenter.net127.0.0.1 ugo.#[evidence-eliminator.com]127.0.0.1 Bar][Installer X Class]127.0.0.1 engage.everyone.net127.0.0.1 static.everyone.net127.0.0.1 exitexchange.com127.0.0.1 count.exitexchange.com127.0.0.1 images.exitexchange.com127.0.0.1 Zone site]127.0.0.1 #[EZCyber Search. A]127.0.0.1 net #[Grolier Network]127.0.0.1 micorsoft.com127.0.0.1 hijacker]127.0.0.1 adserver.mindshare.de127.0.0.1 Mini-Player]127.0.0.1 banner.missingkids.com127.0.0.1 ads.monster.com127.0.0.1 adserver.monster.com127.0.0.1 adserver.monster.com127.0.0.1 ads.monstermoving.com127.0.0.1 cookie.monster.com127.0.0.1 mp3today.net127.0.0.1 mpamexit.com127.0.0.1 msgtag.com127.0.0.1 img.#[Restricted Zone site]127.0.0.1 multi1co.uk127.0.0.1 #[Multimpp Obj Class][Adv Ware. Now Box]127.0.0.1 mediatickets.nubela.net127.0.0.1 nz127.0.0.1 okcounter.com127.0.0.1 net #[Trojan. C]127.0.0.1 stat.onestat.com127.0.0.1 one.ru127.0.0.1 ru127.0.0.1 stats0ru127.0.0.1 stats1ru127.0.0.1 stats2ru127.0.0.1 server1.opentracker.net127.0.0.1 ccc00.opinionlab.com127.0.0.1 rate.opinionlab.com127.0.0.1 net127.0.0.1 Organizer Class]127.0.0.1 com127.0.0.1 com127.0.0.1 otx5.otxresearch.com127.0.0.1 otx.#[OTXMedia.dll]127.0.0.1 Class]127.0.0.1 adpopper.#[bargain-buddy.net]127.0.0.1 click.payserve.com127.0.0.1 ad1com127.0.0.1 ad3com127.0.0.1 com127.0.0.1 ad4com127.0.0.1 ads5com127.0.0.1 com127.0.0.1 net127.0.0.1 ads.#[addynamix.com]127.0.0.1 banners.pennyweb.com127.0.0.1 D]127.0.0.1 ads.photosight.ru127.0.0.1 phpadsnew.com127.0.0.1 #[Backdoor. EXE"O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [One Care UI] "C:\Program Files\Microsoft Windows One Care Live\winssnotify.exe"O4 - HKCU\..\Run: [Backup Notify] c:\Program Files\Hewlett-Packard\Digital Imaging\bin\O4 - HKCU\..\Run: [NVIEW] rundll32nview.dll,n View Load Hook O4 - HKCU\..\Run: [Real Player] "C:\Program Files\Real\Real One Player\realplay.exe" /Run UPGTool Command Re Boot O4 - HKCU\..\Run: [update Mgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\Adobe Update Ac Rd B7_0_9O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\O4 - Startup: Auto O4 - Global Startup: Adobe Reader Speed = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_O4 - Global Startup: HP Digital Imaging = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08O4 - Global Startup: Motorola Wireless USB = ? - C:\Program Files\i Pod\bin\i Pod O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32O23 - Service: Softex Omni Pass Service (omniserv) - Unknown owner - C:\Program Files\Softex\Omni Pass\O23 - Service: Ventrilo - Unknown owner - C:\Program Files\Vent Srv\ventrilo_O23 - Service: Windows Network Log Manage - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\MSInfo\Smit Fraud Fix v2.166Scan done at .25, Fri 04/13/2007Run from C:\Documents and Settings\Owner\Desktop\Smitfraud Fix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NTThe filesystem type is NTFSFix run in safe mode Shared Task Scheduler Before Smit Fraud Fix!!! Alexa][Alexa Toolbar]127.0.0.1 #[Backdoor-CIE]127.0.0.1 ads.as4#[Ticketmaster]127.0.0.1 net127.0.0.1 net127.0.0.1 ads.amazingmedia.com127.0.0.1 bohema.#[Trojan. H]127.0.0.1 adserver04.#[Real Media]127.0.0.1 ads.antionline.com127.0.0.1 net127.0.0.1 banner.arttoday.com127.0.0.1 #[amazon.com]127.0.0.1 #[UCSearch][W32. Surebar]127.0.0.1 ads.ezcybersearch.com127.0.0.1 everyone.net127.0.0.1 Search]127.0.0.1 ads.au127.0.0.1 au127.0.0.1 redirect.au127.0.0.1 campaigns.f2au127.0.0.1 Search][TROJ_STARTPAG. Bi Spy.o]127.0.0.1 mvtracker.com127.0.0.1 mvr3#[Nav Excel\n-CASE]127.0.0.1 #[Parasite. No Adware]127.0.0.1 ad.nobreak.com127.0.0.1 #[spam][server down? O4 - Global Startup: Quicken Scheduled = C:\Program Files\Quicken\O4 - Global Startup: Updates from = C:\Program Files\Updates from HP\137903\Program\Back Web-137903O8 - Extra context menu item: &Yahoo! Attention, following keys are not inevitably infected!!! Ri Search Shared Task Scheduler's .dll[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Explorer\Shared Task Scheduler]""="frisbee"[HKEY_CLASSES_ROOT\CLSID\\In Proc Server32]@="C:\WINDOWS\system32\ygjun.dll"[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\\In Proc Server32]@="C:\WINDOWS\system32\ygjun.dll" Killing process hosts127.0.0.1 downloads.aaa1#[Bargin Buddy]127.0.0.1 dl.aaascreensavers.com127.0.0.1 abcsearch.com127.0.0.1 admin.abcsearch.com127.0.0.1 www3.#[Browseraid]127.0.0.1 abc517#[Trojan. Nav Excel]127.0.0.1 us127.0.0.1 ads.mydailyhoroscope.net127.0.0.1 Horoscope]127.0.0.1 com127.0.0.1 myhitlogger.com127.0.0.1 #[Parasite. My Page Finder]127.0.0.1 hit.namimedia.com127.0.0.1 ads.nandomedia.com127.0.0.1 #[Adware. Needed Ware]127.0.0.1 www6.netbroadcaster.com127.0.0.1 code.au127.0.0.1 money2.netfirms.com127.0.0.1 partner.netmechanic.com127.0.0.1 tracker.netmechanic.com127.0.0.1 counter.netmore.net127.0.0.1 ads.netsol.com127.0.0.1 ads.uk127.0.0.1 adq.nextag.com127.0.0.1 #[TROJ_DELF.

||

EXE\"""Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide""One Care UI"="\"C:\\Program Files\\Microsoft Windows One Care Live\\winssnotify.exe\"" [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]"DWQueued Reporting"="\"C:\\PROGRA~1\\COMMON~1\\MICROS~1\\DW\\dwtrig20.exe\" -t"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"Disable Task Mgr"=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]""="frisbee"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]""="Microsoft Anti Malware Shell Execute Hook"HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]"Security Providers"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages REG_MULTI_SZ msv1_0\0\0 Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0 Notification Packages REG_MULTI_SZ scecli\0\0HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\One Care MP [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\Current Version\Svchost]Local Service REG_MULTI_SZ Alerter\0Web Client\0Lm Hosts\0Remote Registry\0upnphost\0SSDPSRV\0\0Network Service REG_MULTI_SZ Dns Cache\0\0rpcss REG_MULTI_SZ Rpc Ss\0\0imgsvc REG_MULTI_SZ Sti Svc\0\0termsvcs REG_MULTI_SZ Term Service\0\0HTTPFilter REG_MULTI_SZ HTTPFilter\0\0Dcom Launch REG_MULTI_SZ Dcom Launch\0Term Service\0\0Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\MP Scheduled Quick C:\WINDOWS\tasks\MP Scheduled C:\WINDOWS\tasks\MP Scheduled Signature C:\WINDOWS\tasks\Symantec Net Detect.job********************************************************************catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006 hidden processes ...scanning hidden services ...scanning hidden autostart entries ...scanning hidden files ..completed successfullyhidden processes: 0hidden services: 0hidden files: 0********************************************************************Completion time: 07-04-13 C:\Combo ... EXEO4 - HKLM\..\Run: [Storage Guard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [Tk Bell Exe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Auto TKit] C:\hp\bin\AUTOTKIT. EXE C:\WINDOWS\System32\Nv Cpl.dll, Nv Startup O4 - HKLM\..\Run: [nwiz] /installquiet /keeploaded /nodetect O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\O4 - HKLM\..\Run: [Alcx Monitor] ALCXMNTR. DLLO18 - Protocol: msnim - - C:\PROGRA~1\MSNMES~1\MSGRAP~1. Adtomi]127.0.0.1 downldcl.adtoolsinc.com127.0.0.1 survey.advantageresearch.com127.0.0.1 ad.tw127.0.0.1 ads.advertise.net127.0.0.1 #[Adware. Arm Bender]127.0.0.1 audiogalaxy.com127.0.0.1 Zone site]127.0.0.1 adserving.autotrader.com127.0.0.1 Moe Money]127.0.0.1 Page-DA]127.0.0.1 c.#[ah-ha.com]127.0.0.1 #[xzoomy.com]127.0.0.1 epeople.com127.0.0.1 errorpage404#[JS_TRAFFICHBAR. Tiny Bar]127.0.0.1 er.errorplace.com127.0.0.1 vipuk.#[123Messenger Hijacker]127.0.0.1 antivirus spyware]127.0.0.1 Page-EZ][server down? Meerhits.nl]127.0.0.1 pokpok.meerhits.nl127.0.0.1 exit.megago.com127.0.0.1 squatter]127.0.0.1 Zone site]127.0.0.1

If so, click it, then click the next icon right below and select "Move incurable". Please copy/paste the content of that report into your next reply.*****************************Launch HJThis,click 'Open the Misc Tools Section'. EXEC:\Program Files\Microsoft Windows One Care Live\Firewall\C:\Program Files\Microsoft Windows One Care Live\C:\Program Files\Softex\Omni Pass\C:\WINDOWS\Explorer. Download Plus]127.0.0.1 ad.tomshardware.com127.0.0.1 #[IEDLL.

EXEC:\windows\system\C:\WINDOWS\System32\C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\C:\Program Files\HP\HP Software Update\HPWu C:\WINDOWS\System32\hphmon05C:\HP\KBD\KBD.

07-04-13 Hijack logs Logfile of Hijack This v1.99.1Scan saved at AM, on 4/13/2007Platform: Windows XP SP2 (Win NT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16414)Running processes: C:\WINDOWS\System32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\Program Files\Microsoft Windows One Care Live\Antivirus\Ms Mp C:\WINDOWS\system32\C:\Program Files\Softex\Omni Pass\C:\WINDOWS\C:\Documents and Settings\Owner\Desktop\Hijack R1 - HKCU\Software\Microsoft\Internet Connection Wizard, Shell Next = - HKCU\Software\Microsoft\Windows\Current Version\Internet Settings, Proxy Override = localhost R3 - URLSearch Hook: Yahoo! EXEO4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD. EXEO4 - HKLM\..\Run: [Igfx Tray] C:\WINDOWS\System32\O4 - HKLM\..\Run: [Quick Time Task] "C:\Program Files\Quick Time\qttask.exe" -atboottime O4 - HKLM\..\Run: [i Tunes Helper] "C:\Program Files\i Tunes\i Tunes Helper.exe"O4 - HKLM\..\Run: [Quick Finder Scheduler] "c:\Program Files\Word Perfect Office 11\Programs\QFSCHD110. DLLO20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\Omni Pass\O20 - Winlogon Notify: Wga Logon - C:\WINDOWS\SYSTEM32\Wga O23 - Service: i Pod Service - Apple Computer, Inc. Advision]127.0.0.1 adviva.com127.0.0.1 ads.adviva.net127.0.0.1 adstats.adviva.net127.0.0.1 tracker.#[msvrl.dll]127.0.0.1 banners.affiliatefuel.com127.0.0.1 affiliatetarget.com127.0.0.1 fcds.affiliatetracking.net127.0.0.1 our.affiliatetracking.net127.0.0.1 partner.#[Troj/Subsear-A][Adware-SSF.dr]127.0.0.1 adserver.aim4media.com127.0.0.1 adtest.aim4media.com127.0.0.1 pops.aim4media.com127.0.0.1 crs.akamai.com127.0.0.1 soap.#[Spyware. Auto Startup]127.0.0.1 cploving.#[Trojan Clicker. ]127.0.0.1 perso.estat.com127.0.0.1 prof.estat.com127.0.0.1 Zone site]127.0.0.1 eu-adcenter.net127.0.0.1 thinknyc.eu-adcenter.net127.0.0.1 ugo.#[evidence-eliminator.com]127.0.0.1 Bar][Installer X Class]127.0.0.1 engage.everyone.net127.0.0.1 static.everyone.net127.0.0.1 exitexchange.com127.0.0.1 count.exitexchange.com127.0.0.1 images.exitexchange.com127.0.0.1 Zone site]127.0.0.1 #[EZCyber Search. A]127.0.0.1 net #[Grolier Network]127.0.0.1 micorsoft.com127.0.0.1 hijacker]127.0.0.1 adserver.mindshare.de127.0.0.1 Mini-Player]127.0.0.1 banner.missingkids.com127.0.0.1 ads.monster.com127.0.0.1 adserver.monster.com127.0.0.1 adserver.monster.com127.0.0.1 ads.monstermoving.com127.0.0.1 cookie.monster.com127.0.0.1 mp3today.net127.0.0.1 mpamexit.com127.0.0.1 msgtag.com127.0.0.1 img.#[Restricted Zone site]127.0.0.1 multi1co.uk127.0.0.1 #[Multimpp Obj Class][Adv Ware. Now Box]127.0.0.1 mediatickets.nubela.net127.0.0.1 nz127.0.0.1 okcounter.com127.0.0.1 net #[Trojan. C]127.0.0.1 stat.onestat.com127.0.0.1 one.ru127.0.0.1 ru127.0.0.1 stats0ru127.0.0.1 stats1ru127.0.0.1 stats2ru127.0.0.1 server1.opentracker.net127.0.0.1 ccc00.opinionlab.com127.0.0.1 rate.opinionlab.com127.0.0.1 net127.0.0.1 Organizer Class]127.0.0.1 com127.0.0.1 com127.0.0.1 otx5.otxresearch.com127.0.0.1 otx.#[OTXMedia.dll]127.0.0.1 Class]127.0.0.1 adpopper.#[bargain-buddy.net]127.0.0.1 click.payserve.com127.0.0.1 ad1com127.0.0.1 ad3com127.0.0.1 com127.0.0.1 ad4com127.0.0.1 ads5com127.0.0.1 com127.0.0.1 net127.0.0.1 ads.#[addynamix.com]127.0.0.1 banners.pennyweb.com127.0.0.1 D]127.0.0.1 ads.photosight.ru127.0.0.1 phpadsnew.com127.0.0.1 #[Backdoor.

EXE"O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [One Care UI] "C:\Program Files\Microsoft Windows One Care Live\winssnotify.exe"O4 - HKCU\..\Run: [Backup Notify] c:\Program Files\Hewlett-Packard\Digital Imaging\bin\O4 - HKCU\..\Run: [NVIEW] rundll32nview.dll,n View Load Hook O4 - HKCU\..\Run: [Real Player] "C:\Program Files\Real\Real One Player\realplay.exe" /Run UPGTool Command Re Boot O4 - HKCU\..\Run: [update Mgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\Adobe Update Ac Rd B7_0_9O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\O4 - Startup: Auto O4 - Global Startup: Adobe Reader Speed = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_O4 - Global Startup: HP Digital Imaging = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08O4 - Global Startup: Motorola Wireless USB = ? - C:\Program Files\i Pod\bin\i Pod O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32O23 - Service: Softex Omni Pass Service (omniserv) - Unknown owner - C:\Program Files\Softex\Omni Pass\O23 - Service: Ventrilo - Unknown owner - C:\Program Files\Vent Srv\ventrilo_O23 - Service: Windows Network Log Manage - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\MSInfo\Smit Fraud Fix v2.166Scan done at .25, Fri 04/13/2007Run from C:\Documents and Settings\Owner\Desktop\Smitfraud Fix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NTThe filesystem type is NTFSFix run in safe mode Shared Task Scheduler Before Smit Fraud Fix!!! Alexa][Alexa Toolbar]127.0.0.1 #[Backdoor-CIE]127.0.0.1 ads.as4#[Ticketmaster]127.0.0.1 net127.0.0.1 net127.0.0.1 ads.amazingmedia.com127.0.0.1 bohema.#[Trojan. H]127.0.0.1 adserver04.#[Real Media]127.0.0.1 ads.antionline.com127.0.0.1 net127.0.0.1 banner.arttoday.com127.0.0.1 #[amazon.com]127.0.0.1 #[UCSearch][W32. Surebar]127.0.0.1 ads.ezcybersearch.com127.0.0.1 everyone.net127.0.0.1 Search]127.0.0.1 ads.au127.0.0.1 au127.0.0.1 redirect.au127.0.0.1 campaigns.f2au127.0.0.1 Search][TROJ_STARTPAG. Bi Spy.o]127.0.0.1 mvtracker.com127.0.0.1 mvr3#[Nav Excel\n-CASE]127.0.0.1 #[Parasite. No Adware]127.0.0.1 ad.nobreak.com127.0.0.1 #[spam][server down?

O4 - Global Startup: Quicken Scheduled = C:\Program Files\Quicken\O4 - Global Startup: Updates from = C:\Program Files\Updates from HP\137903\Program\Back Web-137903O8 - Extra context menu item: &Yahoo! Attention, following keys are not inevitably infected!!! Ri Search Shared Task Scheduler's .dll[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Explorer\Shared Task Scheduler]""="frisbee"[HKEY_CLASSES_ROOT\CLSID\\In Proc Server32]@="C:\WINDOWS\system32\ygjun.dll"[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\\In Proc Server32]@="C:\WINDOWS\system32\ygjun.dll" Killing process hosts127.0.0.1 downloads.aaa1#[Bargin Buddy]127.0.0.1 dl.aaascreensavers.com127.0.0.1 abcsearch.com127.0.0.1 admin.abcsearch.com127.0.0.1 www3.#[Browseraid]127.0.0.1 abc517#[Trojan. Nav Excel]127.0.0.1 us127.0.0.1 ads.mydailyhoroscope.net127.0.0.1 Horoscope]127.0.0.1 com127.0.0.1 myhitlogger.com127.0.0.1 #[Parasite. My Page Finder]127.0.0.1 hit.namimedia.com127.0.0.1 ads.nandomedia.com127.0.0.1 #[Adware. Needed Ware]127.0.0.1 www6.netbroadcaster.com127.0.0.1 code.au127.0.0.1 money2.netfirms.com127.0.0.1 partner.netmechanic.com127.0.0.1 tracker.netmechanic.com127.0.0.1 counter.netmore.net127.0.0.1 ads.netsol.com127.0.0.1 ads.uk127.0.0.1 adq.nextag.com127.0.0.1 #[TROJ_DELF.

]][[

EXE\"""Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide""One Care UI"="\"C:\\Program Files\\Microsoft Windows One Care Live\\winssnotify.exe\"" [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]"DWQueued Reporting"="\"C:\\PROGRA~1\\COMMON~1\\MICROS~1\\DW\\dwtrig20.exe\" -t"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"Disable Task Mgr"=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]""="frisbee"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]""="Microsoft Anti Malware Shell Execute Hook"HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]"Security Providers"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages REG_MULTI_SZ msv1_0\0\0 Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0 Notification Packages REG_MULTI_SZ scecli\0\0HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\One Care MP [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\Current Version\Svchost]Local Service REG_MULTI_SZ Alerter\0Web Client\0Lm Hosts\0Remote Registry\0upnphost\0SSDPSRV\0\0Network Service REG_MULTI_SZ Dns Cache\0\0rpcss REG_MULTI_SZ Rpc Ss\0\0imgsvc REG_MULTI_SZ Sti Svc\0\0termsvcs REG_MULTI_SZ Term Service\0\0HTTPFilter REG_MULTI_SZ HTTPFilter\0\0Dcom Launch REG_MULTI_SZ Dcom Launch\0Term Service\0\0Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\MP Scheduled Quick C:\WINDOWS\tasks\MP Scheduled C:\WINDOWS\tasks\MP Scheduled Signature C:\WINDOWS\tasks\Symantec Net Detect.job********************************************************************catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006 hidden processes ...scanning hidden services ...scanning hidden autostart entries ...scanning hidden files ..completed successfullyhidden processes: 0hidden services: 0hidden files: 0********************************************************************Completion time: 07-04-13 C:\Combo ... EXEO4 - HKLM\..\Run: [Storage Guard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [Tk Bell Exe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Auto TKit] C:\hp\bin\AUTOTKIT. EXE C:\WINDOWS\System32\Nv Cpl.dll, Nv Startup O4 - HKLM\..\Run: [nwiz] /installquiet /keeploaded /nodetect O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\O4 - HKLM\..\Run: [Alcx Monitor] ALCXMNTR. DLLO18 - Protocol: msnim - - C:\PROGRA~1\MSNMES~1\MSGRAP~1. Adtomi]127.0.0.1 downldcl.adtoolsinc.com127.0.0.1 survey.advantageresearch.com127.0.0.1 ad.tw127.0.0.1 ads.advertise.net127.0.0.1 #[Adware. Arm Bender]127.0.0.1 audiogalaxy.com127.0.0.1 Zone site]127.0.0.1 adserving.autotrader.com127.0.0.1 Moe Money]127.0.0.1 Page-DA]127.0.0.1 c.#[ah-ha.com]127.0.0.1 #[xzoomy.com]127.0.0.1 epeople.com127.0.0.1 errorpage404#[JS_TRAFFICHBAR. Tiny Bar]127.0.0.1 er.errorplace.com127.0.0.1 vipuk.#[123Messenger Hijacker]127.0.0.1 antivirus spyware]127.0.0.1 Page-EZ][server down? Meerhits.nl]127.0.0.1 pokpok.meerhits.nl127.0.0.1 exit.megago.com127.0.0.1 squatter]127.0.0.1 Zone site]127.0.0.1 If so, click it, then click the next icon right below and select "Move incurable". Please copy/paste the content of that report into your next reply.*****************************Launch HJThis,click 'Open the Misc Tools Section'. EXEC:\Program Files\Microsoft Windows One Care Live\Firewall\C:\Program Files\Microsoft Windows One Care Live\C:\Program Files\Softex\Omni Pass\C:\WINDOWS\Explorer. Download Plus]127.0.0.1 ad.tomshardware.com127.0.0.1 #[IEDLL. EXEC:\windows\system\C:\WINDOWS\System32\C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\C:\Program Files\HP\HP Software Update\HPWu C:\WINDOWS\System32\hphmon05C:\HP\KBD\KBD. 07-04-13 Hijack logs Logfile of Hijack This v1.99.1Scan saved at AM, on 4/13/2007Platform: Windows XP SP2 (Win NT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16414)Running processes: C:\WINDOWS\System32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\Program Files\Microsoft Windows One Care Live\Antivirus\Ms Mp C:\WINDOWS\system32\C:\Program Files\Softex\Omni Pass\C:\WINDOWS\C:\Documents and Settings\Owner\Desktop\Hijack R1 - HKCU\Software\Microsoft\Internet Connection Wizard, Shell Next = - HKCU\Software\Microsoft\Windows\Current Version\Internet Settings, Proxy Override = localhost R3 - URLSearch Hook: Yahoo! EXEO4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD. EXEO4 - HKLM\..\Run: [Igfx Tray] C:\WINDOWS\System32\O4 - HKLM\..\Run: [Quick Time Task] "C:\Program Files\Quick Time\qttask.exe" -atboottime O4 - HKLM\..\Run: [i Tunes Helper] "C:\Program Files\i Tunes\i Tunes Helper.exe"O4 - HKLM\..\Run: [Quick Finder Scheduler] "c:\Program Files\Word Perfect Office 11\Programs\QFSCHD110. DLLO20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\Omni Pass\O20 - Winlogon Notify: Wga Logon - C:\WINDOWS\SYSTEM32\Wga O23 - Service: i Pod Service - Apple Computer, Inc. Advision]127.0.0.1 adviva.com127.0.0.1 ads.adviva.net127.0.0.1 adstats.adviva.net127.0.0.1 tracker.#[msvrl.dll]127.0.0.1 banners.affiliatefuel.com127.0.0.1 affiliatetarget.com127.0.0.1 fcds.affiliatetracking.net127.0.0.1 our.affiliatetracking.net127.0.0.1 partner.#[Troj/Subsear-A][Adware-SSF.dr]127.0.0.1 adserver.aim4media.com127.0.0.1 adtest.aim4media.com127.0.0.1 pops.aim4media.com127.0.0.1 crs.akamai.com127.0.0.1 soap.#[Spyware. Auto Startup]127.0.0.1 cploving.#[Trojan Clicker. ]127.0.0.1 perso.estat.com127.0.0.1 prof.estat.com127.0.0.1 Zone site]127.0.0.1 eu-adcenter.net127.0.0.1 thinknyc.eu-adcenter.net127.0.0.1 ugo.#[evidence-eliminator.com]127.0.0.1 Bar][Installer X Class]127.0.0.1 engage.everyone.net127.0.0.1 static.everyone.net127.0.0.1 exitexchange.com127.0.0.1 count.exitexchange.com127.0.0.1 images.exitexchange.com127.0.0.1 Zone site]127.0.0.1 #[EZCyber Search. A]127.0.0.1 net #[Grolier Network]127.0.0.1 micorsoft.com127.0.0.1 hijacker]127.0.0.1 adserver.mindshare.de127.0.0.1 Mini-Player]127.0.0.1 banner.missingkids.com127.0.0.1 ads.monster.com127.0.0.1 adserver.monster.com127.0.0.1 adserver.monster.com127.0.0.1 ads.monstermoving.com127.0.0.1 cookie.monster.com127.0.0.1 mp3today.net127.0.0.1 mpamexit.com127.0.0.1 msgtag.com127.0.0.1 img.#[Restricted Zone site]127.0.0.1 multi1co.uk127.0.0.1 #[Multimpp Obj Class][Adv Ware. Now Box]127.0.0.1 mediatickets.nubela.net127.0.0.1 nz127.0.0.1 okcounter.com127.0.0.1 net #[Trojan. C]127.0.0.1 stat.onestat.com127.0.0.1 one.ru127.0.0.1 ru127.0.0.1 stats0ru127.0.0.1 stats1ru127.0.0.1 stats2ru127.0.0.1 server1.opentracker.net127.0.0.1 ccc00.opinionlab.com127.0.0.1 rate.opinionlab.com127.0.0.1 net127.0.0.1 Organizer Class]127.0.0.1 com127.0.0.1 com127.0.0.1 otx5.otxresearch.com127.0.0.1 otx.#[OTXMedia.dll]127.0.0.1 Class]127.0.0.1 adpopper.#[bargain-buddy.net]127.0.0.1 click.payserve.com127.0.0.1 ad1com127.0.0.1 ad3com127.0.0.1 com127.0.0.1 ad4com127.0.0.1 ads5com127.0.0.1 com127.0.0.1 net127.0.0.1 ads.#[addynamix.com]127.0.0.1 banners.pennyweb.com127.0.0.1 D]127.0.0.1 ads.photosight.ru127.0.0.1 phpadsnew.com127.0.0.1 #[Backdoor. EXE"O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [One Care UI] "C:\Program Files\Microsoft Windows One Care Live\winssnotify.exe"O4 - HKCU\..\Run: [Backup Notify] c:\Program Files\Hewlett-Packard\Digital Imaging\bin\O4 - HKCU\..\Run: [NVIEW] rundll32nview.dll,n View Load Hook O4 - HKCU\..\Run: [Real Player] "C:\Program Files\Real\Real One Player\realplay.exe" /Run UPGTool Command Re Boot O4 - HKCU\..\Run: [update Mgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\Adobe Update Ac Rd B7_0_9O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\O4 - Startup: Auto O4 - Global Startup: Adobe Reader Speed = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_O4 - Global Startup: HP Digital Imaging = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08O4 - Global Startup: Motorola Wireless USB = ? - C:\Program Files\i Pod\bin\i Pod O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32O23 - Service: Softex Omni Pass Service (omniserv) - Unknown owner - C:\Program Files\Softex\Omni Pass\O23 - Service: Ventrilo - Unknown owner - C:\Program Files\Vent Srv\ventrilo_O23 - Service: Windows Network Log Manage - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\MSInfo\Smit Fraud Fix v2.166Scan done at .25, Fri 04/13/2007Run from C:\Documents and Settings\Owner\Desktop\Smitfraud Fix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NTThe filesystem type is NTFSFix run in safe mode Shared Task Scheduler Before Smit Fraud Fix!!! Alexa][Alexa Toolbar]127.0.0.1 #[Backdoor-CIE]127.0.0.1 ads.as4#[Ticketmaster]127.0.0.1 net127.0.0.1 net127.0.0.1 ads.amazingmedia.com127.0.0.1 bohema.#[Trojan. H]127.0.0.1 adserver04.#[Real Media]127.0.0.1 ads.antionline.com127.0.0.1 net127.0.0.1 banner.arttoday.com127.0.0.1 #[amazon.com]127.0.0.1 #[UCSearch][W32. Surebar]127.0.0.1 ads.ezcybersearch.com127.0.0.1 everyone.net127.0.0.1 Search]127.0.0.1 ads.au127.0.0.1 au127.0.0.1 redirect.au127.0.0.1 campaigns.f2au127.0.0.1 Search][TROJ_STARTPAG. Bi Spy.o]127.0.0.1 mvtracker.com127.0.0.1 mvr3#[Nav Excel\n-CASE]127.0.0.1 #[Parasite. No Adware]127.0.0.1 ad.nobreak.com127.0.0.1 #[spam][server down? O4 - Global Startup: Quicken Scheduled = C:\Program Files\Quicken\O4 - Global Startup: Updates from = C:\Program Files\Updates from HP\137903\Program\Back Web-137903O8 - Extra context menu item: &Yahoo! Attention, following keys are not inevitably infected!!! Ri Search Shared Task Scheduler's .dll[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Explorer\Shared Task Scheduler]""="frisbee"[HKEY_CLASSES_ROOT\CLSID\\In Proc Server32]@="C:\WINDOWS\system32\ygjun.dll"[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\\In Proc Server32]@="C:\WINDOWS\system32\ygjun.dll" Killing process hosts127.0.0.1 downloads.aaa1#[Bargin Buddy]127.0.0.1 dl.aaascreensavers.com127.0.0.1 abcsearch.com127.0.0.1 admin.abcsearch.com127.0.0.1 www3.#[Browseraid]127.0.0.1 abc517#[Trojan. Nav Excel]127.0.0.1 us127.0.0.1 ads.mydailyhoroscope.net127.0.0.1 Horoscope]127.0.0.1 com127.0.0.1 myhitlogger.com127.0.0.1 #[Parasite. My Page Finder]127.0.0.1 hit.namimedia.com127.0.0.1 ads.nandomedia.com127.0.0.1 #[Adware. Needed Ware]127.0.0.1 www6.netbroadcaster.com127.0.0.1 code.au127.0.0.1 money2.netfirms.com127.0.0.1 partner.netmechanic.com127.0.0.1 tracker.netmechanic.com127.0.0.1 counter.netmore.net127.0.0.1 ads.netsol.com127.0.0.1 ads.uk127.0.0.1 adq.nextag.com127.0.0.1 #[TROJ_DELF.

||

EXE\"""Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide""One Care UI"="\"C:\\Program Files\\Microsoft Windows One Care Live\\winssnotify.exe\"" [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]"DWQueued Reporting"="\"C:\\PROGRA~1\\COMMON~1\\MICROS~1\\DW\\dwtrig20.exe\" -t"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"Disable Task Mgr"=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]""="frisbee"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]""="Microsoft Anti Malware Shell Execute Hook"HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]"Security Providers"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages REG_MULTI_SZ msv1_0\0\0 Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0 Notification Packages REG_MULTI_SZ scecli\0\0HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\One Care MP [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\Current Version\Svchost]Local Service REG_MULTI_SZ Alerter\0Web Client\0Lm Hosts\0Remote Registry\0upnphost\0SSDPSRV\0\0Network Service REG_MULTI_SZ Dns Cache\0\0rpcss REG_MULTI_SZ Rpc Ss\0\0imgsvc REG_MULTI_SZ Sti Svc\0\0termsvcs REG_MULTI_SZ Term Service\0\0HTTPFilter REG_MULTI_SZ HTTPFilter\0\0Dcom Launch REG_MULTI_SZ Dcom Launch\0Term Service\0\0Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\MP Scheduled Quick C:\WINDOWS\tasks\MP Scheduled C:\WINDOWS\tasks\MP Scheduled Signature C:\WINDOWS\tasks\Symantec Net Detect.job********************************************************************catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006 hidden processes ...scanning hidden services ...scanning hidden autostart entries ...scanning hidden files ..completed successfullyhidden processes: 0hidden services: 0hidden files: 0********************************************************************Completion time: 07-04-13 C:\Combo ... EXEO4 - HKLM\..\Run: [Storage Guard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [Tk Bell Exe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Auto TKit] C:\hp\bin\AUTOTKIT. EXE C:\WINDOWS\System32\Nv Cpl.dll, Nv Startup O4 - HKLM\..\Run: [nwiz] /installquiet /keeploaded /nodetect O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\O4 - HKLM\..\Run: [Alcx Monitor] ALCXMNTR. DLLO18 - Protocol: msnim - - C:\PROGRA~1\MSNMES~1\MSGRAP~1. Adtomi]127.0.0.1 downldcl.adtoolsinc.com127.0.0.1 survey.advantageresearch.com127.0.0.1 ad.tw127.0.0.1 ads.advertise.net127.0.0.1 #[Adware. Arm Bender]127.0.0.1 audiogalaxy.com127.0.0.1 Zone site]127.0.0.1 adserving.autotrader.com127.0.0.1 Moe Money]127.0.0.1 Page-DA]127.0.0.1 c.#[ah-ha.com]127.0.0.1 #[xzoomy.com]127.0.0.1 epeople.com127.0.0.1 errorpage404#[JS_TRAFFICHBAR. Tiny Bar]127.0.0.1 er.errorplace.com127.0.0.1 vipuk.#[123Messenger Hijacker]127.0.0.1 antivirus spyware]127.0.0.1 Page-EZ][server down? Meerhits.nl]127.0.0.1 pokpok.meerhits.nl127.0.0.1 exit.megago.com127.0.0.1 squatter]127.0.0.1 Zone site]127.0.0.1

If so, click it, then click the next icon right below and select "Move incurable". Please copy/paste the content of that report into your next reply.*****************************Launch HJThis,click 'Open the Misc Tools Section'. EXEC:\Program Files\Microsoft Windows One Care Live\Firewall\C:\Program Files\Microsoft Windows One Care Live\C:\Program Files\Softex\Omni Pass\C:\WINDOWS\Explorer. Download Plus]127.0.0.1 ad.tomshardware.com127.0.0.1 #[IEDLL.

EXEC:\windows\system\C:\WINDOWS\System32\C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\C:\Program Files\HP\HP Software Update\HPWu C:\WINDOWS\System32\hphmon05C:\HP\KBD\KBD.

07-04-13 Hijack logs Logfile of Hijack This v1.99.1Scan saved at AM, on 4/13/2007Platform: Windows XP SP2 (Win NT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16414)Running processes: C:\WINDOWS\System32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\Program Files\Microsoft Windows One Care Live\Antivirus\Ms Mp C:\WINDOWS\system32\C:\Program Files\Softex\Omni Pass\C:\WINDOWS\C:\Documents and Settings\Owner\Desktop\Hijack R1 - HKCU\Software\Microsoft\Internet Connection Wizard, Shell Next = - HKCU\Software\Microsoft\Windows\Current Version\Internet Settings, Proxy Override = localhost R3 - URLSearch Hook: Yahoo! EXEO4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD. EXEO4 - HKLM\..\Run: [Igfx Tray] C:\WINDOWS\System32\O4 - HKLM\..\Run: [Quick Time Task] "C:\Program Files\Quick Time\qttask.exe" -atboottime O4 - HKLM\..\Run: [i Tunes Helper] "C:\Program Files\i Tunes\i Tunes Helper.exe"O4 - HKLM\..\Run: [Quick Finder Scheduler] "c:\Program Files\Word Perfect Office 11\Programs\QFSCHD110. DLLO20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\Omni Pass\O20 - Winlogon Notify: Wga Logon - C:\WINDOWS\SYSTEM32\Wga O23 - Service: i Pod Service - Apple Computer, Inc. Advision]127.0.0.1 adviva.com127.0.0.1 ads.adviva.net127.0.0.1 adstats.adviva.net127.0.0.1 tracker.#[msvrl.dll]127.0.0.1 banners.affiliatefuel.com127.0.0.1 affiliatetarget.com127.0.0.1 fcds.affiliatetracking.net127.0.0.1 our.affiliatetracking.net127.0.0.1 partner.#[Troj/Subsear-A][Adware-SSF.dr]127.0.0.1 adserver.aim4media.com127.0.0.1 adtest.aim4media.com127.0.0.1 pops.aim4media.com127.0.0.1 crs.akamai.com127.0.0.1 soap.#[Spyware. Auto Startup]127.0.0.1 cploving.#[Trojan Clicker. ]127.0.0.1 perso.estat.com127.0.0.1 prof.estat.com127.0.0.1 Zone site]127.0.0.1 eu-adcenter.net127.0.0.1 thinknyc.eu-adcenter.net127.0.0.1 ugo.#[evidence-eliminator.com]127.0.0.1 Bar][Installer X Class]127.0.0.1 engage.everyone.net127.0.0.1 static.everyone.net127.0.0.1 exitexchange.com127.0.0.1 count.exitexchange.com127.0.0.1 images.exitexchange.com127.0.0.1 Zone site]127.0.0.1 #[EZCyber Search. A]127.0.0.1 net #[Grolier Network]127.0.0.1 micorsoft.com127.0.0.1 hijacker]127.0.0.1 adserver.mindshare.de127.0.0.1 Mini-Player]127.0.0.1 banner.missingkids.com127.0.0.1 ads.monster.com127.0.0.1 adserver.monster.com127.0.0.1 adserver.monster.com127.0.0.1 ads.monstermoving.com127.0.0.1 cookie.monster.com127.0.0.1 mp3today.net127.0.0.1 mpamexit.com127.0.0.1 msgtag.com127.0.0.1 img.#[Restricted Zone site]127.0.0.1 multi1co.uk127.0.0.1 #[Multimpp Obj Class][Adv Ware. Now Box]127.0.0.1 mediatickets.nubela.net127.0.0.1 nz127.0.0.1 okcounter.com127.0.0.1 net #[Trojan. C]127.0.0.1 stat.onestat.com127.0.0.1 one.ru127.0.0.1 ru127.0.0.1 stats0ru127.0.0.1 stats1ru127.0.0.1 stats2ru127.0.0.1 server1.opentracker.net127.0.0.1 ccc00.opinionlab.com127.0.0.1 rate.opinionlab.com127.0.0.1 net127.0.0.1 Organizer Class]127.0.0.1 com127.0.0.1 com127.0.0.1 otx5.otxresearch.com127.0.0.1 otx.#[OTXMedia.dll]127.0.0.1 Class]127.0.0.1 adpopper.#[bargain-buddy.net]127.0.0.1 click.payserve.com127.0.0.1 ad1com127.0.0.1 ad3com127.0.0.1 com127.0.0.1 ad4com127.0.0.1 ads5com127.0.0.1 com127.0.0.1 net127.0.0.1 ads.#[addynamix.com]127.0.0.1 banners.pennyweb.com127.0.0.1 D]127.0.0.1 ads.photosight.ru127.0.0.1 phpadsnew.com127.0.0.1 #[Backdoor.

EXE"O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [One Care UI] "C:\Program Files\Microsoft Windows One Care Live\winssnotify.exe"O4 - HKCU\..\Run: [Backup Notify] c:\Program Files\Hewlett-Packard\Digital Imaging\bin\O4 - HKCU\..\Run: [NVIEW] rundll32nview.dll,n View Load Hook O4 - HKCU\..\Run: [Real Player] "C:\Program Files\Real\Real One Player\realplay.exe" /Run UPGTool Command Re Boot O4 - HKCU\..\Run: [update Mgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\Adobe Update Ac Rd B7_0_9O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\O4 - Startup: Auto O4 - Global Startup: Adobe Reader Speed = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_O4 - Global Startup: HP Digital Imaging = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08O4 - Global Startup: Motorola Wireless USB = ? - C:\Program Files\i Pod\bin\i Pod O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32O23 - Service: Softex Omni Pass Service (omniserv) - Unknown owner - C:\Program Files\Softex\Omni Pass\O23 - Service: Ventrilo - Unknown owner - C:\Program Files\Vent Srv\ventrilo_O23 - Service: Windows Network Log Manage - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\MSInfo\Smit Fraud Fix v2.166Scan done at .25, Fri 04/13/2007Run from C:\Documents and Settings\Owner\Desktop\Smitfraud Fix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NTThe filesystem type is NTFSFix run in safe mode Shared Task Scheduler Before Smit Fraud Fix!!! Alexa][Alexa Toolbar]127.0.0.1 #[Backdoor-CIE]127.0.0.1 ads.as4#[Ticketmaster]127.0.0.1 net127.0.0.1 net127.0.0.1 ads.amazingmedia.com127.0.0.1 bohema.#[Trojan. H]127.0.0.1 adserver04.#[Real Media]127.0.0.1 ads.antionline.com127.0.0.1 net127.0.0.1 banner.arttoday.com127.0.0.1 #[amazon.com]127.0.0.1 #[UCSearch][W32. Surebar]127.0.0.1 ads.ezcybersearch.com127.0.0.1 everyone.net127.0.0.1 Search]127.0.0.1 ads.au127.0.0.1 au127.0.0.1 redirect.au127.0.0.1 campaigns.f2au127.0.0.1 Search][TROJ_STARTPAG. Bi Spy.o]127.0.0.1 mvtracker.com127.0.0.1 mvr3#[Nav Excel\n-CASE]127.0.0.1 #[Parasite. No Adware]127.0.0.1 ad.nobreak.com127.0.0.1 #[spam][server down?

O4 - Global Startup: Quicken Scheduled = C:\Program Files\Quicken\O4 - Global Startup: Updates from = C:\Program Files\Updates from HP\137903\Program\Back Web-137903O8 - Extra context menu item: &Yahoo! Attention, following keys are not inevitably infected!!! Ri Search Shared Task Scheduler's .dll[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Explorer\Shared Task Scheduler]""="frisbee"[HKEY_CLASSES_ROOT\CLSID\\In Proc Server32]@="C:\WINDOWS\system32\ygjun.dll"[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\\In Proc Server32]@="C:\WINDOWS\system32\ygjun.dll" Killing process hosts127.0.0.1 downloads.aaa1#[Bargin Buddy]127.0.0.1 dl.aaascreensavers.com127.0.0.1 abcsearch.com127.0.0.1 admin.abcsearch.com127.0.0.1 www3.#[Browseraid]127.0.0.1 abc517#[Trojan. Nav Excel]127.0.0.1 us127.0.0.1 ads.mydailyhoroscope.net127.0.0.1 Horoscope]127.0.0.1 com127.0.0.1 myhitlogger.com127.0.0.1 #[Parasite. My Page Finder]127.0.0.1 hit.namimedia.com127.0.0.1 ads.nandomedia.com127.0.0.1 #[Adware. Needed Ware]127.0.0.1 www6.netbroadcaster.com127.0.0.1 code.au127.0.0.1 money2.netfirms.com127.0.0.1 partner.netmechanic.com127.0.0.1 tracker.netmechanic.com127.0.0.1 counter.netmore.net127.0.0.1 ads.netsol.com127.0.0.1 ads.uk127.0.0.1 adq.nextag.com127.0.0.1 #[TROJ_DELF.

]]Dcom Launch REG_MULTI_SZ Dcom Launch[[

EXE\"""Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide""One Care UI"="\"C:\\Program Files\\Microsoft Windows One Care Live\\winssnotify.exe\"" [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]"DWQueued Reporting"="\"C:\\PROGRA~1\\COMMON~1\\MICROS~1\\DW\\dwtrig20.exe\" -t"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"Disable Task Mgr"=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]""="frisbee"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]""="Microsoft Anti Malware Shell Execute Hook"HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]"Security Providers"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages REG_MULTI_SZ msv1_0\0\0 Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0 Notification Packages REG_MULTI_SZ scecli\0\0HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\One Care MP [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\Current Version\Svchost]Local Service REG_MULTI_SZ Alerter\0Web Client\0Lm Hosts\0Remote Registry\0upnphost\0SSDPSRV\0\0Network Service REG_MULTI_SZ Dns Cache\0\0rpcss REG_MULTI_SZ Rpc Ss\0\0imgsvc REG_MULTI_SZ Sti Svc\0\0termsvcs REG_MULTI_SZ Term Service\0\0HTTPFilter REG_MULTI_SZ HTTPFilter\0\0Dcom Launch REG_MULTI_SZ Dcom Launch\0Term Service\0\0Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\MP Scheduled Quick C:\WINDOWS\tasks\MP Scheduled C:\WINDOWS\tasks\MP Scheduled Signature C:\WINDOWS\tasks\Symantec Net Detect.job********************************************************************catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006 hidden processes ...scanning hidden services ...scanning hidden autostart entries ...scanning hidden files ..completed successfullyhidden processes: 0hidden services: 0hidden files: 0********************************************************************Completion time: 07-04-13 C:\Combo ... EXEO4 - HKLM\..\Run: [Storage Guard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [Tk Bell Exe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Auto TKit] C:\hp\bin\AUTOTKIT. EXE C:\WINDOWS\System32\Nv Cpl.dll, Nv Startup O4 - HKLM\..\Run: [nwiz] /installquiet /keeploaded /nodetect O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\O4 - HKLM\..\Run: [Alcx Monitor] ALCXMNTR. DLLO18 - Protocol: msnim - - C:\PROGRA~1\MSNMES~1\MSGRAP~1. Adtomi]127.0.0.1 downldcl.adtoolsinc.com127.0.0.1 survey.advantageresearch.com127.0.0.1 ad.tw127.0.0.1 ads.advertise.net127.0.0.1 #[Adware. Arm Bender]127.0.0.1 audiogalaxy.com127.0.0.1 Zone site]127.0.0.1 adserving.autotrader.com127.0.0.1 Moe Money]127.0.0.1 Page-DA]127.0.0.1 c.#[ah-ha.com]127.0.0.1 #[xzoomy.com]127.0.0.1 epeople.com127.0.0.1 errorpage404#[JS_TRAFFICHBAR. Tiny Bar]127.0.0.1 er.errorplace.com127.0.0.1 vipuk.#[123Messenger Hijacker]127.0.0.1 antivirus spyware]127.0.0.1 Page-EZ][server down? Meerhits.nl]127.0.0.1 pokpok.meerhits.nl127.0.0.1 exit.megago.com127.0.0.1 squatter]127.0.0.1 Zone site]127.0.0.1 If so, click it, then click the next icon right below and select "Move incurable". Please copy/paste the content of that report into your next reply.*****************************Launch HJThis,click 'Open the Misc Tools Section'. EXEC:\Program Files\Microsoft Windows One Care Live\Firewall\C:\Program Files\Microsoft Windows One Care Live\C:\Program Files\Softex\Omni Pass\C:\WINDOWS\Explorer. Download Plus]127.0.0.1 ad.tomshardware.com127.0.0.1 #[IEDLL. EXEC:\windows\system\C:\WINDOWS\System32\C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\C:\Program Files\HP\HP Software Update\HPWu C:\WINDOWS\System32\hphmon05C:\HP\KBD\KBD. 07-04-13 Hijack logs Logfile of Hijack This v1.99.1Scan saved at AM, on 4/13/2007Platform: Windows XP SP2 (Win NT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16414)Running processes: C:\WINDOWS\System32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\Program Files\Microsoft Windows One Care Live\Antivirus\Ms Mp C:\WINDOWS\system32\C:\Program Files\Softex\Omni Pass\C:\WINDOWS\C:\Documents and Settings\Owner\Desktop\Hijack R1 - HKCU\Software\Microsoft\Internet Connection Wizard, Shell Next = - HKCU\Software\Microsoft\Windows\Current Version\Internet Settings, Proxy Override = localhost R3 - URLSearch Hook: Yahoo! EXEO4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD. EXEO4 - HKLM\..\Run: [Igfx Tray] C:\WINDOWS\System32\O4 - HKLM\..\Run: [Quick Time Task] "C:\Program Files\Quick Time\qttask.exe" -atboottime O4 - HKLM\..\Run: [i Tunes Helper] "C:\Program Files\i Tunes\i Tunes Helper.exe"O4 - HKLM\..\Run: [Quick Finder Scheduler] "c:\Program Files\Word Perfect Office 11\Programs\QFSCHD110. DLLO20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\Omni Pass\O20 - Winlogon Notify: Wga Logon - C:\WINDOWS\SYSTEM32\Wga O23 - Service: i Pod Service - Apple Computer, Inc. Advision]127.0.0.1 adviva.com127.0.0.1 ads.adviva.net127.0.0.1 adstats.adviva.net127.0.0.1 tracker.#[msvrl.dll]127.0.0.1 banners.affiliatefuel.com127.0.0.1 affiliatetarget.com127.0.0.1 fcds.affiliatetracking.net127.0.0.1 our.affiliatetracking.net127.0.0.1 partner.#[Troj/Subsear-A][Adware-SSF.dr]127.0.0.1 adserver.aim4media.com127.0.0.1 adtest.aim4media.com127.0.0.1 pops.aim4media.com127.0.0.1 crs.akamai.com127.0.0.1 soap.#[Spyware. Auto Startup]127.0.0.1 cploving.#[Trojan Clicker. ]127.0.0.1 perso.estat.com127.0.0.1 prof.estat.com127.0.0.1 Zone site]127.0.0.1 eu-adcenter.net127.0.0.1 thinknyc.eu-adcenter.net127.0.0.1 ugo.#[evidence-eliminator.com]127.0.0.1 Bar][Installer X Class]127.0.0.1 engage.everyone.net127.0.0.1 static.everyone.net127.0.0.1 exitexchange.com127.0.0.1 count.exitexchange.com127.0.0.1 images.exitexchange.com127.0.0.1 Zone site]127.0.0.1 #[EZCyber Search. A]127.0.0.1 net #[Grolier Network]127.0.0.1 micorsoft.com127.0.0.1 hijacker]127.0.0.1 adserver.mindshare.de127.0.0.1 Mini-Player]127.0.0.1 banner.missingkids.com127.0.0.1 ads.monster.com127.0.0.1 adserver.monster.com127.0.0.1 adserver.monster.com127.0.0.1 ads.monstermoving.com127.0.0.1 cookie.monster.com127.0.0.1 mp3today.net127.0.0.1 mpamexit.com127.0.0.1 msgtag.com127.0.0.1 img.#[Restricted Zone site]127.0.0.1 multi1co.uk127.0.0.1 #[Multimpp Obj Class][Adv Ware. Now Box]127.0.0.1 mediatickets.nubela.net127.0.0.1 nz127.0.0.1 okcounter.com127.0.0.1 net #[Trojan. C]127.0.0.1 stat.onestat.com127.0.0.1 one.ru127.0.0.1 ru127.0.0.1 stats0ru127.0.0.1 stats1ru127.0.0.1 stats2ru127.0.0.1 server1.opentracker.net127.0.0.1 ccc00.opinionlab.com127.0.0.1 rate.opinionlab.com127.0.0.1 net127.0.0.1 Organizer Class]127.0.0.1 com127.0.0.1 com127.0.0.1 otx5.otxresearch.com127.0.0.1 otx.#[OTXMedia.dll]127.0.0.1 Class]127.0.0.1 adpopper.#[bargain-buddy.net]127.0.0.1 click.payserve.com127.0.0.1 ad1com127.0.0.1 ad3com127.0.0.1 com127.0.0.1 ad4com127.0.0.1 ads5com127.0.0.1 com127.0.0.1 net127.0.0.1 ads.#[addynamix.com]127.0.0.1 banners.pennyweb.com127.0.0.1 D]127.0.0.1 ads.photosight.ru127.0.0.1 phpadsnew.com127.0.0.1 #[Backdoor. EXE"O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [One Care UI] "C:\Program Files\Microsoft Windows One Care Live\winssnotify.exe"O4 - HKCU\..\Run: [Backup Notify] c:\Program Files\Hewlett-Packard\Digital Imaging\bin\O4 - HKCU\..\Run: [NVIEW] rundll32nview.dll,n View Load Hook O4 - HKCU\..\Run: [Real Player] "C:\Program Files\Real\Real One Player\realplay.exe" /Run UPGTool Command Re Boot O4 - HKCU\..\Run: [update Mgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\Adobe Update Ac Rd B7_0_9O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\O4 - Startup: Auto O4 - Global Startup: Adobe Reader Speed = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_O4 - Global Startup: HP Digital Imaging = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08O4 - Global Startup: Motorola Wireless USB = ? - C:\Program Files\i Pod\bin\i Pod O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32O23 - Service: Softex Omni Pass Service (omniserv) - Unknown owner - C:\Program Files\Softex\Omni Pass\O23 - Service: Ventrilo - Unknown owner - C:\Program Files\Vent Srv\ventrilo_O23 - Service: Windows Network Log Manage - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\MSInfo\Smit Fraud Fix v2.166Scan done at .25, Fri 04/13/2007Run from C:\Documents and Settings\Owner\Desktop\Smitfraud Fix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NTThe filesystem type is NTFSFix run in safe mode Shared Task Scheduler Before Smit Fraud Fix!!! Alexa][Alexa Toolbar]127.0.0.1 #[Backdoor-CIE]127.0.0.1 ads.as4#[Ticketmaster]127.0.0.1 net127.0.0.1 net127.0.0.1 ads.amazingmedia.com127.0.0.1 bohema.#[Trojan. H]127.0.0.1 adserver04.#[Real Media]127.0.0.1 ads.antionline.com127.0.0.1 net127.0.0.1 banner.arttoday.com127.0.0.1 #[amazon.com]127.0.0.1 #[UCSearch][W32. Surebar]127.0.0.1 ads.ezcybersearch.com127.0.0.1 everyone.net127.0.0.1 Search]127.0.0.1 ads.au127.0.0.1 au127.0.0.1 redirect.au127.0.0.1 campaigns.f2au127.0.0.1 Search][TROJ_STARTPAG. Bi Spy.o]127.0.0.1 mvtracker.com127.0.0.1 mvr3#[Nav Excel\n-CASE]127.0.0.1 #[Parasite. No Adware]127.0.0.1 ad.nobreak.com127.0.0.1 #[spam][server down? O4 - Global Startup: Quicken Scheduled = C:\Program Files\Quicken\O4 - Global Startup: Updates from = C:\Program Files\Updates from HP\137903\Program\Back Web-137903O8 - Extra context menu item: &Yahoo! Attention, following keys are not inevitably infected!!! Ri Search Shared Task Scheduler's .dll[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Explorer\Shared Task Scheduler]""="frisbee"[HKEY_CLASSES_ROOT\CLSID\\In Proc Server32]@="C:\WINDOWS\system32\ygjun.dll"[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\\In Proc Server32]@="C:\WINDOWS\system32\ygjun.dll" Killing process hosts127.0.0.1 downloads.aaa1#[Bargin Buddy]127.0.0.1 dl.aaascreensavers.com127.0.0.1 abcsearch.com127.0.0.1 admin.abcsearch.com127.0.0.1 www3.#[Browseraid]127.0.0.1 abc517#[Trojan. Nav Excel]127.0.0.1 us127.0.0.1 ads.mydailyhoroscope.net127.0.0.1 Horoscope]127.0.0.1 com127.0.0.1 myhitlogger.com127.0.0.1 #[Parasite. My Page Finder]127.0.0.1 hit.namimedia.com127.0.0.1 ads.nandomedia.com127.0.0.1 #[Adware. Needed Ware]127.0.0.1 www6.netbroadcaster.com127.0.0.1 code.au127.0.0.1 money2.netfirms.com127.0.0.1 partner.netmechanic.com127.0.0.1 tracker.netmechanic.com127.0.0.1 counter.netmore.net127.0.0.1 ads.netsol.com127.0.0.1 ads.uk127.0.0.1 adq.nextag.com127.0.0.1 #[TROJ_DELF.

||

EXE\"""Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide""One Care UI"="\"C:\\Program Files\\Microsoft Windows One Care Live\\winssnotify.exe\"" [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]"DWQueued Reporting"="\"C:\\PROGRA~1\\COMMON~1\\MICROS~1\\DW\\dwtrig20.exe\" -t"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"Disable Task Mgr"=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]""="frisbee"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]""="Microsoft Anti Malware Shell Execute Hook"HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]"Security Providers"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages REG_MULTI_SZ msv1_0\0\0 Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0 Notification Packages REG_MULTI_SZ scecli\0\0HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\One Care MP [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\Current Version\Svchost]Local Service REG_MULTI_SZ Alerter\0Web Client\0Lm Hosts\0Remote Registry\0upnphost\0SSDPSRV\0\0Network Service REG_MULTI_SZ Dns Cache\0\0rpcss REG_MULTI_SZ Rpc Ss\0\0imgsvc REG_MULTI_SZ Sti Svc\0\0termsvcs REG_MULTI_SZ Term Service\0\0HTTPFilter REG_MULTI_SZ HTTPFilter\0\0Dcom Launch REG_MULTI_SZ Dcom Launch\0Term Service\0\0Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\MP Scheduled Quick C:\WINDOWS\tasks\MP Scheduled C:\WINDOWS\tasks\MP Scheduled Signature C:\WINDOWS\tasks\Symantec Net Detect.job********************************************************************catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006 hidden processes ...scanning hidden services ...scanning hidden autostart entries ...scanning hidden files ..completed successfullyhidden processes: 0hidden services: 0hidden files: 0********************************************************************Completion time: 07-04-13 C:\Combo ... EXEO4 - HKLM\..\Run: [Storage Guard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [Tk Bell Exe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Auto TKit] C:\hp\bin\AUTOTKIT. EXE C:\WINDOWS\System32\Nv Cpl.dll, Nv Startup O4 - HKLM\..\Run: [nwiz] /installquiet /keeploaded /nodetect O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\O4 - HKLM\..\Run: [Alcx Monitor] ALCXMNTR. DLLO18 - Protocol: msnim - - C:\PROGRA~1\MSNMES~1\MSGRAP~1. Adtomi]127.0.0.1 downldcl.adtoolsinc.com127.0.0.1 survey.advantageresearch.com127.0.0.1 ad.tw127.0.0.1 ads.advertise.net127.0.0.1 #[Adware. Arm Bender]127.0.0.1 audiogalaxy.com127.0.0.1 Zone site]127.0.0.1 adserving.autotrader.com127.0.0.1 Moe Money]127.0.0.1 Page-DA]127.0.0.1 c.#[ah-ha.com]127.0.0.1 #[xzoomy.com]127.0.0.1 epeople.com127.0.0.1 errorpage404#[JS_TRAFFICHBAR. Tiny Bar]127.0.0.1 er.errorplace.com127.0.0.1 vipuk.#[123Messenger Hijacker]127.0.0.1 antivirus spyware]127.0.0.1 Page-EZ][server down? Meerhits.nl]127.0.0.1 pokpok.meerhits.nl127.0.0.1 exit.megago.com127.0.0.1 squatter]127.0.0.1 Zone site]127.0.0.1

If so, click it, then click the next icon right below and select "Move incurable". Please copy/paste the content of that report into your next reply.*****************************Launch HJThis,click 'Open the Misc Tools Section'. EXEC:\Program Files\Microsoft Windows One Care Live\Firewall\C:\Program Files\Microsoft Windows One Care Live\C:\Program Files\Softex\Omni Pass\C:\WINDOWS\Explorer. Download Plus]127.0.0.1 ad.tomshardware.com127.0.0.1 #[IEDLL.

EXEC:\windows\system\C:\WINDOWS\System32\C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\C:\Program Files\HP\HP Software Update\HPWu C:\WINDOWS\System32\hphmon05C:\HP\KBD\KBD.

07-04-13 Hijack logs Logfile of Hijack This v1.99.1Scan saved at AM, on 4/13/2007Platform: Windows XP SP2 (Win NT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16414)Running processes: C:\WINDOWS\System32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\Program Files\Microsoft Windows One Care Live\Antivirus\Ms Mp C:\WINDOWS\system32\C:\Program Files\Softex\Omni Pass\C:\WINDOWS\C:\Documents and Settings\Owner\Desktop\Hijack R1 - HKCU\Software\Microsoft\Internet Connection Wizard, Shell Next = - HKCU\Software\Microsoft\Windows\Current Version\Internet Settings, Proxy Override = localhost R3 - URLSearch Hook: Yahoo! EXEO4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD. EXEO4 - HKLM\..\Run: [Igfx Tray] C:\WINDOWS\System32\O4 - HKLM\..\Run: [Quick Time Task] "C:\Program Files\Quick Time\qttask.exe" -atboottime O4 - HKLM\..\Run: [i Tunes Helper] "C:\Program Files\i Tunes\i Tunes Helper.exe"O4 - HKLM\..\Run: [Quick Finder Scheduler] "c:\Program Files\Word Perfect Office 11\Programs\QFSCHD110. DLLO20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\Omni Pass\O20 - Winlogon Notify: Wga Logon - C:\WINDOWS\SYSTEM32\Wga O23 - Service: i Pod Service - Apple Computer, Inc. Advision]127.0.0.1 adviva.com127.0.0.1 ads.adviva.net127.0.0.1 adstats.adviva.net127.0.0.1 tracker.#[msvrl.dll]127.0.0.1 banners.affiliatefuel.com127.0.0.1 affiliatetarget.com127.0.0.1 fcds.affiliatetracking.net127.0.0.1 our.affiliatetracking.net127.0.0.1 partner.#[Troj/Subsear-A][Adware-SSF.dr]127.0.0.1 adserver.aim4media.com127.0.0.1 adtest.aim4media.com127.0.0.1 pops.aim4media.com127.0.0.1 crs.akamai.com127.0.0.1 soap.#[Spyware. Auto Startup]127.0.0.1 cploving.#[Trojan Clicker. ]127.0.0.1 perso.estat.com127.0.0.1 prof.estat.com127.0.0.1 Zone site]127.0.0.1 eu-adcenter.net127.0.0.1 thinknyc.eu-adcenter.net127.0.0.1 ugo.#[evidence-eliminator.com]127.0.0.1 Bar][Installer X Class]127.0.0.1 engage.everyone.net127.0.0.1 static.everyone.net127.0.0.1 exitexchange.com127.0.0.1 count.exitexchange.com127.0.0.1 images.exitexchange.com127.0.0.1 Zone site]127.0.0.1 #[EZCyber Search. A]127.0.0.1 net #[Grolier Network]127.0.0.1 micorsoft.com127.0.0.1 hijacker]127.0.0.1 adserver.mindshare.de127.0.0.1 Mini-Player]127.0.0.1 banner.missingkids.com127.0.0.1 ads.monster.com127.0.0.1 adserver.monster.com127.0.0.1 adserver.monster.com127.0.0.1 ads.monstermoving.com127.0.0.1 cookie.monster.com127.0.0.1 mp3today.net127.0.0.1 mpamexit.com127.0.0.1 msgtag.com127.0.0.1 img.#[Restricted Zone site]127.0.0.1 multi1co.uk127.0.0.1 #[Multimpp Obj Class][Adv Ware. Now Box]127.0.0.1 mediatickets.nubela.net127.0.0.1 nz127.0.0.1 okcounter.com127.0.0.1 net #[Trojan. C]127.0.0.1 stat.onestat.com127.0.0.1 one.ru127.0.0.1 ru127.0.0.1 stats0ru127.0.0.1 stats1ru127.0.0.1 stats2ru127.0.0.1 server1.opentracker.net127.0.0.1 ccc00.opinionlab.com127.0.0.1 rate.opinionlab.com127.0.0.1 net127.0.0.1 Organizer Class]127.0.0.1 com127.0.0.1 com127.0.0.1 otx5.otxresearch.com127.0.0.1 otx.#[OTXMedia.dll]127.0.0.1 Class]127.0.0.1 adpopper.#[bargain-buddy.net]127.0.0.1 click.payserve.com127.0.0.1 ad1com127.0.0.1 ad3com127.0.0.1 com127.0.0.1 ad4com127.0.0.1 ads5com127.0.0.1 com127.0.0.1 net127.0.0.1 ads.#[addynamix.com]127.0.0.1 banners.pennyweb.com127.0.0.1 D]127.0.0.1 ads.photosight.ru127.0.0.1 phpadsnew.com127.0.0.1 #[Backdoor.

EXE"O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [One Care UI] "C:\Program Files\Microsoft Windows One Care Live\winssnotify.exe"O4 - HKCU\..\Run: [Backup Notify] c:\Program Files\Hewlett-Packard\Digital Imaging\bin\O4 - HKCU\..\Run: [NVIEW] rundll32nview.dll,n View Load Hook O4 - HKCU\..\Run: [Real Player] "C:\Program Files\Real\Real One Player\realplay.exe" /Run UPGTool Command Re Boot O4 - HKCU\..\Run: [update Mgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\Adobe Update Ac Rd B7_0_9O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\O4 - Startup: Auto O4 - Global Startup: Adobe Reader Speed = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_O4 - Global Startup: HP Digital Imaging = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08O4 - Global Startup: Motorola Wireless USB = ? - C:\Program Files\i Pod\bin\i Pod O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32O23 - Service: Softex Omni Pass Service (omniserv) - Unknown owner - C:\Program Files\Softex\Omni Pass\O23 - Service: Ventrilo - Unknown owner - C:\Program Files\Vent Srv\ventrilo_O23 - Service: Windows Network Log Manage - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\MSInfo\Smit Fraud Fix v2.166Scan done at .25, Fri 04/13/2007Run from C:\Documents and Settings\Owner\Desktop\Smitfraud Fix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NTThe filesystem type is NTFSFix run in safe mode Shared Task Scheduler Before Smit Fraud Fix!!! Alexa][Alexa Toolbar]127.0.0.1 #[Backdoor-CIE]127.0.0.1 ads.as4#[Ticketmaster]127.0.0.1 net127.0.0.1 net127.0.0.1 ads.amazingmedia.com127.0.0.1 bohema.#[Trojan. H]127.0.0.1 adserver04.#[Real Media]127.0.0.1 ads.antionline.com127.0.0.1 net127.0.0.1 banner.arttoday.com127.0.0.1 #[amazon.com]127.0.0.1 #[UCSearch][W32. Surebar]127.0.0.1 ads.ezcybersearch.com127.0.0.1 everyone.net127.0.0.1 Search]127.0.0.1 ads.au127.0.0.1 au127.0.0.1 redirect.au127.0.0.1 campaigns.f2au127.0.0.1 Search][TROJ_STARTPAG. Bi Spy.o]127.0.0.1 mvtracker.com127.0.0.1 mvr3#[Nav Excel\n-CASE]127.0.0.1 #[Parasite. No Adware]127.0.0.1 ad.nobreak.com127.0.0.1 #[spam][server down?

O4 - Global Startup: Quicken Scheduled = C:\Program Files\Quicken\O4 - Global Startup: Updates from = C:\Program Files\Updates from HP\137903\Program\Back Web-137903O8 - Extra context menu item: &Yahoo! Attention, following keys are not inevitably infected!!! Ri Search Shared Task Scheduler's .dll[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Explorer\Shared Task Scheduler]""="frisbee"[HKEY_CLASSES_ROOT\CLSID\\In Proc Server32]@="C:\WINDOWS\system32\ygjun.dll"[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\\In Proc Server32]@="C:\WINDOWS\system32\ygjun.dll" Killing process hosts127.0.0.1 downloads.aaa1#[Bargin Buddy]127.0.0.1 dl.aaascreensavers.com127.0.0.1 abcsearch.com127.0.0.1 admin.abcsearch.com127.0.0.1 www3.#[Browseraid]127.0.0.1 abc517#[Trojan. Nav Excel]127.0.0.1 us127.0.0.1 ads.mydailyhoroscope.net127.0.0.1 Horoscope]127.0.0.1 com127.0.0.1 myhitlogger.com127.0.0.1 #[Parasite. My Page Finder]127.0.0.1 hit.namimedia.com127.0.0.1 ads.nandomedia.com127.0.0.1 #[Adware. Needed Ware]127.0.0.1 www6.netbroadcaster.com127.0.0.1 code.au127.0.0.1 money2.netfirms.com127.0.0.1 partner.netmechanic.com127.0.0.1 tracker.netmechanic.com127.0.0.1 counter.netmore.net127.0.0.1 ads.netsol.com127.0.0.1 ads.uk127.0.0.1 adq.nextag.com127.0.0.1 #[TROJ_DELF.

]]Term Service[[

EXE\"""Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide""One Care UI"="\"C:\\Program Files\\Microsoft Windows One Care Live\\winssnotify.exe\"" [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]"DWQueued Reporting"="\"C:\\PROGRA~1\\COMMON~1\\MICROS~1\\DW\\dwtrig20.exe\" -t"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"Disable Task Mgr"=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]""="frisbee"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]""="Microsoft Anti Malware Shell Execute Hook"HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]"Security Providers"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages REG_MULTI_SZ msv1_0\0\0 Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0 Notification Packages REG_MULTI_SZ scecli\0\0HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\One Care MP [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\Current Version\Svchost]Local Service REG_MULTI_SZ Alerter\0Web Client\0Lm Hosts\0Remote Registry\0upnphost\0SSDPSRV\0\0Network Service REG_MULTI_SZ Dns Cache\0\0rpcss REG_MULTI_SZ Rpc Ss\0\0imgsvc REG_MULTI_SZ Sti Svc\0\0termsvcs REG_MULTI_SZ Term Service\0\0HTTPFilter REG_MULTI_SZ HTTPFilter\0\0Dcom Launch REG_MULTI_SZ Dcom Launch\0Term Service\0\0Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\MP Scheduled Quick C:\WINDOWS\tasks\MP Scheduled C:\WINDOWS\tasks\MP Scheduled Signature C:\WINDOWS\tasks\Symantec Net Detect.job********************************************************************catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006 hidden processes ...scanning hidden services ...scanning hidden autostart entries ...scanning hidden files ..completed successfullyhidden processes: 0hidden services: 0hidden files: 0********************************************************************Completion time: 07-04-13 C:\Combo ... EXEO4 - HKLM\..\Run: [Storage Guard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [Tk Bell Exe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Auto TKit] C:\hp\bin\AUTOTKIT. EXE C:\WINDOWS\System32\Nv Cpl.dll, Nv Startup O4 - HKLM\..\Run: [nwiz] /installquiet /keeploaded /nodetect O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\O4 - HKLM\..\Run: [Alcx Monitor] ALCXMNTR. DLLO18 - Protocol: msnim - - C:\PROGRA~1\MSNMES~1\MSGRAP~1. Adtomi]127.0.0.1 downldcl.adtoolsinc.com127.0.0.1 survey.advantageresearch.com127.0.0.1 ad.tw127.0.0.1 ads.advertise.net127.0.0.1 #[Adware. Arm Bender]127.0.0.1 audiogalaxy.com127.0.0.1 Zone site]127.0.0.1 adserving.autotrader.com127.0.0.1 Moe Money]127.0.0.1 Page-DA]127.0.0.1 c.#[ah-ha.com]127.0.0.1 #[xzoomy.com]127.0.0.1 epeople.com127.0.0.1 errorpage404#[JS_TRAFFICHBAR. Tiny Bar]127.0.0.1 er.errorplace.com127.0.0.1 vipuk.#[123Messenger Hijacker]127.0.0.1 antivirus spyware]127.0.0.1 Page-EZ][server down? Meerhits.nl]127.0.0.1 pokpok.meerhits.nl127.0.0.1 exit.megago.com127.0.0.1 squatter]127.0.0.1 Zone site]127.0.0.1 If so, click it, then click the next icon right below and select "Move incurable". Please copy/paste the content of that report into your next reply.*****************************Launch HJThis,click 'Open the Misc Tools Section'. EXEC:\Program Files\Microsoft Windows One Care Live\Firewall\C:\Program Files\Microsoft Windows One Care Live\C:\Program Files\Softex\Omni Pass\C:\WINDOWS\Explorer. Download Plus]127.0.0.1 ad.tomshardware.com127.0.0.1 #[IEDLL. EXEC:\windows\system\C:\WINDOWS\System32\C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\C:\Program Files\HP\HP Software Update\HPWu C:\WINDOWS\System32\hphmon05C:\HP\KBD\KBD. 07-04-13 Hijack logs Logfile of Hijack This v1.99.1Scan saved at AM, on 4/13/2007Platform: Windows XP SP2 (Win NT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16414)Running processes: C:\WINDOWS\System32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\Program Files\Microsoft Windows One Care Live\Antivirus\Ms Mp C:\WINDOWS\system32\C:\Program Files\Softex\Omni Pass\C:\WINDOWS\C:\Documents and Settings\Owner\Desktop\Hijack R1 - HKCU\Software\Microsoft\Internet Connection Wizard, Shell Next = - HKCU\Software\Microsoft\Windows\Current Version\Internet Settings, Proxy Override = localhost R3 - URLSearch Hook: Yahoo! EXEO4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD. EXEO4 - HKLM\..\Run: [Igfx Tray] C:\WINDOWS\System32\O4 - HKLM\..\Run: [Quick Time Task] "C:\Program Files\Quick Time\qttask.exe" -atboottime O4 - HKLM\..\Run: [i Tunes Helper] "C:\Program Files\i Tunes\i Tunes Helper.exe"O4 - HKLM\..\Run: [Quick Finder Scheduler] "c:\Program Files\Word Perfect Office 11\Programs\QFSCHD110. DLLO20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\Omni Pass\O20 - Winlogon Notify: Wga Logon - C:\WINDOWS\SYSTEM32\Wga O23 - Service: i Pod Service - Apple Computer, Inc. Advision]127.0.0.1 adviva.com127.0.0.1 ads.adviva.net127.0.0.1 adstats.adviva.net127.0.0.1 tracker.#[msvrl.dll]127.0.0.1 banners.affiliatefuel.com127.0.0.1 affiliatetarget.com127.0.0.1 fcds.affiliatetracking.net127.0.0.1 our.affiliatetracking.net127.0.0.1 partner.#[Troj/Subsear-A][Adware-SSF.dr]127.0.0.1 adserver.aim4media.com127.0.0.1 adtest.aim4media.com127.0.0.1 pops.aim4media.com127.0.0.1 crs.akamai.com127.0.0.1 soap.#[Spyware. Auto Startup]127.0.0.1 cploving.#[Trojan Clicker. ]127.0.0.1 perso.estat.com127.0.0.1 prof.estat.com127.0.0.1 Zone site]127.0.0.1 eu-adcenter.net127.0.0.1 thinknyc.eu-adcenter.net127.0.0.1 ugo.#[evidence-eliminator.com]127.0.0.1 Bar][Installer X Class]127.0.0.1 engage.everyone.net127.0.0.1 static.everyone.net127.0.0.1 exitexchange.com127.0.0.1 count.exitexchange.com127.0.0.1 images.exitexchange.com127.0.0.1 Zone site]127.0.0.1 #[EZCyber Search. A]127.0.0.1 net #[Grolier Network]127.0.0.1 micorsoft.com127.0.0.1 hijacker]127.0.0.1 adserver.mindshare.de127.0.0.1 Mini-Player]127.0.0.1 banner.missingkids.com127.0.0.1 ads.monster.com127.0.0.1 adserver.monster.com127.0.0.1 adserver.monster.com127.0.0.1 ads.monstermoving.com127.0.0.1 cookie.monster.com127.0.0.1 mp3today.net127.0.0.1 mpamexit.com127.0.0.1 msgtag.com127.0.0.1 img.#[Restricted Zone site]127.0.0.1 multi1co.uk127.0.0.1 #[Multimpp Obj Class][Adv Ware. Now Box]127.0.0.1 mediatickets.nubela.net127.0.0.1 nz127.0.0.1 okcounter.com127.0.0.1 net #[Trojan. C]127.0.0.1 stat.onestat.com127.0.0.1 one.ru127.0.0.1 ru127.0.0.1 stats0ru127.0.0.1 stats1ru127.0.0.1 stats2ru127.0.0.1 server1.opentracker.net127.0.0.1 ccc00.opinionlab.com127.0.0.1 rate.opinionlab.com127.0.0.1 net127.0.0.1 Organizer Class]127.0.0.1 com127.0.0.1 com127.0.0.1 otx5.otxresearch.com127.0.0.1 otx.#[OTXMedia.dll]127.0.0.1 Class]127.0.0.1 adpopper.#[bargain-buddy.net]127.0.0.1 click.payserve.com127.0.0.1 ad1com127.0.0.1 ad3com127.0.0.1 com127.0.0.1 ad4com127.0.0.1 ads5com127.0.0.1 com127.0.0.1 net127.0.0.1 ads.#[addynamix.com]127.0.0.1 banners.pennyweb.com127.0.0.1 D]127.0.0.1 ads.photosight.ru127.0.0.1 phpadsnew.com127.0.0.1 #[Backdoor. EXE"O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [One Care UI] "C:\Program Files\Microsoft Windows One Care Live\winssnotify.exe"O4 - HKCU\..\Run: [Backup Notify] c:\Program Files\Hewlett-Packard\Digital Imaging\bin\O4 - HKCU\..\Run: [NVIEW] rundll32nview.dll,n View Load Hook O4 - HKCU\..\Run: [Real Player] "C:\Program Files\Real\Real One Player\realplay.exe" /Run UPGTool Command Re Boot O4 - HKCU\..\Run: [update Mgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\Adobe Update Ac Rd B7_0_9O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\O4 - Startup: Auto O4 - Global Startup: Adobe Reader Speed = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_O4 - Global Startup: HP Digital Imaging = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08O4 - Global Startup: Motorola Wireless USB = ? - C:\Program Files\i Pod\bin\i Pod O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32O23 - Service: Softex Omni Pass Service (omniserv) - Unknown owner - C:\Program Files\Softex\Omni Pass\O23 - Service: Ventrilo - Unknown owner - C:\Program Files\Vent Srv\ventrilo_O23 - Service: Windows Network Log Manage - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\MSInfo\Smit Fraud Fix v2.166Scan done at .25, Fri 04/13/2007Run from C:\Documents and Settings\Owner\Desktop\Smitfraud Fix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NTThe filesystem type is NTFSFix run in safe mode Shared Task Scheduler Before Smit Fraud Fix!!! Alexa][Alexa Toolbar]127.0.0.1 #[Backdoor-CIE]127.0.0.1 ads.as4#[Ticketmaster]127.0.0.1 net127.0.0.1 net127.0.0.1 ads.amazingmedia.com127.0.0.1 bohema.#[Trojan. H]127.0.0.1 adserver04.#[Real Media]127.0.0.1 ads.antionline.com127.0.0.1 net127.0.0.1 banner.arttoday.com127.0.0.1 #[amazon.com]127.0.0.1 #[UCSearch][W32. Surebar]127.0.0.1 ads.ezcybersearch.com127.0.0.1 everyone.net127.0.0.1 Search]127.0.0.1 ads.au127.0.0.1 au127.0.0.1 redirect.au127.0.0.1 campaigns.f2au127.0.0.1 Search][TROJ_STARTPAG. Bi Spy.o]127.0.0.1 mvtracker.com127.0.0.1 mvr3#[Nav Excel\n-CASE]127.0.0.1 #[Parasite. No Adware]127.0.0.1 ad.nobreak.com127.0.0.1 #[spam][server down? O4 - Global Startup: Quicken Scheduled = C:\Program Files\Quicken\O4 - Global Startup: Updates from = C:\Program Files\Updates from HP\137903\Program\Back Web-137903O8 - Extra context menu item: &Yahoo! Attention, following keys are not inevitably infected!!! Ri Search Shared Task Scheduler's .dll[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Explorer\Shared Task Scheduler]""="frisbee"[HKEY_CLASSES_ROOT\CLSID\\In Proc Server32]@="C:\WINDOWS\system32\ygjun.dll"[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\\In Proc Server32]@="C:\WINDOWS\system32\ygjun.dll" Killing process hosts127.0.0.1 downloads.aaa1#[Bargin Buddy]127.0.0.1 dl.aaascreensavers.com127.0.0.1 abcsearch.com127.0.0.1 admin.abcsearch.com127.0.0.1 www3.#[Browseraid]127.0.0.1 abc517#[Trojan. Nav Excel]127.0.0.1 us127.0.0.1 ads.mydailyhoroscope.net127.0.0.1 Horoscope]127.0.0.1 com127.0.0.1 myhitlogger.com127.0.0.1 #[Parasite. My Page Finder]127.0.0.1 hit.namimedia.com127.0.0.1 ads.nandomedia.com127.0.0.1 #[Adware. Needed Ware]127.0.0.1 www6.netbroadcaster.com127.0.0.1 code.au127.0.0.1 money2.netfirms.com127.0.0.1 partner.netmechanic.com127.0.0.1 tracker.netmechanic.com127.0.0.1 counter.netmore.net127.0.0.1 ads.netsol.com127.0.0.1 ads.uk127.0.0.1 adq.nextag.com127.0.0.1 #[TROJ_DELF.

||

EXE\"""Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide""One Care UI"="\"C:\\Program Files\\Microsoft Windows One Care Live\\winssnotify.exe\"" [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]"DWQueued Reporting"="\"C:\\PROGRA~1\\COMMON~1\\MICROS~1\\DW\\dwtrig20.exe\" -t"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"Disable Task Mgr"=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]""="frisbee"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]""="Microsoft Anti Malware Shell Execute Hook"HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]"Security Providers"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages REG_MULTI_SZ msv1_0\0\0 Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0 Notification Packages REG_MULTI_SZ scecli\0\0HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\One Care MP [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\Current Version\Svchost]Local Service REG_MULTI_SZ Alerter\0Web Client\0Lm Hosts\0Remote Registry\0upnphost\0SSDPSRV\0\0Network Service REG_MULTI_SZ Dns Cache\0\0rpcss REG_MULTI_SZ Rpc Ss\0\0imgsvc REG_MULTI_SZ Sti Svc\0\0termsvcs REG_MULTI_SZ Term Service\0\0HTTPFilter REG_MULTI_SZ HTTPFilter\0\0Dcom Launch REG_MULTI_SZ Dcom Launch\0Term Service\0\0Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\MP Scheduled Quick C:\WINDOWS\tasks\MP Scheduled C:\WINDOWS\tasks\MP Scheduled Signature C:\WINDOWS\tasks\Symantec Net Detect.job********************************************************************catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006 hidden processes ...scanning hidden services ...scanning hidden autostart entries ...scanning hidden files ..completed successfullyhidden processes: 0hidden services: 0hidden files: 0********************************************************************Completion time: 07-04-13 C:\Combo ... EXEO4 - HKLM\..\Run: [Storage Guard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [Tk Bell Exe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Auto TKit] C:\hp\bin\AUTOTKIT. EXE C:\WINDOWS\System32\Nv Cpl.dll, Nv Startup O4 - HKLM\..\Run: [nwiz] /installquiet /keeploaded /nodetect O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\O4 - HKLM\..\Run: [Alcx Monitor] ALCXMNTR. DLLO18 - Protocol: msnim - - C:\PROGRA~1\MSNMES~1\MSGRAP~1. Adtomi]127.0.0.1 downldcl.adtoolsinc.com127.0.0.1 survey.advantageresearch.com127.0.0.1 ad.tw127.0.0.1 ads.advertise.net127.0.0.1 #[Adware. Arm Bender]127.0.0.1 audiogalaxy.com127.0.0.1 Zone site]127.0.0.1 adserving.autotrader.com127.0.0.1 Moe Money]127.0.0.1 Page-DA]127.0.0.1 c.#[ah-ha.com]127.0.0.1 #[xzoomy.com]127.0.0.1 epeople.com127.0.0.1 errorpage404#[JS_TRAFFICHBAR. Tiny Bar]127.0.0.1 er.errorplace.com127.0.0.1 vipuk.#[123Messenger Hijacker]127.0.0.1 antivirus spyware]127.0.0.1 Page-EZ][server down? Meerhits.nl]127.0.0.1 pokpok.meerhits.nl127.0.0.1 exit.megago.com127.0.0.1 squatter]127.0.0.1 Zone site]127.0.0.1

If so, click it, then click the next icon right below and select "Move incurable". Please copy/paste the content of that report into your next reply.*****************************Launch HJThis,click 'Open the Misc Tools Section'. EXEC:\Program Files\Microsoft Windows One Care Live\Firewall\C:\Program Files\Microsoft Windows One Care Live\C:\Program Files\Softex\Omni Pass\C:\WINDOWS\Explorer. Download Plus]127.0.0.1 ad.tomshardware.com127.0.0.1 #[IEDLL.

EXEC:\windows\system\C:\WINDOWS\System32\C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\C:\Program Files\HP\HP Software Update\HPWu C:\WINDOWS\System32\hphmon05C:\HP\KBD\KBD.

07-04-13 Hijack logs Logfile of Hijack This v1.99.1Scan saved at AM, on 4/13/2007Platform: Windows XP SP2 (Win NT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16414)Running processes: C:\WINDOWS\System32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\Program Files\Microsoft Windows One Care Live\Antivirus\Ms Mp C:\WINDOWS\system32\C:\Program Files\Softex\Omni Pass\C:\WINDOWS\C:\Documents and Settings\Owner\Desktop\Hijack R1 - HKCU\Software\Microsoft\Internet Connection Wizard, Shell Next = - HKCU\Software\Microsoft\Windows\Current Version\Internet Settings, Proxy Override = localhost R3 - URLSearch Hook: Yahoo! EXEO4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD. EXEO4 - HKLM\..\Run: [Igfx Tray] C:\WINDOWS\System32\O4 - HKLM\..\Run: [Quick Time Task] "C:\Program Files\Quick Time\qttask.exe" -atboottime O4 - HKLM\..\Run: [i Tunes Helper] "C:\Program Files\i Tunes\i Tunes Helper.exe"O4 - HKLM\..\Run: [Quick Finder Scheduler] "c:\Program Files\Word Perfect Office 11\Programs\QFSCHD110. DLLO20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\Omni Pass\O20 - Winlogon Notify: Wga Logon - C:\WINDOWS\SYSTEM32\Wga O23 - Service: i Pod Service - Apple Computer, Inc. Advision]127.0.0.1 adviva.com127.0.0.1 ads.adviva.net127.0.0.1 adstats.adviva.net127.0.0.1 tracker.#[msvrl.dll]127.0.0.1 banners.affiliatefuel.com127.0.0.1 affiliatetarget.com127.0.0.1 fcds.affiliatetracking.net127.0.0.1 our.affiliatetracking.net127.0.0.1 partner.#[Troj/Subsear-A][Adware-SSF.dr]127.0.0.1 adserver.aim4media.com127.0.0.1 adtest.aim4media.com127.0.0.1 pops.aim4media.com127.0.0.1 crs.akamai.com127.0.0.1 soap.#[Spyware. Auto Startup]127.0.0.1 cploving.#[Trojan Clicker. ]127.0.0.1 perso.estat.com127.0.0.1 prof.estat.com127.0.0.1 Zone site]127.0.0.1 eu-adcenter.net127.0.0.1 thinknyc.eu-adcenter.net127.0.0.1 ugo.#[evidence-eliminator.com]127.0.0.1 Bar][Installer X Class]127.0.0.1 engage.everyone.net127.0.0.1 static.everyone.net127.0.0.1 exitexchange.com127.0.0.1 count.exitexchange.com127.0.0.1 images.exitexchange.com127.0.0.1 Zone site]127.0.0.1 #[EZCyber Search. A]127.0.0.1 net #[Grolier Network]127.0.0.1 micorsoft.com127.0.0.1 hijacker]127.0.0.1 adserver.mindshare.de127.0.0.1 Mini-Player]127.0.0.1 banner.missingkids.com127.0.0.1 ads.monster.com127.0.0.1 adserver.monster.com127.0.0.1 adserver.monster.com127.0.0.1 ads.monstermoving.com127.0.0.1 cookie.monster.com127.0.0.1 mp3today.net127.0.0.1 mpamexit.com127.0.0.1 msgtag.com127.0.0.1 img.#[Restricted Zone site]127.0.0.1 multi1co.uk127.0.0.1 #[Multimpp Obj Class][Adv Ware. Now Box]127.0.0.1 mediatickets.nubela.net127.0.0.1 nz127.0.0.1 okcounter.com127.0.0.1 net #[Trojan. C]127.0.0.1 stat.onestat.com127.0.0.1 one.ru127.0.0.1 ru127.0.0.1 stats0ru127.0.0.1 stats1ru127.0.0.1 stats2ru127.0.0.1 server1.opentracker.net127.0.0.1 ccc00.opinionlab.com127.0.0.1 rate.opinionlab.com127.0.0.1 net127.0.0.1 Organizer Class]127.0.0.1 com127.0.0.1 com127.0.0.1 otx5.otxresearch.com127.0.0.1 otx.#[OTXMedia.dll]127.0.0.1 Class]127.0.0.1 adpopper.#[bargain-buddy.net]127.0.0.1 click.payserve.com127.0.0.1 ad1com127.0.0.1 ad3com127.0.0.1 com127.0.0.1 ad4com127.0.0.1 ads5com127.0.0.1 com127.0.0.1 net127.0.0.1 ads.#[addynamix.com]127.0.0.1 banners.pennyweb.com127.0.0.1 D]127.0.0.1 ads.photosight.ru127.0.0.1 phpadsnew.com127.0.0.1 #[Backdoor.

EXE"O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [One Care UI] "C:\Program Files\Microsoft Windows One Care Live\winssnotify.exe"O4 - HKCU\..\Run: [Backup Notify] c:\Program Files\Hewlett-Packard\Digital Imaging\bin\O4 - HKCU\..\Run: [NVIEW] rundll32nview.dll,n View Load Hook O4 - HKCU\..\Run: [Real Player] "C:\Program Files\Real\Real One Player\realplay.exe" /Run UPGTool Command Re Boot O4 - HKCU\..\Run: [update Mgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\Adobe Update Ac Rd B7_0_9O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\O4 - Startup: Auto O4 - Global Startup: Adobe Reader Speed = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_O4 - Global Startup: HP Digital Imaging = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08O4 - Global Startup: Motorola Wireless USB = ? - C:\Program Files\i Pod\bin\i Pod O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32O23 - Service: Softex Omni Pass Service (omniserv) - Unknown owner - C:\Program Files\Softex\Omni Pass\O23 - Service: Ventrilo - Unknown owner - C:\Program Files\Vent Srv\ventrilo_O23 - Service: Windows Network Log Manage - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\MSInfo\Smit Fraud Fix v2.166Scan done at .25, Fri 04/13/2007Run from C:\Documents and Settings\Owner\Desktop\Smitfraud Fix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NTThe filesystem type is NTFSFix run in safe mode Shared Task Scheduler Before Smit Fraud Fix!!! Alexa][Alexa Toolbar]127.0.0.1 #[Backdoor-CIE]127.0.0.1 ads.as4#[Ticketmaster]127.0.0.1 net127.0.0.1 net127.0.0.1 ads.amazingmedia.com127.0.0.1 bohema.#[Trojan. H]127.0.0.1 adserver04.#[Real Media]127.0.0.1 ads.antionline.com127.0.0.1 net127.0.0.1 banner.arttoday.com127.0.0.1 #[amazon.com]127.0.0.1 #[UCSearch][W32. Surebar]127.0.0.1 ads.ezcybersearch.com127.0.0.1 everyone.net127.0.0.1 Search]127.0.0.1 ads.au127.0.0.1 au127.0.0.1 redirect.au127.0.0.1 campaigns.f2au127.0.0.1 Search][TROJ_STARTPAG. Bi Spy.o]127.0.0.1 mvtracker.com127.0.0.1 mvr3#[Nav Excel\n-CASE]127.0.0.1 #[Parasite. No Adware]127.0.0.1 ad.nobreak.com127.0.0.1 #[spam][server down?

O4 - Global Startup: Quicken Scheduled = C:\Program Files\Quicken\O4 - Global Startup: Updates from = C:\Program Files\Updates from HP\137903\Program\Back Web-137903O8 - Extra context menu item: &Yahoo! Attention, following keys are not inevitably infected!!! Ri Search Shared Task Scheduler's .dll[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Explorer\Shared Task Scheduler]""="frisbee"[HKEY_CLASSES_ROOT\CLSID\\In Proc Server32]@="C:\WINDOWS\system32\ygjun.dll"[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\\In Proc Server32]@="C:\WINDOWS\system32\ygjun.dll" Killing process hosts127.0.0.1 downloads.aaa1#[Bargin Buddy]127.0.0.1 dl.aaascreensavers.com127.0.0.1 abcsearch.com127.0.0.1 admin.abcsearch.com127.0.0.1 www3.#[Browseraid]127.0.0.1 abc517#[Trojan. Nav Excel]127.0.0.1 us127.0.0.1 ads.mydailyhoroscope.net127.0.0.1 Horoscope]127.0.0.1 com127.0.0.1 myhitlogger.com127.0.0.1 #[Parasite. My Page Finder]127.0.0.1 hit.namimedia.com127.0.0.1 ads.nandomedia.com127.0.0.1 #[Adware. Needed Ware]127.0.0.1 www6.netbroadcaster.com127.0.0.1 code.au127.0.0.1 money2.netfirms.com127.0.0.1 partner.netmechanic.com127.0.0.1 tracker.netmechanic.com127.0.0.1 counter.netmore.net127.0.0.1 ads.netsol.com127.0.0.1 ads.uk127.0.0.1 adq.nextag.com127.0.0.1 #[TROJ_DELF.

]][[

EXE\"""Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide""One Care UI"="\"C:\\Program Files\\Microsoft Windows One Care Live\\winssnotify.exe\"" [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]"DWQueued Reporting"="\"C:\\PROGRA~1\\COMMON~1\\MICROS~1\\DW\\dwtrig20.exe\" -t"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"Disable Task Mgr"=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]""="frisbee"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]""="Microsoft Anti Malware Shell Execute Hook"HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]"Security Providers"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages REG_MULTI_SZ msv1_0\0\0 Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0 Notification Packages REG_MULTI_SZ scecli\0\0HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\One Care MP [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\Current Version\Svchost]Local Service REG_MULTI_SZ Alerter\0Web Client\0Lm Hosts\0Remote Registry\0upnphost\0SSDPSRV\0\0Network Service REG_MULTI_SZ Dns Cache\0\0rpcss REG_MULTI_SZ Rpc Ss\0\0imgsvc REG_MULTI_SZ Sti Svc\0\0termsvcs REG_MULTI_SZ Term Service\0\0HTTPFilter REG_MULTI_SZ HTTPFilter\0\0Dcom Launch REG_MULTI_SZ Dcom Launch\0Term Service\0\0Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\MP Scheduled Quick C:\WINDOWS\tasks\MP Scheduled C:\WINDOWS\tasks\MP Scheduled Signature C:\WINDOWS\tasks\Symantec Net Detect.job********************************************************************catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006 hidden processes ...scanning hidden services ...scanning hidden autostart entries ...scanning hidden files ..completed successfullyhidden processes: 0hidden services: 0hidden files: 0********************************************************************Completion time: 07-04-13 C:\Combo ... EXEO4 - HKLM\..\Run: [Storage Guard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [Tk Bell Exe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Auto TKit] C:\hp\bin\AUTOTKIT. EXE C:\WINDOWS\System32\Nv Cpl.dll, Nv Startup O4 - HKLM\..\Run: [nwiz] /installquiet /keeploaded /nodetect O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\O4 - HKLM\..\Run: [Alcx Monitor] ALCXMNTR. DLLO18 - Protocol: msnim - - C:\PROGRA~1\MSNMES~1\MSGRAP~1. Adtomi]127.0.0.1 downldcl.adtoolsinc.com127.0.0.1 survey.advantageresearch.com127.0.0.1 ad.tw127.0.0.1 ads.advertise.net127.0.0.1 #[Adware. Arm Bender]127.0.0.1 audiogalaxy.com127.0.0.1 Zone site]127.0.0.1 adserving.autotrader.com127.0.0.1 Moe Money]127.0.0.1 Page-DA]127.0.0.1 c.#[ah-ha.com]127.0.0.1 #[xzoomy.com]127.0.0.1 epeople.com127.0.0.1 errorpage404#[JS_TRAFFICHBAR. Tiny Bar]127.0.0.1 er.errorplace.com127.0.0.1 vipuk.#[123Messenger Hijacker]127.0.0.1 antivirus spyware]127.0.0.1 Page-EZ][server down? Meerhits.nl]127.0.0.1 pokpok.meerhits.nl127.0.0.1 exit.megago.com127.0.0.1 squatter]127.0.0.1 Zone site]127.0.0.1 If so, click it, then click the next icon right below and select "Move incurable". Please copy/paste the content of that report into your next reply.*****************************Launch HJThis,click 'Open the Misc Tools Section'. EXEC:\Program Files\Microsoft Windows One Care Live\Firewall\C:\Program Files\Microsoft Windows One Care Live\C:\Program Files\Softex\Omni Pass\C:\WINDOWS\Explorer. Download Plus]127.0.0.1 ad.tomshardware.com127.0.0.1 #[IEDLL. EXEC:\windows\system\C:\WINDOWS\System32\C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\C:\Program Files\HP\HP Software Update\HPWu C:\WINDOWS\System32\hphmon05C:\HP\KBD\KBD. 07-04-13 Hijack logs Logfile of Hijack This v1.99.1Scan saved at AM, on 4/13/2007Platform: Windows XP SP2 (Win NT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16414)Running processes: C:\WINDOWS\System32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\Program Files\Microsoft Windows One Care Live\Antivirus\Ms Mp C:\WINDOWS\system32\C:\Program Files\Softex\Omni Pass\C:\WINDOWS\C:\Documents and Settings\Owner\Desktop\Hijack R1 - HKCU\Software\Microsoft\Internet Connection Wizard, Shell Next = - HKCU\Software\Microsoft\Windows\Current Version\Internet Settings, Proxy Override = localhost R3 - URLSearch Hook: Yahoo! EXEO4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD. EXEO4 - HKLM\..\Run: [Igfx Tray] C:\WINDOWS\System32\O4 - HKLM\..\Run: [Quick Time Task] "C:\Program Files\Quick Time\qttask.exe" -atboottime O4 - HKLM\..\Run: [i Tunes Helper] "C:\Program Files\i Tunes\i Tunes Helper.exe"O4 - HKLM\..\Run: [Quick Finder Scheduler] "c:\Program Files\Word Perfect Office 11\Programs\QFSCHD110. DLLO20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\Omni Pass\O20 - Winlogon Notify: Wga Logon - C:\WINDOWS\SYSTEM32\Wga O23 - Service: i Pod Service - Apple Computer, Inc. Advision]127.0.0.1 adviva.com127.0.0.1 ads.adviva.net127.0.0.1 adstats.adviva.net127.0.0.1 tracker.#[msvrl.dll]127.0.0.1 banners.affiliatefuel.com127.0.0.1 affiliatetarget.com127.0.0.1 fcds.affiliatetracking.net127.0.0.1 our.affiliatetracking.net127.0.0.1 partner.#[Troj/Subsear-A][Adware-SSF.dr]127.0.0.1 adserver.aim4media.com127.0.0.1 adtest.aim4media.com127.0.0.1 pops.aim4media.com127.0.0.1 crs.akamai.com127.0.0.1 soap.#[Spyware. Auto Startup]127.0.0.1 cploving.#[Trojan Clicker. ]127.0.0.1 perso.estat.com127.0.0.1 prof.estat.com127.0.0.1 Zone site]127.0.0.1 eu-adcenter.net127.0.0.1 thinknyc.eu-adcenter.net127.0.0.1 ugo.#[evidence-eliminator.com]127.0.0.1 Bar][Installer X Class]127.0.0.1 engage.everyone.net127.0.0.1 static.everyone.net127.0.0.1 exitexchange.com127.0.0.1 count.exitexchange.com127.0.0.1 images.exitexchange.com127.0.0.1 Zone site]127.0.0.1 #[EZCyber Search. A]127.0.0.1 net #[Grolier Network]127.0.0.1 micorsoft.com127.0.0.1 hijacker]127.0.0.1 adserver.mindshare.de127.0.0.1 Mini-Player]127.0.0.1 banner.missingkids.com127.0.0.1 ads.monster.com127.0.0.1 adserver.monster.com127.0.0.1 adserver.monster.com127.0.0.1 ads.monstermoving.com127.0.0.1 cookie.monster.com127.0.0.1 mp3today.net127.0.0.1 mpamexit.com127.0.0.1 msgtag.com127.0.0.1 img.#[Restricted Zone site]127.0.0.1 multi1co.uk127.0.0.1 #[Multimpp Obj Class][Adv Ware. Now Box]127.0.0.1 mediatickets.nubela.net127.0.0.1 nz127.0.0.1 okcounter.com127.0.0.1 net #[Trojan. C]127.0.0.1 stat.onestat.com127.0.0.1 one.ru127.0.0.1 ru127.0.0.1 stats0ru127.0.0.1 stats1ru127.0.0.1 stats2ru127.0.0.1 server1.opentracker.net127.0.0.1 ccc00.opinionlab.com127.0.0.1 rate.opinionlab.com127.0.0.1 net127.0.0.1 Organizer Class]127.0.0.1 com127.0.0.1 com127.0.0.1 otx5.otxresearch.com127.0.0.1 otx.#[OTXMedia.dll]127.0.0.1 Class]127.0.0.1 adpopper.#[bargain-buddy.net]127.0.0.1 click.payserve.com127.0.0.1 ad1com127.0.0.1 ad3com127.0.0.1 com127.0.0.1 ad4com127.0.0.1 ads5com127.0.0.1 com127.0.0.1 net127.0.0.1 ads.#[addynamix.com]127.0.0.1 banners.pennyweb.com127.0.0.1 D]127.0.0.1 ads.photosight.ru127.0.0.1 phpadsnew.com127.0.0.1 #[Backdoor. EXE"O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [One Care UI] "C:\Program Files\Microsoft Windows One Care Live\winssnotify.exe"O4 - HKCU\..\Run: [Backup Notify] c:\Program Files\Hewlett-Packard\Digital Imaging\bin\O4 - HKCU\..\Run: [NVIEW] rundll32nview.dll,n View Load Hook O4 - HKCU\..\Run: [Real Player] "C:\Program Files\Real\Real One Player\realplay.exe" /Run UPGTool Command Re Boot O4 - HKCU\..\Run: [update Mgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\Adobe Update Ac Rd B7_0_9O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\O4 - Startup: Auto O4 - Global Startup: Adobe Reader Speed = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_O4 - Global Startup: HP Digital Imaging = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08O4 - Global Startup: Motorola Wireless USB = ? - C:\Program Files\i Pod\bin\i Pod O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32O23 - Service: Softex Omni Pass Service (omniserv) - Unknown owner - C:\Program Files\Softex\Omni Pass\O23 - Service: Ventrilo - Unknown owner - C:\Program Files\Vent Srv\ventrilo_O23 - Service: Windows Network Log Manage - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\MSInfo\Smit Fraud Fix v2.166Scan done at .25, Fri 04/13/2007Run from C:\Documents and Settings\Owner\Desktop\Smitfraud Fix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NTThe filesystem type is NTFSFix run in safe mode Shared Task Scheduler Before Smit Fraud Fix!!! Alexa][Alexa Toolbar]127.0.0.1 #[Backdoor-CIE]127.0.0.1 ads.as4#[Ticketmaster]127.0.0.1 net127.0.0.1 net127.0.0.1 ads.amazingmedia.com127.0.0.1 bohema.#[Trojan. H]127.0.0.1 adserver04.#[Real Media]127.0.0.1 ads.antionline.com127.0.0.1 net127.0.0.1 banner.arttoday.com127.0.0.1 #[amazon.com]127.0.0.1 #[UCSearch][W32. Surebar]127.0.0.1 ads.ezcybersearch.com127.0.0.1 everyone.net127.0.0.1 Search]127.0.0.1 ads.au127.0.0.1 au127.0.0.1 redirect.au127.0.0.1 campaigns.f2au127.0.0.1 Search][TROJ_STARTPAG. Bi Spy.o]127.0.0.1 mvtracker.com127.0.0.1 mvr3#[Nav Excel\n-CASE]127.0.0.1 #[Parasite. No Adware]127.0.0.1 ad.nobreak.com127.0.0.1 #[spam][server down? O4 - Global Startup: Quicken Scheduled = C:\Program Files\Quicken\O4 - Global Startup: Updates from = C:\Program Files\Updates from HP\137903\Program\Back Web-137903O8 - Extra context menu item: &Yahoo! Attention, following keys are not inevitably infected!!! Ri Search Shared Task Scheduler's .dll[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Explorer\Shared Task Scheduler]""="frisbee"[HKEY_CLASSES_ROOT\CLSID\\In Proc Server32]@="C:\WINDOWS\system32\ygjun.dll"[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\\In Proc Server32]@="C:\WINDOWS\system32\ygjun.dll" Killing process hosts127.0.0.1 downloads.aaa1#[Bargin Buddy]127.0.0.1 dl.aaascreensavers.com127.0.0.1 abcsearch.com127.0.0.1 admin.abcsearch.com127.0.0.1 www3.#[Browseraid]127.0.0.1 abc517#[Trojan. Nav Excel]127.0.0.1 us127.0.0.1 ads.mydailyhoroscope.net127.0.0.1 Horoscope]127.0.0.1 com127.0.0.1 myhitlogger.com127.0.0.1 #[Parasite. My Page Finder]127.0.0.1 hit.namimedia.com127.0.0.1 ads.nandomedia.com127.0.0.1 #[Adware. Needed Ware]127.0.0.1 www6.netbroadcaster.com127.0.0.1 code.au127.0.0.1 money2.netfirms.com127.0.0.1 partner.netmechanic.com127.0.0.1 tracker.netmechanic.com127.0.0.1 counter.netmore.net127.0.0.1 ads.netsol.com127.0.0.1 ads.uk127.0.0.1 adq.nextag.com127.0.0.1 #[TROJ_DELF.

||

EXE\"""Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide""One Care UI"="\"C:\\Program Files\\Microsoft Windows One Care Live\\winssnotify.exe\"" [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]"DWQueued Reporting"="\"C:\\PROGRA~1\\COMMON~1\\MICROS~1\\DW\\dwtrig20.exe\" -t"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"Disable Task Mgr"=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]""="frisbee"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]""="Microsoft Anti Malware Shell Execute Hook"HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]"Security Providers"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages REG_MULTI_SZ msv1_0\0\0 Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0 Notification Packages REG_MULTI_SZ scecli\0\0HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\One Care MP [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\Current Version\Svchost]Local Service REG_MULTI_SZ Alerter\0Web Client\0Lm Hosts\0Remote Registry\0upnphost\0SSDPSRV\0\0Network Service REG_MULTI_SZ Dns Cache\0\0rpcss REG_MULTI_SZ Rpc Ss\0\0imgsvc REG_MULTI_SZ Sti Svc\0\0termsvcs REG_MULTI_SZ Term Service\0\0HTTPFilter REG_MULTI_SZ HTTPFilter\0\0Dcom Launch REG_MULTI_SZ Dcom Launch\0Term Service\0\0Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\MP Scheduled Quick C:\WINDOWS\tasks\MP Scheduled C:\WINDOWS\tasks\MP Scheduled Signature C:\WINDOWS\tasks\Symantec Net Detect.job********************************************************************catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006 hidden processes ...scanning hidden services ...scanning hidden autostart entries ...scanning hidden files ..completed successfullyhidden processes: 0hidden services: 0hidden files: 0********************************************************************Completion time: 07-04-13 C:\Combo ... EXEO4 - HKLM\..\Run: [Storage Guard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [Tk Bell Exe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Auto TKit] C:\hp\bin\AUTOTKIT. EXE C:\WINDOWS\System32\Nv Cpl.dll, Nv Startup O4 - HKLM\..\Run: [nwiz] /installquiet /keeploaded /nodetect O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\O4 - HKLM\..\Run: [Alcx Monitor] ALCXMNTR. DLLO18 - Protocol: msnim - - C:\PROGRA~1\MSNMES~1\MSGRAP~1. Adtomi]127.0.0.1 downldcl.adtoolsinc.com127.0.0.1 survey.advantageresearch.com127.0.0.1 ad.tw127.0.0.1 ads.advertise.net127.0.0.1 #[Adware. Arm Bender]127.0.0.1 audiogalaxy.com127.0.0.1 Zone site]127.0.0.1 adserving.autotrader.com127.0.0.1 Moe Money]127.0.0.1 Page-DA]127.0.0.1 c.#[ah-ha.com]127.0.0.1 #[xzoomy.com]127.0.0.1 epeople.com127.0.0.1 errorpage404#[JS_TRAFFICHBAR. Tiny Bar]127.0.0.1 er.errorplace.com127.0.0.1 vipuk.#[123Messenger Hijacker]127.0.0.1 antivirus spyware]127.0.0.1 Page-EZ][server down? Meerhits.nl]127.0.0.1 pokpok.meerhits.nl127.0.0.1 exit.megago.com127.0.0.1 squatter]127.0.0.1 Zone site]127.0.0.1

If so, click it, then click the next icon right below and select "Move incurable". Please copy/paste the content of that report into your next reply.*****************************Launch HJThis,click 'Open the Misc Tools Section'. EXEC:\Program Files\Microsoft Windows One Care Live\Firewall\C:\Program Files\Microsoft Windows One Care Live\C:\Program Files\Softex\Omni Pass\C:\WINDOWS\Explorer. Download Plus]127.0.0.1 ad.tomshardware.com127.0.0.1 #[IEDLL.

EXEC:\windows\system\C:\WINDOWS\System32\C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\C:\Program Files\HP\HP Software Update\HPWu C:\WINDOWS\System32\hphmon05C:\HP\KBD\KBD.

07-04-13 Hijack logs Logfile of Hijack This v1.99.1Scan saved at AM, on 4/13/2007Platform: Windows XP SP2 (Win NT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16414)Running processes: C:\WINDOWS\System32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\Program Files\Microsoft Windows One Care Live\Antivirus\Ms Mp C:\WINDOWS\system32\C:\Program Files\Softex\Omni Pass\C:\WINDOWS\C:\Documents and Settings\Owner\Desktop\Hijack R1 - HKCU\Software\Microsoft\Internet Connection Wizard, Shell Next = - HKCU\Software\Microsoft\Windows\Current Version\Internet Settings, Proxy Override = localhost R3 - URLSearch Hook: Yahoo! EXEO4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD. EXEO4 - HKLM\..\Run: [Igfx Tray] C:\WINDOWS\System32\O4 - HKLM\..\Run: [Quick Time Task] "C:\Program Files\Quick Time\qttask.exe" -atboottime O4 - HKLM\..\Run: [i Tunes Helper] "C:\Program Files\i Tunes\i Tunes Helper.exe"O4 - HKLM\..\Run: [Quick Finder Scheduler] "c:\Program Files\Word Perfect Office 11\Programs\QFSCHD110. DLLO20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\Omni Pass\O20 - Winlogon Notify: Wga Logon - C:\WINDOWS\SYSTEM32\Wga O23 - Service: i Pod Service - Apple Computer, Inc. Advision]127.0.0.1 adviva.com127.0.0.1 ads.adviva.net127.0.0.1 adstats.adviva.net127.0.0.1 tracker.#[msvrl.dll]127.0.0.1 banners.affiliatefuel.com127.0.0.1 affiliatetarget.com127.0.0.1 fcds.affiliatetracking.net127.0.0.1 our.affiliatetracking.net127.0.0.1 partner.#[Troj/Subsear-A][Adware-SSF.dr]127.0.0.1 adserver.aim4media.com127.0.0.1 adtest.aim4media.com127.0.0.1 pops.aim4media.com127.0.0.1 crs.akamai.com127.0.0.1 soap.#[Spyware. Auto Startup]127.0.0.1 cploving.#[Trojan Clicker. ]127.0.0.1 perso.estat.com127.0.0.1 prof.estat.com127.0.0.1 Zone site]127.0.0.1 eu-adcenter.net127.0.0.1 thinknyc.eu-adcenter.net127.0.0.1 ugo.#[evidence-eliminator.com]127.0.0.1 Bar][Installer X Class]127.0.0.1 engage.everyone.net127.0.0.1 static.everyone.net127.0.0.1 exitexchange.com127.0.0.1 count.exitexchange.com127.0.0.1 images.exitexchange.com127.0.0.1 Zone site]127.0.0.1 #[EZCyber Search. A]127.0.0.1 net #[Grolier Network]127.0.0.1 micorsoft.com127.0.0.1 hijacker]127.0.0.1 adserver.mindshare.de127.0.0.1 Mini-Player]127.0.0.1 banner.missingkids.com127.0.0.1 ads.monster.com127.0.0.1 adserver.monster.com127.0.0.1 adserver.monster.com127.0.0.1 ads.monstermoving.com127.0.0.1 cookie.monster.com127.0.0.1 mp3today.net127.0.0.1 mpamexit.com127.0.0.1 msgtag.com127.0.0.1 img.#[Restricted Zone site]127.0.0.1 multi1co.uk127.0.0.1 #[Multimpp Obj Class][Adv Ware. Now Box]127.0.0.1 mediatickets.nubela.net127.0.0.1 nz127.0.0.1 okcounter.com127.0.0.1 net #[Trojan. C]127.0.0.1 stat.onestat.com127.0.0.1 one.ru127.0.0.1 ru127.0.0.1 stats0ru127.0.0.1 stats1ru127.0.0.1 stats2ru127.0.0.1 server1.opentracker.net127.0.0.1 ccc00.opinionlab.com127.0.0.1 rate.opinionlab.com127.0.0.1 net127.0.0.1 Organizer Class]127.0.0.1 com127.0.0.1 com127.0.0.1 otx5.otxresearch.com127.0.0.1 otx.#[OTXMedia.dll]127.0.0.1 Class]127.0.0.1 adpopper.#[bargain-buddy.net]127.0.0.1 click.payserve.com127.0.0.1 ad1com127.0.0.1 ad3com127.0.0.1 com127.0.0.1 ad4com127.0.0.1 ads5com127.0.0.1 com127.0.0.1 net127.0.0.1 ads.#[addynamix.com]127.0.0.1 banners.pennyweb.com127.0.0.1 D]127.0.0.1 ads.photosight.ru127.0.0.1 phpadsnew.com127.0.0.1 #[Backdoor.

EXE"O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [One Care UI] "C:\Program Files\Microsoft Windows One Care Live\winssnotify.exe"O4 - HKCU\..\Run: [Backup Notify] c:\Program Files\Hewlett-Packard\Digital Imaging\bin\O4 - HKCU\..\Run: [NVIEW] rundll32nview.dll,n View Load Hook O4 - HKCU\..\Run: [Real Player] "C:\Program Files\Real\Real One Player\realplay.exe" /Run UPGTool Command Re Boot O4 - HKCU\..\Run: [update Mgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\Adobe Update Ac Rd B7_0_9O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\O4 - Startup: Auto O4 - Global Startup: Adobe Reader Speed = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_O4 - Global Startup: HP Digital Imaging = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08O4 - Global Startup: Motorola Wireless USB = ? - C:\Program Files\i Pod\bin\i Pod O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32O23 - Service: Softex Omni Pass Service (omniserv) - Unknown owner - C:\Program Files\Softex\Omni Pass\O23 - Service: Ventrilo - Unknown owner - C:\Program Files\Vent Srv\ventrilo_O23 - Service: Windows Network Log Manage - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\MSInfo\Smit Fraud Fix v2.166Scan done at .25, Fri 04/13/2007Run from C:\Documents and Settings\Owner\Desktop\Smitfraud Fix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NTThe filesystem type is NTFSFix run in safe mode Shared Task Scheduler Before Smit Fraud Fix!!! Alexa][Alexa Toolbar]127.0.0.1 #[Backdoor-CIE]127.0.0.1 ads.as4#[Ticketmaster]127.0.0.1 net127.0.0.1 net127.0.0.1 ads.amazingmedia.com127.0.0.1 bohema.#[Trojan. H]127.0.0.1 adserver04.#[Real Media]127.0.0.1 ads.antionline.com127.0.0.1 net127.0.0.1 banner.arttoday.com127.0.0.1 #[amazon.com]127.0.0.1 #[UCSearch][W32. Surebar]127.0.0.1 ads.ezcybersearch.com127.0.0.1 everyone.net127.0.0.1 Search]127.0.0.1 ads.au127.0.0.1 au127.0.0.1 redirect.au127.0.0.1 campaigns.f2au127.0.0.1 Search][TROJ_STARTPAG. Bi Spy.o]127.0.0.1 mvtracker.com127.0.0.1 mvr3#[Nav Excel\n-CASE]127.0.0.1 #[Parasite. No Adware]127.0.0.1 ad.nobreak.com127.0.0.1 #[spam][server down?

O4 - Global Startup: Quicken Scheduled = C:\Program Files\Quicken\O4 - Global Startup: Updates from = C:\Program Files\Updates from HP\137903\Program\Back Web-137903O8 - Extra context menu item: &Yahoo! Attention, following keys are not inevitably infected!!! Ri Search Shared Task Scheduler's .dll[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Explorer\Shared Task Scheduler]""="frisbee"[HKEY_CLASSES_ROOT\CLSID\\In Proc Server32]@="C:\WINDOWS\system32\ygjun.dll"[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\\In Proc Server32]@="C:\WINDOWS\system32\ygjun.dll" Killing process hosts127.0.0.1 downloads.aaa1#[Bargin Buddy]127.0.0.1 dl.aaascreensavers.com127.0.0.1 abcsearch.com127.0.0.1 admin.abcsearch.com127.0.0.1 www3.#[Browseraid]127.0.0.1 abc517#[Trojan. Nav Excel]127.0.0.1 us127.0.0.1 ads.mydailyhoroscope.net127.0.0.1 Horoscope]127.0.0.1 com127.0.0.1 myhitlogger.com127.0.0.1 #[Parasite. My Page Finder]127.0.0.1 hit.namimedia.com127.0.0.1 ads.nandomedia.com127.0.0.1 #[Adware. Needed Ware]127.0.0.1 www6.netbroadcaster.com127.0.0.1 code.au127.0.0.1 money2.netfirms.com127.0.0.1 partner.netmechanic.com127.0.0.1 tracker.netmechanic.com127.0.0.1 counter.netmore.net127.0.0.1 ads.netsol.com127.0.0.1 ads.uk127.0.0.1 adq.nextag.com127.0.0.1 #[TROJ_DELF.

]]Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\MP Scheduled Quick C:\WINDOWS\tasks\MP Scheduled C:\WINDOWS\tasks\MP Scheduled Signature C:\WINDOWS\tasks\Symantec Net Detect.job********************************************************************catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006 hidden processes ...scanning hidden services ...scanning hidden autostart entries ...scanning hidden files ..completed successfullyhidden processes: 0hidden services: 0hidden files: 0********************************************************************Completion time: 07-04-13 C:\Combo ... EXEO4 - HKLM\..\Run: [Storage Guard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [Tk Bell Exe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Auto TKit] C:\hp\bin\AUTOTKIT. EXE C:\WINDOWS\System32\Nv Cpl.dll, Nv Startup O4 - HKLM\..\Run: [nwiz] /installquiet /keeploaded /nodetect O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\O4 - HKLM\..\Run: [Alcx Monitor] ALCXMNTR. DLLO18 - Protocol: msnim - - C:\PROGRA~1\MSNMES~1\MSGRAP~1. Adtomi]127.0.0.1 downldcl.adtoolsinc.com127.0.0.1 survey.advantageresearch.com127.0.0.1 ad.tw127.0.0.1 ads.advertise.net127.0.0.1 #[Adware. Arm Bender]127.0.0.1 audiogalaxy.com127.0.0.1 Zone site]127.0.0.1 adserving.autotrader.com127.0.0.1 Moe Money]127.0.0.1 Page-DA]127.0.0.1 c.#[ah-ha.com]127.0.0.1 #[xzoomy.com]127.0.0.1 epeople.com127.0.0.1 errorpage404#[JS_TRAFFICHBAR. Tiny Bar]127.0.0.1 er.errorplace.com127.0.0.1 vipuk.#[123Messenger Hijacker]127.0.0.1 antivirus spyware]127.0.0.1 Page-EZ][server down? Meerhits.nl]127.0.0.1 pokpok.meerhits.nl127.0.0.1 exit.megago.com127.0.0.1 squatter]127.0.0.1 Zone site]127.0.0.1

If so, click it, then click the next icon right below and select "Move incurable". Please copy/paste the content of that report into your next reply.*****************************Launch HJThis,click 'Open the Misc Tools Section'. EXEC:\Program Files\Microsoft Windows One Care Live\Firewall\C:\Program Files\Microsoft Windows One Care Live\C:\Program Files\Softex\Omni Pass\C:\WINDOWS\Explorer. Download Plus]127.0.0.1 ad.tomshardware.com127.0.0.1 #[IEDLL.

EXEC:\windows\system\C:\WINDOWS\System32\C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\C:\Program Files\HP\HP Software Update\HPWu C:\WINDOWS\System32\hphmon05C:\HP\KBD\KBD.

07-04-13 Hijack logs Logfile of Hijack This v1.99.1Scan saved at AM, on 4/13/2007Platform: Windows XP SP2 (Win NT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16414)Running processes: C:\WINDOWS\System32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\Program Files\Microsoft Windows One Care Live\Antivirus\Ms Mp C:\WINDOWS\system32\C:\Program Files\Softex\Omni Pass\C:\WINDOWS\C:\Documents and Settings\Owner\Desktop\Hijack R1 - HKCU\Software\Microsoft\Internet Connection Wizard, Shell Next = - HKCU\Software\Microsoft\Windows\Current Version\Internet Settings, Proxy Override = localhost R3 - URLSearch Hook: Yahoo! EXEO4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD. EXEO4 - HKLM\..\Run: [Igfx Tray] C:\WINDOWS\System32\O4 - HKLM\..\Run: [Quick Time Task] "C:\Program Files\Quick Time\qttask.exe" -atboottime O4 - HKLM\..\Run: [i Tunes Helper] "C:\Program Files\i Tunes\i Tunes Helper.exe"O4 - HKLM\..\Run: [Quick Finder Scheduler] "c:\Program Files\Word Perfect Office 11\Programs\QFSCHD110. DLLO20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\Omni Pass\O20 - Winlogon Notify: Wga Logon - C:\WINDOWS\SYSTEM32\Wga O23 - Service: i Pod Service - Apple Computer, Inc. Advision]127.0.0.1 adviva.com127.0.0.1 ads.adviva.net127.0.0.1 adstats.adviva.net127.0.0.1 tracker.#[msvrl.dll]127.0.0.1 banners.affiliatefuel.com127.0.0.1 affiliatetarget.com127.0.0.1 fcds.affiliatetracking.net127.0.0.1 our.affiliatetracking.net127.0.0.1 partner.#[Troj/Subsear-A][Adware-SSF.dr]127.0.0.1 adserver.aim4media.com127.0.0.1 adtest.aim4media.com127.0.0.1 pops.aim4media.com127.0.0.1 crs.akamai.com127.0.0.1 soap.#[Spyware. Auto Startup]127.0.0.1 cploving.#[Trojan Clicker. ]127.0.0.1 perso.estat.com127.0.0.1 prof.estat.com127.0.0.1 Zone site]127.0.0.1 eu-adcenter.net127.0.0.1 thinknyc.eu-adcenter.net127.0.0.1 ugo.#[evidence-eliminator.com]127.0.0.1 Bar][Installer X Class]127.0.0.1 engage.everyone.net127.0.0.1 static.everyone.net127.0.0.1 exitexchange.com127.0.0.1 count.exitexchange.com127.0.0.1 images.exitexchange.com127.0.0.1 Zone site]127.0.0.1 #[EZCyber Search. A]127.0.0.1 net #[Grolier Network]127.0.0.1 micorsoft.com127.0.0.1 hijacker]127.0.0.1 adserver.mindshare.de127.0.0.1 Mini-Player]127.0.0.1 banner.missingkids.com127.0.0.1 ads.monster.com127.0.0.1 adserver.monster.com127.0.0.1 adserver.monster.com127.0.0.1 ads.monstermoving.com127.0.0.1 cookie.monster.com127.0.0.1 mp3today.net127.0.0.1 mpamexit.com127.0.0.1 msgtag.com127.0.0.1 img.#[Restricted Zone site]127.0.0.1 multi1co.uk127.0.0.1 #[Multimpp Obj Class][Adv Ware. Now Box]127.0.0.1 mediatickets.nubela.net127.0.0.1 nz127.0.0.1 okcounter.com127.0.0.1 net #[Trojan. C]127.0.0.1 stat.onestat.com127.0.0.1 one.ru127.0.0.1 ru127.0.0.1 stats0ru127.0.0.1 stats1ru127.0.0.1 stats2ru127.0.0.1 server1.opentracker.net127.0.0.1 ccc00.opinionlab.com127.0.0.1 rate.opinionlab.com127.0.0.1 net127.0.0.1 Organizer Class]127.0.0.1 com127.0.0.1 com127.0.0.1 otx5.otxresearch.com127.0.0.1 otx.#[OTXMedia.dll]127.0.0.1 Class]127.0.0.1 adpopper.#[bargain-buddy.net]127.0.0.1 click.payserve.com127.0.0.1 ad1com127.0.0.1 ad3com127.0.0.1 com127.0.0.1 ad4com127.0.0.1 ads5com127.0.0.1 com127.0.0.1 net127.0.0.1 ads.#[addynamix.com]127.0.0.1 banners.pennyweb.com127.0.0.1 D]127.0.0.1 ads.photosight.ru127.0.0.1 phpadsnew.com127.0.0.1 #[Backdoor.

EXE"O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [One Care UI] "C:\Program Files\Microsoft Windows One Care Live\winssnotify.exe"O4 - HKCU\..\Run: [Backup Notify] c:\Program Files\Hewlett-Packard\Digital Imaging\bin\O4 - HKCU\..\Run: [NVIEW] rundll32nview.dll,n View Load Hook O4 - HKCU\..\Run: [Real Player] "C:\Program Files\Real\Real One Player\realplay.exe" /Run UPGTool Command Re Boot O4 - HKCU\..\Run: [update Mgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\Adobe Update Ac Rd B7_0_9O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\O4 - Startup: Auto O4 - Global Startup: Adobe Reader Speed = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_O4 - Global Startup: HP Digital Imaging = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08O4 - Global Startup: Motorola Wireless USB = ? - C:\Program Files\i Pod\bin\i Pod O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32O23 - Service: Softex Omni Pass Service (omniserv) - Unknown owner - C:\Program Files\Softex\Omni Pass\O23 - Service: Ventrilo - Unknown owner - C:\Program Files\Vent Srv\ventrilo_O23 - Service: Windows Network Log Manage - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\MSInfo\Smit Fraud Fix v2.166Scan done at .25, Fri 04/13/2007Run from C:\Documents and Settings\Owner\Desktop\Smitfraud Fix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NTThe filesystem type is NTFSFix run in safe mode Shared Task Scheduler Before Smit Fraud Fix!!! Alexa][Alexa Toolbar]127.0.0.1 #[Backdoor-CIE]127.0.0.1 ads.as4#[Ticketmaster]127.0.0.1 net127.0.0.1 net127.0.0.1 ads.amazingmedia.com127.0.0.1 bohema.#[Trojan. H]127.0.0.1 adserver04.#[Real Media]127.0.0.1 ads.antionline.com127.0.0.1 net127.0.0.1 banner.arttoday.com127.0.0.1 #[amazon.com]127.0.0.1 #[UCSearch][W32. Surebar]127.0.0.1 ads.ezcybersearch.com127.0.0.1 everyone.net127.0.0.1 Search]127.0.0.1 ads.au127.0.0.1 au127.0.0.1 redirect.au127.0.0.1 campaigns.f2au127.0.0.1 Search][TROJ_STARTPAG. Bi Spy.o]127.0.0.1 mvtracker.com127.0.0.1 mvr3#[Nav Excel\n-CASE]127.0.0.1 #[Parasite. No Adware]127.0.0.1 ad.nobreak.com127.0.0.1 #[spam][server down?

O4 - Global Startup: Quicken Scheduled = C:\Program Files\Quicken\O4 - Global Startup: Updates from = C:\Program Files\Updates from HP7903\Program\Back Web-137903O8 - Extra context menu item: &Yahoo! Attention, following keys are not inevitably infected!!! Ri Search Shared Task Scheduler's .dll[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Explorer\Shared Task Scheduler]""="frisbee"[HKEY_CLASSES_ROOT\CLSID\In Proc Server32]@="C:\WINDOWS\system32\ygjun.dll"[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\In Proc Server32]@="C:\WINDOWS\system32\ygjun.dll" Killing process hosts127.0.0.1 downloads.aaa1#[Bargin Buddy]127.0.0.1 dl.aaascreensavers.com127.0.0.1 abcsearch.com127.0.0.1 admin.abcsearch.com127.0.0.1 www3.#[Browseraid]127.0.0.1 abc517#[Trojan. Nav Excel]127.0.0.1 us127.0.0.1 ads.mydailyhoroscope.net127.0.0.1 Horoscope]127.0.0.1 com127.0.0.1 myhitlogger.com127.0.0.1 #[Parasite. My Page Finder]127.0.0.1 hit.namimedia.com127.0.0.1 ads.nandomedia.com127.0.0.1 #[Adware. Needed Ware]127.0.0.1 www6.netbroadcaster.com127.0.0.1 code.au127.0.0.1 money2.netfirms.com127.0.0.1 partner.netmechanic.com127.0.0.1 tracker.netmechanic.com127.0.0.1 counter.netmore.net127.0.0.1 ads.netsol.com127.0.0.1 ads.uk127.0.0.1 adq.nextag.com127.0.0.1 #[TROJ_DELF.

[[

EXE\"""Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide""One Care UI"="\"C:\\Program Files\\Microsoft Windows One Care Live\\winssnotify.exe\"" [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]"DWQueued Reporting"="\"C:\\PROGRA~1\\COMMON~1\\MICROS~1\\DW\\dwtrig20.exe\" -t"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"Disable Task Mgr"=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]""="frisbee"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]""="Microsoft Anti Malware Shell Execute Hook"HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]"Security Providers"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages REG_MULTI_SZ msv1_0\0\0 Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0 Notification Packages REG_MULTI_SZ scecli\0\0HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\One Care MP [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\Current Version\Svchost]Local Service REG_MULTI_SZ Alerter\0Web Client\0Lm Hosts\0Remote Registry\0upnphost\0SSDPSRV\0\0Network Service REG_MULTI_SZ Dns Cache\0\0rpcss REG_MULTI_SZ Rpc Ss\0\0imgsvc REG_MULTI_SZ Sti Svc\0\0termsvcs REG_MULTI_SZ Term Service\0\0HTTPFilter REG_MULTI_SZ HTTPFilter\0\0Dcom Launch REG_MULTI_SZ Dcom Launch\0Term Service\0\0Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\MP Scheduled Quick C:\WINDOWS\tasks\MP Scheduled C:\WINDOWS\tasks\MP Scheduled Signature C:\WINDOWS\tasks\Symantec Net Detect.job********************************************************************catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006 hidden processes ...scanning hidden services ...scanning hidden autostart entries ...scanning hidden files ..completed successfullyhidden processes: 0hidden services: 0hidden files: 0********************************************************************Completion time: 07-04-13 C:\Combo ... EXEO4 - HKLM\..\Run: [Storage Guard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [Tk Bell Exe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Auto TKit] C:\hp\bin\AUTOTKIT. EXE C:\WINDOWS\System32\Nv Cpl.dll, Nv Startup O4 - HKLM\..\Run: [nwiz] /installquiet /keeploaded /nodetect O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\O4 - HKLM\..\Run: [Alcx Monitor] ALCXMNTR. DLLO18 - Protocol: msnim - - C:\PROGRA~1\MSNMES~1\MSGRAP~1. Adtomi]127.0.0.1 downldcl.adtoolsinc.com127.0.0.1 survey.advantageresearch.com127.0.0.1 ad.tw127.0.0.1 ads.advertise.net127.0.0.1 #[Adware. Arm Bender]127.0.0.1 audiogalaxy.com127.0.0.1 Zone site]127.0.0.1 adserving.autotrader.com127.0.0.1 Moe Money]127.0.0.1 Page-DA]127.0.0.1 c.#[ah-ha.com]127.0.0.1 #[xzoomy.com]127.0.0.1 epeople.com127.0.0.1 errorpage404#[JS_TRAFFICHBAR. Tiny Bar]127.0.0.1 er.errorplace.com127.0.0.1 vipuk.#[123Messenger Hijacker]127.0.0.1 antivirus spyware]127.0.0.1 Page-EZ][server down? Meerhits.nl]127.0.0.1 pokpok.meerhits.nl127.0.0.1 exit.megago.com127.0.0.1 squatter]127.0.0.1 Zone site]127.0.0.1 If so, click it, then click the next icon right below and select "Move incurable". Please copy/paste the content of that report into your next reply.*****************************Launch HJThis,click 'Open the Misc Tools Section'. EXEC:\Program Files\Microsoft Windows One Care Live\Firewall\C:\Program Files\Microsoft Windows One Care Live\C:\Program Files\Softex\Omni Pass\C:\WINDOWS\Explorer. Download Plus]127.0.0.1 ad.tomshardware.com127.0.0.1 #[IEDLL. EXEC:\windows\system\C:\WINDOWS\System32\C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\C:\Program Files\HP\HP Software Update\HPWu C:\WINDOWS\System32\hphmon05C:\HP\KBD\KBD. 07-04-13 Hijack logs Logfile of Hijack This v1.99.1Scan saved at AM, on 4/13/2007Platform: Windows XP SP2 (Win NT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16414)Running processes: C:\WINDOWS\System32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\Program Files\Microsoft Windows One Care Live\Antivirus\Ms Mp C:\WINDOWS\system32\C:\Program Files\Softex\Omni Pass\C:\WINDOWS\C:\Documents and Settings\Owner\Desktop\Hijack R1 - HKCU\Software\Microsoft\Internet Connection Wizard, Shell Next = - HKCU\Software\Microsoft\Windows\Current Version\Internet Settings, Proxy Override = localhost R3 - URLSearch Hook: Yahoo! EXEO4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD. EXEO4 - HKLM\..\Run: [Igfx Tray] C:\WINDOWS\System32\O4 - HKLM\..\Run: [Quick Time Task] "C:\Program Files\Quick Time\qttask.exe" -atboottime O4 - HKLM\..\Run: [i Tunes Helper] "C:\Program Files\i Tunes\i Tunes Helper.exe"O4 - HKLM\..\Run: [Quick Finder Scheduler] "c:\Program Files\Word Perfect Office 11\Programs\QFSCHD110. DLLO20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\Omni Pass\O20 - Winlogon Notify: Wga Logon - C:\WINDOWS\SYSTEM32\Wga O23 - Service: i Pod Service - Apple Computer, Inc. Advision]127.0.0.1 adviva.com127.0.0.1 ads.adviva.net127.0.0.1 adstats.adviva.net127.0.0.1 tracker.#[msvrl.dll]127.0.0.1 banners.affiliatefuel.com127.0.0.1 affiliatetarget.com127.0.0.1 fcds.affiliatetracking.net127.0.0.1 our.affiliatetracking.net127.0.0.1 partner.#[Troj/Subsear-A][Adware-SSF.dr]127.0.0.1 adserver.aim4media.com127.0.0.1 adtest.aim4media.com127.0.0.1 pops.aim4media.com127.0.0.1 crs.akamai.com127.0.0.1 soap.#[Spyware. Auto Startup]127.0.0.1 cploving.#[Trojan Clicker. ]127.0.0.1 perso.estat.com127.0.0.1 prof.estat.com127.0.0.1 Zone site]127.0.0.1 eu-adcenter.net127.0.0.1 thinknyc.eu-adcenter.net127.0.0.1 ugo.#[evidence-eliminator.com]127.0.0.1 Bar][Installer X Class]127.0.0.1 engage.everyone.net127.0.0.1 static.everyone.net127.0.0.1 exitexchange.com127.0.0.1 count.exitexchange.com127.0.0.1 images.exitexchange.com127.0.0.1 Zone site]127.0.0.1 #[EZCyber Search. A]127.0.0.1 net #[Grolier Network]127.0.0.1 micorsoft.com127.0.0.1 hijacker]127.0.0.1 adserver.mindshare.de127.0.0.1 Mini-Player]127.0.0.1 banner.missingkids.com127.0.0.1 ads.monster.com127.0.0.1 adserver.monster.com127.0.0.1 adserver.monster.com127.0.0.1 ads.monstermoving.com127.0.0.1 cookie.monster.com127.0.0.1 mp3today.net127.0.0.1 mpamexit.com127.0.0.1 msgtag.com127.0.0.1 img.#[Restricted Zone site]127.0.0.1 multi1co.uk127.0.0.1 #[Multimpp Obj Class][Adv Ware. Now Box]127.0.0.1 mediatickets.nubela.net127.0.0.1 nz127.0.0.1 okcounter.com127.0.0.1 net #[Trojan. C]127.0.0.1 stat.onestat.com127.0.0.1 one.ru127.0.0.1 ru127.0.0.1 stats0ru127.0.0.1 stats1ru127.0.0.1 stats2ru127.0.0.1 server1.opentracker.net127.0.0.1 ccc00.opinionlab.com127.0.0.1 rate.opinionlab.com127.0.0.1 net127.0.0.1 Organizer Class]127.0.0.1 com127.0.0.1 com127.0.0.1 otx5.otxresearch.com127.0.0.1 otx.#[OTXMedia.dll]127.0.0.1 Class]127.0.0.1 adpopper.#[bargain-buddy.net]127.0.0.1 click.payserve.com127.0.0.1 ad1com127.0.0.1 ad3com127.0.0.1 com127.0.0.1 ad4com127.0.0.1 ads5com127.0.0.1 com127.0.0.1 net127.0.0.1 ads.#[addynamix.com]127.0.0.1 banners.pennyweb.com127.0.0.1 D]127.0.0.1 ads.photosight.ru127.0.0.1 phpadsnew.com127.0.0.1 #[Backdoor. EXE"O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [One Care UI] "C:\Program Files\Microsoft Windows One Care Live\winssnotify.exe"O4 - HKCU\..\Run: [Backup Notify] c:\Program Files\Hewlett-Packard\Digital Imaging\bin\O4 - HKCU\..\Run: [NVIEW] rundll32nview.dll,n View Load Hook O4 - HKCU\..\Run: [Real Player] "C:\Program Files\Real\Real One Player\realplay.exe" /Run UPGTool Command Re Boot O4 - HKCU\..\Run: [update Mgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\Adobe Update Ac Rd B7_0_9O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\O4 - Startup: Auto O4 - Global Startup: Adobe Reader Speed = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_O4 - Global Startup: HP Digital Imaging = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08O4 - Global Startup: Motorola Wireless USB = ? - C:\Program Files\i Pod\bin\i Pod O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32O23 - Service: Softex Omni Pass Service (omniserv) - Unknown owner - C:\Program Files\Softex\Omni Pass\O23 - Service: Ventrilo - Unknown owner - C:\Program Files\Vent Srv\ventrilo_O23 - Service: Windows Network Log Manage - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\MSInfo\Smit Fraud Fix v2.166Scan done at .25, Fri 04/13/2007Run from C:\Documents and Settings\Owner\Desktop\Smitfraud Fix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NTThe filesystem type is NTFSFix run in safe mode Shared Task Scheduler Before Smit Fraud Fix!!! Alexa][Alexa Toolbar]127.0.0.1 #[Backdoor-CIE]127.0.0.1 ads.as4#[Ticketmaster]127.0.0.1 net127.0.0.1 net127.0.0.1 ads.amazingmedia.com127.0.0.1 bohema.#[Trojan. H]127.0.0.1 adserver04.#[Real Media]127.0.0.1 ads.antionline.com127.0.0.1 net127.0.0.1 banner.arttoday.com127.0.0.1 #[amazon.com]127.0.0.1 #[UCSearch][W32. Surebar]127.0.0.1 ads.ezcybersearch.com127.0.0.1 everyone.net127.0.0.1 Search]127.0.0.1 ads.au127.0.0.1 au127.0.0.1 redirect.au127.0.0.1 campaigns.f2au127.0.0.1 Search][TROJ_STARTPAG. Bi Spy.o]127.0.0.1 mvtracker.com127.0.0.1 mvr3#[Nav Excel\n-CASE]127.0.0.1 #[Parasite. No Adware]127.0.0.1 ad.nobreak.com127.0.0.1 #[spam][server down? O4 - Global Startup: Quicken Scheduled = C:\Program Files\Quicken\O4 - Global Startup: Updates from = C:\Program Files\Updates from HP\137903\Program\Back Web-137903O8 - Extra context menu item: &Yahoo! Attention, following keys are not inevitably infected!!! Ri Search Shared Task Scheduler's .dll[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Explorer\Shared Task Scheduler]""="frisbee"[HKEY_CLASSES_ROOT\CLSID\\In Proc Server32]@="C:\WINDOWS\system32\ygjun.dll"[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\\In Proc Server32]@="C:\WINDOWS\system32\ygjun.dll" Killing process hosts127.0.0.1 downloads.aaa1#[Bargin Buddy]127.0.0.1 dl.aaascreensavers.com127.0.0.1 abcsearch.com127.0.0.1 admin.abcsearch.com127.0.0.1 www3.#[Browseraid]127.0.0.1 abc517#[Trojan. Nav Excel]127.0.0.1 us127.0.0.1 ads.mydailyhoroscope.net127.0.0.1 Horoscope]127.0.0.1 com127.0.0.1 myhitlogger.com127.0.0.1 #[Parasite. My Page Finder]127.0.0.1 hit.namimedia.com127.0.0.1 ads.nandomedia.com127.0.0.1 #[Adware. Needed Ware]127.0.0.1 www6.netbroadcaster.com127.0.0.1 code.au127.0.0.1 money2.netfirms.com127.0.0.1 partner.netmechanic.com127.0.0.1 tracker.netmechanic.com127.0.0.1 counter.netmore.net127.0.0.1 ads.netsol.com127.0.0.1 ads.uk127.0.0.1 adq.nextag.com127.0.0.1 #[TROJ_DELF.

||

EXE\"""Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide""One Care UI"="\"C:\\Program Files\\Microsoft Windows One Care Live\\winssnotify.exe\"" [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]"DWQueued Reporting"="\"C:\\PROGRA~1\\COMMON~1\\MICROS~1\\DW\\dwtrig20.exe\" -t"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"Disable Task Mgr"=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]""="frisbee"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]""="Microsoft Anti Malware Shell Execute Hook"HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]"Security Providers"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages REG_MULTI_SZ msv1_0\0\0 Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0 Notification Packages REG_MULTI_SZ scecli\0\0HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\One Care MP [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\Current Version\Svchost]Local Service REG_MULTI_SZ Alerter\0Web Client\0Lm Hosts\0Remote Registry\0upnphost\0SSDPSRV\0\0Network Service REG_MULTI_SZ Dns Cache\0\0rpcss REG_MULTI_SZ Rpc Ss\0\0imgsvc REG_MULTI_SZ Sti Svc\0\0termsvcs REG_MULTI_SZ Term Service\0\0HTTPFilter REG_MULTI_SZ HTTPFilter\0\0Dcom Launch REG_MULTI_SZ Dcom Launch\0Term Service\0\0Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\MP Scheduled Quick C:\WINDOWS\tasks\MP Scheduled C:\WINDOWS\tasks\MP Scheduled Signature C:\WINDOWS\tasks\Symantec Net Detect.job********************************************************************catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006 hidden processes ...scanning hidden services ...scanning hidden autostart entries ...scanning hidden files ..completed successfullyhidden processes: 0hidden services: 0hidden files: 0********************************************************************Completion time: 07-04-13 C:\Combo ... EXEO4 - HKLM\..\Run: [Storage Guard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [Tk Bell Exe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Auto TKit] C:\hp\bin\AUTOTKIT. EXE C:\WINDOWS\System32\Nv Cpl.dll, Nv Startup O4 - HKLM\..\Run: [nwiz] /installquiet /keeploaded /nodetect O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\O4 - HKLM\..\Run: [Alcx Monitor] ALCXMNTR. DLLO18 - Protocol: msnim - - C:\PROGRA~1\MSNMES~1\MSGRAP~1. Adtomi]127.0.0.1 downldcl.adtoolsinc.com127.0.0.1 survey.advantageresearch.com127.0.0.1 ad.tw127.0.0.1 ads.advertise.net127.0.0.1 #[Adware. Arm Bender]127.0.0.1 audiogalaxy.com127.0.0.1 Zone site]127.0.0.1 adserving.autotrader.com127.0.0.1 Moe Money]127.0.0.1 Page-DA]127.0.0.1 c.#[ah-ha.com]127.0.0.1 #[xzoomy.com]127.0.0.1 epeople.com127.0.0.1 errorpage404#[JS_TRAFFICHBAR. Tiny Bar]127.0.0.1 er.errorplace.com127.0.0.1 vipuk.#[123Messenger Hijacker]127.0.0.1 antivirus spyware]127.0.0.1 Page-EZ][server down? Meerhits.nl]127.0.0.1 pokpok.meerhits.nl127.0.0.1 exit.megago.com127.0.0.1 squatter]127.0.0.1 Zone site]127.0.0.1

If so, click it, then click the next icon right below and select "Move incurable". Please copy/paste the content of that report into your next reply.*****************************Launch HJThis,click 'Open the Misc Tools Section'. EXEC:\Program Files\Microsoft Windows One Care Live\Firewall\C:\Program Files\Microsoft Windows One Care Live\C:\Program Files\Softex\Omni Pass\C:\WINDOWS\Explorer. Download Plus]127.0.0.1 ad.tomshardware.com127.0.0.1 #[IEDLL.

EXEC:\windows\system\C:\WINDOWS\System32\C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\C:\Program Files\HP\HP Software Update\HPWu C:\WINDOWS\System32\hphmon05C:\HP\KBD\KBD.

07-04-13 Hijack logs Logfile of Hijack This v1.99.1Scan saved at AM, on 4/13/2007Platform: Windows XP SP2 (Win NT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16414)Running processes: C:\WINDOWS\System32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\Program Files\Microsoft Windows One Care Live\Antivirus\Ms Mp C:\WINDOWS\system32\C:\Program Files\Softex\Omni Pass\C:\WINDOWS\C:\Documents and Settings\Owner\Desktop\Hijack R1 - HKCU\Software\Microsoft\Internet Connection Wizard, Shell Next = - HKCU\Software\Microsoft\Windows\Current Version\Internet Settings, Proxy Override = localhost R3 - URLSearch Hook: Yahoo! EXEO4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD. EXEO4 - HKLM\..\Run: [Igfx Tray] C:\WINDOWS\System32\O4 - HKLM\..\Run: [Quick Time Task] "C:\Program Files\Quick Time\qttask.exe" -atboottime O4 - HKLM\..\Run: [i Tunes Helper] "C:\Program Files\i Tunes\i Tunes Helper.exe"O4 - HKLM\..\Run: [Quick Finder Scheduler] "c:\Program Files\Word Perfect Office 11\Programs\QFSCHD110. DLLO20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\Omni Pass\O20 - Winlogon Notify: Wga Logon - C:\WINDOWS\SYSTEM32\Wga O23 - Service: i Pod Service - Apple Computer, Inc. Advision]127.0.0.1 adviva.com127.0.0.1 ads.adviva.net127.0.0.1 adstats.adviva.net127.0.0.1 tracker.#[msvrl.dll]127.0.0.1 banners.affiliatefuel.com127.0.0.1 affiliatetarget.com127.0.0.1 fcds.affiliatetracking.net127.0.0.1 our.affiliatetracking.net127.0.0.1 partner.#[Troj/Subsear-A][Adware-SSF.dr]127.0.0.1 adserver.aim4media.com127.0.0.1 adtest.aim4media.com127.0.0.1 pops.aim4media.com127.0.0.1 crs.akamai.com127.0.0.1 soap.#[Spyware. Auto Startup]127.0.0.1 cploving.#[Trojan Clicker. ]127.0.0.1 perso.estat.com127.0.0.1 prof.estat.com127.0.0.1 Zone site]127.0.0.1 eu-adcenter.net127.0.0.1 thinknyc.eu-adcenter.net127.0.0.1 ugo.#[evidence-eliminator.com]127.0.0.1 Bar][Installer X Class]127.0.0.1 engage.everyone.net127.0.0.1 static.everyone.net127.0.0.1 exitexchange.com127.0.0.1 count.exitexchange.com127.0.0.1 images.exitexchange.com127.0.0.1 Zone site]127.0.0.1 #[EZCyber Search. A]127.0.0.1 net #[Grolier Network]127.0.0.1 micorsoft.com127.0.0.1 hijacker]127.0.0.1 adserver.mindshare.de127.0.0.1 Mini-Player]127.0.0.1 banner.missingkids.com127.0.0.1 ads.monster.com127.0.0.1 adserver.monster.com127.0.0.1 adserver.monster.com127.0.0.1 ads.monstermoving.com127.0.0.1 cookie.monster.com127.0.0.1 mp3today.net127.0.0.1 mpamexit.com127.0.0.1 msgtag.com127.0.0.1 img.#[Restricted Zone site]127.0.0.1 multi1co.uk127.0.0.1 #[Multimpp Obj Class][Adv Ware. Now Box]127.0.0.1 mediatickets.nubela.net127.0.0.1 nz127.0.0.1 okcounter.com127.0.0.1 net #[Trojan. C]127.0.0.1 stat.onestat.com127.0.0.1 one.ru127.0.0.1 ru127.0.0.1 stats0ru127.0.0.1 stats1ru127.0.0.1 stats2ru127.0.0.1 server1.opentracker.net127.0.0.1 ccc00.opinionlab.com127.0.0.1 rate.opinionlab.com127.0.0.1 net127.0.0.1 Organizer Class]127.0.0.1 com127.0.0.1 com127.0.0.1 otx5.otxresearch.com127.0.0.1 otx.#[OTXMedia.dll]127.0.0.1 Class]127.0.0.1 adpopper.#[bargain-buddy.net]127.0.0.1 click.payserve.com127.0.0.1 ad1com127.0.0.1 ad3com127.0.0.1 com127.0.0.1 ad4com127.0.0.1 ads5com127.0.0.1 com127.0.0.1 net127.0.0.1 ads.#[addynamix.com]127.0.0.1 banners.pennyweb.com127.0.0.1 D]127.0.0.1 ads.photosight.ru127.0.0.1 phpadsnew.com127.0.0.1 #[Backdoor.

EXE"O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [One Care UI] "C:\Program Files\Microsoft Windows One Care Live\winssnotify.exe"O4 - HKCU\..\Run: [Backup Notify] c:\Program Files\Hewlett-Packard\Digital Imaging\bin\O4 - HKCU\..\Run: [NVIEW] rundll32nview.dll,n View Load Hook O4 - HKCU\..\Run: [Real Player] "C:\Program Files\Real\Real One Player\realplay.exe" /Run UPGTool Command Re Boot O4 - HKCU\..\Run: [update Mgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\Adobe Update Ac Rd B7_0_9O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\O4 - Startup: Auto O4 - Global Startup: Adobe Reader Speed = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_O4 - Global Startup: HP Digital Imaging = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08O4 - Global Startup: Motorola Wireless USB = ? - C:\Program Files\i Pod\bin\i Pod O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32O23 - Service: Softex Omni Pass Service (omniserv) - Unknown owner - C:\Program Files\Softex\Omni Pass\O23 - Service: Ventrilo - Unknown owner - C:\Program Files\Vent Srv\ventrilo_O23 - Service: Windows Network Log Manage - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\MSInfo\Smit Fraud Fix v2.166Scan done at .25, Fri 04/13/2007Run from C:\Documents and Settings\Owner\Desktop\Smitfraud Fix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NTThe filesystem type is NTFSFix run in safe mode Shared Task Scheduler Before Smit Fraud Fix!!! Alexa][Alexa Toolbar]127.0.0.1 #[Backdoor-CIE]127.0.0.1 ads.as4#[Ticketmaster]127.0.0.1 net127.0.0.1 net127.0.0.1 ads.amazingmedia.com127.0.0.1 bohema.#[Trojan. H]127.0.0.1 adserver04.#[Real Media]127.0.0.1 ads.antionline.com127.0.0.1 net127.0.0.1 banner.arttoday.com127.0.0.1 #[amazon.com]127.0.0.1 #[UCSearch][W32. Surebar]127.0.0.1 ads.ezcybersearch.com127.0.0.1 everyone.net127.0.0.1 Search]127.0.0.1 ads.au127.0.0.1 au127.0.0.1 redirect.au127.0.0.1 campaigns.f2au127.0.0.1 Search][TROJ_STARTPAG. Bi Spy.o]127.0.0.1 mvtracker.com127.0.0.1 mvr3#[Nav Excel\n-CASE]127.0.0.1 #[Parasite. No Adware]127.0.0.1 ad.nobreak.com127.0.0.1 #[spam][server down?

O4 - Global Startup: Quicken Scheduled = C:\Program Files\Quicken\O4 - Global Startup: Updates from = C:\Program Files\Updates from HP\137903\Program\Back Web-137903O8 - Extra context menu item: &Yahoo! Attention, following keys are not inevitably infected!!! Ri Search Shared Task Scheduler's .dll[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Explorer\Shared Task Scheduler]""="frisbee"[HKEY_CLASSES_ROOT\CLSID\\In Proc Server32]@="C:\WINDOWS\system32\ygjun.dll"[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\\In Proc Server32]@="C:\WINDOWS\system32\ygjun.dll" Killing process hosts127.0.0.1 downloads.aaa1#[Bargin Buddy]127.0.0.1 dl.aaascreensavers.com127.0.0.1 abcsearch.com127.0.0.1 admin.abcsearch.com127.0.0.1 www3.#[Browseraid]127.0.0.1 abc517#[Trojan. Nav Excel]127.0.0.1 us127.0.0.1 ads.mydailyhoroscope.net127.0.0.1 Horoscope]127.0.0.1 com127.0.0.1 myhitlogger.com127.0.0.1 #[Parasite. My Page Finder]127.0.0.1 hit.namimedia.com127.0.0.1 ads.nandomedia.com127.0.0.1 #[Adware. Needed Ware]127.0.0.1 www6.netbroadcaster.com127.0.0.1 code.au127.0.0.1 money2.netfirms.com127.0.0.1 partner.netmechanic.com127.0.0.1 tracker.netmechanic.com127.0.0.1 counter.netmore.net127.0.0.1 ads.netsol.com127.0.0.1 ads.uk127.0.0.1 adq.nextag.com127.0.0.1 #[TROJ_DELF.

]] Security Packages REG_MULTI_SZ kerberos[[

EXE\"""Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide""One Care UI"="\"C:\\Program Files\\Microsoft Windows One Care Live\\winssnotify.exe\"" [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]"DWQueued Reporting"="\"C:\\PROGRA~1\\COMMON~1\\MICROS~1\\DW\\dwtrig20.exe\" -t"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"Disable Task Mgr"=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]""="frisbee"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]""="Microsoft Anti Malware Shell Execute Hook"HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]"Security Providers"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages REG_MULTI_SZ msv1_0\0\0 Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0 Notification Packages REG_MULTI_SZ scecli\0\0HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\One Care MP [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\Current Version\Svchost]Local Service REG_MULTI_SZ Alerter\0Web Client\0Lm Hosts\0Remote Registry\0upnphost\0SSDPSRV\0\0Network Service REG_MULTI_SZ Dns Cache\0\0rpcss REG_MULTI_SZ Rpc Ss\0\0imgsvc REG_MULTI_SZ Sti Svc\0\0termsvcs REG_MULTI_SZ Term Service\0\0HTTPFilter REG_MULTI_SZ HTTPFilter\0\0Dcom Launch REG_MULTI_SZ Dcom Launch\0Term Service\0\0Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\MP Scheduled Quick C:\WINDOWS\tasks\MP Scheduled C:\WINDOWS\tasks\MP Scheduled Signature C:\WINDOWS\tasks\Symantec Net Detect.job********************************************************************catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006 hidden processes ...scanning hidden services ...scanning hidden autostart entries ...scanning hidden files ..completed successfullyhidden processes: 0hidden services: 0hidden files: 0********************************************************************Completion time: 07-04-13 C:\Combo ... EXEO4 - HKLM\..\Run: [Storage Guard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [Tk Bell Exe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Auto TKit] C:\hp\bin\AUTOTKIT. EXE C:\WINDOWS\System32\Nv Cpl.dll, Nv Startup O4 - HKLM\..\Run: [nwiz] /installquiet /keeploaded /nodetect O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\O4 - HKLM\..\Run: [Alcx Monitor] ALCXMNTR. DLLO18 - Protocol: msnim - - C:\PROGRA~1\MSNMES~1\MSGRAP~1. Adtomi]127.0.0.1 downldcl.adtoolsinc.com127.0.0.1 survey.advantageresearch.com127.0.0.1 ad.tw127.0.0.1 ads.advertise.net127.0.0.1 #[Adware. Arm Bender]127.0.0.1 audiogalaxy.com127.0.0.1 Zone site]127.0.0.1 adserving.autotrader.com127.0.0.1 Moe Money]127.0.0.1 Page-DA]127.0.0.1 c.#[ah-ha.com]127.0.0.1 #[xzoomy.com]127.0.0.1 epeople.com127.0.0.1 errorpage404#[JS_TRAFFICHBAR. Tiny Bar]127.0.0.1 er.errorplace.com127.0.0.1 vipuk.#[123Messenger Hijacker]127.0.0.1 antivirus spyware]127.0.0.1 Page-EZ][server down? Meerhits.nl]127.0.0.1 pokpok.meerhits.nl127.0.0.1 exit.megago.com127.0.0.1 squatter]127.0.0.1 Zone site]127.0.0.1 If so, click it, then click the next icon right below and select "Move incurable". Please copy/paste the content of that report into your next reply.*****************************Launch HJThis,click 'Open the Misc Tools Section'. EXEC:\Program Files\Microsoft Windows One Care Live\Firewall\C:\Program Files\Microsoft Windows One Care Live\C:\Program Files\Softex\Omni Pass\C:\WINDOWS\Explorer. Download Plus]127.0.0.1 ad.tomshardware.com127.0.0.1 #[IEDLL. EXEC:\windows\system\C:\WINDOWS\System32\C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\C:\Program Files\HP\HP Software Update\HPWu C:\WINDOWS\System32\hphmon05C:\HP\KBD\KBD. 07-04-13 Hijack logs Logfile of Hijack This v1.99.1Scan saved at AM, on 4/13/2007Platform: Windows XP SP2 (Win NT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16414)Running processes: C:\WINDOWS\System32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\Program Files\Microsoft Windows One Care Live\Antivirus\Ms Mp C:\WINDOWS\system32\C:\Program Files\Softex\Omni Pass\C:\WINDOWS\C:\Documents and Settings\Owner\Desktop\Hijack R1 - HKCU\Software\Microsoft\Internet Connection Wizard, Shell Next = - HKCU\Software\Microsoft\Windows\Current Version\Internet Settings, Proxy Override = localhost R3 - URLSearch Hook: Yahoo! EXEO4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD. EXEO4 - HKLM\..\Run: [Igfx Tray] C:\WINDOWS\System32\O4 - HKLM\..\Run: [Quick Time Task] "C:\Program Files\Quick Time\qttask.exe" -atboottime O4 - HKLM\..\Run: [i Tunes Helper] "C:\Program Files\i Tunes\i Tunes Helper.exe"O4 - HKLM\..\Run: [Quick Finder Scheduler] "c:\Program Files\Word Perfect Office 11\Programs\QFSCHD110. DLLO20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\Omni Pass\O20 - Winlogon Notify: Wga Logon - C:\WINDOWS\SYSTEM32\Wga O23 - Service: i Pod Service - Apple Computer, Inc. Advision]127.0.0.1 adviva.com127.0.0.1 ads.adviva.net127.0.0.1 adstats.adviva.net127.0.0.1 tracker.#[msvrl.dll]127.0.0.1 banners.affiliatefuel.com127.0.0.1 affiliatetarget.com127.0.0.1 fcds.affiliatetracking.net127.0.0.1 our.affiliatetracking.net127.0.0.1 partner.#[Troj/Subsear-A][Adware-SSF.dr]127.0.0.1 adserver.aim4media.com127.0.0.1 adtest.aim4media.com127.0.0.1 pops.aim4media.com127.0.0.1 crs.akamai.com127.0.0.1 soap.#[Spyware. Auto Startup]127.0.0.1 cploving.#[Trojan Clicker. ]127.0.0.1 perso.estat.com127.0.0.1 prof.estat.com127.0.0.1 Zone site]127.0.0.1 eu-adcenter.net127.0.0.1 thinknyc.eu-adcenter.net127.0.0.1 ugo.#[evidence-eliminator.com]127.0.0.1 Bar][Installer X Class]127.0.0.1 engage.everyone.net127.0.0.1 static.everyone.net127.0.0.1 exitexchange.com127.0.0.1 count.exitexchange.com127.0.0.1 images.exitexchange.com127.0.0.1 Zone site]127.0.0.1 #[EZCyber Search. A]127.0.0.1 net #[Grolier Network]127.0.0.1 micorsoft.com127.0.0.1 hijacker]127.0.0.1 adserver.mindshare.de127.0.0.1 Mini-Player]127.0.0.1 banner.missingkids.com127.0.0.1 ads.monster.com127.0.0.1 adserver.monster.com127.0.0.1 adserver.monster.com127.0.0.1 ads.monstermoving.com127.0.0.1 cookie.monster.com127.0.0.1 mp3today.net127.0.0.1 mpamexit.com127.0.0.1 msgtag.com127.0.0.1 img.#[Restricted Zone site]127.0.0.1 multi1co.uk127.0.0.1 #[Multimpp Obj Class][Adv Ware. Now Box]127.0.0.1 mediatickets.nubela.net127.0.0.1 nz127.0.0.1 okcounter.com127.0.0.1 net #[Trojan. C]127.0.0.1 stat.onestat.com127.0.0.1 one.ru127.0.0.1 ru127.0.0.1 stats0ru127.0.0.1 stats1ru127.0.0.1 stats2ru127.0.0.1 server1.opentracker.net127.0.0.1 ccc00.opinionlab.com127.0.0.1 rate.opinionlab.com127.0.0.1 net127.0.0.1 Organizer Class]127.0.0.1 com127.0.0.1 com127.0.0.1 otx5.otxresearch.com127.0.0.1 otx.#[OTXMedia.dll]127.0.0.1 Class]127.0.0.1 adpopper.#[bargain-buddy.net]127.0.0.1 click.payserve.com127.0.0.1 ad1com127.0.0.1 ad3com127.0.0.1 com127.0.0.1 ad4com127.0.0.1 ads5com127.0.0.1 com127.0.0.1 net127.0.0.1 ads.#[addynamix.com]127.0.0.1 banners.pennyweb.com127.0.0.1 D]127.0.0.1 ads.photosight.ru127.0.0.1 phpadsnew.com127.0.0.1 #[Backdoor. EXE"O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [One Care UI] "C:\Program Files\Microsoft Windows One Care Live\winssnotify.exe"O4 - HKCU\..\Run: [Backup Notify] c:\Program Files\Hewlett-Packard\Digital Imaging\bin\O4 - HKCU\..\Run: [NVIEW] rundll32nview.dll,n View Load Hook O4 - HKCU\..\Run: [Real Player] "C:\Program Files\Real\Real One Player\realplay.exe" /Run UPGTool Command Re Boot O4 - HKCU\..\Run: [update Mgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\Adobe Update Ac Rd B7_0_9O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\O4 - Startup: Auto O4 - Global Startup: Adobe Reader Speed = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_O4 - Global Startup: HP Digital Imaging = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08O4 - Global Startup: Motorola Wireless USB = ? - C:\Program Files\i Pod\bin\i Pod O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32O23 - Service: Softex Omni Pass Service (omniserv) - Unknown owner - C:\Program Files\Softex\Omni Pass\O23 - Service: Ventrilo - Unknown owner - C:\Program Files\Vent Srv\ventrilo_O23 - Service: Windows Network Log Manage - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\MSInfo\Smit Fraud Fix v2.166Scan done at .25, Fri 04/13/2007Run from C:\Documents and Settings\Owner\Desktop\Smitfraud Fix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NTThe filesystem type is NTFSFix run in safe mode Shared Task Scheduler Before Smit Fraud Fix!!! Alexa][Alexa Toolbar]127.0.0.1 #[Backdoor-CIE]127.0.0.1 ads.as4#[Ticketmaster]127.0.0.1 net127.0.0.1 net127.0.0.1 ads.amazingmedia.com127.0.0.1 bohema.#[Trojan. H]127.0.0.1 adserver04.#[Real Media]127.0.0.1 ads.antionline.com127.0.0.1 net127.0.0.1 banner.arttoday.com127.0.0.1 #[amazon.com]127.0.0.1 #[UCSearch][W32. Surebar]127.0.0.1 ads.ezcybersearch.com127.0.0.1 everyone.net127.0.0.1 Search]127.0.0.1 ads.au127.0.0.1 au127.0.0.1 redirect.au127.0.0.1 campaigns.f2au127.0.0.1 Search][TROJ_STARTPAG. Bi Spy.o]127.0.0.1 mvtracker.com127.0.0.1 mvr3#[Nav Excel\n-CASE]127.0.0.1 #[Parasite. No Adware]127.0.0.1 ad.nobreak.com127.0.0.1 #[spam][server down? O4 - Global Startup: Quicken Scheduled = C:\Program Files\Quicken\O4 - Global Startup: Updates from = C:\Program Files\Updates from HP\137903\Program\Back Web-137903O8 - Extra context menu item: &Yahoo! Attention, following keys are not inevitably infected!!! Ri Search Shared Task Scheduler's .dll[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Explorer\Shared Task Scheduler]""="frisbee"[HKEY_CLASSES_ROOT\CLSID\\In Proc Server32]@="C:\WINDOWS\system32\ygjun.dll"[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\\In Proc Server32]@="C:\WINDOWS\system32\ygjun.dll" Killing process hosts127.0.0.1 downloads.aaa1#[Bargin Buddy]127.0.0.1 dl.aaascreensavers.com127.0.0.1 abcsearch.com127.0.0.1 admin.abcsearch.com127.0.0.1 www3.#[Browseraid]127.0.0.1 abc517#[Trojan. Nav Excel]127.0.0.1 us127.0.0.1 ads.mydailyhoroscope.net127.0.0.1 Horoscope]127.0.0.1 com127.0.0.1 myhitlogger.com127.0.0.1 #[Parasite. My Page Finder]127.0.0.1 hit.namimedia.com127.0.0.1 ads.nandomedia.com127.0.0.1 #[Adware. Needed Ware]127.0.0.1 www6.netbroadcaster.com127.0.0.1 code.au127.0.0.1 money2.netfirms.com127.0.0.1 partner.netmechanic.com127.0.0.1 tracker.netmechanic.com127.0.0.1 counter.netmore.net127.0.0.1 ads.netsol.com127.0.0.1 ads.uk127.0.0.1 adq.nextag.com127.0.0.1 #[TROJ_DELF.

||

EXE\"""Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide""One Care UI"="\"C:\\Program Files\\Microsoft Windows One Care Live\\winssnotify.exe\"" [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]"DWQueued Reporting"="\"C:\\PROGRA~1\\COMMON~1\\MICROS~1\\DW\\dwtrig20.exe\" -t"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"Disable Task Mgr"=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]""="frisbee"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]""="Microsoft Anti Malware Shell Execute Hook"HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]"Security Providers"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages REG_MULTI_SZ msv1_0\0\0 Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0 Notification Packages REG_MULTI_SZ scecli\0\0HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\One Care MP [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\Current Version\Svchost]Local Service REG_MULTI_SZ Alerter\0Web Client\0Lm Hosts\0Remote Registry\0upnphost\0SSDPSRV\0\0Network Service REG_MULTI_SZ Dns Cache\0\0rpcss REG_MULTI_SZ Rpc Ss\0\0imgsvc REG_MULTI_SZ Sti Svc\0\0termsvcs REG_MULTI_SZ Term Service\0\0HTTPFilter REG_MULTI_SZ HTTPFilter\0\0Dcom Launch REG_MULTI_SZ Dcom Launch\0Term Service\0\0Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\MP Scheduled Quick C:\WINDOWS\tasks\MP Scheduled C:\WINDOWS\tasks\MP Scheduled Signature C:\WINDOWS\tasks\Symantec Net Detect.job********************************************************************catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006 hidden processes ...scanning hidden services ...scanning hidden autostart entries ...scanning hidden files ..completed successfullyhidden processes: 0hidden services: 0hidden files: 0********************************************************************Completion time: 07-04-13 C:\Combo ... EXEO4 - HKLM\..\Run: [Storage Guard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [Tk Bell Exe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Auto TKit] C:\hp\bin\AUTOTKIT. EXE C:\WINDOWS\System32\Nv Cpl.dll, Nv Startup O4 - HKLM\..\Run: [nwiz] /installquiet /keeploaded /nodetect O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\O4 - HKLM\..\Run: [Alcx Monitor] ALCXMNTR. DLLO18 - Protocol: msnim - - C:\PROGRA~1\MSNMES~1\MSGRAP~1. Adtomi]127.0.0.1 downldcl.adtoolsinc.com127.0.0.1 survey.advantageresearch.com127.0.0.1 ad.tw127.0.0.1 ads.advertise.net127.0.0.1 #[Adware. Arm Bender]127.0.0.1 audiogalaxy.com127.0.0.1 Zone site]127.0.0.1 adserving.autotrader.com127.0.0.1 Moe Money]127.0.0.1 Page-DA]127.0.0.1 c.#[ah-ha.com]127.0.0.1 #[xzoomy.com]127.0.0.1 epeople.com127.0.0.1 errorpage404#[JS_TRAFFICHBAR. Tiny Bar]127.0.0.1 er.errorplace.com127.0.0.1 vipuk.#[123Messenger Hijacker]127.0.0.1 antivirus spyware]127.0.0.1 Page-EZ][server down? Meerhits.nl]127.0.0.1 pokpok.meerhits.nl127.0.0.1 exit.megago.com127.0.0.1 squatter]127.0.0.1 Zone site]127.0.0.1

If so, click it, then click the next icon right below and select "Move incurable". Please copy/paste the content of that report into your next reply.*****************************Launch HJThis,click 'Open the Misc Tools Section'. EXEC:\Program Files\Microsoft Windows One Care Live\Firewall\C:\Program Files\Microsoft Windows One Care Live\C:\Program Files\Softex\Omni Pass\C:\WINDOWS\Explorer. Download Plus]127.0.0.1 ad.tomshardware.com127.0.0.1 #[IEDLL.

EXEC:\windows\system\C:\WINDOWS\System32\C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\C:\Program Files\HP\HP Software Update\HPWu C:\WINDOWS\System32\hphmon05C:\HP\KBD\KBD.

07-04-13 Hijack logs Logfile of Hijack This v1.99.1Scan saved at AM, on 4/13/2007Platform: Windows XP SP2 (Win NT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16414)Running processes: C:\WINDOWS\System32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\Program Files\Microsoft Windows One Care Live\Antivirus\Ms Mp C:\WINDOWS\system32\C:\Program Files\Softex\Omni Pass\C:\WINDOWS\C:\Documents and Settings\Owner\Desktop\Hijack R1 - HKCU\Software\Microsoft\Internet Connection Wizard, Shell Next = - HKCU\Software\Microsoft\Windows\Current Version\Internet Settings, Proxy Override = localhost R3 - URLSearch Hook: Yahoo! EXEO4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD. EXEO4 - HKLM\..\Run: [Igfx Tray] C:\WINDOWS\System32\O4 - HKLM\..\Run: [Quick Time Task] "C:\Program Files\Quick Time\qttask.exe" -atboottime O4 - HKLM\..\Run: [i Tunes Helper] "C:\Program Files\i Tunes\i Tunes Helper.exe"O4 - HKLM\..\Run: [Quick Finder Scheduler] "c:\Program Files\Word Perfect Office 11\Programs\QFSCHD110. DLLO20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\Omni Pass\O20 - Winlogon Notify: Wga Logon - C:\WINDOWS\SYSTEM32\Wga O23 - Service: i Pod Service - Apple Computer, Inc. Advision]127.0.0.1 adviva.com127.0.0.1 ads.adviva.net127.0.0.1 adstats.adviva.net127.0.0.1 tracker.#[msvrl.dll]127.0.0.1 banners.affiliatefuel.com127.0.0.1 affiliatetarget.com127.0.0.1 fcds.affiliatetracking.net127.0.0.1 our.affiliatetracking.net127.0.0.1 partner.#[Troj/Subsear-A][Adware-SSF.dr]127.0.0.1 adserver.aim4media.com127.0.0.1 adtest.aim4media.com127.0.0.1 pops.aim4media.com127.0.0.1 crs.akamai.com127.0.0.1 soap.#[Spyware. Auto Startup]127.0.0.1 cploving.#[Trojan Clicker. ]127.0.0.1 perso.estat.com127.0.0.1 prof.estat.com127.0.0.1 Zone site]127.0.0.1 eu-adcenter.net127.0.0.1 thinknyc.eu-adcenter.net127.0.0.1 ugo.#[evidence-eliminator.com]127.0.0.1 Bar][Installer X Class]127.0.0.1 engage.everyone.net127.0.0.1 static.everyone.net127.0.0.1 exitexchange.com127.0.0.1 count.exitexchange.com127.0.0.1 images.exitexchange.com127.0.0.1 Zone site]127.0.0.1 #[EZCyber Search. A]127.0.0.1 net #[Grolier Network]127.0.0.1 micorsoft.com127.0.0.1 hijacker]127.0.0.1 adserver.mindshare.de127.0.0.1 Mini-Player]127.0.0.1 banner.missingkids.com127.0.0.1 ads.monster.com127.0.0.1 adserver.monster.com127.0.0.1 adserver.monster.com127.0.0.1 ads.monstermoving.com127.0.0.1 cookie.monster.com127.0.0.1 mp3today.net127.0.0.1 mpamexit.com127.0.0.1 msgtag.com127.0.0.1 img.#[Restricted Zone site]127.0.0.1 multi1co.uk127.0.0.1 #[Multimpp Obj Class][Adv Ware. Now Box]127.0.0.1 mediatickets.nubela.net127.0.0.1 nz127.0.0.1 okcounter.com127.0.0.1 net #[Trojan. C]127.0.0.1 stat.onestat.com127.0.0.1 one.ru127.0.0.1 ru127.0.0.1 stats0ru127.0.0.1 stats1ru127.0.0.1 stats2ru127.0.0.1 server1.opentracker.net127.0.0.1 ccc00.opinionlab.com127.0.0.1 rate.opinionlab.com127.0.0.1 net127.0.0.1 Organizer Class]127.0.0.1 com127.0.0.1 com127.0.0.1 otx5.otxresearch.com127.0.0.1 otx.#[OTXMedia.dll]127.0.0.1 Class]127.0.0.1 adpopper.#[bargain-buddy.net]127.0.0.1 click.payserve.com127.0.0.1 ad1com127.0.0.1 ad3com127.0.0.1 com127.0.0.1 ad4com127.0.0.1 ads5com127.0.0.1 com127.0.0.1 net127.0.0.1 ads.#[addynamix.com]127.0.0.1 banners.pennyweb.com127.0.0.1 D]127.0.0.1 ads.photosight.ru127.0.0.1 phpadsnew.com127.0.0.1 #[Backdoor.

EXE"O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [One Care UI] "C:\Program Files\Microsoft Windows One Care Live\winssnotify.exe"O4 - HKCU\..\Run: [Backup Notify] c:\Program Files\Hewlett-Packard\Digital Imaging\bin\O4 - HKCU\..\Run: [NVIEW] rundll32nview.dll,n View Load Hook O4 - HKCU\..\Run: [Real Player] "C:\Program Files\Real\Real One Player\realplay.exe" /Run UPGTool Command Re Boot O4 - HKCU\..\Run: [update Mgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\Adobe Update Ac Rd B7_0_9O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\O4 - Startup: Auto O4 - Global Startup: Adobe Reader Speed = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_O4 - Global Startup: HP Digital Imaging = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08O4 - Global Startup: Motorola Wireless USB = ? - C:\Program Files\i Pod\bin\i Pod O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32O23 - Service: Softex Omni Pass Service (omniserv) - Unknown owner - C:\Program Files\Softex\Omni Pass\O23 - Service: Ventrilo - Unknown owner - C:\Program Files\Vent Srv\ventrilo_O23 - Service: Windows Network Log Manage - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\MSInfo\Smit Fraud Fix v2.166Scan done at .25, Fri 04/13/2007Run from C:\Documents and Settings\Owner\Desktop\Smitfraud Fix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NTThe filesystem type is NTFSFix run in safe mode Shared Task Scheduler Before Smit Fraud Fix!!! Alexa][Alexa Toolbar]127.0.0.1 #[Backdoor-CIE]127.0.0.1 ads.as4#[Ticketmaster]127.0.0.1 net127.0.0.1 net127.0.0.1 ads.amazingmedia.com127.0.0.1 bohema.#[Trojan. H]127.0.0.1 adserver04.#[Real Media]127.0.0.1 ads.antionline.com127.0.0.1 net127.0.0.1 banner.arttoday.com127.0.0.1 #[amazon.com]127.0.0.1 #[UCSearch][W32. Surebar]127.0.0.1 ads.ezcybersearch.com127.0.0.1 everyone.net127.0.0.1 Search]127.0.0.1 ads.au127.0.0.1 au127.0.0.1 redirect.au127.0.0.1 campaigns.f2au127.0.0.1 Search][TROJ_STARTPAG. Bi Spy.o]127.0.0.1 mvtracker.com127.0.0.1 mvr3#[Nav Excel\n-CASE]127.0.0.1 #[Parasite. No Adware]127.0.0.1 ad.nobreak.com127.0.0.1 #[spam][server down?

O4 - Global Startup: Quicken Scheduled = C:\Program Files\Quicken\O4 - Global Startup: Updates from = C:\Program Files\Updates from HP\137903\Program\Back Web-137903O8 - Extra context menu item: &Yahoo! Attention, following keys are not inevitably infected!!! Ri Search Shared Task Scheduler's .dll[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Explorer\Shared Task Scheduler]""="frisbee"[HKEY_CLASSES_ROOT\CLSID\\In Proc Server32]@="C:\WINDOWS\system32\ygjun.dll"[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\\In Proc Server32]@="C:\WINDOWS\system32\ygjun.dll" Killing process hosts127.0.0.1 downloads.aaa1#[Bargin Buddy]127.0.0.1 dl.aaascreensavers.com127.0.0.1 abcsearch.com127.0.0.1 admin.abcsearch.com127.0.0.1 www3.#[Browseraid]127.0.0.1 abc517#[Trojan. Nav Excel]127.0.0.1 us127.0.0.1 ads.mydailyhoroscope.net127.0.0.1 Horoscope]127.0.0.1 com127.0.0.1 myhitlogger.com127.0.0.1 #[Parasite. My Page Finder]127.0.0.1 hit.namimedia.com127.0.0.1 ads.nandomedia.com127.0.0.1 #[Adware. Needed Ware]127.0.0.1 www6.netbroadcaster.com127.0.0.1 code.au127.0.0.1 money2.netfirms.com127.0.0.1 partner.netmechanic.com127.0.0.1 tracker.netmechanic.com127.0.0.1 counter.netmore.net127.0.0.1 ads.netsol.com127.0.0.1 ads.uk127.0.0.1 adq.nextag.com127.0.0.1 #[TROJ_DELF.

]]msv1_0[[

EXE\"""Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide""One Care UI"="\"C:\\Program Files\\Microsoft Windows One Care Live\\winssnotify.exe\"" [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]"DWQueued Reporting"="\"C:\\PROGRA~1\\COMMON~1\\MICROS~1\\DW\\dwtrig20.exe\" -t"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"Disable Task Mgr"=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]""="frisbee"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]""="Microsoft Anti Malware Shell Execute Hook"HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]"Security Providers"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages REG_MULTI_SZ msv1_0\0\0 Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0 Notification Packages REG_MULTI_SZ scecli\0\0HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\One Care MP [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\Current Version\Svchost]Local Service REG_MULTI_SZ Alerter\0Web Client\0Lm Hosts\0Remote Registry\0upnphost\0SSDPSRV\0\0Network Service REG_MULTI_SZ Dns Cache\0\0rpcss REG_MULTI_SZ Rpc Ss\0\0imgsvc REG_MULTI_SZ Sti Svc\0\0termsvcs REG_MULTI_SZ Term Service\0\0HTTPFilter REG_MULTI_SZ HTTPFilter\0\0Dcom Launch REG_MULTI_SZ Dcom Launch\0Term Service\0\0Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\MP Scheduled Quick C:\WINDOWS\tasks\MP Scheduled C:\WINDOWS\tasks\MP Scheduled Signature C:\WINDOWS\tasks\Symantec Net Detect.job********************************************************************catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006 hidden processes ...scanning hidden services ...scanning hidden autostart entries ...scanning hidden files ..completed successfullyhidden processes: 0hidden services: 0hidden files: 0********************************************************************Completion time: 07-04-13 C:\Combo ... EXEO4 - HKLM\..\Run: [Storage Guard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [Tk Bell Exe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Auto TKit] C:\hp\bin\AUTOTKIT. EXE C:\WINDOWS\System32\Nv Cpl.dll, Nv Startup O4 - HKLM\..\Run: [nwiz] /installquiet /keeploaded /nodetect O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\O4 - HKLM\..\Run: [Alcx Monitor] ALCXMNTR. DLLO18 - Protocol: msnim - - C:\PROGRA~1\MSNMES~1\MSGRAP~1. Adtomi]127.0.0.1 downldcl.adtoolsinc.com127.0.0.1 survey.advantageresearch.com127.0.0.1 ad.tw127.0.0.1 ads.advertise.net127.0.0.1 #[Adware. Arm Bender]127.0.0.1 audiogalaxy.com127.0.0.1 Zone site]127.0.0.1 adserving.autotrader.com127.0.0.1 Moe Money]127.0.0.1 Page-DA]127.0.0.1 c.#[ah-ha.com]127.0.0.1 #[xzoomy.com]127.0.0.1 epeople.com127.0.0.1 errorpage404#[JS_TRAFFICHBAR. Tiny Bar]127.0.0.1 er.errorplace.com127.0.0.1 vipuk.#[123Messenger Hijacker]127.0.0.1 antivirus spyware]127.0.0.1 Page-EZ][server down? Meerhits.nl]127.0.0.1 pokpok.meerhits.nl127.0.0.1 exit.megago.com127.0.0.1 squatter]127.0.0.1 Zone site]127.0.0.1 If so, click it, then click the next icon right below and select "Move incurable". Please copy/paste the content of that report into your next reply.*****************************Launch HJThis,click 'Open the Misc Tools Section'. EXEC:\Program Files\Microsoft Windows One Care Live\Firewall\C:\Program Files\Microsoft Windows One Care Live\C:\Program Files\Softex\Omni Pass\C:\WINDOWS\Explorer. Download Plus]127.0.0.1 ad.tomshardware.com127.0.0.1 #[IEDLL. EXEC:\windows\system\C:\WINDOWS\System32\C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\C:\Program Files\HP\HP Software Update\HPWu C:\WINDOWS\System32\hphmon05C:\HP\KBD\KBD. 07-04-13 Hijack logs Logfile of Hijack This v1.99.1Scan saved at AM, on 4/13/2007Platform: Windows XP SP2 (Win NT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16414)Running processes: C:\WINDOWS\System32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\Program Files\Microsoft Windows One Care Live\Antivirus\Ms Mp C:\WINDOWS\system32\C:\Program Files\Softex\Omni Pass\C:\WINDOWS\C:\Documents and Settings\Owner\Desktop\Hijack R1 - HKCU\Software\Microsoft\Internet Connection Wizard, Shell Next = - HKCU\Software\Microsoft\Windows\Current Version\Internet Settings, Proxy Override = localhost R3 - URLSearch Hook: Yahoo! EXEO4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD. EXEO4 - HKLM\..\Run: [Igfx Tray] C:\WINDOWS\System32\O4 - HKLM\..\Run: [Quick Time Task] "C:\Program Files\Quick Time\qttask.exe" -atboottime O4 - HKLM\..\Run: [i Tunes Helper] "C:\Program Files\i Tunes\i Tunes Helper.exe"O4 - HKLM\..\Run: [Quick Finder Scheduler] "c:\Program Files\Word Perfect Office 11\Programs\QFSCHD110. DLLO20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\Omni Pass\O20 - Winlogon Notify: Wga Logon - C:\WINDOWS\SYSTEM32\Wga O23 - Service: i Pod Service - Apple Computer, Inc. Advision]127.0.0.1 adviva.com127.0.0.1 ads.adviva.net127.0.0.1 adstats.adviva.net127.0.0.1 tracker.#[msvrl.dll]127.0.0.1 banners.affiliatefuel.com127.0.0.1 affiliatetarget.com127.0.0.1 fcds.affiliatetracking.net127.0.0.1 our.affiliatetracking.net127.0.0.1 partner.#[Troj/Subsear-A][Adware-SSF.dr]127.0.0.1 adserver.aim4media.com127.0.0.1 adtest.aim4media.com127.0.0.1 pops.aim4media.com127.0.0.1 crs.akamai.com127.0.0.1 soap.#[Spyware. Auto Startup]127.0.0.1 cploving.#[Trojan Clicker. ]127.0.0.1 perso.estat.com127.0.0.1 prof.estat.com127.0.0.1 Zone site]127.0.0.1 eu-adcenter.net127.0.0.1 thinknyc.eu-adcenter.net127.0.0.1 ugo.#[evidence-eliminator.com]127.0.0.1 Bar][Installer X Class]127.0.0.1 engage.everyone.net127.0.0.1 static.everyone.net127.0.0.1 exitexchange.com127.0.0.1 count.exitexchange.com127.0.0.1 images.exitexchange.com127.0.0.1 Zone site]127.0.0.1 #[EZCyber Search. A]127.0.0.1 net #[Grolier Network]127.0.0.1 micorsoft.com127.0.0.1 hijacker]127.0.0.1 adserver.mindshare.de127.0.0.1 Mini-Player]127.0.0.1 banner.missingkids.com127.0.0.1 ads.monster.com127.0.0.1 adserver.monster.com127.0.0.1 adserver.monster.com127.0.0.1 ads.monstermoving.com127.0.0.1 cookie.monster.com127.0.0.1 mp3today.net127.0.0.1 mpamexit.com127.0.0.1 msgtag.com127.0.0.1 img.#[Restricted Zone site]127.0.0.1 multi1co.uk127.0.0.1 #[Multimpp Obj Class][Adv Ware. Now Box]127.0.0.1 mediatickets.nubela.net127.0.0.1 nz127.0.0.1 okcounter.com127.0.0.1 net #[Trojan. C]127.0.0.1 stat.onestat.com127.0.0.1 one.ru127.0.0.1 ru127.0.0.1 stats0ru127.0.0.1 stats1ru127.0.0.1 stats2ru127.0.0.1 server1.opentracker.net127.0.0.1 ccc00.opinionlab.com127.0.0.1 rate.opinionlab.com127.0.0.1 net127.0.0.1 Organizer Class]127.0.0.1 com127.0.0.1 com127.0.0.1 otx5.otxresearch.com127.0.0.1 otx.#[OTXMedia.dll]127.0.0.1 Class]127.0.0.1 adpopper.#[bargain-buddy.net]127.0.0.1 click.payserve.com127.0.0.1 ad1com127.0.0.1 ad3com127.0.0.1 com127.0.0.1 ad4com127.0.0.1 ads5com127.0.0.1 com127.0.0.1 net127.0.0.1 ads.#[addynamix.com]127.0.0.1 banners.pennyweb.com127.0.0.1 D]127.0.0.1 ads.photosight.ru127.0.0.1 phpadsnew.com127.0.0.1 #[Backdoor. EXE"O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [One Care UI] "C:\Program Files\Microsoft Windows One Care Live\winssnotify.exe"O4 - HKCU\..\Run: [Backup Notify] c:\Program Files\Hewlett-Packard\Digital Imaging\bin\O4 - HKCU\..\Run: [NVIEW] rundll32nview.dll,n View Load Hook O4 - HKCU\..\Run: [Real Player] "C:\Program Files\Real\Real One Player\realplay.exe" /Run UPGTool Command Re Boot O4 - HKCU\..\Run: [update Mgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\Adobe Update Ac Rd B7_0_9O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\O4 - Startup: Auto O4 - Global Startup: Adobe Reader Speed = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_O4 - Global Startup: HP Digital Imaging = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08O4 - Global Startup: Motorola Wireless USB = ? - C:\Program Files\i Pod\bin\i Pod O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32O23 - Service: Softex Omni Pass Service (omniserv) - Unknown owner - C:\Program Files\Softex\Omni Pass\O23 - Service: Ventrilo - Unknown owner - C:\Program Files\Vent Srv\ventrilo_O23 - Service: Windows Network Log Manage - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\MSInfo\Smit Fraud Fix v2.166Scan done at .25, Fri 04/13/2007Run from C:\Documents and Settings\Owner\Desktop\Smitfraud Fix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NTThe filesystem type is NTFSFix run in safe mode Shared Task Scheduler Before Smit Fraud Fix!!! Alexa][Alexa Toolbar]127.0.0.1 #[Backdoor-CIE]127.0.0.1 ads.as4#[Ticketmaster]127.0.0.1 net127.0.0.1 net127.0.0.1 ads.amazingmedia.com127.0.0.1 bohema.#[Trojan. H]127.0.0.1 adserver04.#[Real Media]127.0.0.1 ads.antionline.com127.0.0.1 net127.0.0.1 banner.arttoday.com127.0.0.1 #[amazon.com]127.0.0.1 #[UCSearch][W32. Surebar]127.0.0.1 ads.ezcybersearch.com127.0.0.1 everyone.net127.0.0.1 Search]127.0.0.1 ads.au127.0.0.1 au127.0.0.1 redirect.au127.0.0.1 campaigns.f2au127.0.0.1 Search][TROJ_STARTPAG. Bi Spy.o]127.0.0.1 mvtracker.com127.0.0.1 mvr3#[Nav Excel\n-CASE]127.0.0.1 #[Parasite. No Adware]127.0.0.1 ad.nobreak.com127.0.0.1 #[spam][server down? O4 - Global Startup: Quicken Scheduled = C:\Program Files\Quicken\O4 - Global Startup: Updates from = C:\Program Files\Updates from HP\137903\Program\Back Web-137903O8 - Extra context menu item: &Yahoo! Attention, following keys are not inevitably infected!!! Ri Search Shared Task Scheduler's .dll[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Explorer\Shared Task Scheduler]""="frisbee"[HKEY_CLASSES_ROOT\CLSID\\In Proc Server32]@="C:\WINDOWS\system32\ygjun.dll"[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\\In Proc Server32]@="C:\WINDOWS\system32\ygjun.dll" Killing process hosts127.0.0.1 downloads.aaa1#[Bargin Buddy]127.0.0.1 dl.aaascreensavers.com127.0.0.1 abcsearch.com127.0.0.1 admin.abcsearch.com127.0.0.1 www3.#[Browseraid]127.0.0.1 abc517#[Trojan. Nav Excel]127.0.0.1 us127.0.0.1 ads.mydailyhoroscope.net127.0.0.1 Horoscope]127.0.0.1 com127.0.0.1 myhitlogger.com127.0.0.1 #[Parasite. My Page Finder]127.0.0.1 hit.namimedia.com127.0.0.1 ads.nandomedia.com127.0.0.1 #[Adware. Needed Ware]127.0.0.1 www6.netbroadcaster.com127.0.0.1 code.au127.0.0.1 money2.netfirms.com127.0.0.1 partner.netmechanic.com127.0.0.1 tracker.netmechanic.com127.0.0.1 counter.netmore.net127.0.0.1 ads.netsol.com127.0.0.1 ads.uk127.0.0.1 adq.nextag.com127.0.0.1 #[TROJ_DELF.

||

EXE\"""Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide""One Care UI"="\"C:\\Program Files\\Microsoft Windows One Care Live\\winssnotify.exe\"" [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]"DWQueued Reporting"="\"C:\\PROGRA~1\\COMMON~1\\MICROS~1\\DW\\dwtrig20.exe\" -t"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"Disable Task Mgr"=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]""="frisbee"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]""="Microsoft Anti Malware Shell Execute Hook"HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]"Security Providers"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages REG_MULTI_SZ msv1_0\0\0 Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0 Notification Packages REG_MULTI_SZ scecli\0\0HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\One Care MP [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\Current Version\Svchost]Local Service REG_MULTI_SZ Alerter\0Web Client\0Lm Hosts\0Remote Registry\0upnphost\0SSDPSRV\0\0Network Service REG_MULTI_SZ Dns Cache\0\0rpcss REG_MULTI_SZ Rpc Ss\0\0imgsvc REG_MULTI_SZ Sti Svc\0\0termsvcs REG_MULTI_SZ Term Service\0\0HTTPFilter REG_MULTI_SZ HTTPFilter\0\0Dcom Launch REG_MULTI_SZ Dcom Launch\0Term Service\0\0Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\MP Scheduled Quick C:\WINDOWS\tasks\MP Scheduled C:\WINDOWS\tasks\MP Scheduled Signature C:\WINDOWS\tasks\Symantec Net Detect.job********************************************************************catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006 hidden processes ...scanning hidden services ...scanning hidden autostart entries ...scanning hidden files ..completed successfullyhidden processes: 0hidden services: 0hidden files: 0********************************************************************Completion time: 07-04-13 C:\Combo ... EXEO4 - HKLM\..\Run: [Storage Guard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [Tk Bell Exe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Auto TKit] C:\hp\bin\AUTOTKIT. EXE C:\WINDOWS\System32\Nv Cpl.dll, Nv Startup O4 - HKLM\..\Run: [nwiz] /installquiet /keeploaded /nodetect O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\O4 - HKLM\..\Run: [Alcx Monitor] ALCXMNTR. DLLO18 - Protocol: msnim - - C:\PROGRA~1\MSNMES~1\MSGRAP~1. Adtomi]127.0.0.1 downldcl.adtoolsinc.com127.0.0.1 survey.advantageresearch.com127.0.0.1 ad.tw127.0.0.1 ads.advertise.net127.0.0.1 #[Adware. Arm Bender]127.0.0.1 audiogalaxy.com127.0.0.1 Zone site]127.0.0.1 adserving.autotrader.com127.0.0.1 Moe Money]127.0.0.1 Page-DA]127.0.0.1 c.#[ah-ha.com]127.0.0.1 #[xzoomy.com]127.0.0.1 epeople.com127.0.0.1 errorpage404#[JS_TRAFFICHBAR. Tiny Bar]127.0.0.1 er.errorplace.com127.0.0.1 vipuk.#[123Messenger Hijacker]127.0.0.1 antivirus spyware]127.0.0.1 Page-EZ][server down? Meerhits.nl]127.0.0.1 pokpok.meerhits.nl127.0.0.1 exit.megago.com127.0.0.1 squatter]127.0.0.1 Zone site]127.0.0.1

If so, click it, then click the next icon right below and select "Move incurable". Please copy/paste the content of that report into your next reply.*****************************Launch HJThis,click 'Open the Misc Tools Section'. EXEC:\Program Files\Microsoft Windows One Care Live\Firewall\C:\Program Files\Microsoft Windows One Care Live\C:\Program Files\Softex\Omni Pass\C:\WINDOWS\Explorer. Download Plus]127.0.0.1 ad.tomshardware.com127.0.0.1 #[IEDLL.

EXEC:\windows\system\C:\WINDOWS\System32\C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\C:\Program Files\HP\HP Software Update\HPWu C:\WINDOWS\System32\hphmon05C:\HP\KBD\KBD.

07-04-13 Hijack logs Logfile of Hijack This v1.99.1Scan saved at AM, on 4/13/2007Platform: Windows XP SP2 (Win NT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16414)Running processes: C:\WINDOWS\System32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\Program Files\Microsoft Windows One Care Live\Antivirus\Ms Mp C:\WINDOWS\system32\C:\Program Files\Softex\Omni Pass\C:\WINDOWS\C:\Documents and Settings\Owner\Desktop\Hijack R1 - HKCU\Software\Microsoft\Internet Connection Wizard, Shell Next = - HKCU\Software\Microsoft\Windows\Current Version\Internet Settings, Proxy Override = localhost R3 - URLSearch Hook: Yahoo! EXEO4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD. EXEO4 - HKLM\..\Run: [Igfx Tray] C:\WINDOWS\System32\O4 - HKLM\..\Run: [Quick Time Task] "C:\Program Files\Quick Time\qttask.exe" -atboottime O4 - HKLM\..\Run: [i Tunes Helper] "C:\Program Files\i Tunes\i Tunes Helper.exe"O4 - HKLM\..\Run: [Quick Finder Scheduler] "c:\Program Files\Word Perfect Office 11\Programs\QFSCHD110. DLLO20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\Omni Pass\O20 - Winlogon Notify: Wga Logon - C:\WINDOWS\SYSTEM32\Wga O23 - Service: i Pod Service - Apple Computer, Inc. Advision]127.0.0.1 adviva.com127.0.0.1 ads.adviva.net127.0.0.1 adstats.adviva.net127.0.0.1 tracker.#[msvrl.dll]127.0.0.1 banners.affiliatefuel.com127.0.0.1 affiliatetarget.com127.0.0.1 fcds.affiliatetracking.net127.0.0.1 our.affiliatetracking.net127.0.0.1 partner.#[Troj/Subsear-A][Adware-SSF.dr]127.0.0.1 adserver.aim4media.com127.0.0.1 adtest.aim4media.com127.0.0.1 pops.aim4media.com127.0.0.1 crs.akamai.com127.0.0.1 soap.#[Spyware. Auto Startup]127.0.0.1 cploving.#[Trojan Clicker. ]127.0.0.1 perso.estat.com127.0.0.1 prof.estat.com127.0.0.1 Zone site]127.0.0.1 eu-adcenter.net127.0.0.1 thinknyc.eu-adcenter.net127.0.0.1 ugo.#[evidence-eliminator.com]127.0.0.1 Bar][Installer X Class]127.0.0.1 engage.everyone.net127.0.0.1 static.everyone.net127.0.0.1 exitexchange.com127.0.0.1 count.exitexchange.com127.0.0.1 images.exitexchange.com127.0.0.1 Zone site]127.0.0.1 #[EZCyber Search. A]127.0.0.1 net #[Grolier Network]127.0.0.1 micorsoft.com127.0.0.1 hijacker]127.0.0.1 adserver.mindshare.de127.0.0.1 Mini-Player]127.0.0.1 banner.missingkids.com127.0.0.1 ads.monster.com127.0.0.1 adserver.monster.com127.0.0.1 adserver.monster.com127.0.0.1 ads.monstermoving.com127.0.0.1 cookie.monster.com127.0.0.1 mp3today.net127.0.0.1 mpamexit.com127.0.0.1 msgtag.com127.0.0.1 img.#[Restricted Zone site]127.0.0.1 multi1co.uk127.0.0.1 #[Multimpp Obj Class][Adv Ware. Now Box]127.0.0.1 mediatickets.nubela.net127.0.0.1 nz127.0.0.1 okcounter.com127.0.0.1 net #[Trojan. C]127.0.0.1 stat.onestat.com127.0.0.1 one.ru127.0.0.1 ru127.0.0.1 stats0ru127.0.0.1 stats1ru127.0.0.1 stats2ru127.0.0.1 server1.opentracker.net127.0.0.1 ccc00.opinionlab.com127.0.0.1 rate.opinionlab.com127.0.0.1 net127.0.0.1 Organizer Class]127.0.0.1 com127.0.0.1 com127.0.0.1 otx5.otxresearch.com127.0.0.1 otx.#[OTXMedia.dll]127.0.0.1 Class]127.0.0.1 adpopper.#[bargain-buddy.net]127.0.0.1 click.payserve.com127.0.0.1 ad1com127.0.0.1 ad3com127.0.0.1 com127.0.0.1 ad4com127.0.0.1 ads5com127.0.0.1 com127.0.0.1 net127.0.0.1 ads.#[addynamix.com]127.0.0.1 banners.pennyweb.com127.0.0.1 D]127.0.0.1 ads.photosight.ru127.0.0.1 phpadsnew.com127.0.0.1 #[Backdoor.

EXE"O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [One Care UI] "C:\Program Files\Microsoft Windows One Care Live\winssnotify.exe"O4 - HKCU\..\Run: [Backup Notify] c:\Program Files\Hewlett-Packard\Digital Imaging\bin\O4 - HKCU\..\Run: [NVIEW] rundll32nview.dll,n View Load Hook O4 - HKCU\..\Run: [Real Player] "C:\Program Files\Real\Real One Player\realplay.exe" /Run UPGTool Command Re Boot O4 - HKCU\..\Run: [update Mgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\Adobe Update Ac Rd B7_0_9O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\O4 - Startup: Auto O4 - Global Startup: Adobe Reader Speed = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_O4 - Global Startup: HP Digital Imaging = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08O4 - Global Startup: Motorola Wireless USB = ? - C:\Program Files\i Pod\bin\i Pod O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32O23 - Service: Softex Omni Pass Service (omniserv) - Unknown owner - C:\Program Files\Softex\Omni Pass\O23 - Service: Ventrilo - Unknown owner - C:\Program Files\Vent Srv\ventrilo_O23 - Service: Windows Network Log Manage - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\MSInfo\Smit Fraud Fix v2.166Scan done at .25, Fri 04/13/2007Run from C:\Documents and Settings\Owner\Desktop\Smitfraud Fix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NTThe filesystem type is NTFSFix run in safe mode Shared Task Scheduler Before Smit Fraud Fix!!! Alexa][Alexa Toolbar]127.0.0.1 #[Backdoor-CIE]127.0.0.1 ads.as4#[Ticketmaster]127.0.0.1 net127.0.0.1 net127.0.0.1 ads.amazingmedia.com127.0.0.1 bohema.#[Trojan. H]127.0.0.1 adserver04.#[Real Media]127.0.0.1 ads.antionline.com127.0.0.1 net127.0.0.1 banner.arttoday.com127.0.0.1 #[amazon.com]127.0.0.1 #[UCSearch][W32. Surebar]127.0.0.1 ads.ezcybersearch.com127.0.0.1 everyone.net127.0.0.1 Search]127.0.0.1 ads.au127.0.0.1 au127.0.0.1 redirect.au127.0.0.1 campaigns.f2au127.0.0.1 Search][TROJ_STARTPAG. Bi Spy.o]127.0.0.1 mvtracker.com127.0.0.1 mvr3#[Nav Excel\n-CASE]127.0.0.1 #[Parasite. No Adware]127.0.0.1 ad.nobreak.com127.0.0.1 #[spam][server down?

O4 - Global Startup: Quicken Scheduled = C:\Program Files\Quicken\O4 - Global Startup: Updates from = C:\Program Files\Updates from HP\137903\Program\Back Web-137903O8 - Extra context menu item: &Yahoo! Attention, following keys are not inevitably infected!!! Ri Search Shared Task Scheduler's .dll[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Explorer\Shared Task Scheduler]""="frisbee"[HKEY_CLASSES_ROOT\CLSID\\In Proc Server32]@="C:\WINDOWS\system32\ygjun.dll"[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\\In Proc Server32]@="C:\WINDOWS\system32\ygjun.dll" Killing process hosts127.0.0.1 downloads.aaa1#[Bargin Buddy]127.0.0.1 dl.aaascreensavers.com127.0.0.1 abcsearch.com127.0.0.1 admin.abcsearch.com127.0.0.1 www3.#[Browseraid]127.0.0.1 abc517#[Trojan. Nav Excel]127.0.0.1 us127.0.0.1 ads.mydailyhoroscope.net127.0.0.1 Horoscope]127.0.0.1 com127.0.0.1 myhitlogger.com127.0.0.1 #[Parasite. My Page Finder]127.0.0.1 hit.namimedia.com127.0.0.1 ads.nandomedia.com127.0.0.1 #[Adware. Needed Ware]127.0.0.1 www6.netbroadcaster.com127.0.0.1 code.au127.0.0.1 money2.netfirms.com127.0.0.1 partner.netmechanic.com127.0.0.1 tracker.netmechanic.com127.0.0.1 counter.netmore.net127.0.0.1 ads.netsol.com127.0.0.1 ads.uk127.0.0.1 adq.nextag.com127.0.0.1 #[TROJ_DELF.

]]schannel[[

EXE\"""Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide""One Care UI"="\"C:\\Program Files\\Microsoft Windows One Care Live\\winssnotify.exe\"" [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]"DWQueued Reporting"="\"C:\\PROGRA~1\\COMMON~1\\MICROS~1\\DW\\dwtrig20.exe\" -t"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"Disable Task Mgr"=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]""="frisbee"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]""="Microsoft Anti Malware Shell Execute Hook"HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]"Security Providers"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages REG_MULTI_SZ msv1_0\0\0 Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0 Notification Packages REG_MULTI_SZ scecli\0\0HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\One Care MP [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\Current Version\Svchost]Local Service REG_MULTI_SZ Alerter\0Web Client\0Lm Hosts\0Remote Registry\0upnphost\0SSDPSRV\0\0Network Service REG_MULTI_SZ Dns Cache\0\0rpcss REG_MULTI_SZ Rpc Ss\0\0imgsvc REG_MULTI_SZ Sti Svc\0\0termsvcs REG_MULTI_SZ Term Service\0\0HTTPFilter REG_MULTI_SZ HTTPFilter\0\0Dcom Launch REG_MULTI_SZ Dcom Launch\0Term Service\0\0Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\MP Scheduled Quick C:\WINDOWS\tasks\MP Scheduled C:\WINDOWS\tasks\MP Scheduled Signature C:\WINDOWS\tasks\Symantec Net Detect.job********************************************************************catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006 hidden processes ...scanning hidden services ...scanning hidden autostart entries ...scanning hidden files ..completed successfullyhidden processes: 0hidden services: 0hidden files: 0********************************************************************Completion time: 07-04-13 C:\Combo ... EXEO4 - HKLM\..\Run: [Storage Guard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [Tk Bell Exe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Auto TKit] C:\hp\bin\AUTOTKIT. EXE C:\WINDOWS\System32\Nv Cpl.dll, Nv Startup O4 - HKLM\..\Run: [nwiz] /installquiet /keeploaded /nodetect O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\O4 - HKLM\..\Run: [Alcx Monitor] ALCXMNTR. DLLO18 - Protocol: msnim - - C:\PROGRA~1\MSNMES~1\MSGRAP~1. Adtomi]127.0.0.1 downldcl.adtoolsinc.com127.0.0.1 survey.advantageresearch.com127.0.0.1 ad.tw127.0.0.1 ads.advertise.net127.0.0.1 #[Adware. Arm Bender]127.0.0.1 audiogalaxy.com127.0.0.1 Zone site]127.0.0.1 adserving.autotrader.com127.0.0.1 Moe Money]127.0.0.1 Page-DA]127.0.0.1 c.#[ah-ha.com]127.0.0.1 #[xzoomy.com]127.0.0.1 epeople.com127.0.0.1 errorpage404#[JS_TRAFFICHBAR. Tiny Bar]127.0.0.1 er.errorplace.com127.0.0.1 vipuk.#[123Messenger Hijacker]127.0.0.1 antivirus spyware]127.0.0.1 Page-EZ][server down? Meerhits.nl]127.0.0.1 pokpok.meerhits.nl127.0.0.1 exit.megago.com127.0.0.1 squatter]127.0.0.1 Zone site]127.0.0.1 If so, click it, then click the next icon right below and select "Move incurable". Please copy/paste the content of that report into your next reply.*****************************Launch HJThis,click 'Open the Misc Tools Section'. EXEC:\Program Files\Microsoft Windows One Care Live\Firewall\C:\Program Files\Microsoft Windows One Care Live\C:\Program Files\Softex\Omni Pass\C:\WINDOWS\Explorer. Download Plus]127.0.0.1 ad.tomshardware.com127.0.0.1 #[IEDLL. EXEC:\windows\system\C:\WINDOWS\System32\C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\C:\Program Files\HP\HP Software Update\HPWu C:\WINDOWS\System32\hphmon05C:\HP\KBD\KBD. 07-04-13 Hijack logs Logfile of Hijack This v1.99.1Scan saved at AM, on 4/13/2007Platform: Windows XP SP2 (Win NT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16414)Running processes: C:\WINDOWS\System32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\Program Files\Microsoft Windows One Care Live\Antivirus\Ms Mp C:\WINDOWS\system32\C:\Program Files\Softex\Omni Pass\C:\WINDOWS\C:\Documents and Settings\Owner\Desktop\Hijack R1 - HKCU\Software\Microsoft\Internet Connection Wizard, Shell Next = - HKCU\Software\Microsoft\Windows\Current Version\Internet Settings, Proxy Override = localhost R3 - URLSearch Hook: Yahoo! EXEO4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD. EXEO4 - HKLM\..\Run: [Igfx Tray] C:\WINDOWS\System32\O4 - HKLM\..\Run: [Quick Time Task] "C:\Program Files\Quick Time\qttask.exe" -atboottime O4 - HKLM\..\Run: [i Tunes Helper] "C:\Program Files\i Tunes\i Tunes Helper.exe"O4 - HKLM\..\Run: [Quick Finder Scheduler] "c:\Program Files\Word Perfect Office 11\Programs\QFSCHD110. DLLO20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\Omni Pass\O20 - Winlogon Notify: Wga Logon - C:\WINDOWS\SYSTEM32\Wga O23 - Service: i Pod Service - Apple Computer, Inc. Advision]127.0.0.1 adviva.com127.0.0.1 ads.adviva.net127.0.0.1 adstats.adviva.net127.0.0.1 tracker.#[msvrl.dll]127.0.0.1 banners.affiliatefuel.com127.0.0.1 affiliatetarget.com127.0.0.1 fcds.affiliatetracking.net127.0.0.1 our.affiliatetracking.net127.0.0.1 partner.#[Troj/Subsear-A][Adware-SSF.dr]127.0.0.1 adserver.aim4media.com127.0.0.1 adtest.aim4media.com127.0.0.1 pops.aim4media.com127.0.0.1 crs.akamai.com127.0.0.1 soap.#[Spyware. Auto Startup]127.0.0.1 cploving.#[Trojan Clicker. ]127.0.0.1 perso.estat.com127.0.0.1 prof.estat.com127.0.0.1 Zone site]127.0.0.1 eu-adcenter.net127.0.0.1 thinknyc.eu-adcenter.net127.0.0.1 ugo.#[evidence-eliminator.com]127.0.0.1 Bar][Installer X Class]127.0.0.1 engage.everyone.net127.0.0.1 static.everyone.net127.0.0.1 exitexchange.com127.0.0.1 count.exitexchange.com127.0.0.1 images.exitexchange.com127.0.0.1 Zone site]127.0.0.1 #[EZCyber Search. A]127.0.0.1 net #[Grolier Network]127.0.0.1 micorsoft.com127.0.0.1 hijacker]127.0.0.1 adserver.mindshare.de127.0.0.1 Mini-Player]127.0.0.1 banner.missingkids.com127.0.0.1 ads.monster.com127.0.0.1 adserver.monster.com127.0.0.1 adserver.monster.com127.0.0.1 ads.monstermoving.com127.0.0.1 cookie.monster.com127.0.0.1 mp3today.net127.0.0.1 mpamexit.com127.0.0.1 msgtag.com127.0.0.1 img.#[Restricted Zone site]127.0.0.1 multi1co.uk127.0.0.1 #[Multimpp Obj Class][Adv Ware. Now Box]127.0.0.1 mediatickets.nubela.net127.0.0.1 nz127.0.0.1 okcounter.com127.0.0.1 net #[Trojan. C]127.0.0.1 stat.onestat.com127.0.0.1 one.ru127.0.0.1 ru127.0.0.1 stats0ru127.0.0.1 stats1ru127.0.0.1 stats2ru127.0.0.1 server1.opentracker.net127.0.0.1 ccc00.opinionlab.com127.0.0.1 rate.opinionlab.com127.0.0.1 net127.0.0.1 Organizer Class]127.0.0.1 com127.0.0.1 com127.0.0.1 otx5.otxresearch.com127.0.0.1 otx.#[OTXMedia.dll]127.0.0.1 Class]127.0.0.1 adpopper.#[bargain-buddy.net]127.0.0.1 click.payserve.com127.0.0.1 ad1com127.0.0.1 ad3com127.0.0.1 com127.0.0.1 ad4com127.0.0.1 ads5com127.0.0.1 com127.0.0.1 net127.0.0.1 ads.#[addynamix.com]127.0.0.1 banners.pennyweb.com127.0.0.1 D]127.0.0.1 ads.photosight.ru127.0.0.1 phpadsnew.com127.0.0.1 #[Backdoor. EXE"O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [One Care UI] "C:\Program Files\Microsoft Windows One Care Live\winssnotify.exe"O4 - HKCU\..\Run: [Backup Notify] c:\Program Files\Hewlett-Packard\Digital Imaging\bin\O4 - HKCU\..\Run: [NVIEW] rundll32nview.dll,n View Load Hook O4 - HKCU\..\Run: [Real Player] "C:\Program Files\Real\Real One Player\realplay.exe" /Run UPGTool Command Re Boot O4 - HKCU\..\Run: [update Mgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\Adobe Update Ac Rd B7_0_9O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\O4 - Startup: Auto O4 - Global Startup: Adobe Reader Speed = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_O4 - Global Startup: HP Digital Imaging = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08O4 - Global Startup: Motorola Wireless USB = ? - C:\Program Files\i Pod\bin\i Pod O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32O23 - Service: Softex Omni Pass Service (omniserv) - Unknown owner - C:\Program Files\Softex\Omni Pass\O23 - Service: Ventrilo - Unknown owner - C:\Program Files\Vent Srv\ventrilo_O23 - Service: Windows Network Log Manage - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\MSInfo\Smit Fraud Fix v2.166Scan done at .25, Fri 04/13/2007Run from C:\Documents and Settings\Owner\Desktop\Smitfraud Fix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NTThe filesystem type is NTFSFix run in safe mode Shared Task Scheduler Before Smit Fraud Fix!!! Alexa][Alexa Toolbar]127.0.0.1 #[Backdoor-CIE]127.0.0.1 ads.as4#[Ticketmaster]127.0.0.1 net127.0.0.1 net127.0.0.1 ads.amazingmedia.com127.0.0.1 bohema.#[Trojan. H]127.0.0.1 adserver04.#[Real Media]127.0.0.1 ads.antionline.com127.0.0.1 net127.0.0.1 banner.arttoday.com127.0.0.1 #[amazon.com]127.0.0.1 #[UCSearch][W32. Surebar]127.0.0.1 ads.ezcybersearch.com127.0.0.1 everyone.net127.0.0.1 Search]127.0.0.1 ads.au127.0.0.1 au127.0.0.1 redirect.au127.0.0.1 campaigns.f2au127.0.0.1 Search][TROJ_STARTPAG. Bi Spy.o]127.0.0.1 mvtracker.com127.0.0.1 mvr3#[Nav Excel\n-CASE]127.0.0.1 #[Parasite. No Adware]127.0.0.1 ad.nobreak.com127.0.0.1 #[spam][server down? O4 - Global Startup: Quicken Scheduled = C:\Program Files\Quicken\O4 - Global Startup: Updates from = C:\Program Files\Updates from HP\137903\Program\Back Web-137903O8 - Extra context menu item: &Yahoo! Attention, following keys are not inevitably infected!!! Ri Search Shared Task Scheduler's .dll[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Explorer\Shared Task Scheduler]""="frisbee"[HKEY_CLASSES_ROOT\CLSID\\In Proc Server32]@="C:\WINDOWS\system32\ygjun.dll"[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\\In Proc Server32]@="C:\WINDOWS\system32\ygjun.dll" Killing process hosts127.0.0.1 downloads.aaa1#[Bargin Buddy]127.0.0.1 dl.aaascreensavers.com127.0.0.1 abcsearch.com127.0.0.1 admin.abcsearch.com127.0.0.1 www3.#[Browseraid]127.0.0.1 abc517#[Trojan. Nav Excel]127.0.0.1 us127.0.0.1 ads.mydailyhoroscope.net127.0.0.1 Horoscope]127.0.0.1 com127.0.0.1 myhitlogger.com127.0.0.1 #[Parasite. My Page Finder]127.0.0.1 hit.namimedia.com127.0.0.1 ads.nandomedia.com127.0.0.1 #[Adware. Needed Ware]127.0.0.1 www6.netbroadcaster.com127.0.0.1 code.au127.0.0.1 money2.netfirms.com127.0.0.1 partner.netmechanic.com127.0.0.1 tracker.netmechanic.com127.0.0.1 counter.netmore.net127.0.0.1 ads.netsol.com127.0.0.1 ads.uk127.0.0.1 adq.nextag.com127.0.0.1 #[TROJ_DELF.

||

EXE\"""Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide""One Care UI"="\"C:\\Program Files\\Microsoft Windows One Care Live\\winssnotify.exe\"" [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]"DWQueued Reporting"="\"C:\\PROGRA~1\\COMMON~1\\MICROS~1\\DW\\dwtrig20.exe\" -t"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"Disable Task Mgr"=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]""="frisbee"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]""="Microsoft Anti Malware Shell Execute Hook"HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]"Security Providers"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages REG_MULTI_SZ msv1_0\0\0 Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0 Notification Packages REG_MULTI_SZ scecli\0\0HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\One Care MP [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\Current Version\Svchost]Local Service REG_MULTI_SZ Alerter\0Web Client\0Lm Hosts\0Remote Registry\0upnphost\0SSDPSRV\0\0Network Service REG_MULTI_SZ Dns Cache\0\0rpcss REG_MULTI_SZ Rpc Ss\0\0imgsvc REG_MULTI_SZ Sti Svc\0\0termsvcs REG_MULTI_SZ Term Service\0\0HTTPFilter REG_MULTI_SZ HTTPFilter\0\0Dcom Launch REG_MULTI_SZ Dcom Launch\0Term Service\0\0Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\MP Scheduled Quick C:\WINDOWS\tasks\MP Scheduled C:\WINDOWS\tasks\MP Scheduled Signature C:\WINDOWS\tasks\Symantec Net Detect.job********************************************************************catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006 hidden processes ...scanning hidden services ...scanning hidden autostart entries ...scanning hidden files ..completed successfullyhidden processes: 0hidden services: 0hidden files: 0********************************************************************Completion time: 07-04-13 C:\Combo ... EXEO4 - HKLM\..\Run: [Storage Guard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [Tk Bell Exe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Auto TKit] C:\hp\bin\AUTOTKIT. EXE C:\WINDOWS\System32\Nv Cpl.dll, Nv Startup O4 - HKLM\..\Run: [nwiz] /installquiet /keeploaded /nodetect O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\O4 - HKLM\..\Run: [Alcx Monitor] ALCXMNTR. DLLO18 - Protocol: msnim - - C:\PROGRA~1\MSNMES~1\MSGRAP~1. Adtomi]127.0.0.1 downldcl.adtoolsinc.com127.0.0.1 survey.advantageresearch.com127.0.0.1 ad.tw127.0.0.1 ads.advertise.net127.0.0.1 #[Adware. Arm Bender]127.0.0.1 audiogalaxy.com127.0.0.1 Zone site]127.0.0.1 adserving.autotrader.com127.0.0.1 Moe Money]127.0.0.1 Page-DA]127.0.0.1 c.#[ah-ha.com]127.0.0.1 #[xzoomy.com]127.0.0.1 epeople.com127.0.0.1 errorpage404#[JS_TRAFFICHBAR. Tiny Bar]127.0.0.1 er.errorplace.com127.0.0.1 vipuk.#[123Messenger Hijacker]127.0.0.1 antivirus spyware]127.0.0.1 Page-EZ][server down? Meerhits.nl]127.0.0.1 pokpok.meerhits.nl127.0.0.1 exit.megago.com127.0.0.1 squatter]127.0.0.1 Zone site]127.0.0.1

If so, click it, then click the next icon right below and select "Move incurable". Please copy/paste the content of that report into your next reply.*****************************Launch HJThis,click 'Open the Misc Tools Section'. EXEC:\Program Files\Microsoft Windows One Care Live\Firewall\C:\Program Files\Microsoft Windows One Care Live\C:\Program Files\Softex\Omni Pass\C:\WINDOWS\Explorer. Download Plus]127.0.0.1 ad.tomshardware.com127.0.0.1 #[IEDLL.

EXEC:\windows\system\C:\WINDOWS\System32\C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\C:\Program Files\HP\HP Software Update\HPWu C:\WINDOWS\System32\hphmon05C:\HP\KBD\KBD.

07-04-13 Hijack logs Logfile of Hijack This v1.99.1Scan saved at AM, on 4/13/2007Platform: Windows XP SP2 (Win NT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16414)Running processes: C:\WINDOWS\System32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\Program Files\Microsoft Windows One Care Live\Antivirus\Ms Mp C:\WINDOWS\system32\C:\Program Files\Softex\Omni Pass\C:\WINDOWS\C:\Documents and Settings\Owner\Desktop\Hijack R1 - HKCU\Software\Microsoft\Internet Connection Wizard, Shell Next = - HKCU\Software\Microsoft\Windows\Current Version\Internet Settings, Proxy Override = localhost R3 - URLSearch Hook: Yahoo! EXEO4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD. EXEO4 - HKLM\..\Run: [Igfx Tray] C:\WINDOWS\System32\O4 - HKLM\..\Run: [Quick Time Task] "C:\Program Files\Quick Time\qttask.exe" -atboottime O4 - HKLM\..\Run: [i Tunes Helper] "C:\Program Files\i Tunes\i Tunes Helper.exe"O4 - HKLM\..\Run: [Quick Finder Scheduler] "c:\Program Files\Word Perfect Office 11\Programs\QFSCHD110. DLLO20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\Omni Pass\O20 - Winlogon Notify: Wga Logon - C:\WINDOWS\SYSTEM32\Wga O23 - Service: i Pod Service - Apple Computer, Inc. Advision]127.0.0.1 adviva.com127.0.0.1 ads.adviva.net127.0.0.1 adstats.adviva.net127.0.0.1 tracker.#[msvrl.dll]127.0.0.1 banners.affiliatefuel.com127.0.0.1 affiliatetarget.com127.0.0.1 fcds.affiliatetracking.net127.0.0.1 our.affiliatetracking.net127.0.0.1 partner.#[Troj/Subsear-A][Adware-SSF.dr]127.0.0.1 adserver.aim4media.com127.0.0.1 adtest.aim4media.com127.0.0.1 pops.aim4media.com127.0.0.1 crs.akamai.com127.0.0.1 soap.#[Spyware. Auto Startup]127.0.0.1 cploving.#[Trojan Clicker. ]127.0.0.1 perso.estat.com127.0.0.1 prof.estat.com127.0.0.1 Zone site]127.0.0.1 eu-adcenter.net127.0.0.1 thinknyc.eu-adcenter.net127.0.0.1 ugo.#[evidence-eliminator.com]127.0.0.1 Bar][Installer X Class]127.0.0.1 engage.everyone.net127.0.0.1 static.everyone.net127.0.0.1 exitexchange.com127.0.0.1 count.exitexchange.com127.0.0.1 images.exitexchange.com127.0.0.1 Zone site]127.0.0.1 #[EZCyber Search. A]127.0.0.1 net #[Grolier Network]127.0.0.1 micorsoft.com127.0.0.1 hijacker]127.0.0.1 adserver.mindshare.de127.0.0.1 Mini-Player]127.0.0.1 banner.missingkids.com127.0.0.1 ads.monster.com127.0.0.1 adserver.monster.com127.0.0.1 adserver.monster.com127.0.0.1 ads.monstermoving.com127.0.0.1 cookie.monster.com127.0.0.1 mp3today.net127.0.0.1 mpamexit.com127.0.0.1 msgtag.com127.0.0.1 img.#[Restricted Zone site]127.0.0.1 multi1co.uk127.0.0.1 #[Multimpp Obj Class][Adv Ware. Now Box]127.0.0.1 mediatickets.nubela.net127.0.0.1 nz127.0.0.1 okcounter.com127.0.0.1 net #[Trojan. C]127.0.0.1 stat.onestat.com127.0.0.1 one.ru127.0.0.1 ru127.0.0.1 stats0ru127.0.0.1 stats1ru127.0.0.1 stats2ru127.0.0.1 server1.opentracker.net127.0.0.1 ccc00.opinionlab.com127.0.0.1 rate.opinionlab.com127.0.0.1 net127.0.0.1 Organizer Class]127.0.0.1 com127.0.0.1 com127.0.0.1 otx5.otxresearch.com127.0.0.1 otx.#[OTXMedia.dll]127.0.0.1 Class]127.0.0.1 adpopper.#[bargain-buddy.net]127.0.0.1 click.payserve.com127.0.0.1 ad1com127.0.0.1 ad3com127.0.0.1 com127.0.0.1 ad4com127.0.0.1 ads5com127.0.0.1 com127.0.0.1 net127.0.0.1 ads.#[addynamix.com]127.0.0.1 banners.pennyweb.com127.0.0.1 D]127.0.0.1 ads.photosight.ru127.0.0.1 phpadsnew.com127.0.0.1 #[Backdoor.

EXE"O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [One Care UI] "C:\Program Files\Microsoft Windows One Care Live\winssnotify.exe"O4 - HKCU\..\Run: [Backup Notify] c:\Program Files\Hewlett-Packard\Digital Imaging\bin\O4 - HKCU\..\Run: [NVIEW] rundll32nview.dll,n View Load Hook O4 - HKCU\..\Run: [Real Player] "C:\Program Files\Real\Real One Player\realplay.exe" /Run UPGTool Command Re Boot O4 - HKCU\..\Run: [update Mgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\Adobe Update Ac Rd B7_0_9O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\O4 - Startup: Auto O4 - Global Startup: Adobe Reader Speed = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_O4 - Global Startup: HP Digital Imaging = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08O4 - Global Startup: Motorola Wireless USB = ? - C:\Program Files\i Pod\bin\i Pod O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32O23 - Service: Softex Omni Pass Service (omniserv) - Unknown owner - C:\Program Files\Softex\Omni Pass\O23 - Service: Ventrilo - Unknown owner - C:\Program Files\Vent Srv\ventrilo_O23 - Service: Windows Network Log Manage - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\MSInfo\Smit Fraud Fix v2.166Scan done at .25, Fri 04/13/2007Run from C:\Documents and Settings\Owner\Desktop\Smitfraud Fix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NTThe filesystem type is NTFSFix run in safe mode Shared Task Scheduler Before Smit Fraud Fix!!! Alexa][Alexa Toolbar]127.0.0.1 #[Backdoor-CIE]127.0.0.1 ads.as4#[Ticketmaster]127.0.0.1 net127.0.0.1 net127.0.0.1 ads.amazingmedia.com127.0.0.1 bohema.#[Trojan. H]127.0.0.1 adserver04.#[Real Media]127.0.0.1 ads.antionline.com127.0.0.1 net127.0.0.1 banner.arttoday.com127.0.0.1 #[amazon.com]127.0.0.1 #[UCSearch][W32. Surebar]127.0.0.1 ads.ezcybersearch.com127.0.0.1 everyone.net127.0.0.1 Search]127.0.0.1 ads.au127.0.0.1 au127.0.0.1 redirect.au127.0.0.1 campaigns.f2au127.0.0.1 Search][TROJ_STARTPAG. Bi Spy.o]127.0.0.1 mvtracker.com127.0.0.1 mvr3#[Nav Excel\n-CASE]127.0.0.1 #[Parasite. No Adware]127.0.0.1 ad.nobreak.com127.0.0.1 #[spam][server down?

O4 - Global Startup: Quicken Scheduled = C:\Program Files\Quicken\O4 - Global Startup: Updates from = C:\Program Files\Updates from HP\137903\Program\Back Web-137903O8 - Extra context menu item: &Yahoo! Attention, following keys are not inevitably infected!!! Ri Search Shared Task Scheduler's .dll[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Explorer\Shared Task Scheduler]""="frisbee"[HKEY_CLASSES_ROOT\CLSID\\In Proc Server32]@="C:\WINDOWS\system32\ygjun.dll"[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\\In Proc Server32]@="C:\WINDOWS\system32\ygjun.dll" Killing process hosts127.0.0.1 downloads.aaa1#[Bargin Buddy]127.0.0.1 dl.aaascreensavers.com127.0.0.1 abcsearch.com127.0.0.1 admin.abcsearch.com127.0.0.1 www3.#[Browseraid]127.0.0.1 abc517#[Trojan. Nav Excel]127.0.0.1 us127.0.0.1 ads.mydailyhoroscope.net127.0.0.1 Horoscope]127.0.0.1 com127.0.0.1 myhitlogger.com127.0.0.1 #[Parasite. My Page Finder]127.0.0.1 hit.namimedia.com127.0.0.1 ads.nandomedia.com127.0.0.1 #[Adware. Needed Ware]127.0.0.1 www6.netbroadcaster.com127.0.0.1 code.au127.0.0.1 money2.netfirms.com127.0.0.1 partner.netmechanic.com127.0.0.1 tracker.netmechanic.com127.0.0.1 counter.netmore.net127.0.0.1 ads.netsol.com127.0.0.1 ads.uk127.0.0.1 adq.nextag.com127.0.0.1 #[TROJ_DELF.

]]wdigest[[

EXE\"""Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide""One Care UI"="\"C:\\Program Files\\Microsoft Windows One Care Live\\winssnotify.exe\"" [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]"DWQueued Reporting"="\"C:\\PROGRA~1\\COMMON~1\\MICROS~1\\DW\\dwtrig20.exe\" -t"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"Disable Task Mgr"=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]""="frisbee"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]""="Microsoft Anti Malware Shell Execute Hook"HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]"Security Providers"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages REG_MULTI_SZ msv1_0\0\0 Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0 Notification Packages REG_MULTI_SZ scecli\0\0HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\One Care MP [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\Current Version\Svchost]Local Service REG_MULTI_SZ Alerter\0Web Client\0Lm Hosts\0Remote Registry\0upnphost\0SSDPSRV\0\0Network Service REG_MULTI_SZ Dns Cache\0\0rpcss REG_MULTI_SZ Rpc Ss\0\0imgsvc REG_MULTI_SZ Sti Svc\0\0termsvcs REG_MULTI_SZ Term Service\0\0HTTPFilter REG_MULTI_SZ HTTPFilter\0\0Dcom Launch REG_MULTI_SZ Dcom Launch\0Term Service\0\0Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\MP Scheduled Quick C:\WINDOWS\tasks\MP Scheduled C:\WINDOWS\tasks\MP Scheduled Signature C:\WINDOWS\tasks\Symantec Net Detect.job********************************************************************catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006 hidden processes ...scanning hidden services ...scanning hidden autostart entries ...scanning hidden files ..completed successfullyhidden processes: 0hidden services: 0hidden files: 0********************************************************************Completion time: 07-04-13 C:\Combo ... EXEO4 - HKLM\..\Run: [Storage Guard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [Tk Bell Exe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Auto TKit] C:\hp\bin\AUTOTKIT. EXE C:\WINDOWS\System32\Nv Cpl.dll, Nv Startup O4 - HKLM\..\Run: [nwiz] /installquiet /keeploaded /nodetect O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\O4 - HKLM\..\Run: [Alcx Monitor] ALCXMNTR. DLLO18 - Protocol: msnim - - C:\PROGRA~1\MSNMES~1\MSGRAP~1. Adtomi]127.0.0.1 downldcl.adtoolsinc.com127.0.0.1 survey.advantageresearch.com127.0.0.1 ad.tw127.0.0.1 ads.advertise.net127.0.0.1 #[Adware. Arm Bender]127.0.0.1 audiogalaxy.com127.0.0.1 Zone site]127.0.0.1 adserving.autotrader.com127.0.0.1 Moe Money]127.0.0.1 Page-DA]127.0.0.1 c.#[ah-ha.com]127.0.0.1 #[xzoomy.com]127.0.0.1 epeople.com127.0.0.1 errorpage404#[JS_TRAFFICHBAR. Tiny Bar]127.0.0.1 er.errorplace.com127.0.0.1 vipuk.#[123Messenger Hijacker]127.0.0.1 antivirus spyware]127.0.0.1 Page-EZ][server down? Meerhits.nl]127.0.0.1 pokpok.meerhits.nl127.0.0.1 exit.megago.com127.0.0.1 squatter]127.0.0.1 Zone site]127.0.0.1 If so, click it, then click the next icon right below and select "Move incurable". Please copy/paste the content of that report into your next reply.*****************************Launch HJThis,click 'Open the Misc Tools Section'. EXEC:\Program Files\Microsoft Windows One Care Live\Firewall\C:\Program Files\Microsoft Windows One Care Live\C:\Program Files\Softex\Omni Pass\C:\WINDOWS\Explorer. Download Plus]127.0.0.1 ad.tomshardware.com127.0.0.1 #[IEDLL. EXEC:\windows\system\C:\WINDOWS\System32\C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\C:\Program Files\HP\HP Software Update\HPWu C:\WINDOWS\System32\hphmon05C:\HP\KBD\KBD. 07-04-13 Hijack logs Logfile of Hijack This v1.99.1Scan saved at AM, on 4/13/2007Platform: Windows XP SP2 (Win NT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16414)Running processes: C:\WINDOWS\System32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\Program Files\Microsoft Windows One Care Live\Antivirus\Ms Mp C:\WINDOWS\system32\C:\Program Files\Softex\Omni Pass\C:\WINDOWS\C:\Documents and Settings\Owner\Desktop\Hijack R1 - HKCU\Software\Microsoft\Internet Connection Wizard, Shell Next = - HKCU\Software\Microsoft\Windows\Current Version\Internet Settings, Proxy Override = localhost R3 - URLSearch Hook: Yahoo! EXEO4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD. EXEO4 - HKLM\..\Run: [Igfx Tray] C:\WINDOWS\System32\O4 - HKLM\..\Run: [Quick Time Task] "C:\Program Files\Quick Time\qttask.exe" -atboottime O4 - HKLM\..\Run: [i Tunes Helper] "C:\Program Files\i Tunes\i Tunes Helper.exe"O4 - HKLM\..\Run: [Quick Finder Scheduler] "c:\Program Files\Word Perfect Office 11\Programs\QFSCHD110. DLLO20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\Omni Pass\O20 - Winlogon Notify: Wga Logon - C:\WINDOWS\SYSTEM32\Wga O23 - Service: i Pod Service - Apple Computer, Inc. Advision]127.0.0.1 adviva.com127.0.0.1 ads.adviva.net127.0.0.1 adstats.adviva.net127.0.0.1 tracker.#[msvrl.dll]127.0.0.1 banners.affiliatefuel.com127.0.0.1 affiliatetarget.com127.0.0.1 fcds.affiliatetracking.net127.0.0.1 our.affiliatetracking.net127.0.0.1 partner.#[Troj/Subsear-A][Adware-SSF.dr]127.0.0.1 adserver.aim4media.com127.0.0.1 adtest.aim4media.com127.0.0.1 pops.aim4media.com127.0.0.1 crs.akamai.com127.0.0.1 soap.#[Spyware. Auto Startup]127.0.0.1 cploving.#[Trojan Clicker. ]127.0.0.1 perso.estat.com127.0.0.1 prof.estat.com127.0.0.1 Zone site]127.0.0.1 eu-adcenter.net127.0.0.1 thinknyc.eu-adcenter.net127.0.0.1 ugo.#[evidence-eliminator.com]127.0.0.1 Bar][Installer X Class]127.0.0.1 engage.everyone.net127.0.0.1 static.everyone.net127.0.0.1 exitexchange.com127.0.0.1 count.exitexchange.com127.0.0.1 images.exitexchange.com127.0.0.1 Zone site]127.0.0.1 #[EZCyber Search. A]127.0.0.1 net #[Grolier Network]127.0.0.1 micorsoft.com127.0.0.1 hijacker]127.0.0.1 adserver.mindshare.de127.0.0.1 Mini-Player]127.0.0.1 banner.missingkids.com127.0.0.1 ads.monster.com127.0.0.1 adserver.monster.com127.0.0.1 adserver.monster.com127.0.0.1 ads.monstermoving.com127.0.0.1 cookie.monster.com127.0.0.1 mp3today.net127.0.0.1 mpamexit.com127.0.0.1 msgtag.com127.0.0.1 img.#[Restricted Zone site]127.0.0.1 multi1co.uk127.0.0.1 #[Multimpp Obj Class][Adv Ware. Now Box]127.0.0.1 mediatickets.nubela.net127.0.0.1 nz127.0.0.1 okcounter.com127.0.0.1 net #[Trojan. C]127.0.0.1 stat.onestat.com127.0.0.1 one.ru127.0.0.1 ru127.0.0.1 stats0ru127.0.0.1 stats1ru127.0.0.1 stats2ru127.0.0.1 server1.opentracker.net127.0.0.1 ccc00.opinionlab.com127.0.0.1 rate.opinionlab.com127.0.0.1 net127.0.0.1 Organizer Class]127.0.0.1 com127.0.0.1 com127.0.0.1 otx5.otxresearch.com127.0.0.1 otx.#[OTXMedia.dll]127.0.0.1 Class]127.0.0.1 adpopper.#[bargain-buddy.net]127.0.0.1 click.payserve.com127.0.0.1 ad1com127.0.0.1 ad3com127.0.0.1 com127.0.0.1 ad4com127.0.0.1 ads5com127.0.0.1 com127.0.0.1 net127.0.0.1 ads.#[addynamix.com]127.0.0.1 banners.pennyweb.com127.0.0.1 D]127.0.0.1 ads.photosight.ru127.0.0.1 phpadsnew.com127.0.0.1 #[Backdoor. EXE"O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [One Care UI] "C:\Program Files\Microsoft Windows One Care Live\winssnotify.exe"O4 - HKCU\..\Run: [Backup Notify] c:\Program Files\Hewlett-Packard\Digital Imaging\bin\O4 - HKCU\..\Run: [NVIEW] rundll32nview.dll,n View Load Hook O4 - HKCU\..\Run: [Real Player] "C:\Program Files\Real\Real One Player\realplay.exe" /Run UPGTool Command Re Boot O4 - HKCU\..\Run: [update Mgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\Adobe Update Ac Rd B7_0_9O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\O4 - Startup: Auto O4 - Global Startup: Adobe Reader Speed = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_O4 - Global Startup: HP Digital Imaging = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08O4 - Global Startup: Motorola Wireless USB = ? - C:\Program Files\i Pod\bin\i Pod O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32O23 - Service: Softex Omni Pass Service (omniserv) - Unknown owner - C:\Program Files\Softex\Omni Pass\O23 - Service: Ventrilo - Unknown owner - C:\Program Files\Vent Srv\ventrilo_O23 - Service: Windows Network Log Manage - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\MSInfo\Smit Fraud Fix v2.166Scan done at .25, Fri 04/13/2007Run from C:\Documents and Settings\Owner\Desktop\Smitfraud Fix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NTThe filesystem type is NTFSFix run in safe mode Shared Task Scheduler Before Smit Fraud Fix!!! Alexa][Alexa Toolbar]127.0.0.1 #[Backdoor-CIE]127.0.0.1 ads.as4#[Ticketmaster]127.0.0.1 net127.0.0.1 net127.0.0.1 ads.amazingmedia.com127.0.0.1 bohema.#[Trojan. H]127.0.0.1 adserver04.#[Real Media]127.0.0.1 ads.antionline.com127.0.0.1 net127.0.0.1 banner.arttoday.com127.0.0.1 #[amazon.com]127.0.0.1 #[UCSearch][W32. Surebar]127.0.0.1 ads.ezcybersearch.com127.0.0.1 everyone.net127.0.0.1 Search]127.0.0.1 ads.au127.0.0.1 au127.0.0.1 redirect.au127.0.0.1 campaigns.f2au127.0.0.1 Search][TROJ_STARTPAG. Bi Spy.o]127.0.0.1 mvtracker.com127.0.0.1 mvr3#[Nav Excel\n-CASE]127.0.0.1 #[Parasite. No Adware]127.0.0.1 ad.nobreak.com127.0.0.1 #[spam][server down? O4 - Global Startup: Quicken Scheduled = C:\Program Files\Quicken\O4 - Global Startup: Updates from = C:\Program Files\Updates from HP\137903\Program\Back Web-137903O8 - Extra context menu item: &Yahoo! Attention, following keys are not inevitably infected!!! Ri Search Shared Task Scheduler's .dll[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Explorer\Shared Task Scheduler]""="frisbee"[HKEY_CLASSES_ROOT\CLSID\\In Proc Server32]@="C:\WINDOWS\system32\ygjun.dll"[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\\In Proc Server32]@="C:\WINDOWS\system32\ygjun.dll" Killing process hosts127.0.0.1 downloads.aaa1#[Bargin Buddy]127.0.0.1 dl.aaascreensavers.com127.0.0.1 abcsearch.com127.0.0.1 admin.abcsearch.com127.0.0.1 www3.#[Browseraid]127.0.0.1 abc517#[Trojan. Nav Excel]127.0.0.1 us127.0.0.1 ads.mydailyhoroscope.net127.0.0.1 Horoscope]127.0.0.1 com127.0.0.1 myhitlogger.com127.0.0.1 #[Parasite. My Page Finder]127.0.0.1 hit.namimedia.com127.0.0.1 ads.nandomedia.com127.0.0.1 #[Adware. Needed Ware]127.0.0.1 www6.netbroadcaster.com127.0.0.1 code.au127.0.0.1 money2.netfirms.com127.0.0.1 partner.netmechanic.com127.0.0.1 tracker.netmechanic.com127.0.0.1 counter.netmore.net127.0.0.1 ads.netsol.com127.0.0.1 ads.uk127.0.0.1 adq.nextag.com127.0.0.1 #[TROJ_DELF.

||

EXE\"""Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide""One Care UI"="\"C:\\Program Files\\Microsoft Windows One Care Live\\winssnotify.exe\"" [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]"DWQueued Reporting"="\"C:\\PROGRA~1\\COMMON~1\\MICROS~1\\DW\\dwtrig20.exe\" -t"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"Disable Task Mgr"=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]""="frisbee"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]""="Microsoft Anti Malware Shell Execute Hook"HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]"Security Providers"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages REG_MULTI_SZ msv1_0\0\0 Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0 Notification Packages REG_MULTI_SZ scecli\0\0HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\One Care MP [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\Current Version\Svchost]Local Service REG_MULTI_SZ Alerter\0Web Client\0Lm Hosts\0Remote Registry\0upnphost\0SSDPSRV\0\0Network Service REG_MULTI_SZ Dns Cache\0\0rpcss REG_MULTI_SZ Rpc Ss\0\0imgsvc REG_MULTI_SZ Sti Svc\0\0termsvcs REG_MULTI_SZ Term Service\0\0HTTPFilter REG_MULTI_SZ HTTPFilter\0\0Dcom Launch REG_MULTI_SZ Dcom Launch\0Term Service\0\0Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\MP Scheduled Quick C:\WINDOWS\tasks\MP Scheduled C:\WINDOWS\tasks\MP Scheduled Signature C:\WINDOWS\tasks\Symantec Net Detect.job********************************************************************catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006 hidden processes ...scanning hidden services ...scanning hidden autostart entries ...scanning hidden files ..completed successfullyhidden processes: 0hidden services: 0hidden files: 0********************************************************************Completion time: 07-04-13 C:\Combo ... EXEO4 - HKLM\..\Run: [Storage Guard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [Tk Bell Exe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Auto TKit] C:\hp\bin\AUTOTKIT. EXE C:\WINDOWS\System32\Nv Cpl.dll, Nv Startup O4 - HKLM\..\Run: [nwiz] /installquiet /keeploaded /nodetect O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\O4 - HKLM\..\Run: [Alcx Monitor] ALCXMNTR. DLLO18 - Protocol: msnim - - C:\PROGRA~1\MSNMES~1\MSGRAP~1. Adtomi]127.0.0.1 downldcl.adtoolsinc.com127.0.0.1 survey.advantageresearch.com127.0.0.1 ad.tw127.0.0.1 ads.advertise.net127.0.0.1 #[Adware. Arm Bender]127.0.0.1 audiogalaxy.com127.0.0.1 Zone site]127.0.0.1 adserving.autotrader.com127.0.0.1 Moe Money]127.0.0.1 Page-DA]127.0.0.1 c.#[ah-ha.com]127.0.0.1 #[xzoomy.com]127.0.0.1 epeople.com127.0.0.1 errorpage404#[JS_TRAFFICHBAR. Tiny Bar]127.0.0.1 er.errorplace.com127.0.0.1 vipuk.#[123Messenger Hijacker]127.0.0.1 antivirus spyware]127.0.0.1 Page-EZ][server down? Meerhits.nl]127.0.0.1 pokpok.meerhits.nl127.0.0.1 exit.megago.com127.0.0.1 squatter]127.0.0.1 Zone site]127.0.0.1

If so, click it, then click the next icon right below and select "Move incurable". Please copy/paste the content of that report into your next reply.*****************************Launch HJThis,click 'Open the Misc Tools Section'. EXEC:\Program Files\Microsoft Windows One Care Live\Firewall\C:\Program Files\Microsoft Windows One Care Live\C:\Program Files\Softex\Omni Pass\C:\WINDOWS\Explorer. Download Plus]127.0.0.1 ad.tomshardware.com127.0.0.1 #[IEDLL.

EXEC:\windows\system\C:\WINDOWS\System32\C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\C:\Program Files\HP\HP Software Update\HPWu C:\WINDOWS\System32\hphmon05C:\HP\KBD\KBD.

07-04-13 Hijack logs Logfile of Hijack This v1.99.1Scan saved at AM, on 4/13/2007Platform: Windows XP SP2 (Win NT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16414)Running processes: C:\WINDOWS\System32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\Program Files\Microsoft Windows One Care Live\Antivirus\Ms Mp C:\WINDOWS\system32\C:\Program Files\Softex\Omni Pass\C:\WINDOWS\C:\Documents and Settings\Owner\Desktop\Hijack R1 - HKCU\Software\Microsoft\Internet Connection Wizard, Shell Next = - HKCU\Software\Microsoft\Windows\Current Version\Internet Settings, Proxy Override = localhost R3 - URLSearch Hook: Yahoo! EXEO4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD. EXEO4 - HKLM\..\Run: [Igfx Tray] C:\WINDOWS\System32\O4 - HKLM\..\Run: [Quick Time Task] "C:\Program Files\Quick Time\qttask.exe" -atboottime O4 - HKLM\..\Run: [i Tunes Helper] "C:\Program Files\i Tunes\i Tunes Helper.exe"O4 - HKLM\..\Run: [Quick Finder Scheduler] "c:\Program Files\Word Perfect Office 11\Programs\QFSCHD110. DLLO20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\Omni Pass\O20 - Winlogon Notify: Wga Logon - C:\WINDOWS\SYSTEM32\Wga O23 - Service: i Pod Service - Apple Computer, Inc. Advision]127.0.0.1 adviva.com127.0.0.1 ads.adviva.net127.0.0.1 adstats.adviva.net127.0.0.1 tracker.#[msvrl.dll]127.0.0.1 banners.affiliatefuel.com127.0.0.1 affiliatetarget.com127.0.0.1 fcds.affiliatetracking.net127.0.0.1 our.affiliatetracking.net127.0.0.1 partner.#[Troj/Subsear-A][Adware-SSF.dr]127.0.0.1 adserver.aim4media.com127.0.0.1 adtest.aim4media.com127.0.0.1 pops.aim4media.com127.0.0.1 crs.akamai.com127.0.0.1 soap.#[Spyware. Auto Startup]127.0.0.1 cploving.#[Trojan Clicker. ]127.0.0.1 perso.estat.com127.0.0.1 prof.estat.com127.0.0.1 Zone site]127.0.0.1 eu-adcenter.net127.0.0.1 thinknyc.eu-adcenter.net127.0.0.1 ugo.#[evidence-eliminator.com]127.0.0.1 Bar][Installer X Class]127.0.0.1 engage.everyone.net127.0.0.1 static.everyone.net127.0.0.1 exitexchange.com127.0.0.1 count.exitexchange.com127.0.0.1 images.exitexchange.com127.0.0.1 Zone site]127.0.0.1 #[EZCyber Search. A]127.0.0.1 net #[Grolier Network]127.0.0.1 micorsoft.com127.0.0.1 hijacker]127.0.0.1 adserver.mindshare.de127.0.0.1 Mini-Player]127.0.0.1 banner.missingkids.com127.0.0.1 ads.monster.com127.0.0.1 adserver.monster.com127.0.0.1 adserver.monster.com127.0.0.1 ads.monstermoving.com127.0.0.1 cookie.monster.com127.0.0.1 mp3today.net127.0.0.1 mpamexit.com127.0.0.1 msgtag.com127.0.0.1 img.#[Restricted Zone site]127.0.0.1 multi1co.uk127.0.0.1 #[Multimpp Obj Class][Adv Ware. Now Box]127.0.0.1 mediatickets.nubela.net127.0.0.1 nz127.0.0.1 okcounter.com127.0.0.1 net #[Trojan. C]127.0.0.1 stat.onestat.com127.0.0.1 one.ru127.0.0.1 ru127.0.0.1 stats0ru127.0.0.1 stats1ru127.0.0.1 stats2ru127.0.0.1 server1.opentracker.net127.0.0.1 ccc00.opinionlab.com127.0.0.1 rate.opinionlab.com127.0.0.1 net127.0.0.1 Organizer Class]127.0.0.1 com127.0.0.1 com127.0.0.1 otx5.otxresearch.com127.0.0.1 otx.#[OTXMedia.dll]127.0.0.1 Class]127.0.0.1 adpopper.#[bargain-buddy.net]127.0.0.1 click.payserve.com127.0.0.1 ad1com127.0.0.1 ad3com127.0.0.1 com127.0.0.1 ad4com127.0.0.1 ads5com127.0.0.1 com127.0.0.1 net127.0.0.1 ads.#[addynamix.com]127.0.0.1 banners.pennyweb.com127.0.0.1 D]127.0.0.1 ads.photosight.ru127.0.0.1 phpadsnew.com127.0.0.1 #[Backdoor.

EXE"O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [One Care UI] "C:\Program Files\Microsoft Windows One Care Live\winssnotify.exe"O4 - HKCU\..\Run: [Backup Notify] c:\Program Files\Hewlett-Packard\Digital Imaging\bin\O4 - HKCU\..\Run: [NVIEW] rundll32nview.dll,n View Load Hook O4 - HKCU\..\Run: [Real Player] "C:\Program Files\Real\Real One Player\realplay.exe" /Run UPGTool Command Re Boot O4 - HKCU\..\Run: [update Mgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\Adobe Update Ac Rd B7_0_9O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\O4 - Startup: Auto O4 - Global Startup: Adobe Reader Speed = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_O4 - Global Startup: HP Digital Imaging = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08O4 - Global Startup: Motorola Wireless USB = ? - C:\Program Files\i Pod\bin\i Pod O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32O23 - Service: Softex Omni Pass Service (omniserv) - Unknown owner - C:\Program Files\Softex\Omni Pass\O23 - Service: Ventrilo - Unknown owner - C:\Program Files\Vent Srv\ventrilo_O23 - Service: Windows Network Log Manage - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\MSInfo\Smit Fraud Fix v2.166Scan done at .25, Fri 04/13/2007Run from C:\Documents and Settings\Owner\Desktop\Smitfraud Fix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NTThe filesystem type is NTFSFix run in safe mode Shared Task Scheduler Before Smit Fraud Fix!!! Alexa][Alexa Toolbar]127.0.0.1 #[Backdoor-CIE]127.0.0.1 ads.as4#[Ticketmaster]127.0.0.1 net127.0.0.1 net127.0.0.1 ads.amazingmedia.com127.0.0.1 bohema.#[Trojan. H]127.0.0.1 adserver04.#[Real Media]127.0.0.1 ads.antionline.com127.0.0.1 net127.0.0.1 banner.arttoday.com127.0.0.1 #[amazon.com]127.0.0.1 #[UCSearch][W32. Surebar]127.0.0.1 ads.ezcybersearch.com127.0.0.1 everyone.net127.0.0.1 Search]127.0.0.1 ads.au127.0.0.1 au127.0.0.1 redirect.au127.0.0.1 campaigns.f2au127.0.0.1 Search][TROJ_STARTPAG. Bi Spy.o]127.0.0.1 mvtracker.com127.0.0.1 mvr3#[Nav Excel\n-CASE]127.0.0.1 #[Parasite. No Adware]127.0.0.1 ad.nobreak.com127.0.0.1 #[spam][server down?

O4 - Global Startup: Quicken Scheduled = C:\Program Files\Quicken\O4 - Global Startup: Updates from = C:\Program Files\Updates from HP\137903\Program\Back Web-137903O8 - Extra context menu item: &Yahoo! Attention, following keys are not inevitably infected!!! Ri Search Shared Task Scheduler's .dll[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Explorer\Shared Task Scheduler]""="frisbee"[HKEY_CLASSES_ROOT\CLSID\\In Proc Server32]@="C:\WINDOWS\system32\ygjun.dll"[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\\In Proc Server32]@="C:\WINDOWS\system32\ygjun.dll" Killing process hosts127.0.0.1 downloads.aaa1#[Bargin Buddy]127.0.0.1 dl.aaascreensavers.com127.0.0.1 abcsearch.com127.0.0.1 admin.abcsearch.com127.0.0.1 www3.#[Browseraid]127.0.0.1 abc517#[Trojan. Nav Excel]127.0.0.1 us127.0.0.1 ads.mydailyhoroscope.net127.0.0.1 Horoscope]127.0.0.1 com127.0.0.1 myhitlogger.com127.0.0.1 #[Parasite. My Page Finder]127.0.0.1 hit.namimedia.com127.0.0.1 ads.nandomedia.com127.0.0.1 #[Adware. Needed Ware]127.0.0.1 www6.netbroadcaster.com127.0.0.1 code.au127.0.0.1 money2.netfirms.com127.0.0.1 partner.netmechanic.com127.0.0.1 tracker.netmechanic.com127.0.0.1 counter.netmore.net127.0.0.1 ads.netsol.com127.0.0.1 ads.uk127.0.0.1 adq.nextag.com127.0.0.1 #[TROJ_DELF.

]][[

EXE\"""Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide""One Care UI"="\"C:\\Program Files\\Microsoft Windows One Care Live\\winssnotify.exe\"" [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]"DWQueued Reporting"="\"C:\\PROGRA~1\\COMMON~1\\MICROS~1\\DW\\dwtrig20.exe\" -t"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"Disable Task Mgr"=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]""="frisbee"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]""="Microsoft Anti Malware Shell Execute Hook"HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]"Security Providers"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages REG_MULTI_SZ msv1_0\0\0 Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0 Notification Packages REG_MULTI_SZ scecli\0\0HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\One Care MP [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\Current Version\Svchost]Local Service REG_MULTI_SZ Alerter\0Web Client\0Lm Hosts\0Remote Registry\0upnphost\0SSDPSRV\0\0Network Service REG_MULTI_SZ Dns Cache\0\0rpcss REG_MULTI_SZ Rpc Ss\0\0imgsvc REG_MULTI_SZ Sti Svc\0\0termsvcs REG_MULTI_SZ Term Service\0\0HTTPFilter REG_MULTI_SZ HTTPFilter\0\0Dcom Launch REG_MULTI_SZ Dcom Launch\0Term Service\0\0Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\MP Scheduled Quick C:\WINDOWS\tasks\MP Scheduled C:\WINDOWS\tasks\MP Scheduled Signature C:\WINDOWS\tasks\Symantec Net Detect.job********************************************************************catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006 hidden processes ...scanning hidden services ...scanning hidden autostart entries ...scanning hidden files ..completed successfullyhidden processes: 0hidden services: 0hidden files: 0********************************************************************Completion time: 07-04-13 C:\Combo ... EXEO4 - HKLM\..\Run: [Storage Guard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [Tk Bell Exe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Auto TKit] C:\hp\bin\AUTOTKIT. EXE C:\WINDOWS\System32\Nv Cpl.dll, Nv Startup O4 - HKLM\..\Run: [nwiz] /installquiet /keeploaded /nodetect O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\O4 - HKLM\..\Run: [Alcx Monitor] ALCXMNTR. DLLO18 - Protocol: msnim - - C:\PROGRA~1\MSNMES~1\MSGRAP~1. Adtomi]127.0.0.1 downldcl.adtoolsinc.com127.0.0.1 survey.advantageresearch.com127.0.0.1 ad.tw127.0.0.1 ads.advertise.net127.0.0.1 #[Adware. Arm Bender]127.0.0.1 audiogalaxy.com127.0.0.1 Zone site]127.0.0.1 adserving.autotrader.com127.0.0.1 Moe Money]127.0.0.1 Page-DA]127.0.0.1 c.#[ah-ha.com]127.0.0.1 #[xzoomy.com]127.0.0.1 epeople.com127.0.0.1 errorpage404#[JS_TRAFFICHBAR. Tiny Bar]127.0.0.1 er.errorplace.com127.0.0.1 vipuk.#[123Messenger Hijacker]127.0.0.1 antivirus spyware]127.0.0.1 Page-EZ][server down? Meerhits.nl]127.0.0.1 pokpok.meerhits.nl127.0.0.1 exit.megago.com127.0.0.1 squatter]127.0.0.1 Zone site]127.0.0.1 If so, click it, then click the next icon right below and select "Move incurable". Please copy/paste the content of that report into your next reply.*****************************Launch HJThis,click 'Open the Misc Tools Section'. EXEC:\Program Files\Microsoft Windows One Care Live\Firewall\C:\Program Files\Microsoft Windows One Care Live\C:\Program Files\Softex\Omni Pass\C:\WINDOWS\Explorer. Download Plus]127.0.0.1 ad.tomshardware.com127.0.0.1 #[IEDLL. EXEC:\windows\system\C:\WINDOWS\System32\C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\C:\Program Files\HP\HP Software Update\HPWu C:\WINDOWS\System32\hphmon05C:\HP\KBD\KBD. 07-04-13 Hijack logs Logfile of Hijack This v1.99.1Scan saved at AM, on 4/13/2007Platform: Windows XP SP2 (Win NT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16414)Running processes: C:\WINDOWS\System32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\Program Files\Microsoft Windows One Care Live\Antivirus\Ms Mp C:\WINDOWS\system32\C:\Program Files\Softex\Omni Pass\C:\WINDOWS\C:\Documents and Settings\Owner\Desktop\Hijack R1 - HKCU\Software\Microsoft\Internet Connection Wizard, Shell Next = - HKCU\Software\Microsoft\Windows\Current Version\Internet Settings, Proxy Override = localhost R3 - URLSearch Hook: Yahoo! EXEO4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD. EXEO4 - HKLM\..\Run: [Igfx Tray] C:\WINDOWS\System32\O4 - HKLM\..\Run: [Quick Time Task] "C:\Program Files\Quick Time\qttask.exe" -atboottime O4 - HKLM\..\Run: [i Tunes Helper] "C:\Program Files\i Tunes\i Tunes Helper.exe"O4 - HKLM\..\Run: [Quick Finder Scheduler] "c:\Program Files\Word Perfect Office 11\Programs\QFSCHD110. DLLO20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\Omni Pass\O20 - Winlogon Notify: Wga Logon - C:\WINDOWS\SYSTEM32\Wga O23 - Service: i Pod Service - Apple Computer, Inc. Advision]127.0.0.1 adviva.com127.0.0.1 ads.adviva.net127.0.0.1 adstats.adviva.net127.0.0.1 tracker.#[msvrl.dll]127.0.0.1 banners.affiliatefuel.com127.0.0.1 affiliatetarget.com127.0.0.1 fcds.affiliatetracking.net127.0.0.1 our.affiliatetracking.net127.0.0.1 partner.#[Troj/Subsear-A][Adware-SSF.dr]127.0.0.1 adserver.aim4media.com127.0.0.1 adtest.aim4media.com127.0.0.1 pops.aim4media.com127.0.0.1 crs.akamai.com127.0.0.1 soap.#[Spyware. Auto Startup]127.0.0.1 cploving.#[Trojan Clicker. ]127.0.0.1 perso.estat.com127.0.0.1 prof.estat.com127.0.0.1 Zone site]127.0.0.1 eu-adcenter.net127.0.0.1 thinknyc.eu-adcenter.net127.0.0.1 ugo.#[evidence-eliminator.com]127.0.0.1 Bar][Installer X Class]127.0.0.1 engage.everyone.net127.0.0.1 static.everyone.net127.0.0.1 exitexchange.com127.0.0.1 count.exitexchange.com127.0.0.1 images.exitexchange.com127.0.0.1 Zone site]127.0.0.1 #[EZCyber Search. A]127.0.0.1 net #[Grolier Network]127.0.0.1 micorsoft.com127.0.0.1 hijacker]127.0.0.1 adserver.mindshare.de127.0.0.1 Mini-Player]127.0.0.1 banner.missingkids.com127.0.0.1 ads.monster.com127.0.0.1 adserver.monster.com127.0.0.1 adserver.monster.com127.0.0.1 ads.monstermoving.com127.0.0.1 cookie.monster.com127.0.0.1 mp3today.net127.0.0.1 mpamexit.com127.0.0.1 msgtag.com127.0.0.1 img.#[Restricted Zone site]127.0.0.1 multi1co.uk127.0.0.1 #[Multimpp Obj Class][Adv Ware. Now Box]127.0.0.1 mediatickets.nubela.net127.0.0.1 nz127.0.0.1 okcounter.com127.0.0.1 net #[Trojan. C]127.0.0.1 stat.onestat.com127.0.0.1 one.ru127.0.0.1 ru127.0.0.1 stats0ru127.0.0.1 stats1ru127.0.0.1 stats2ru127.0.0.1 server1.opentracker.net127.0.0.1 ccc00.opinionlab.com127.0.0.1 rate.opinionlab.com127.0.0.1 net127.0.0.1 Organizer Class]127.0.0.1 com127.0.0.1 com127.0.0.1 otx5.otxresearch.com127.0.0.1 otx.#[OTXMedia.dll]127.0.0.1 Class]127.0.0.1 adpopper.#[bargain-buddy.net]127.0.0.1 click.payserve.com127.0.0.1 ad1com127.0.0.1 ad3com127.0.0.1 com127.0.0.1 ad4com127.0.0.1 ads5com127.0.0.1 com127.0.0.1 net127.0.0.1 ads.#[addynamix.com]127.0.0.1 banners.pennyweb.com127.0.0.1 D]127.0.0.1 ads.photosight.ru127.0.0.1 phpadsnew.com127.0.0.1 #[Backdoor. EXE"O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [One Care UI] "C:\Program Files\Microsoft Windows One Care Live\winssnotify.exe"O4 - HKCU\..\Run: [Backup Notify] c:\Program Files\Hewlett-Packard\Digital Imaging\bin\O4 - HKCU\..\Run: [NVIEW] rundll32nview.dll,n View Load Hook O4 - HKCU\..\Run: [Real Player] "C:\Program Files\Real\Real One Player\realplay.exe" /Run UPGTool Command Re Boot O4 - HKCU\..\Run: [update Mgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\Adobe Update Ac Rd B7_0_9O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\O4 - Startup: Auto O4 - Global Startup: Adobe Reader Speed = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_O4 - Global Startup: HP Digital Imaging = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08O4 - Global Startup: Motorola Wireless USB = ? - C:\Program Files\i Pod\bin\i Pod O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32O23 - Service: Softex Omni Pass Service (omniserv) - Unknown owner - C:\Program Files\Softex\Omni Pass\O23 - Service: Ventrilo - Unknown owner - C:\Program Files\Vent Srv\ventrilo_O23 - Service: Windows Network Log Manage - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\MSInfo\Smit Fraud Fix v2.166Scan done at .25, Fri 04/13/2007Run from C:\Documents and Settings\Owner\Desktop\Smitfraud Fix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NTThe filesystem type is NTFSFix run in safe mode Shared Task Scheduler Before Smit Fraud Fix!!! Alexa][Alexa Toolbar]127.0.0.1 #[Backdoor-CIE]127.0.0.1 ads.as4#[Ticketmaster]127.0.0.1 net127.0.0.1 net127.0.0.1 ads.amazingmedia.com127.0.0.1 bohema.#[Trojan. H]127.0.0.1 adserver04.#[Real Media]127.0.0.1 ads.antionline.com127.0.0.1 net127.0.0.1 banner.arttoday.com127.0.0.1 #[amazon.com]127.0.0.1 #[UCSearch][W32. Surebar]127.0.0.1 ads.ezcybersearch.com127.0.0.1 everyone.net127.0.0.1 Search]127.0.0.1 ads.au127.0.0.1 au127.0.0.1 redirect.au127.0.0.1 campaigns.f2au127.0.0.1 Search][TROJ_STARTPAG. Bi Spy.o]127.0.0.1 mvtracker.com127.0.0.1 mvr3#[Nav Excel\n-CASE]127.0.0.1 #[Parasite. No Adware]127.0.0.1 ad.nobreak.com127.0.0.1 #[spam][server down? O4 - Global Startup: Quicken Scheduled = C:\Program Files\Quicken\O4 - Global Startup: Updates from = C:\Program Files\Updates from HP\137903\Program\Back Web-137903O8 - Extra context menu item: &Yahoo! Attention, following keys are not inevitably infected!!! Ri Search Shared Task Scheduler's .dll[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Explorer\Shared Task Scheduler]""="frisbee"[HKEY_CLASSES_ROOT\CLSID\\In Proc Server32]@="C:\WINDOWS\system32\ygjun.dll"[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\\In Proc Server32]@="C:\WINDOWS\system32\ygjun.dll" Killing process hosts127.0.0.1 downloads.aaa1#[Bargin Buddy]127.0.0.1 dl.aaascreensavers.com127.0.0.1 abcsearch.com127.0.0.1 admin.abcsearch.com127.0.0.1 www3.#[Browseraid]127.0.0.1 abc517#[Trojan. Nav Excel]127.0.0.1 us127.0.0.1 ads.mydailyhoroscope.net127.0.0.1 Horoscope]127.0.0.1 com127.0.0.1 myhitlogger.com127.0.0.1 #[Parasite. My Page Finder]127.0.0.1 hit.namimedia.com127.0.0.1 ads.nandomedia.com127.0.0.1 #[Adware. Needed Ware]127.0.0.1 www6.netbroadcaster.com127.0.0.1 code.au127.0.0.1 money2.netfirms.com127.0.0.1 partner.netmechanic.com127.0.0.1 tracker.netmechanic.com127.0.0.1 counter.netmore.net127.0.0.1 ads.netsol.com127.0.0.1 ads.uk127.0.0.1 adq.nextag.com127.0.0.1 #[TROJ_DELF.

||

EXE\"""Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide""One Care UI"="\"C:\\Program Files\\Microsoft Windows One Care Live\\winssnotify.exe\"" [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]"DWQueued Reporting"="\"C:\\PROGRA~1\\COMMON~1\\MICROS~1\\DW\\dwtrig20.exe\" -t"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"Disable Task Mgr"=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]""="frisbee"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]""="Microsoft Anti Malware Shell Execute Hook"HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]"Security Providers"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages REG_MULTI_SZ msv1_0\0\0 Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0 Notification Packages REG_MULTI_SZ scecli\0\0HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\One Care MP [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\Current Version\Svchost]Local Service REG_MULTI_SZ Alerter\0Web Client\0Lm Hosts\0Remote Registry\0upnphost\0SSDPSRV\0\0Network Service REG_MULTI_SZ Dns Cache\0\0rpcss REG_MULTI_SZ Rpc Ss\0\0imgsvc REG_MULTI_SZ Sti Svc\0\0termsvcs REG_MULTI_SZ Term Service\0\0HTTPFilter REG_MULTI_SZ HTTPFilter\0\0Dcom Launch REG_MULTI_SZ Dcom Launch\0Term Service\0\0Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\MP Scheduled Quick C:\WINDOWS\tasks\MP Scheduled C:\WINDOWS\tasks\MP Scheduled Signature C:\WINDOWS\tasks\Symantec Net Detect.job********************************************************************catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006 hidden processes ...scanning hidden services ...scanning hidden autostart entries ...scanning hidden files ..completed successfullyhidden processes: 0hidden services: 0hidden files: 0********************************************************************Completion time: 07-04-13 C:\Combo ... EXEO4 - HKLM\..\Run: [Storage Guard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [Tk Bell Exe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Auto TKit] C:\hp\bin\AUTOTKIT. EXE C:\WINDOWS\System32\Nv Cpl.dll, Nv Startup O4 - HKLM\..\Run: [nwiz] /installquiet /keeploaded /nodetect O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\O4 - HKLM\..\Run: [Alcx Monitor] ALCXMNTR. DLLO18 - Protocol: msnim - - C:\PROGRA~1\MSNMES~1\MSGRAP~1. Adtomi]127.0.0.1 downldcl.adtoolsinc.com127.0.0.1 survey.advantageresearch.com127.0.0.1 ad.tw127.0.0.1 ads.advertise.net127.0.0.1 #[Adware. Arm Bender]127.0.0.1 audiogalaxy.com127.0.0.1 Zone site]127.0.0.1 adserving.autotrader.com127.0.0.1 Moe Money]127.0.0.1 Page-DA]127.0.0.1 c.#[ah-ha.com]127.0.0.1 #[xzoomy.com]127.0.0.1 epeople.com127.0.0.1 errorpage404#[JS_TRAFFICHBAR. Tiny Bar]127.0.0.1 er.errorplace.com127.0.0.1 vipuk.#[123Messenger Hijacker]127.0.0.1 antivirus spyware]127.0.0.1 Page-EZ][server down? Meerhits.nl]127.0.0.1 pokpok.meerhits.nl127.0.0.1 exit.megago.com127.0.0.1 squatter]127.0.0.1 Zone site]127.0.0.1

If so, click it, then click the next icon right below and select "Move incurable". Please copy/paste the content of that report into your next reply.*****************************Launch HJThis,click 'Open the Misc Tools Section'. EXEC:\Program Files\Microsoft Windows One Care Live\Firewall\C:\Program Files\Microsoft Windows One Care Live\C:\Program Files\Softex\Omni Pass\C:\WINDOWS\Explorer. Download Plus]127.0.0.1 ad.tomshardware.com127.0.0.1 #[IEDLL.

EXEC:\windows\system\C:\WINDOWS\System32\C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\C:\Program Files\HP\HP Software Update\HPWu C:\WINDOWS\System32\hphmon05C:\HP\KBD\KBD.

07-04-13 Hijack logs Logfile of Hijack This v1.99.1Scan saved at AM, on 4/13/2007Platform: Windows XP SP2 (Win NT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16414)Running processes: C:\WINDOWS\System32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\Program Files\Microsoft Windows One Care Live\Antivirus\Ms Mp C:\WINDOWS\system32\C:\Program Files\Softex\Omni Pass\C:\WINDOWS\C:\Documents and Settings\Owner\Desktop\Hijack R1 - HKCU\Software\Microsoft\Internet Connection Wizard, Shell Next = - HKCU\Software\Microsoft\Windows\Current Version\Internet Settings, Proxy Override = localhost R3 - URLSearch Hook: Yahoo! EXEO4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD. EXEO4 - HKLM\..\Run: [Igfx Tray] C:\WINDOWS\System32\O4 - HKLM\..\Run: [Quick Time Task] "C:\Program Files\Quick Time\qttask.exe" -atboottime O4 - HKLM\..\Run: [i Tunes Helper] "C:\Program Files\i Tunes\i Tunes Helper.exe"O4 - HKLM\..\Run: [Quick Finder Scheduler] "c:\Program Files\Word Perfect Office 11\Programs\QFSCHD110. DLLO20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\Omni Pass\O20 - Winlogon Notify: Wga Logon - C:\WINDOWS\SYSTEM32\Wga O23 - Service: i Pod Service - Apple Computer, Inc. Advision]127.0.0.1 adviva.com127.0.0.1 ads.adviva.net127.0.0.1 adstats.adviva.net127.0.0.1 tracker.#[msvrl.dll]127.0.0.1 banners.affiliatefuel.com127.0.0.1 affiliatetarget.com127.0.0.1 fcds.affiliatetracking.net127.0.0.1 our.affiliatetracking.net127.0.0.1 partner.#[Troj/Subsear-A][Adware-SSF.dr]127.0.0.1 adserver.aim4media.com127.0.0.1 adtest.aim4media.com127.0.0.1 pops.aim4media.com127.0.0.1 crs.akamai.com127.0.0.1 soap.#[Spyware. Auto Startup]127.0.0.1 cploving.#[Trojan Clicker. ]127.0.0.1 perso.estat.com127.0.0.1 prof.estat.com127.0.0.1 Zone site]127.0.0.1 eu-adcenter.net127.0.0.1 thinknyc.eu-adcenter.net127.0.0.1 ugo.#[evidence-eliminator.com]127.0.0.1 Bar][Installer X Class]127.0.0.1 engage.everyone.net127.0.0.1 static.everyone.net127.0.0.1 exitexchange.com127.0.0.1 count.exitexchange.com127.0.0.1 images.exitexchange.com127.0.0.1 Zone site]127.0.0.1 #[EZCyber Search. A]127.0.0.1 net #[Grolier Network]127.0.0.1 micorsoft.com127.0.0.1 hijacker]127.0.0.1 adserver.mindshare.de127.0.0.1 Mini-Player]127.0.0.1 banner.missingkids.com127.0.0.1 ads.monster.com127.0.0.1 adserver.monster.com127.0.0.1 adserver.monster.com127.0.0.1 ads.monstermoving.com127.0.0.1 cookie.monster.com127.0.0.1 mp3today.net127.0.0.1 mpamexit.com127.0.0.1 msgtag.com127.0.0.1 img.#[Restricted Zone site]127.0.0.1 multi1co.uk127.0.0.1 #[Multimpp Obj Class][Adv Ware. Now Box]127.0.0.1 mediatickets.nubela.net127.0.0.1 nz127.0.0.1 okcounter.com127.0.0.1 net #[Trojan. C]127.0.0.1 stat.onestat.com127.0.0.1 one.ru127.0.0.1 ru127.0.0.1 stats0ru127.0.0.1 stats1ru127.0.0.1 stats2ru127.0.0.1 server1.opentracker.net127.0.0.1 ccc00.opinionlab.com127.0.0.1 rate.opinionlab.com127.0.0.1 net127.0.0.1 Organizer Class]127.0.0.1 com127.0.0.1 com127.0.0.1 otx5.otxresearch.com127.0.0.1 otx.#[OTXMedia.dll]127.0.0.1 Class]127.0.0.1 adpopper.#[bargain-buddy.net]127.0.0.1 click.payserve.com127.0.0.1 ad1com127.0.0.1 ad3com127.0.0.1 com127.0.0.1 ad4com127.0.0.1 ads5com127.0.0.1 com127.0.0.1 net127.0.0.1 ads.#[addynamix.com]127.0.0.1 banners.pennyweb.com127.0.0.1 D]127.0.0.1 ads.photosight.ru127.0.0.1 phpadsnew.com127.0.0.1 #[Backdoor.

EXE"O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [One Care UI] "C:\Program Files\Microsoft Windows One Care Live\winssnotify.exe"O4 - HKCU\..\Run: [Backup Notify] c:\Program Files\Hewlett-Packard\Digital Imaging\bin\O4 - HKCU\..\Run: [NVIEW] rundll32nview.dll,n View Load Hook O4 - HKCU\..\Run: [Real Player] "C:\Program Files\Real\Real One Player\realplay.exe" /Run UPGTool Command Re Boot O4 - HKCU\..\Run: [update Mgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\Adobe Update Ac Rd B7_0_9O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\O4 - Startup: Auto O4 - Global Startup: Adobe Reader Speed = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_O4 - Global Startup: HP Digital Imaging = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08O4 - Global Startup: Motorola Wireless USB = ? - C:\Program Files\i Pod\bin\i Pod O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32O23 - Service: Softex Omni Pass Service (omniserv) - Unknown owner - C:\Program Files\Softex\Omni Pass\O23 - Service: Ventrilo - Unknown owner - C:\Program Files\Vent Srv\ventrilo_O23 - Service: Windows Network Log Manage - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\MSInfo\Smit Fraud Fix v2.166Scan done at .25, Fri 04/13/2007Run from C:\Documents and Settings\Owner\Desktop\Smitfraud Fix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NTThe filesystem type is NTFSFix run in safe mode Shared Task Scheduler Before Smit Fraud Fix!!! Alexa][Alexa Toolbar]127.0.0.1 #[Backdoor-CIE]127.0.0.1 ads.as4#[Ticketmaster]127.0.0.1 net127.0.0.1 net127.0.0.1 ads.amazingmedia.com127.0.0.1 bohema.#[Trojan. H]127.0.0.1 adserver04.#[Real Media]127.0.0.1 ads.antionline.com127.0.0.1 net127.0.0.1 banner.arttoday.com127.0.0.1 #[amazon.com]127.0.0.1 #[UCSearch][W32. Surebar]127.0.0.1 ads.ezcybersearch.com127.0.0.1 everyone.net127.0.0.1 Search]127.0.0.1 ads.au127.0.0.1 au127.0.0.1 redirect.au127.0.0.1 campaigns.f2au127.0.0.1 Search][TROJ_STARTPAG. Bi Spy.o]127.0.0.1 mvtracker.com127.0.0.1 mvr3#[Nav Excel\n-CASE]127.0.0.1 #[Parasite. No Adware]127.0.0.1 ad.nobreak.com127.0.0.1 #[spam][server down?

O4 - Global Startup: Quicken Scheduled = C:\Program Files\Quicken\O4 - Global Startup: Updates from = C:\Program Files\Updates from HP\137903\Program\Back Web-137903O8 - Extra context menu item: &Yahoo! Attention, following keys are not inevitably infected!!! Ri Search Shared Task Scheduler's .dll[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Explorer\Shared Task Scheduler]""="frisbee"[HKEY_CLASSES_ROOT\CLSID\\In Proc Server32]@="C:\WINDOWS\system32\ygjun.dll"[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\\In Proc Server32]@="C:\WINDOWS\system32\ygjun.dll" Killing process hosts127.0.0.1 downloads.aaa1#[Bargin Buddy]127.0.0.1 dl.aaascreensavers.com127.0.0.1 abcsearch.com127.0.0.1 admin.abcsearch.com127.0.0.1 www3.#[Browseraid]127.0.0.1 abc517#[Trojan. Nav Excel]127.0.0.1 us127.0.0.1 ads.mydailyhoroscope.net127.0.0.1 Horoscope]127.0.0.1 com127.0.0.1 myhitlogger.com127.0.0.1 #[Parasite. My Page Finder]127.0.0.1 hit.namimedia.com127.0.0.1 ads.nandomedia.com127.0.0.1 #[Adware. Needed Ware]127.0.0.1 www6.netbroadcaster.com127.0.0.1 code.au127.0.0.1 money2.netfirms.com127.0.0.1 partner.netmechanic.com127.0.0.1 tracker.netmechanic.com127.0.0.1 counter.netmore.net127.0.0.1 ads.netsol.com127.0.0.1 ads.uk127.0.0.1 adq.nextag.com127.0.0.1 #[TROJ_DELF.

]] Notification Packages REG_MULTI_SZ scecli[[

EXE\"""Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide""One Care UI"="\"C:\\Program Files\\Microsoft Windows One Care Live\\winssnotify.exe\"" [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]"DWQueued Reporting"="\"C:\\PROGRA~1\\COMMON~1\\MICROS~1\\DW\\dwtrig20.exe\" -t"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"Disable Task Mgr"=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]""="frisbee"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]""="Microsoft Anti Malware Shell Execute Hook"HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]"Security Providers"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages REG_MULTI_SZ msv1_0\0\0 Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0 Notification Packages REG_MULTI_SZ scecli\0\0HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\One Care MP [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\Current Version\Svchost]Local Service REG_MULTI_SZ Alerter\0Web Client\0Lm Hosts\0Remote Registry\0upnphost\0SSDPSRV\0\0Network Service REG_MULTI_SZ Dns Cache\0\0rpcss REG_MULTI_SZ Rpc Ss\0\0imgsvc REG_MULTI_SZ Sti Svc\0\0termsvcs REG_MULTI_SZ Term Service\0\0HTTPFilter REG_MULTI_SZ HTTPFilter\0\0Dcom Launch REG_MULTI_SZ Dcom Launch\0Term Service\0\0Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\MP Scheduled Quick C:\WINDOWS\tasks\MP Scheduled C:\WINDOWS\tasks\MP Scheduled Signature C:\WINDOWS\tasks\Symantec Net Detect.job********************************************************************catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006 hidden processes ...scanning hidden services ...scanning hidden autostart entries ...scanning hidden files ..completed successfullyhidden processes: 0hidden services: 0hidden files: 0********************************************************************Completion time: 07-04-13 C:\Combo ... EXEO4 - HKLM\..\Run: [Storage Guard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [Tk Bell Exe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Auto TKit] C:\hp\bin\AUTOTKIT. EXE C:\WINDOWS\System32\Nv Cpl.dll, Nv Startup O4 - HKLM\..\Run: [nwiz] /installquiet /keeploaded /nodetect O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\O4 - HKLM\..\Run: [Alcx Monitor] ALCXMNTR. DLLO18 - Protocol: msnim - - C:\PROGRA~1\MSNMES~1\MSGRAP~1. Adtomi]127.0.0.1 downldcl.adtoolsinc.com127.0.0.1 survey.advantageresearch.com127.0.0.1 ad.tw127.0.0.1 ads.advertise.net127.0.0.1 #[Adware. Arm Bender]127.0.0.1 audiogalaxy.com127.0.0.1 Zone site]127.0.0.1 adserving.autotrader.com127.0.0.1 Moe Money]127.0.0.1 Page-DA]127.0.0.1 c.#[ah-ha.com]127.0.0.1 #[xzoomy.com]127.0.0.1 epeople.com127.0.0.1 errorpage404#[JS_TRAFFICHBAR. Tiny Bar]127.0.0.1 er.errorplace.com127.0.0.1 vipuk.#[123Messenger Hijacker]127.0.0.1 antivirus spyware]127.0.0.1 Page-EZ][server down? Meerhits.nl]127.0.0.1 pokpok.meerhits.nl127.0.0.1 exit.megago.com127.0.0.1 squatter]127.0.0.1 Zone site]127.0.0.1 If so, click it, then click the next icon right below and select "Move incurable". Please copy/paste the content of that report into your next reply.*****************************Launch HJThis,click 'Open the Misc Tools Section'. EXEC:\Program Files\Microsoft Windows One Care Live\Firewall\C:\Program Files\Microsoft Windows One Care Live\C:\Program Files\Softex\Omni Pass\C:\WINDOWS\Explorer. Download Plus]127.0.0.1 ad.tomshardware.com127.0.0.1 #[IEDLL. EXEC:\windows\system\C:\WINDOWS\System32\C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\C:\Program Files\HP\HP Software Update\HPWu C:\WINDOWS\System32\hphmon05C:\HP\KBD\KBD. 07-04-13 Hijack logs Logfile of Hijack This v1.99.1Scan saved at AM, on 4/13/2007Platform: Windows XP SP2 (Win NT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16414)Running processes: C:\WINDOWS\System32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\Program Files\Microsoft Windows One Care Live\Antivirus\Ms Mp C:\WINDOWS\system32\C:\Program Files\Softex\Omni Pass\C:\WINDOWS\C:\Documents and Settings\Owner\Desktop\Hijack R1 - HKCU\Software\Microsoft\Internet Connection Wizard, Shell Next = - HKCU\Software\Microsoft\Windows\Current Version\Internet Settings, Proxy Override = localhost R3 - URLSearch Hook: Yahoo! EXEO4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD. EXEO4 - HKLM\..\Run: [Igfx Tray] C:\WINDOWS\System32\O4 - HKLM\..\Run: [Quick Time Task] "C:\Program Files\Quick Time\qttask.exe" -atboottime O4 - HKLM\..\Run: [i Tunes Helper] "C:\Program Files\i Tunes\i Tunes Helper.exe"O4 - HKLM\..\Run: [Quick Finder Scheduler] "c:\Program Files\Word Perfect Office 11\Programs\QFSCHD110. DLLO20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\Omni Pass\O20 - Winlogon Notify: Wga Logon - C:\WINDOWS\SYSTEM32\Wga O23 - Service: i Pod Service - Apple Computer, Inc. Advision]127.0.0.1 adviva.com127.0.0.1 ads.adviva.net127.0.0.1 adstats.adviva.net127.0.0.1 tracker.#[msvrl.dll]127.0.0.1 banners.affiliatefuel.com127.0.0.1 affiliatetarget.com127.0.0.1 fcds.affiliatetracking.net127.0.0.1 our.affiliatetracking.net127.0.0.1 partner.#[Troj/Subsear-A][Adware-SSF.dr]127.0.0.1 adserver.aim4media.com127.0.0.1 adtest.aim4media.com127.0.0.1 pops.aim4media.com127.0.0.1 crs.akamai.com127.0.0.1 soap.#[Spyware. Auto Startup]127.0.0.1 cploving.#[Trojan Clicker. ]127.0.0.1 perso.estat.com127.0.0.1 prof.estat.com127.0.0.1 Zone site]127.0.0.1 eu-adcenter.net127.0.0.1 thinknyc.eu-adcenter.net127.0.0.1 ugo.#[evidence-eliminator.com]127.0.0.1 Bar][Installer X Class]127.0.0.1 engage.everyone.net127.0.0.1 static.everyone.net127.0.0.1 exitexchange.com127.0.0.1 count.exitexchange.com127.0.0.1 images.exitexchange.com127.0.0.1 Zone site]127.0.0.1 #[EZCyber Search. A]127.0.0.1 net #[Grolier Network]127.0.0.1 micorsoft.com127.0.0.1 hijacker]127.0.0.1 adserver.mindshare.de127.0.0.1 Mini-Player]127.0.0.1 banner.missingkids.com127.0.0.1 ads.monster.com127.0.0.1 adserver.monster.com127.0.0.1 adserver.monster.com127.0.0.1 ads.monstermoving.com127.0.0.1 cookie.monster.com127.0.0.1 mp3today.net127.0.0.1 mpamexit.com127.0.0.1 msgtag.com127.0.0.1 img.#[Restricted Zone site]127.0.0.1 multi1co.uk127.0.0.1 #[Multimpp Obj Class][Adv Ware. Now Box]127.0.0.1 mediatickets.nubela.net127.0.0.1 nz127.0.0.1 okcounter.com127.0.0.1 net #[Trojan. C]127.0.0.1 stat.onestat.com127.0.0.1 one.ru127.0.0.1 ru127.0.0.1 stats0ru127.0.0.1 stats1ru127.0.0.1 stats2ru127.0.0.1 server1.opentracker.net127.0.0.1 ccc00.opinionlab.com127.0.0.1 rate.opinionlab.com127.0.0.1 net127.0.0.1 Organizer Class]127.0.0.1 com127.0.0.1 com127.0.0.1 otx5.otxresearch.com127.0.0.1 otx.#[OTXMedia.dll]127.0.0.1 Class]127.0.0.1 adpopper.#[bargain-buddy.net]127.0.0.1 click.payserve.com127.0.0.1 ad1com127.0.0.1 ad3com127.0.0.1 com127.0.0.1 ad4com127.0.0.1 ads5com127.0.0.1 com127.0.0.1 net127.0.0.1 ads.#[addynamix.com]127.0.0.1 banners.pennyweb.com127.0.0.1 D]127.0.0.1 ads.photosight.ru127.0.0.1 phpadsnew.com127.0.0.1 #[Backdoor. EXE"O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [One Care UI] "C:\Program Files\Microsoft Windows One Care Live\winssnotify.exe"O4 - HKCU\..\Run: [Backup Notify] c:\Program Files\Hewlett-Packard\Digital Imaging\bin\O4 - HKCU\..\Run: [NVIEW] rundll32nview.dll,n View Load Hook O4 - HKCU\..\Run: [Real Player] "C:\Program Files\Real\Real One Player\realplay.exe" /Run UPGTool Command Re Boot O4 - HKCU\..\Run: [update Mgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\Adobe Update Ac Rd B7_0_9O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\O4 - Startup: Auto O4 - Global Startup: Adobe Reader Speed = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_O4 - Global Startup: HP Digital Imaging = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08O4 - Global Startup: Motorola Wireless USB = ? - C:\Program Files\i Pod\bin\i Pod O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32O23 - Service: Softex Omni Pass Service (omniserv) - Unknown owner - C:\Program Files\Softex\Omni Pass\O23 - Service: Ventrilo - Unknown owner - C:\Program Files\Vent Srv\ventrilo_O23 - Service: Windows Network Log Manage - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\MSInfo\Smit Fraud Fix v2.166Scan done at .25, Fri 04/13/2007Run from C:\Documents and Settings\Owner\Desktop\Smitfraud Fix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NTThe filesystem type is NTFSFix run in safe mode Shared Task Scheduler Before Smit Fraud Fix!!! Alexa][Alexa Toolbar]127.0.0.1 #[Backdoor-CIE]127.0.0.1 ads.as4#[Ticketmaster]127.0.0.1 net127.0.0.1 net127.0.0.1 ads.amazingmedia.com127.0.0.1 bohema.#[Trojan. H]127.0.0.1 adserver04.#[Real Media]127.0.0.1 ads.antionline.com127.0.0.1 net127.0.0.1 banner.arttoday.com127.0.0.1 #[amazon.com]127.0.0.1 #[UCSearch][W32. Surebar]127.0.0.1 ads.ezcybersearch.com127.0.0.1 everyone.net127.0.0.1 Search]127.0.0.1 ads.au127.0.0.1 au127.0.0.1 redirect.au127.0.0.1 campaigns.f2au127.0.0.1 Search][TROJ_STARTPAG. Bi Spy.o]127.0.0.1 mvtracker.com127.0.0.1 mvr3#[Nav Excel\n-CASE]127.0.0.1 #[Parasite. No Adware]127.0.0.1 ad.nobreak.com127.0.0.1 #[spam][server down? O4 - Global Startup: Quicken Scheduled = C:\Program Files\Quicken\O4 - Global Startup: Updates from = C:\Program Files\Updates from HP\137903\Program\Back Web-137903O8 - Extra context menu item: &Yahoo! Attention, following keys are not inevitably infected!!! Ri Search Shared Task Scheduler's .dll[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Explorer\Shared Task Scheduler]""="frisbee"[HKEY_CLASSES_ROOT\CLSID\\In Proc Server32]@="C:\WINDOWS\system32\ygjun.dll"[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\\In Proc Server32]@="C:\WINDOWS\system32\ygjun.dll" Killing process hosts127.0.0.1 downloads.aaa1#[Bargin Buddy]127.0.0.1 dl.aaascreensavers.com127.0.0.1 abcsearch.com127.0.0.1 admin.abcsearch.com127.0.0.1 www3.#[Browseraid]127.0.0.1 abc517#[Trojan. Nav Excel]127.0.0.1 us127.0.0.1 ads.mydailyhoroscope.net127.0.0.1 Horoscope]127.0.0.1 com127.0.0.1 myhitlogger.com127.0.0.1 #[Parasite. My Page Finder]127.0.0.1 hit.namimedia.com127.0.0.1 ads.nandomedia.com127.0.0.1 #[Adware. Needed Ware]127.0.0.1 www6.netbroadcaster.com127.0.0.1 code.au127.0.0.1 money2.netfirms.com127.0.0.1 partner.netmechanic.com127.0.0.1 tracker.netmechanic.com127.0.0.1 counter.netmore.net127.0.0.1 ads.netsol.com127.0.0.1 ads.uk127.0.0.1 adq.nextag.com127.0.0.1 #[TROJ_DELF.

||

EXE\"""Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide""One Care UI"="\"C:\\Program Files\\Microsoft Windows One Care Live\\winssnotify.exe\"" [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]"DWQueued Reporting"="\"C:\\PROGRA~1\\COMMON~1\\MICROS~1\\DW\\dwtrig20.exe\" -t"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"Disable Task Mgr"=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]""="frisbee"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]""="Microsoft Anti Malware Shell Execute Hook"HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]"Security Providers"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages REG_MULTI_SZ msv1_0\0\0 Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0 Notification Packages REG_MULTI_SZ scecli\0\0HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\One Care MP [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\Current Version\Svchost]Local Service REG_MULTI_SZ Alerter\0Web Client\0Lm Hosts\0Remote Registry\0upnphost\0SSDPSRV\0\0Network Service REG_MULTI_SZ Dns Cache\0\0rpcss REG_MULTI_SZ Rpc Ss\0\0imgsvc REG_MULTI_SZ Sti Svc\0\0termsvcs REG_MULTI_SZ Term Service\0\0HTTPFilter REG_MULTI_SZ HTTPFilter\0\0Dcom Launch REG_MULTI_SZ Dcom Launch\0Term Service\0\0Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\MP Scheduled Quick C:\WINDOWS\tasks\MP Scheduled C:\WINDOWS\tasks\MP Scheduled Signature C:\WINDOWS\tasks\Symantec Net Detect.job********************************************************************catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006 hidden processes ...scanning hidden services ...scanning hidden autostart entries ...scanning hidden files ..completed successfullyhidden processes: 0hidden services: 0hidden files: 0********************************************************************Completion time: 07-04-13 C:\Combo ... EXEO4 - HKLM\..\Run: [Storage Guard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [Tk Bell Exe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Auto TKit] C:\hp\bin\AUTOTKIT. EXE C:\WINDOWS\System32\Nv Cpl.dll, Nv Startup O4 - HKLM\..\Run: [nwiz] /installquiet /keeploaded /nodetect O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\O4 - HKLM\..\Run: [Alcx Monitor] ALCXMNTR. DLLO18 - Protocol: msnim - - C:\PROGRA~1\MSNMES~1\MSGRAP~1. Adtomi]127.0.0.1 downldcl.adtoolsinc.com127.0.0.1 survey.advantageresearch.com127.0.0.1 ad.tw127.0.0.1 ads.advertise.net127.0.0.1 #[Adware. Arm Bender]127.0.0.1 audiogalaxy.com127.0.0.1 Zone site]127.0.0.1 adserving.autotrader.com127.0.0.1 Moe Money]127.0.0.1 Page-DA]127.0.0.1 c.#[ah-ha.com]127.0.0.1 #[xzoomy.com]127.0.0.1 epeople.com127.0.0.1 errorpage404#[JS_TRAFFICHBAR. Tiny Bar]127.0.0.1 er.errorplace.com127.0.0.1 vipuk.#[123Messenger Hijacker]127.0.0.1 antivirus spyware]127.0.0.1 Page-EZ][server down? Meerhits.nl]127.0.0.1 pokpok.meerhits.nl127.0.0.1 exit.megago.com127.0.0.1 squatter]127.0.0.1 Zone site]127.0.0.1

If so, click it, then click the next icon right below and select "Move incurable". Please copy/paste the content of that report into your next reply.*****************************Launch HJThis,click 'Open the Misc Tools Section'. EXEC:\Program Files\Microsoft Windows One Care Live\Firewall\C:\Program Files\Microsoft Windows One Care Live\C:\Program Files\Softex\Omni Pass\C:\WINDOWS\Explorer. Download Plus]127.0.0.1 ad.tomshardware.com127.0.0.1 #[IEDLL.

EXEC:\windows\system\C:\WINDOWS\System32\C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\C:\Program Files\HP\HP Software Update\HPWu C:\WINDOWS\System32\hphmon05C:\HP\KBD\KBD.

07-04-13 Hijack logs Logfile of Hijack This v1.99.1Scan saved at AM, on 4/13/2007Platform: Windows XP SP2 (Win NT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16414)Running processes: C:\WINDOWS\System32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\Program Files\Microsoft Windows One Care Live\Antivirus\Ms Mp C:\WINDOWS\system32\C:\Program Files\Softex\Omni Pass\C:\WINDOWS\C:\Documents and Settings\Owner\Desktop\Hijack R1 - HKCU\Software\Microsoft\Internet Connection Wizard, Shell Next = - HKCU\Software\Microsoft\Windows\Current Version\Internet Settings, Proxy Override = localhost R3 - URLSearch Hook: Yahoo! EXEO4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD. EXEO4 - HKLM\..\Run: [Igfx Tray] C:\WINDOWS\System32\O4 - HKLM\..\Run: [Quick Time Task] "C:\Program Files\Quick Time\qttask.exe" -atboottime O4 - HKLM\..\Run: [i Tunes Helper] "C:\Program Files\i Tunes\i Tunes Helper.exe"O4 - HKLM\..\Run: [Quick Finder Scheduler] "c:\Program Files\Word Perfect Office 11\Programs\QFSCHD110. DLLO20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\Omni Pass\O20 - Winlogon Notify: Wga Logon - C:\WINDOWS\SYSTEM32\Wga O23 - Service: i Pod Service - Apple Computer, Inc. Advision]127.0.0.1 adviva.com127.0.0.1 ads.adviva.net127.0.0.1 adstats.adviva.net127.0.0.1 tracker.#[msvrl.dll]127.0.0.1 banners.affiliatefuel.com127.0.0.1 affiliatetarget.com127.0.0.1 fcds.affiliatetracking.net127.0.0.1 our.affiliatetracking.net127.0.0.1 partner.#[Troj/Subsear-A][Adware-SSF.dr]127.0.0.1 adserver.aim4media.com127.0.0.1 adtest.aim4media.com127.0.0.1 pops.aim4media.com127.0.0.1 crs.akamai.com127.0.0.1 soap.#[Spyware. Auto Startup]127.0.0.1 cploving.#[Trojan Clicker. ]127.0.0.1 perso.estat.com127.0.0.1 prof.estat.com127.0.0.1 Zone site]127.0.0.1 eu-adcenter.net127.0.0.1 thinknyc.eu-adcenter.net127.0.0.1 ugo.#[evidence-eliminator.com]127.0.0.1 Bar][Installer X Class]127.0.0.1 engage.everyone.net127.0.0.1 static.everyone.net127.0.0.1 exitexchange.com127.0.0.1 count.exitexchange.com127.0.0.1 images.exitexchange.com127.0.0.1 Zone site]127.0.0.1 #[EZCyber Search. A]127.0.0.1 net #[Grolier Network]127.0.0.1 micorsoft.com127.0.0.1 hijacker]127.0.0.1 adserver.mindshare.de127.0.0.1 Mini-Player]127.0.0.1 banner.missingkids.com127.0.0.1 ads.monster.com127.0.0.1 adserver.monster.com127.0.0.1 adserver.monster.com127.0.0.1 ads.monstermoving.com127.0.0.1 cookie.monster.com127.0.0.1 mp3today.net127.0.0.1 mpamexit.com127.0.0.1 msgtag.com127.0.0.1 img.#[Restricted Zone site]127.0.0.1 multi1co.uk127.0.0.1 #[Multimpp Obj Class][Adv Ware. Now Box]127.0.0.1 mediatickets.nubela.net127.0.0.1 nz127.0.0.1 okcounter.com127.0.0.1 net #[Trojan. C]127.0.0.1 stat.onestat.com127.0.0.1 one.ru127.0.0.1 ru127.0.0.1 stats0ru127.0.0.1 stats1ru127.0.0.1 stats2ru127.0.0.1 server1.opentracker.net127.0.0.1 ccc00.opinionlab.com127.0.0.1 rate.opinionlab.com127.0.0.1 net127.0.0.1 Organizer Class]127.0.0.1 com127.0.0.1 com127.0.0.1 otx5.otxresearch.com127.0.0.1 otx.#[OTXMedia.dll]127.0.0.1 Class]127.0.0.1 adpopper.#[bargain-buddy.net]127.0.0.1 click.payserve.com127.0.0.1 ad1com127.0.0.1 ad3com127.0.0.1 com127.0.0.1 ad4com127.0.0.1 ads5com127.0.0.1 com127.0.0.1 net127.0.0.1 ads.#[addynamix.com]127.0.0.1 banners.pennyweb.com127.0.0.1 D]127.0.0.1 ads.photosight.ru127.0.0.1 phpadsnew.com127.0.0.1 #[Backdoor.

EXE"O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [One Care UI] "C:\Program Files\Microsoft Windows One Care Live\winssnotify.exe"O4 - HKCU\..\Run: [Backup Notify] c:\Program Files\Hewlett-Packard\Digital Imaging\bin\O4 - HKCU\..\Run: [NVIEW] rundll32nview.dll,n View Load Hook O4 - HKCU\..\Run: [Real Player] "C:\Program Files\Real\Real One Player\realplay.exe" /Run UPGTool Command Re Boot O4 - HKCU\..\Run: [update Mgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\Adobe Update Ac Rd B7_0_9O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\O4 - Startup: Auto O4 - Global Startup: Adobe Reader Speed = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_O4 - Global Startup: HP Digital Imaging = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08O4 - Global Startup: Motorola Wireless USB = ? - C:\Program Files\i Pod\bin\i Pod O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32O23 - Service: Softex Omni Pass Service (omniserv) - Unknown owner - C:\Program Files\Softex\Omni Pass\O23 - Service: Ventrilo - Unknown owner - C:\Program Files\Vent Srv\ventrilo_O23 - Service: Windows Network Log Manage - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\MSInfo\Smit Fraud Fix v2.166Scan done at .25, Fri 04/13/2007Run from C:\Documents and Settings\Owner\Desktop\Smitfraud Fix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NTThe filesystem type is NTFSFix run in safe mode Shared Task Scheduler Before Smit Fraud Fix!!! Alexa][Alexa Toolbar]127.0.0.1 #[Backdoor-CIE]127.0.0.1 ads.as4#[Ticketmaster]127.0.0.1 net127.0.0.1 net127.0.0.1 ads.amazingmedia.com127.0.0.1 bohema.#[Trojan. H]127.0.0.1 adserver04.#[Real Media]127.0.0.1 ads.antionline.com127.0.0.1 net127.0.0.1 banner.arttoday.com127.0.0.1 #[amazon.com]127.0.0.1 #[UCSearch][W32. Surebar]127.0.0.1 ads.ezcybersearch.com127.0.0.1 everyone.net127.0.0.1 Search]127.0.0.1 ads.au127.0.0.1 au127.0.0.1 redirect.au127.0.0.1 campaigns.f2au127.0.0.1 Search][TROJ_STARTPAG. Bi Spy.o]127.0.0.1 mvtracker.com127.0.0.1 mvr3#[Nav Excel\n-CASE]127.0.0.1 #[Parasite. No Adware]127.0.0.1 ad.nobreak.com127.0.0.1 #[spam][server down?

O4 - Global Startup: Quicken Scheduled = C:\Program Files\Quicken\O4 - Global Startup: Updates from = C:\Program Files\Updates from HP\137903\Program\Back Web-137903O8 - Extra context menu item: &Yahoo! Attention, following keys are not inevitably infected!!! Ri Search Shared Task Scheduler's .dll[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Explorer\Shared Task Scheduler]""="frisbee"[HKEY_CLASSES_ROOT\CLSID\\In Proc Server32]@="C:\WINDOWS\system32\ygjun.dll"[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\\In Proc Server32]@="C:\WINDOWS\system32\ygjun.dll" Killing process hosts127.0.0.1 downloads.aaa1#[Bargin Buddy]127.0.0.1 dl.aaascreensavers.com127.0.0.1 abcsearch.com127.0.0.1 admin.abcsearch.com127.0.0.1 www3.#[Browseraid]127.0.0.1 abc517#[Trojan. Nav Excel]127.0.0.1 us127.0.0.1 ads.mydailyhoroscope.net127.0.0.1 Horoscope]127.0.0.1 com127.0.0.1 myhitlogger.com127.0.0.1 #[Parasite. My Page Finder]127.0.0.1 hit.namimedia.com127.0.0.1 ads.nandomedia.com127.0.0.1 #[Adware. Needed Ware]127.0.0.1 www6.netbroadcaster.com127.0.0.1 code.au127.0.0.1 money2.netfirms.com127.0.0.1 partner.netmechanic.com127.0.0.1 tracker.netmechanic.com127.0.0.1 counter.netmore.net127.0.0.1 ads.netsol.com127.0.0.1 ads.uk127.0.0.1 adq.nextag.com127.0.0.1 #[TROJ_DELF.

]][[

EXE\"""Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide""One Care UI"="\"C:\\Program Files\\Microsoft Windows One Care Live\\winssnotify.exe\"" [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]"DWQueued Reporting"="\"C:\\PROGRA~1\\COMMON~1\\MICROS~1\\DW\\dwtrig20.exe\" -t"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"Disable Task Mgr"=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]""="frisbee"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]""="Microsoft Anti Malware Shell Execute Hook"HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]"Security Providers"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages REG_MULTI_SZ msv1_0\0\0 Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0 Notification Packages REG_MULTI_SZ scecli\0\0HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\One Care MP [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\Current Version\Svchost]Local Service REG_MULTI_SZ Alerter\0Web Client\0Lm Hosts\0Remote Registry\0upnphost\0SSDPSRV\0\0Network Service REG_MULTI_SZ Dns Cache\0\0rpcss REG_MULTI_SZ Rpc Ss\0\0imgsvc REG_MULTI_SZ Sti Svc\0\0termsvcs REG_MULTI_SZ Term Service\0\0HTTPFilter REG_MULTI_SZ HTTPFilter\0\0Dcom Launch REG_MULTI_SZ Dcom Launch\0Term Service\0\0Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\MP Scheduled Quick C:\WINDOWS\tasks\MP Scheduled C:\WINDOWS\tasks\MP Scheduled Signature C:\WINDOWS\tasks\Symantec Net Detect.job********************************************************************catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006 hidden processes ...scanning hidden services ...scanning hidden autostart entries ...scanning hidden files ..completed successfullyhidden processes: 0hidden services: 0hidden files: 0********************************************************************Completion time: 07-04-13 C:\Combo ... EXEO4 - HKLM\..\Run: [Storage Guard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [Tk Bell Exe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Auto TKit] C:\hp\bin\AUTOTKIT. EXE C:\WINDOWS\System32\Nv Cpl.dll, Nv Startup O4 - HKLM\..\Run: [nwiz] /installquiet /keeploaded /nodetect O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\O4 - HKLM\..\Run: [Alcx Monitor] ALCXMNTR. DLLO18 - Protocol: msnim - - C:\PROGRA~1\MSNMES~1\MSGRAP~1. Adtomi]127.0.0.1 downldcl.adtoolsinc.com127.0.0.1 survey.advantageresearch.com127.0.0.1 ad.tw127.0.0.1 ads.advertise.net127.0.0.1 #[Adware. Arm Bender]127.0.0.1 audiogalaxy.com127.0.0.1 Zone site]127.0.0.1 adserving.autotrader.com127.0.0.1 Moe Money]127.0.0.1 Page-DA]127.0.0.1 c.#[ah-ha.com]127.0.0.1 #[xzoomy.com]127.0.0.1 epeople.com127.0.0.1 errorpage404#[JS_TRAFFICHBAR. Tiny Bar]127.0.0.1 er.errorplace.com127.0.0.1 vipuk.#[123Messenger Hijacker]127.0.0.1 antivirus spyware]127.0.0.1 Page-EZ][server down? Meerhits.nl]127.0.0.1 pokpok.meerhits.nl127.0.0.1 exit.megago.com127.0.0.1 squatter]127.0.0.1 Zone site]127.0.0.1 If so, click it, then click the next icon right below and select "Move incurable". Please copy/paste the content of that report into your next reply.*****************************Launch HJThis,click 'Open the Misc Tools Section'. EXEC:\Program Files\Microsoft Windows One Care Live\Firewall\C:\Program Files\Microsoft Windows One Care Live\C:\Program Files\Softex\Omni Pass\C:\WINDOWS\Explorer. Download Plus]127.0.0.1 ad.tomshardware.com127.0.0.1 #[IEDLL. EXEC:\windows\system\C:\WINDOWS\System32\C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\C:\Program Files\HP\HP Software Update\HPWu C:\WINDOWS\System32\hphmon05C:\HP\KBD\KBD. 07-04-13 Hijack logs Logfile of Hijack This v1.99.1Scan saved at AM, on 4/13/2007Platform: Windows XP SP2 (Win NT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16414)Running processes: C:\WINDOWS\System32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\Program Files\Microsoft Windows One Care Live\Antivirus\Ms Mp C:\WINDOWS\system32\C:\Program Files\Softex\Omni Pass\C:\WINDOWS\C:\Documents and Settings\Owner\Desktop\Hijack R1 - HKCU\Software\Microsoft\Internet Connection Wizard, Shell Next = - HKCU\Software\Microsoft\Windows\Current Version\Internet Settings, Proxy Override = localhost R3 - URLSearch Hook: Yahoo! EXEO4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD. EXEO4 - HKLM\..\Run: [Igfx Tray] C:\WINDOWS\System32\O4 - HKLM\..\Run: [Quick Time Task] "C:\Program Files\Quick Time\qttask.exe" -atboottime O4 - HKLM\..\Run: [i Tunes Helper] "C:\Program Files\i Tunes\i Tunes Helper.exe"O4 - HKLM\..\Run: [Quick Finder Scheduler] "c:\Program Files\Word Perfect Office 11\Programs\QFSCHD110. DLLO20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\Omni Pass\O20 - Winlogon Notify: Wga Logon - C:\WINDOWS\SYSTEM32\Wga O23 - Service: i Pod Service - Apple Computer, Inc. Advision]127.0.0.1 adviva.com127.0.0.1 ads.adviva.net127.0.0.1 adstats.adviva.net127.0.0.1 tracker.#[msvrl.dll]127.0.0.1 banners.affiliatefuel.com127.0.0.1 affiliatetarget.com127.0.0.1 fcds.affiliatetracking.net127.0.0.1 our.affiliatetracking.net127.0.0.1 partner.#[Troj/Subsear-A][Adware-SSF.dr]127.0.0.1 adserver.aim4media.com127.0.0.1 adtest.aim4media.com127.0.0.1 pops.aim4media.com127.0.0.1 crs.akamai.com127.0.0.1 soap.#[Spyware. Auto Startup]127.0.0.1 cploving.#[Trojan Clicker. ]127.0.0.1 perso.estat.com127.0.0.1 prof.estat.com127.0.0.1 Zone site]127.0.0.1 eu-adcenter.net127.0.0.1 thinknyc.eu-adcenter.net127.0.0.1 ugo.#[evidence-eliminator.com]127.0.0.1 Bar][Installer X Class]127.0.0.1 engage.everyone.net127.0.0.1 static.everyone.net127.0.0.1 exitexchange.com127.0.0.1 count.exitexchange.com127.0.0.1 images.exitexchange.com127.0.0.1 Zone site]127.0.0.1 #[EZCyber Search. A]127.0.0.1 net #[Grolier Network]127.0.0.1 micorsoft.com127.0.0.1 hijacker]127.0.0.1 adserver.mindshare.de127.0.0.1 Mini-Player]127.0.0.1 banner.missingkids.com127.0.0.1 ads.monster.com127.0.0.1 adserver.monster.com127.0.0.1 adserver.monster.com127.0.0.1 ads.monstermoving.com127.0.0.1 cookie.monster.com127.0.0.1 mp3today.net127.0.0.1 mpamexit.com127.0.0.1 msgtag.com127.0.0.1 img.#[Restricted Zone site]127.0.0.1 multi1co.uk127.0.0.1 #[Multimpp Obj Class][Adv Ware. Now Box]127.0.0.1 mediatickets.nubela.net127.0.0.1 nz127.0.0.1 okcounter.com127.0.0.1 net #[Trojan. C]127.0.0.1 stat.onestat.com127.0.0.1 one.ru127.0.0.1 ru127.0.0.1 stats0ru127.0.0.1 stats1ru127.0.0.1 stats2ru127.0.0.1 server1.opentracker.net127.0.0.1 ccc00.opinionlab.com127.0.0.1 rate.opinionlab.com127.0.0.1 net127.0.0.1 Organizer Class]127.0.0.1 com127.0.0.1 com127.0.0.1 otx5.otxresearch.com127.0.0.1 otx.#[OTXMedia.dll]127.0.0.1 Class]127.0.0.1 adpopper.#[bargain-buddy.net]127.0.0.1 click.payserve.com127.0.0.1 ad1com127.0.0.1 ad3com127.0.0.1 com127.0.0.1 ad4com127.0.0.1 ads5com127.0.0.1 com127.0.0.1 net127.0.0.1 ads.#[addynamix.com]127.0.0.1 banners.pennyweb.com127.0.0.1 D]127.0.0.1 ads.photosight.ru127.0.0.1 phpadsnew.com127.0.0.1 #[Backdoor. EXE"O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [One Care UI] "C:\Program Files\Microsoft Windows One Care Live\winssnotify.exe"O4 - HKCU\..\Run: [Backup Notify] c:\Program Files\Hewlett-Packard\Digital Imaging\bin\O4 - HKCU\..\Run: [NVIEW] rundll32nview.dll,n View Load Hook O4 - HKCU\..\Run: [Real Player] "C:\Program Files\Real\Real One Player\realplay.exe" /Run UPGTool Command Re Boot O4 - HKCU\..\Run: [update Mgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\Adobe Update Ac Rd B7_0_9O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\O4 - Startup: Auto O4 - Global Startup: Adobe Reader Speed = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_O4 - Global Startup: HP Digital Imaging = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08O4 - Global Startup: Motorola Wireless USB = ? - C:\Program Files\i Pod\bin\i Pod O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32O23 - Service: Softex Omni Pass Service (omniserv) - Unknown owner - C:\Program Files\Softex\Omni Pass\O23 - Service: Ventrilo - Unknown owner - C:\Program Files\Vent Srv\ventrilo_O23 - Service: Windows Network Log Manage - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\MSInfo\Smit Fraud Fix v2.166Scan done at .25, Fri 04/13/2007Run from C:\Documents and Settings\Owner\Desktop\Smitfraud Fix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NTThe filesystem type is NTFSFix run in safe mode Shared Task Scheduler Before Smit Fraud Fix!!! Alexa][Alexa Toolbar]127.0.0.1 #[Backdoor-CIE]127.0.0.1 ads.as4#[Ticketmaster]127.0.0.1 net127.0.0.1 net127.0.0.1 ads.amazingmedia.com127.0.0.1 bohema.#[Trojan. H]127.0.0.1 adserver04.#[Real Media]127.0.0.1 ads.antionline.com127.0.0.1 net127.0.0.1 banner.arttoday.com127.0.0.1 #[amazon.com]127.0.0.1 #[UCSearch][W32. Surebar]127.0.0.1 ads.ezcybersearch.com127.0.0.1 everyone.net127.0.0.1 Search]127.0.0.1 ads.au127.0.0.1 au127.0.0.1 redirect.au127.0.0.1 campaigns.f2au127.0.0.1 Search][TROJ_STARTPAG. Bi Spy.o]127.0.0.1 mvtracker.com127.0.0.1 mvr3#[Nav Excel\n-CASE]127.0.0.1 #[Parasite. No Adware]127.0.0.1 ad.nobreak.com127.0.0.1 #[spam][server down? O4 - Global Startup: Quicken Scheduled = C:\Program Files\Quicken\O4 - Global Startup: Updates from = C:\Program Files\Updates from HP\137903\Program\Back Web-137903O8 - Extra context menu item: &Yahoo! Attention, following keys are not inevitably infected!!! Ri Search Shared Task Scheduler's .dll[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Explorer\Shared Task Scheduler]""="frisbee"[HKEY_CLASSES_ROOT\CLSID\\In Proc Server32]@="C:\WINDOWS\system32\ygjun.dll"[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\\In Proc Server32]@="C:\WINDOWS\system32\ygjun.dll" Killing process hosts127.0.0.1 downloads.aaa1#[Bargin Buddy]127.0.0.1 dl.aaascreensavers.com127.0.0.1 abcsearch.com127.0.0.1 admin.abcsearch.com127.0.0.1 www3.#[Browseraid]127.0.0.1 abc517#[Trojan. Nav Excel]127.0.0.1 us127.0.0.1 ads.mydailyhoroscope.net127.0.0.1 Horoscope]127.0.0.1 com127.0.0.1 myhitlogger.com127.0.0.1 #[Parasite. My Page Finder]127.0.0.1 hit.namimedia.com127.0.0.1 ads.nandomedia.com127.0.0.1 #[Adware. Needed Ware]127.0.0.1 www6.netbroadcaster.com127.0.0.1 code.au127.0.0.1 money2.netfirms.com127.0.0.1 partner.netmechanic.com127.0.0.1 tracker.netmechanic.com127.0.0.1 counter.netmore.net127.0.0.1 ads.netsol.com127.0.0.1 ads.uk127.0.0.1 adq.nextag.com127.0.0.1 #[TROJ_DELF.

||

EXE\"""Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide""One Care UI"="\"C:\\Program Files\\Microsoft Windows One Care Live\\winssnotify.exe\"" [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]"DWQueued Reporting"="\"C:\\PROGRA~1\\COMMON~1\\MICROS~1\\DW\\dwtrig20.exe\" -t"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"Disable Task Mgr"=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]""="frisbee"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]""="Microsoft Anti Malware Shell Execute Hook"HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]"Security Providers"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages REG_MULTI_SZ msv1_0\0\0 Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0 Notification Packages REG_MULTI_SZ scecli\0\0HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\One Care MP [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\Current Version\Svchost]Local Service REG_MULTI_SZ Alerter\0Web Client\0Lm Hosts\0Remote Registry\0upnphost\0SSDPSRV\0\0Network Service REG_MULTI_SZ Dns Cache\0\0rpcss REG_MULTI_SZ Rpc Ss\0\0imgsvc REG_MULTI_SZ Sti Svc\0\0termsvcs REG_MULTI_SZ Term Service\0\0HTTPFilter REG_MULTI_SZ HTTPFilter\0\0Dcom Launch REG_MULTI_SZ Dcom Launch\0Term Service\0\0Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\MP Scheduled Quick C:\WINDOWS\tasks\MP Scheduled C:\WINDOWS\tasks\MP Scheduled Signature C:\WINDOWS\tasks\Symantec Net Detect.job********************************************************************catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006 hidden processes ...scanning hidden services ...scanning hidden autostart entries ...scanning hidden files ..completed successfullyhidden processes: 0hidden services: 0hidden files: 0********************************************************************Completion time: 07-04-13 C:\Combo ... EXEO4 - HKLM\..\Run: [Storage Guard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [Tk Bell Exe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Auto TKit] C:\hp\bin\AUTOTKIT. EXE C:\WINDOWS\System32\Nv Cpl.dll, Nv Startup O4 - HKLM\..\Run: [nwiz] /installquiet /keeploaded /nodetect O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\O4 - HKLM\..\Run: [Alcx Monitor] ALCXMNTR. DLLO18 - Protocol: msnim - - C:\PROGRA~1\MSNMES~1\MSGRAP~1. Adtomi]127.0.0.1 downldcl.adtoolsinc.com127.0.0.1 survey.advantageresearch.com127.0.0.1 ad.tw127.0.0.1 ads.advertise.net127.0.0.1 #[Adware. Arm Bender]127.0.0.1 audiogalaxy.com127.0.0.1 Zone site]127.0.0.1 adserving.autotrader.com127.0.0.1 Moe Money]127.0.0.1 Page-DA]127.0.0.1 c.#[ah-ha.com]127.0.0.1 #[xzoomy.com]127.0.0.1 epeople.com127.0.0.1 errorpage404#[JS_TRAFFICHBAR. Tiny Bar]127.0.0.1 er.errorplace.com127.0.0.1 vipuk.#[123Messenger Hijacker]127.0.0.1 antivirus spyware]127.0.0.1 Page-EZ][server down? Meerhits.nl]127.0.0.1 pokpok.meerhits.nl127.0.0.1 exit.megago.com127.0.0.1 squatter]127.0.0.1 Zone site]127.0.0.1

If so, click it, then click the next icon right below and select "Move incurable". Please copy/paste the content of that report into your next reply.*****************************Launch HJThis,click 'Open the Misc Tools Section'. EXEC:\Program Files\Microsoft Windows One Care Live\Firewall\C:\Program Files\Microsoft Windows One Care Live\C:\Program Files\Softex\Omni Pass\C:\WINDOWS\Explorer. Download Plus]127.0.0.1 ad.tomshardware.com127.0.0.1 #[IEDLL.

EXEC:\windows\system\C:\WINDOWS\System32\C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\C:\Program Files\HP\HP Software Update\HPWu C:\WINDOWS\System32\hphmon05C:\HP\KBD\KBD.

07-04-13 Hijack logs Logfile of Hijack This v1.99.1Scan saved at AM, on 4/13/2007Platform: Windows XP SP2 (Win NT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16414)Running processes: C:\WINDOWS\System32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\Program Files\Microsoft Windows One Care Live\Antivirus\Ms Mp C:\WINDOWS\system32\C:\Program Files\Softex\Omni Pass\C:\WINDOWS\C:\Documents and Settings\Owner\Desktop\Hijack R1 - HKCU\Software\Microsoft\Internet Connection Wizard, Shell Next = - HKCU\Software\Microsoft\Windows\Current Version\Internet Settings, Proxy Override = localhost R3 - URLSearch Hook: Yahoo! EXEO4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD. EXEO4 - HKLM\..\Run: [Igfx Tray] C:\WINDOWS\System32\O4 - HKLM\..\Run: [Quick Time Task] "C:\Program Files\Quick Time\qttask.exe" -atboottime O4 - HKLM\..\Run: [i Tunes Helper] "C:\Program Files\i Tunes\i Tunes Helper.exe"O4 - HKLM\..\Run: [Quick Finder Scheduler] "c:\Program Files\Word Perfect Office 11\Programs\QFSCHD110. DLLO20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\Omni Pass\O20 - Winlogon Notify: Wga Logon - C:\WINDOWS\SYSTEM32\Wga O23 - Service: i Pod Service - Apple Computer, Inc. Advision]127.0.0.1 adviva.com127.0.0.1 ads.adviva.net127.0.0.1 adstats.adviva.net127.0.0.1 tracker.#[msvrl.dll]127.0.0.1 banners.affiliatefuel.com127.0.0.1 affiliatetarget.com127.0.0.1 fcds.affiliatetracking.net127.0.0.1 our.affiliatetracking.net127.0.0.1 partner.#[Troj/Subsear-A][Adware-SSF.dr]127.0.0.1 adserver.aim4media.com127.0.0.1 adtest.aim4media.com127.0.0.1 pops.aim4media.com127.0.0.1 crs.akamai.com127.0.0.1 soap.#[Spyware. Auto Startup]127.0.0.1 cploving.#[Trojan Clicker. ]127.0.0.1 perso.estat.com127.0.0.1 prof.estat.com127.0.0.1 Zone site]127.0.0.1 eu-adcenter.net127.0.0.1 thinknyc.eu-adcenter.net127.0.0.1 ugo.#[evidence-eliminator.com]127.0.0.1 Bar][Installer X Class]127.0.0.1 engage.everyone.net127.0.0.1 static.everyone.net127.0.0.1 exitexchange.com127.0.0.1 count.exitexchange.com127.0.0.1 images.exitexchange.com127.0.0.1 Zone site]127.0.0.1 #[EZCyber Search. A]127.0.0.1 net #[Grolier Network]127.0.0.1 micorsoft.com127.0.0.1 hijacker]127.0.0.1 adserver.mindshare.de127.0.0.1 Mini-Player]127.0.0.1 banner.missingkids.com127.0.0.1 ads.monster.com127.0.0.1 adserver.monster.com127.0.0.1 adserver.monster.com127.0.0.1 ads.monstermoving.com127.0.0.1 cookie.monster.com127.0.0.1 mp3today.net127.0.0.1 mpamexit.com127.0.0.1 msgtag.com127.0.0.1 img.#[Restricted Zone site]127.0.0.1 multi1co.uk127.0.0.1 #[Multimpp Obj Class][Adv Ware. Now Box]127.0.0.1 mediatickets.nubela.net127.0.0.1 nz127.0.0.1 okcounter.com127.0.0.1 net #[Trojan. C]127.0.0.1 stat.onestat.com127.0.0.1 one.ru127.0.0.1 ru127.0.0.1 stats0ru127.0.0.1 stats1ru127.0.0.1 stats2ru127.0.0.1 server1.opentracker.net127.0.0.1 ccc00.opinionlab.com127.0.0.1 rate.opinionlab.com127.0.0.1 net127.0.0.1 Organizer Class]127.0.0.1 com127.0.0.1 com127.0.0.1 otx5.otxresearch.com127.0.0.1 otx.#[OTXMedia.dll]127.0.0.1 Class]127.0.0.1 adpopper.#[bargain-buddy.net]127.0.0.1 click.payserve.com127.0.0.1 ad1com127.0.0.1 ad3com127.0.0.1 com127.0.0.1 ad4com127.0.0.1 ads5com127.0.0.1 com127.0.0.1 net127.0.0.1 ads.#[addynamix.com]127.0.0.1 banners.pennyweb.com127.0.0.1 D]127.0.0.1 ads.photosight.ru127.0.0.1 phpadsnew.com127.0.0.1 #[Backdoor.

EXE"O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [One Care UI] "C:\Program Files\Microsoft Windows One Care Live\winssnotify.exe"O4 - HKCU\..\Run: [Backup Notify] c:\Program Files\Hewlett-Packard\Digital Imaging\bin\O4 - HKCU\..\Run: [NVIEW] rundll32nview.dll,n View Load Hook O4 - HKCU\..\Run: [Real Player] "C:\Program Files\Real\Real One Player\realplay.exe" /Run UPGTool Command Re Boot O4 - HKCU\..\Run: [update Mgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\Adobe Update Ac Rd B7_0_9O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\O4 - Startup: Auto O4 - Global Startup: Adobe Reader Speed = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_O4 - Global Startup: HP Digital Imaging = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08O4 - Global Startup: Motorola Wireless USB = ? - C:\Program Files\i Pod\bin\i Pod O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32O23 - Service: Softex Omni Pass Service (omniserv) - Unknown owner - C:\Program Files\Softex\Omni Pass\O23 - Service: Ventrilo - Unknown owner - C:\Program Files\Vent Srv\ventrilo_O23 - Service: Windows Network Log Manage - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\MSInfo\Smit Fraud Fix v2.166Scan done at .25, Fri 04/13/2007Run from C:\Documents and Settings\Owner\Desktop\Smitfraud Fix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NTThe filesystem type is NTFSFix run in safe mode Shared Task Scheduler Before Smit Fraud Fix!!! Alexa][Alexa Toolbar]127.0.0.1 #[Backdoor-CIE]127.0.0.1 ads.as4#[Ticketmaster]127.0.0.1 net127.0.0.1 net127.0.0.1 ads.amazingmedia.com127.0.0.1 bohema.#[Trojan. H]127.0.0.1 adserver04.#[Real Media]127.0.0.1 ads.antionline.com127.0.0.1 net127.0.0.1 banner.arttoday.com127.0.0.1 #[amazon.com]127.0.0.1 #[UCSearch][W32. Surebar]127.0.0.1 ads.ezcybersearch.com127.0.0.1 everyone.net127.0.0.1 Search]127.0.0.1 ads.au127.0.0.1 au127.0.0.1 redirect.au127.0.0.1 campaigns.f2au127.0.0.1 Search][TROJ_STARTPAG. Bi Spy.o]127.0.0.1 mvtracker.com127.0.0.1 mvr3#[Nav Excel\n-CASE]127.0.0.1 #[Parasite. No Adware]127.0.0.1 ad.nobreak.com127.0.0.1 #[spam][server down?

O4 - Global Startup: Quicken Scheduled = C:\Program Files\Quicken\O4 - Global Startup: Updates from = C:\Program Files\Updates from HP\137903\Program\Back Web-137903O8 - Extra context menu item: &Yahoo! Attention, following keys are not inevitably infected!!! Ri Search Shared Task Scheduler's .dll[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Explorer\Shared Task Scheduler]""="frisbee"[HKEY_CLASSES_ROOT\CLSID\\In Proc Server32]@="C:\WINDOWS\system32\ygjun.dll"[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\\In Proc Server32]@="C:\WINDOWS\system32\ygjun.dll" Killing process hosts127.0.0.1 downloads.aaa1#[Bargin Buddy]127.0.0.1 dl.aaascreensavers.com127.0.0.1 abcsearch.com127.0.0.1 admin.abcsearch.com127.0.0.1 www3.#[Browseraid]127.0.0.1 abc517#[Trojan. Nav Excel]127.0.0.1 us127.0.0.1 ads.mydailyhoroscope.net127.0.0.1 Horoscope]127.0.0.1 com127.0.0.1 myhitlogger.com127.0.0.1 #[Parasite. My Page Finder]127.0.0.1 hit.namimedia.com127.0.0.1 ads.nandomedia.com127.0.0.1 #[Adware. Needed Ware]127.0.0.1 www6.netbroadcaster.com127.0.0.1 code.au127.0.0.1 money2.netfirms.com127.0.0.1 partner.netmechanic.com127.0.0.1 tracker.netmechanic.com127.0.0.1 counter.netmore.net127.0.0.1 ads.netsol.com127.0.0.1 ads.uk127.0.0.1 adq.nextag.com127.0.0.1 #[TROJ_DELF.

]]HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\One Care MP [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\Current Version\Svchost]Local Service REG_MULTI_SZ Alerter[[

EXE\"""Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide""One Care UI"="\"C:\\Program Files\\Microsoft Windows One Care Live\\winssnotify.exe\"" [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]"DWQueued Reporting"="\"C:\\PROGRA~1\\COMMON~1\\MICROS~1\\DW\\dwtrig20.exe\" -t"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"Disable Task Mgr"=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]""="frisbee"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]""="Microsoft Anti Malware Shell Execute Hook"HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]"Security Providers"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages REG_MULTI_SZ msv1_0\0\0 Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0 Notification Packages REG_MULTI_SZ scecli\0\0HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\One Care MP [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\Current Version\Svchost]Local Service REG_MULTI_SZ Alerter\0Web Client\0Lm Hosts\0Remote Registry\0upnphost\0SSDPSRV\0\0Network Service REG_MULTI_SZ Dns Cache\0\0rpcss REG_MULTI_SZ Rpc Ss\0\0imgsvc REG_MULTI_SZ Sti Svc\0\0termsvcs REG_MULTI_SZ Term Service\0\0HTTPFilter REG_MULTI_SZ HTTPFilter\0\0Dcom Launch REG_MULTI_SZ Dcom Launch\0Term Service\0\0Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\MP Scheduled Quick C:\WINDOWS\tasks\MP Scheduled C:\WINDOWS\tasks\MP Scheduled Signature C:\WINDOWS\tasks\Symantec Net Detect.job********************************************************************catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006 hidden processes ...scanning hidden services ...scanning hidden autostart entries ...scanning hidden files ..completed successfullyhidden processes: 0hidden services: 0hidden files: 0********************************************************************Completion time: 07-04-13 C:\Combo ... EXEO4 - HKLM\..\Run: [Storage Guard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [Tk Bell Exe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Auto TKit] C:\hp\bin\AUTOTKIT. EXE C:\WINDOWS\System32\Nv Cpl.dll, Nv Startup O4 - HKLM\..\Run: [nwiz] /installquiet /keeploaded /nodetect O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\O4 - HKLM\..\Run: [Alcx Monitor] ALCXMNTR. DLLO18 - Protocol: msnim - - C:\PROGRA~1\MSNMES~1\MSGRAP~1. Adtomi]127.0.0.1 downldcl.adtoolsinc.com127.0.0.1 survey.advantageresearch.com127.0.0.1 ad.tw127.0.0.1 ads.advertise.net127.0.0.1 #[Adware. Arm Bender]127.0.0.1 audiogalaxy.com127.0.0.1 Zone site]127.0.0.1 adserving.autotrader.com127.0.0.1 Moe Money]127.0.0.1 Page-DA]127.0.0.1 c.#[ah-ha.com]127.0.0.1 #[xzoomy.com]127.0.0.1 epeople.com127.0.0.1 errorpage404#[JS_TRAFFICHBAR. Tiny Bar]127.0.0.1 er.errorplace.com127.0.0.1 vipuk.#[123Messenger Hijacker]127.0.0.1 antivirus spyware]127.0.0.1 Page-EZ][server down? Meerhits.nl]127.0.0.1 pokpok.meerhits.nl127.0.0.1 exit.megago.com127.0.0.1 squatter]127.0.0.1 Zone site]127.0.0.1 If so, click it, then click the next icon right below and select "Move incurable". Please copy/paste the content of that report into your next reply.*****************************Launch HJThis,click 'Open the Misc Tools Section'. EXEC:\Program Files\Microsoft Windows One Care Live\Firewall\C:\Program Files\Microsoft Windows One Care Live\C:\Program Files\Softex\Omni Pass\C:\WINDOWS\Explorer. Download Plus]127.0.0.1 ad.tomshardware.com127.0.0.1 #[IEDLL. EXEC:\windows\system\C:\WINDOWS\System32\C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\C:\Program Files\HP\HP Software Update\HPWu C:\WINDOWS\System32\hphmon05C:\HP\KBD\KBD. 07-04-13 Hijack logs Logfile of Hijack This v1.99.1Scan saved at AM, on 4/13/2007Platform: Windows XP SP2 (Win NT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16414)Running processes: C:\WINDOWS\System32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\Program Files\Microsoft Windows One Care Live\Antivirus\Ms Mp C:\WINDOWS\system32\C:\Program Files\Softex\Omni Pass\C:\WINDOWS\C:\Documents and Settings\Owner\Desktop\Hijack R1 - HKCU\Software\Microsoft\Internet Connection Wizard, Shell Next = - HKCU\Software\Microsoft\Windows\Current Version\Internet Settings, Proxy Override = localhost R3 - URLSearch Hook: Yahoo! EXEO4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD. EXEO4 - HKLM\..\Run: [Igfx Tray] C:\WINDOWS\System32\O4 - HKLM\..\Run: [Quick Time Task] "C:\Program Files\Quick Time\qttask.exe" -atboottime O4 - HKLM\..\Run: [i Tunes Helper] "C:\Program Files\i Tunes\i Tunes Helper.exe"O4 - HKLM\..\Run: [Quick Finder Scheduler] "c:\Program Files\Word Perfect Office 11\Programs\QFSCHD110. DLLO20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\Omni Pass\O20 - Winlogon Notify: Wga Logon - C:\WINDOWS\SYSTEM32\Wga O23 - Service: i Pod Service - Apple Computer, Inc. Advision]127.0.0.1 adviva.com127.0.0.1 ads.adviva.net127.0.0.1 adstats.adviva.net127.0.0.1 tracker.#[msvrl.dll]127.0.0.1 banners.affiliatefuel.com127.0.0.1 affiliatetarget.com127.0.0.1 fcds.affiliatetracking.net127.0.0.1 our.affiliatetracking.net127.0.0.1 partner.#[Troj/Subsear-A][Adware-SSF.dr]127.0.0.1 adserver.aim4media.com127.0.0.1 adtest.aim4media.com127.0.0.1 pops.aim4media.com127.0.0.1 crs.akamai.com127.0.0.1 soap.#[Spyware. Auto Startup]127.0.0.1 cploving.#[Trojan Clicker. ]127.0.0.1 perso.estat.com127.0.0.1 prof.estat.com127.0.0.1 Zone site]127.0.0.1 eu-adcenter.net127.0.0.1 thinknyc.eu-adcenter.net127.0.0.1 ugo.#[evidence-eliminator.com]127.0.0.1 Bar][Installer X Class]127.0.0.1 engage.everyone.net127.0.0.1 static.everyone.net127.0.0.1 exitexchange.com127.0.0.1 count.exitexchange.com127.0.0.1 images.exitexchange.com127.0.0.1 Zone site]127.0.0.1 #[EZCyber Search. A]127.0.0.1 net #[Grolier Network]127.0.0.1 micorsoft.com127.0.0.1 hijacker]127.0.0.1 adserver.mindshare.de127.0.0.1 Mini-Player]127.0.0.1 banner.missingkids.com127.0.0.1 ads.monster.com127.0.0.1 adserver.monster.com127.0.0.1 adserver.monster.com127.0.0.1 ads.monstermoving.com127.0.0.1 cookie.monster.com127.0.0.1 mp3today.net127.0.0.1 mpamexit.com127.0.0.1 msgtag.com127.0.0.1 img.#[Restricted Zone site]127.0.0.1 multi1co.uk127.0.0.1 #[Multimpp Obj Class][Adv Ware. Now Box]127.0.0.1 mediatickets.nubela.net127.0.0.1 nz127.0.0.1 okcounter.com127.0.0.1 net #[Trojan. C]127.0.0.1 stat.onestat.com127.0.0.1 one.ru127.0.0.1 ru127.0.0.1 stats0ru127.0.0.1 stats1ru127.0.0.1 stats2ru127.0.0.1 server1.opentracker.net127.0.0.1 ccc00.opinionlab.com127.0.0.1 rate.opinionlab.com127.0.0.1 net127.0.0.1 Organizer Class]127.0.0.1 com127.0.0.1 com127.0.0.1 otx5.otxresearch.com127.0.0.1 otx.#[OTXMedia.dll]127.0.0.1 Class]127.0.0.1 adpopper.#[bargain-buddy.net]127.0.0.1 click.payserve.com127.0.0.1 ad1com127.0.0.1 ad3com127.0.0.1 com127.0.0.1 ad4com127.0.0.1 ads5com127.0.0.1 com127.0.0.1 net127.0.0.1 ads.#[addynamix.com]127.0.0.1 banners.pennyweb.com127.0.0.1 D]127.0.0.1 ads.photosight.ru127.0.0.1 phpadsnew.com127.0.0.1 #[Backdoor. EXE"O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [One Care UI] "C:\Program Files\Microsoft Windows One Care Live\winssnotify.exe"O4 - HKCU\..\Run: [Backup Notify] c:\Program Files\Hewlett-Packard\Digital Imaging\bin\O4 - HKCU\..\Run: [NVIEW] rundll32nview.dll,n View Load Hook O4 - HKCU\..\Run: [Real Player] "C:\Program Files\Real\Real One Player\realplay.exe" /Run UPGTool Command Re Boot O4 - HKCU\..\Run: [update Mgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\Adobe Update Ac Rd B7_0_9O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\O4 - Startup: Auto O4 - Global Startup: Adobe Reader Speed = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_O4 - Global Startup: HP Digital Imaging = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08O4 - Global Startup: Motorola Wireless USB = ? - C:\Program Files\i Pod\bin\i Pod O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32O23 - Service: Softex Omni Pass Service (omniserv) - Unknown owner - C:\Program Files\Softex\Omni Pass\O23 - Service: Ventrilo - Unknown owner - C:\Program Files\Vent Srv\ventrilo_O23 - Service: Windows Network Log Manage - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\MSInfo\Smit Fraud Fix v2.166Scan done at .25, Fri 04/13/2007Run from C:\Documents and Settings\Owner\Desktop\Smitfraud Fix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NTThe filesystem type is NTFSFix run in safe mode Shared Task Scheduler Before Smit Fraud Fix!!! Alexa][Alexa Toolbar]127.0.0.1 #[Backdoor-CIE]127.0.0.1 ads.as4#[Ticketmaster]127.0.0.1 net127.0.0.1 net127.0.0.1 ads.amazingmedia.com127.0.0.1 bohema.#[Trojan. H]127.0.0.1 adserver04.#[Real Media]127.0.0.1 ads.antionline.com127.0.0.1 net127.0.0.1 banner.arttoday.com127.0.0.1 #[amazon.com]127.0.0.1 #[UCSearch][W32. Surebar]127.0.0.1 ads.ezcybersearch.com127.0.0.1 everyone.net127.0.0.1 Search]127.0.0.1 ads.au127.0.0.1 au127.0.0.1 redirect.au127.0.0.1 campaigns.f2au127.0.0.1 Search][TROJ_STARTPAG. Bi Spy.o]127.0.0.1 mvtracker.com127.0.0.1 mvr3#[Nav Excel\n-CASE]127.0.0.1 #[Parasite. No Adware]127.0.0.1 ad.nobreak.com127.0.0.1 #[spam][server down? O4 - Global Startup: Quicken Scheduled = C:\Program Files\Quicken\O4 - Global Startup: Updates from = C:\Program Files\Updates from HP\137903\Program\Back Web-137903O8 - Extra context menu item: &Yahoo! Attention, following keys are not inevitably infected!!! Ri Search Shared Task Scheduler's .dll[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Explorer\Shared Task Scheduler]""="frisbee"[HKEY_CLASSES_ROOT\CLSID\\In Proc Server32]@="C:\WINDOWS\system32\ygjun.dll"[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\\In Proc Server32]@="C:\WINDOWS\system32\ygjun.dll" Killing process hosts127.0.0.1 downloads.aaa1#[Bargin Buddy]127.0.0.1 dl.aaascreensavers.com127.0.0.1 abcsearch.com127.0.0.1 admin.abcsearch.com127.0.0.1 www3.#[Browseraid]127.0.0.1 abc517#[Trojan. Nav Excel]127.0.0.1 us127.0.0.1 ads.mydailyhoroscope.net127.0.0.1 Horoscope]127.0.0.1 com127.0.0.1 myhitlogger.com127.0.0.1 #[Parasite. My Page Finder]127.0.0.1 hit.namimedia.com127.0.0.1 ads.nandomedia.com127.0.0.1 #[Adware. Needed Ware]127.0.0.1 www6.netbroadcaster.com127.0.0.1 code.au127.0.0.1 money2.netfirms.com127.0.0.1 partner.netmechanic.com127.0.0.1 tracker.netmechanic.com127.0.0.1 counter.netmore.net127.0.0.1 ads.netsol.com127.0.0.1 ads.uk127.0.0.1 adq.nextag.com127.0.0.1 #[TROJ_DELF.

||

EXE\"""Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide""One Care UI"="\"C:\\Program Files\\Microsoft Windows One Care Live\\winssnotify.exe\"" [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]"DWQueued Reporting"="\"C:\\PROGRA~1\\COMMON~1\\MICROS~1\\DW\\dwtrig20.exe\" -t"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"Disable Task Mgr"=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]""="frisbee"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]""="Microsoft Anti Malware Shell Execute Hook"HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]"Security Providers"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages REG_MULTI_SZ msv1_0\0\0 Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0 Notification Packages REG_MULTI_SZ scecli\0\0HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\One Care MP [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\Current Version\Svchost]Local Service REG_MULTI_SZ Alerter\0Web Client\0Lm Hosts\0Remote Registry\0upnphost\0SSDPSRV\0\0Network Service REG_MULTI_SZ Dns Cache\0\0rpcss REG_MULTI_SZ Rpc Ss\0\0imgsvc REG_MULTI_SZ Sti Svc\0\0termsvcs REG_MULTI_SZ Term Service\0\0HTTPFilter REG_MULTI_SZ HTTPFilter\0\0Dcom Launch REG_MULTI_SZ Dcom Launch\0Term Service\0\0Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\MP Scheduled Quick C:\WINDOWS\tasks\MP Scheduled C:\WINDOWS\tasks\MP Scheduled Signature C:\WINDOWS\tasks\Symantec Net Detect.job********************************************************************catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006 hidden processes ...scanning hidden services ...scanning hidden autostart entries ...scanning hidden files ..completed successfullyhidden processes: 0hidden services: 0hidden files: 0********************************************************************Completion time: 07-04-13 C:\Combo ... EXEO4 - HKLM\..\Run: [Storage Guard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [Tk Bell Exe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Auto TKit] C:\hp\bin\AUTOTKIT. EXE C:\WINDOWS\System32\Nv Cpl.dll, Nv Startup O4 - HKLM\..\Run: [nwiz] /installquiet /keeploaded /nodetect O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\O4 - HKLM\..\Run: [Alcx Monitor] ALCXMNTR. DLLO18 - Protocol: msnim - - C:\PROGRA~1\MSNMES~1\MSGRAP~1. Adtomi]127.0.0.1 downldcl.adtoolsinc.com127.0.0.1 survey.advantageresearch.com127.0.0.1 ad.tw127.0.0.1 ads.advertise.net127.0.0.1 #[Adware. Arm Bender]127.0.0.1 audiogalaxy.com127.0.0.1 Zone site]127.0.0.1 adserving.autotrader.com127.0.0.1 Moe Money]127.0.0.1 Page-DA]127.0.0.1 c.#[ah-ha.com]127.0.0.1 #[xzoomy.com]127.0.0.1 epeople.com127.0.0.1 errorpage404#[JS_TRAFFICHBAR. Tiny Bar]127.0.0.1 er.errorplace.com127.0.0.1 vipuk.#[123Messenger Hijacker]127.0.0.1 antivirus spyware]127.0.0.1 Page-EZ][server down? Meerhits.nl]127.0.0.1 pokpok.meerhits.nl127.0.0.1 exit.megago.com127.0.0.1 squatter]127.0.0.1 Zone site]127.0.0.1

If so, click it, then click the next icon right below and select "Move incurable". Please copy/paste the content of that report into your next reply.*****************************Launch HJThis,click 'Open the Misc Tools Section'. EXEC:\Program Files\Microsoft Windows One Care Live\Firewall\C:\Program Files\Microsoft Windows One Care Live\C:\Program Files\Softex\Omni Pass\C:\WINDOWS\Explorer. Download Plus]127.0.0.1 ad.tomshardware.com127.0.0.1 #[IEDLL.

EXEC:\windows\system\C:\WINDOWS\System32\C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\C:\Program Files\HP\HP Software Update\HPWu C:\WINDOWS\System32\hphmon05C:\HP\KBD\KBD.

07-04-13 Hijack logs Logfile of Hijack This v1.99.1Scan saved at AM, on 4/13/2007Platform: Windows XP SP2 (Win NT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16414)Running processes: C:\WINDOWS\System32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\Program Files\Microsoft Windows One Care Live\Antivirus\Ms Mp C:\WINDOWS\system32\C:\Program Files\Softex\Omni Pass\C:\WINDOWS\C:\Documents and Settings\Owner\Desktop\Hijack R1 - HKCU\Software\Microsoft\Internet Connection Wizard, Shell Next = - HKCU\Software\Microsoft\Windows\Current Version\Internet Settings, Proxy Override = localhost R3 - URLSearch Hook: Yahoo! EXEO4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD. EXEO4 - HKLM\..\Run: [Igfx Tray] C:\WINDOWS\System32\O4 - HKLM\..\Run: [Quick Time Task] "C:\Program Files\Quick Time\qttask.exe" -atboottime O4 - HKLM\..\Run: [i Tunes Helper] "C:\Program Files\i Tunes\i Tunes Helper.exe"O4 - HKLM\..\Run: [Quick Finder Scheduler] "c:\Program Files\Word Perfect Office 11\Programs\QFSCHD110. DLLO20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\Omni Pass\O20 - Winlogon Notify: Wga Logon - C:\WINDOWS\SYSTEM32\Wga O23 - Service: i Pod Service - Apple Computer, Inc. Advision]127.0.0.1 adviva.com127.0.0.1 ads.adviva.net127.0.0.1 adstats.adviva.net127.0.0.1 tracker.#[msvrl.dll]127.0.0.1 banners.affiliatefuel.com127.0.0.1 affiliatetarget.com127.0.0.1 fcds.affiliatetracking.net127.0.0.1 our.affiliatetracking.net127.0.0.1 partner.#[Troj/Subsear-A][Adware-SSF.dr]127.0.0.1 adserver.aim4media.com127.0.0.1 adtest.aim4media.com127.0.0.1 pops.aim4media.com127.0.0.1 crs.akamai.com127.0.0.1 soap.#[Spyware. Auto Startup]127.0.0.1 cploving.#[Trojan Clicker. ]127.0.0.1 perso.estat.com127.0.0.1 prof.estat.com127.0.0.1 Zone site]127.0.0.1 eu-adcenter.net127.0.0.1 thinknyc.eu-adcenter.net127.0.0.1 ugo.#[evidence-eliminator.com]127.0.0.1 Bar][Installer X Class]127.0.0.1 engage.everyone.net127.0.0.1 static.everyone.net127.0.0.1 exitexchange.com127.0.0.1 count.exitexchange.com127.0.0.1 images.exitexchange.com127.0.0.1 Zone site]127.0.0.1 #[EZCyber Search. A]127.0.0.1 net #[Grolier Network]127.0.0.1 micorsoft.com127.0.0.1 hijacker]127.0.0.1 adserver.mindshare.de127.0.0.1 Mini-Player]127.0.0.1 banner.missingkids.com127.0.0.1 ads.monster.com127.0.0.1 adserver.monster.com127.0.0.1 adserver.monster.com127.0.0.1 ads.monstermoving.com127.0.0.1 cookie.monster.com127.0.0.1 mp3today.net127.0.0.1 mpamexit.com127.0.0.1 msgtag.com127.0.0.1 img.#[Restricted Zone site]127.0.0.1 multi1co.uk127.0.0.1 #[Multimpp Obj Class][Adv Ware. Now Box]127.0.0.1 mediatickets.nubela.net127.0.0.1 nz127.0.0.1 okcounter.com127.0.0.1 net #[Trojan. C]127.0.0.1 stat.onestat.com127.0.0.1 one.ru127.0.0.1 ru127.0.0.1 stats0ru127.0.0.1 stats1ru127.0.0.1 stats2ru127.0.0.1 server1.opentracker.net127.0.0.1 ccc00.opinionlab.com127.0.0.1 rate.opinionlab.com127.0.0.1 net127.0.0.1 Organizer Class]127.0.0.1 com127.0.0.1 com127.0.0.1 otx5.otxresearch.com127.0.0.1 otx.#[OTXMedia.dll]127.0.0.1 Class]127.0.0.1 adpopper.#[bargain-buddy.net]127.0.0.1 click.payserve.com127.0.0.1 ad1com127.0.0.1 ad3com127.0.0.1 com127.0.0.1 ad4com127.0.0.1 ads5com127.0.0.1 com127.0.0.1 net127.0.0.1 ads.#[addynamix.com]127.0.0.1 banners.pennyweb.com127.0.0.1 D]127.0.0.1 ads.photosight.ru127.0.0.1 phpadsnew.com127.0.0.1 #[Backdoor.

EXE"O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [One Care UI] "C:\Program Files\Microsoft Windows One Care Live\winssnotify.exe"O4 - HKCU\..\Run: [Backup Notify] c:\Program Files\Hewlett-Packard\Digital Imaging\bin\O4 - HKCU\..\Run: [NVIEW] rundll32nview.dll,n View Load Hook O4 - HKCU\..\Run: [Real Player] "C:\Program Files\Real\Real One Player\realplay.exe" /Run UPGTool Command Re Boot O4 - HKCU\..\Run: [update Mgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\Adobe Update Ac Rd B7_0_9O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\O4 - Startup: Auto O4 - Global Startup: Adobe Reader Speed = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_O4 - Global Startup: HP Digital Imaging = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08O4 - Global Startup: Motorola Wireless USB = ? - C:\Program Files\i Pod\bin\i Pod O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32O23 - Service: Softex Omni Pass Service (omniserv) - Unknown owner - C:\Program Files\Softex\Omni Pass\O23 - Service: Ventrilo - Unknown owner - C:\Program Files\Vent Srv\ventrilo_O23 - Service: Windows Network Log Manage - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\MSInfo\Smit Fraud Fix v2.166Scan done at .25, Fri 04/13/2007Run from C:\Documents and Settings\Owner\Desktop\Smitfraud Fix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NTThe filesystem type is NTFSFix run in safe mode Shared Task Scheduler Before Smit Fraud Fix!!! Alexa][Alexa Toolbar]127.0.0.1 #[Backdoor-CIE]127.0.0.1 ads.as4#[Ticketmaster]127.0.0.1 net127.0.0.1 net127.0.0.1 ads.amazingmedia.com127.0.0.1 bohema.#[Trojan. H]127.0.0.1 adserver04.#[Real Media]127.0.0.1 ads.antionline.com127.0.0.1 net127.0.0.1 banner.arttoday.com127.0.0.1 #[amazon.com]127.0.0.1 #[UCSearch][W32. Surebar]127.0.0.1 ads.ezcybersearch.com127.0.0.1 everyone.net127.0.0.1 Search]127.0.0.1 ads.au127.0.0.1 au127.0.0.1 redirect.au127.0.0.1 campaigns.f2au127.0.0.1 Search][TROJ_STARTPAG. Bi Spy.o]127.0.0.1 mvtracker.com127.0.0.1 mvr3#[Nav Excel\n-CASE]127.0.0.1 #[Parasite. No Adware]127.0.0.1 ad.nobreak.com127.0.0.1 #[spam][server down?

O4 - Global Startup: Quicken Scheduled = C:\Program Files\Quicken\O4 - Global Startup: Updates from = C:\Program Files\Updates from HP\137903\Program\Back Web-137903O8 - Extra context menu item: &Yahoo! Attention, following keys are not inevitably infected!!! Ri Search Shared Task Scheduler's .dll[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Explorer\Shared Task Scheduler]""="frisbee"[HKEY_CLASSES_ROOT\CLSID\\In Proc Server32]@="C:\WINDOWS\system32\ygjun.dll"[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\\In Proc Server32]@="C:\WINDOWS\system32\ygjun.dll" Killing process hosts127.0.0.1 downloads.aaa1#[Bargin Buddy]127.0.0.1 dl.aaascreensavers.com127.0.0.1 abcsearch.com127.0.0.1 admin.abcsearch.com127.0.0.1 www3.#[Browseraid]127.0.0.1 abc517#[Trojan. Nav Excel]127.0.0.1 us127.0.0.1 ads.mydailyhoroscope.net127.0.0.1 Horoscope]127.0.0.1 com127.0.0.1 myhitlogger.com127.0.0.1 #[Parasite. My Page Finder]127.0.0.1 hit.namimedia.com127.0.0.1 ads.nandomedia.com127.0.0.1 #[Adware. Needed Ware]127.0.0.1 www6.netbroadcaster.com127.0.0.1 code.au127.0.0.1 money2.netfirms.com127.0.0.1 partner.netmechanic.com127.0.0.1 tracker.netmechanic.com127.0.0.1 counter.netmore.net127.0.0.1 ads.netsol.com127.0.0.1 ads.uk127.0.0.1 adq.nextag.com127.0.0.1 #[TROJ_DELF.

]]Web Client[[

EXE\"""Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide""One Care UI"="\"C:\\Program Files\\Microsoft Windows One Care Live\\winssnotify.exe\"" [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]"DWQueued Reporting"="\"C:\\PROGRA~1\\COMMON~1\\MICROS~1\\DW\\dwtrig20.exe\" -t"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"Disable Task Mgr"=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]""="frisbee"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]""="Microsoft Anti Malware Shell Execute Hook"HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]"Security Providers"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages REG_MULTI_SZ msv1_0\0\0 Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0 Notification Packages REG_MULTI_SZ scecli\0\0HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\One Care MP [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\Current Version\Svchost]Local Service REG_MULTI_SZ Alerter\0Web Client\0Lm Hosts\0Remote Registry\0upnphost\0SSDPSRV\0\0Network Service REG_MULTI_SZ Dns Cache\0\0rpcss REG_MULTI_SZ Rpc Ss\0\0imgsvc REG_MULTI_SZ Sti Svc\0\0termsvcs REG_MULTI_SZ Term Service\0\0HTTPFilter REG_MULTI_SZ HTTPFilter\0\0Dcom Launch REG_MULTI_SZ Dcom Launch\0Term Service\0\0Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\MP Scheduled Quick C:\WINDOWS\tasks\MP Scheduled C:\WINDOWS\tasks\MP Scheduled Signature C:\WINDOWS\tasks\Symantec Net Detect.job********************************************************************catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006 hidden processes ...scanning hidden services ...scanning hidden autostart entries ...scanning hidden files ..completed successfullyhidden processes: 0hidden services: 0hidden files: 0********************************************************************Completion time: 07-04-13 C:\Combo ... EXEO4 - HKLM\..\Run: [Storage Guard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [Tk Bell Exe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Auto TKit] C:\hp\bin\AUTOTKIT. EXE C:\WINDOWS\System32\Nv Cpl.dll, Nv Startup O4 - HKLM\..\Run: [nwiz] /installquiet /keeploaded /nodetect O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\O4 - HKLM\..\Run: [Alcx Monitor] ALCXMNTR. DLLO18 - Protocol: msnim - - C:\PROGRA~1\MSNMES~1\MSGRAP~1. Adtomi]127.0.0.1 downldcl.adtoolsinc.com127.0.0.1 survey.advantageresearch.com127.0.0.1 ad.tw127.0.0.1 ads.advertise.net127.0.0.1 #[Adware. Arm Bender]127.0.0.1 audiogalaxy.com127.0.0.1 Zone site]127.0.0.1 adserving.autotrader.com127.0.0.1 Moe Money]127.0.0.1 Page-DA]127.0.0.1 c.#[ah-ha.com]127.0.0.1 #[xzoomy.com]127.0.0.1 epeople.com127.0.0.1 errorpage404#[JS_TRAFFICHBAR. Tiny Bar]127.0.0.1 er.errorplace.com127.0.0.1 vipuk.#[123Messenger Hijacker]127.0.0.1 antivirus spyware]127.0.0.1 Page-EZ][server down? Meerhits.nl]127.0.0.1 pokpok.meerhits.nl127.0.0.1 exit.megago.com127.0.0.1 squatter]127.0.0.1 Zone site]127.0.0.1 If so, click it, then click the next icon right below and select "Move incurable". Please copy/paste the content of that report into your next reply.*****************************Launch HJThis,click 'Open the Misc Tools Section'. EXEC:\Program Files\Microsoft Windows One Care Live\Firewall\C:\Program Files\Microsoft Windows One Care Live\C:\Program Files\Softex\Omni Pass\C:\WINDOWS\Explorer. Download Plus]127.0.0.1 ad.tomshardware.com127.0.0.1 #[IEDLL. EXEC:\windows\system\C:\WINDOWS\System32\C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\C:\Program Files\HP\HP Software Update\HPWu C:\WINDOWS\System32\hphmon05C:\HP\KBD\KBD. 07-04-13 Hijack logs Logfile of Hijack This v1.99.1Scan saved at AM, on 4/13/2007Platform: Windows XP SP2 (Win NT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16414)Running processes: C:\WINDOWS\System32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\Program Files\Microsoft Windows One Care Live\Antivirus\Ms Mp C:\WINDOWS\system32\C:\Program Files\Softex\Omni Pass\C:\WINDOWS\C:\Documents and Settings\Owner\Desktop\Hijack R1 - HKCU\Software\Microsoft\Internet Connection Wizard, Shell Next = - HKCU\Software\Microsoft\Windows\Current Version\Internet Settings, Proxy Override = localhost R3 - URLSearch Hook: Yahoo! EXEO4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD. EXEO4 - HKLM\..\Run: [Igfx Tray] C:\WINDOWS\System32\O4 - HKLM\..\Run: [Quick Time Task] "C:\Program Files\Quick Time\qttask.exe" -atboottime O4 - HKLM\..\Run: [i Tunes Helper] "C:\Program Files\i Tunes\i Tunes Helper.exe"O4 - HKLM\..\Run: [Quick Finder Scheduler] "c:\Program Files\Word Perfect Office 11\Programs\QFSCHD110. DLLO20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\Omni Pass\O20 - Winlogon Notify: Wga Logon - C:\WINDOWS\SYSTEM32\Wga O23 - Service: i Pod Service - Apple Computer, Inc. Advision]127.0.0.1 adviva.com127.0.0.1 ads.adviva.net127.0.0.1 adstats.adviva.net127.0.0.1 tracker.#[msvrl.dll]127.0.0.1 banners.affiliatefuel.com127.0.0.1 affiliatetarget.com127.0.0.1 fcds.affiliatetracking.net127.0.0.1 our.affiliatetracking.net127.0.0.1 partner.#[Troj/Subsear-A][Adware-SSF.dr]127.0.0.1 adserver.aim4media.com127.0.0.1 adtest.aim4media.com127.0.0.1 pops.aim4media.com127.0.0.1 crs.akamai.com127.0.0.1 soap.#[Spyware. Auto Startup]127.0.0.1 cploving.#[Trojan Clicker. ]127.0.0.1 perso.estat.com127.0.0.1 prof.estat.com127.0.0.1 Zone site]127.0.0.1 eu-adcenter.net127.0.0.1 thinknyc.eu-adcenter.net127.0.0.1 ugo.#[evidence-eliminator.com]127.0.0.1 Bar][Installer X Class]127.0.0.1 engage.everyone.net127.0.0.1 static.everyone.net127.0.0.1 exitexchange.com127.0.0.1 count.exitexchange.com127.0.0.1 images.exitexchange.com127.0.0.1 Zone site]127.0.0.1 #[EZCyber Search. A]127.0.0.1 net #[Grolier Network]127.0.0.1 micorsoft.com127.0.0.1 hijacker]127.0.0.1 adserver.mindshare.de127.0.0.1 Mini-Player]127.0.0.1 banner.missingkids.com127.0.0.1 ads.monster.com127.0.0.1 adserver.monster.com127.0.0.1 adserver.monster.com127.0.0.1 ads.monstermoving.com127.0.0.1 cookie.monster.com127.0.0.1 mp3today.net127.0.0.1 mpamexit.com127.0.0.1 msgtag.com127.0.0.1 img.#[Restricted Zone site]127.0.0.1 multi1co.uk127.0.0.1 #[Multimpp Obj Class][Adv Ware. Now Box]127.0.0.1 mediatickets.nubela.net127.0.0.1 nz127.0.0.1 okcounter.com127.0.0.1 net #[Trojan. C]127.0.0.1 stat.onestat.com127.0.0.1 one.ru127.0.0.1 ru127.0.0.1 stats0ru127.0.0.1 stats1ru127.0.0.1 stats2ru127.0.0.1 server1.opentracker.net127.0.0.1 ccc00.opinionlab.com127.0.0.1 rate.opinionlab.com127.0.0.1 net127.0.0.1 Organizer Class]127.0.0.1 com127.0.0.1 com127.0.0.1 otx5.otxresearch.com127.0.0.1 otx.#[OTXMedia.dll]127.0.0.1 Class]127.0.0.1 adpopper.#[bargain-buddy.net]127.0.0.1 click.payserve.com127.0.0.1 ad1com127.0.0.1 ad3com127.0.0.1 com127.0.0.1 ad4com127.0.0.1 ads5com127.0.0.1 com127.0.0.1 net127.0.0.1 ads.#[addynamix.com]127.0.0.1 banners.pennyweb.com127.0.0.1 D]127.0.0.1 ads.photosight.ru127.0.0.1 phpadsnew.com127.0.0.1 #[Backdoor. EXE"O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [One Care UI] "C:\Program Files\Microsoft Windows One Care Live\winssnotify.exe"O4 - HKCU\..\Run: [Backup Notify] c:\Program Files\Hewlett-Packard\Digital Imaging\bin\O4 - HKCU\..\Run: [NVIEW] rundll32nview.dll,n View Load Hook O4 - HKCU\..\Run: [Real Player] "C:\Program Files\Real\Real One Player\realplay.exe" /Run UPGTool Command Re Boot O4 - HKCU\..\Run: [update Mgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\Adobe Update Ac Rd B7_0_9O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\O4 - Startup: Auto O4 - Global Startup: Adobe Reader Speed = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_O4 - Global Startup: HP Digital Imaging = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08O4 - Global Startup: Motorola Wireless USB = ? - C:\Program Files\i Pod\bin\i Pod O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32O23 - Service: Softex Omni Pass Service (omniserv) - Unknown owner - C:\Program Files\Softex\Omni Pass\O23 - Service: Ventrilo - Unknown owner - C:\Program Files\Vent Srv\ventrilo_O23 - Service: Windows Network Log Manage - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\MSInfo\Smit Fraud Fix v2.166Scan done at .25, Fri 04/13/2007Run from C:\Documents and Settings\Owner\Desktop\Smitfraud Fix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NTThe filesystem type is NTFSFix run in safe mode Shared Task Scheduler Before Smit Fraud Fix!!! Alexa][Alexa Toolbar]127.0.0.1 #[Backdoor-CIE]127.0.0.1 ads.as4#[Ticketmaster]127.0.0.1 net127.0.0.1 net127.0.0.1 ads.amazingmedia.com127.0.0.1 bohema.#[Trojan. H]127.0.0.1 adserver04.#[Real Media]127.0.0.1 ads.antionline.com127.0.0.1 net127.0.0.1 banner.arttoday.com127.0.0.1 #[amazon.com]127.0.0.1 #[UCSearch][W32. Surebar]127.0.0.1 ads.ezcybersearch.com127.0.0.1 everyone.net127.0.0.1 Search]127.0.0.1 ads.au127.0.0.1 au127.0.0.1 redirect.au127.0.0.1 campaigns.f2au127.0.0.1 Search][TROJ_STARTPAG. Bi Spy.o]127.0.0.1 mvtracker.com127.0.0.1 mvr3#[Nav Excel\n-CASE]127.0.0.1 #[Parasite. No Adware]127.0.0.1 ad.nobreak.com127.0.0.1 #[spam][server down? O4 - Global Startup: Quicken Scheduled = C:\Program Files\Quicken\O4 - Global Startup: Updates from = C:\Program Files\Updates from HP\137903\Program\Back Web-137903O8 - Extra context menu item: &Yahoo! Attention, following keys are not inevitably infected!!! Ri Search Shared Task Scheduler's .dll[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Explorer\Shared Task Scheduler]""="frisbee"[HKEY_CLASSES_ROOT\CLSID\\In Proc Server32]@="C:\WINDOWS\system32\ygjun.dll"[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\\In Proc Server32]@="C:\WINDOWS\system32\ygjun.dll" Killing process hosts127.0.0.1 downloads.aaa1#[Bargin Buddy]127.0.0.1 dl.aaascreensavers.com127.0.0.1 abcsearch.com127.0.0.1 admin.abcsearch.com127.0.0.1 www3.#[Browseraid]127.0.0.1 abc517#[Trojan. Nav Excel]127.0.0.1 us127.0.0.1 ads.mydailyhoroscope.net127.0.0.1 Horoscope]127.0.0.1 com127.0.0.1 myhitlogger.com127.0.0.1 #[Parasite. My Page Finder]127.0.0.1 hit.namimedia.com127.0.0.1 ads.nandomedia.com127.0.0.1 #[Adware. Needed Ware]127.0.0.1 www6.netbroadcaster.com127.0.0.1 code.au127.0.0.1 money2.netfirms.com127.0.0.1 partner.netmechanic.com127.0.0.1 tracker.netmechanic.com127.0.0.1 counter.netmore.net127.0.0.1 ads.netsol.com127.0.0.1 ads.uk127.0.0.1 adq.nextag.com127.0.0.1 #[TROJ_DELF.

||

EXE\"""Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide""One Care UI"="\"C:\\Program Files\\Microsoft Windows One Care Live\\winssnotify.exe\"" [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]"DWQueued Reporting"="\"C:\\PROGRA~1\\COMMON~1\\MICROS~1\\DW\\dwtrig20.exe\" -t"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"Disable Task Mgr"=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]""="frisbee"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]""="Microsoft Anti Malware Shell Execute Hook"HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]"Security Providers"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages REG_MULTI_SZ msv1_0\0\0 Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0 Notification Packages REG_MULTI_SZ scecli\0\0HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\One Care MP [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\Current Version\Svchost]Local Service REG_MULTI_SZ Alerter\0Web Client\0Lm Hosts\0Remote Registry\0upnphost\0SSDPSRV\0\0Network Service REG_MULTI_SZ Dns Cache\0\0rpcss REG_MULTI_SZ Rpc Ss\0\0imgsvc REG_MULTI_SZ Sti Svc\0\0termsvcs REG_MULTI_SZ Term Service\0\0HTTPFilter REG_MULTI_SZ HTTPFilter\0\0Dcom Launch REG_MULTI_SZ Dcom Launch\0Term Service\0\0Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\MP Scheduled Quick C:\WINDOWS\tasks\MP Scheduled C:\WINDOWS\tasks\MP Scheduled Signature C:\WINDOWS\tasks\Symantec Net Detect.job********************************************************************catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006 hidden processes ...scanning hidden services ...scanning hidden autostart entries ...scanning hidden files ..completed successfullyhidden processes: 0hidden services: 0hidden files: 0********************************************************************Completion time: 07-04-13 C:\Combo ... EXEO4 - HKLM\..\Run: [Storage Guard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [Tk Bell Exe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Auto TKit] C:\hp\bin\AUTOTKIT. EXE C:\WINDOWS\System32\Nv Cpl.dll, Nv Startup O4 - HKLM\..\Run: [nwiz] /installquiet /keeploaded /nodetect O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\O4 - HKLM\..\Run: [Alcx Monitor] ALCXMNTR. DLLO18 - Protocol: msnim - - C:\PROGRA~1\MSNMES~1\MSGRAP~1. Adtomi]127.0.0.1 downldcl.adtoolsinc.com127.0.0.1 survey.advantageresearch.com127.0.0.1 ad.tw127.0.0.1 ads.advertise.net127.0.0.1 #[Adware. Arm Bender]127.0.0.1 audiogalaxy.com127.0.0.1 Zone site]127.0.0.1 adserving.autotrader.com127.0.0.1 Moe Money]127.0.0.1 Page-DA]127.0.0.1 c.#[ah-ha.com]127.0.0.1 #[xzoomy.com]127.0.0.1 epeople.com127.0.0.1 errorpage404#[JS_TRAFFICHBAR. Tiny Bar]127.0.0.1 er.errorplace.com127.0.0.1 vipuk.#[123Messenger Hijacker]127.0.0.1 antivirus spyware]127.0.0.1 Page-EZ][server down? Meerhits.nl]127.0.0.1 pokpok.meerhits.nl127.0.0.1 exit.megago.com127.0.0.1 squatter]127.0.0.1 Zone site]127.0.0.1

If so, click it, then click the next icon right below and select "Move incurable". Please copy/paste the content of that report into your next reply.*****************************Launch HJThis,click 'Open the Misc Tools Section'. EXEC:\Program Files\Microsoft Windows One Care Live\Firewall\C:\Program Files\Microsoft Windows One Care Live\C:\Program Files\Softex\Omni Pass\C:\WINDOWS\Explorer. Download Plus]127.0.0.1 ad.tomshardware.com127.0.0.1 #[IEDLL.

EXEC:\windows\system\C:\WINDOWS\System32\C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\C:\Program Files\HP\HP Software Update\HPWu C:\WINDOWS\System32\hphmon05C:\HP\KBD\KBD.

07-04-13 Hijack logs Logfile of Hijack This v1.99.1Scan saved at AM, on 4/13/2007Platform: Windows XP SP2 (Win NT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16414)Running processes: C:\WINDOWS\System32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\Program Files\Microsoft Windows One Care Live\Antivirus\Ms Mp C:\WINDOWS\system32\C:\Program Files\Softex\Omni Pass\C:\WINDOWS\C:\Documents and Settings\Owner\Desktop\Hijack R1 - HKCU\Software\Microsoft\Internet Connection Wizard, Shell Next = - HKCU\Software\Microsoft\Windows\Current Version\Internet Settings, Proxy Override = localhost R3 - URLSearch Hook: Yahoo! EXEO4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD. EXEO4 - HKLM\..\Run: [Igfx Tray] C:\WINDOWS\System32\O4 - HKLM\..\Run: [Quick Time Task] "C:\Program Files\Quick Time\qttask.exe" -atboottime O4 - HKLM\..\Run: [i Tunes Helper] "C:\Program Files\i Tunes\i Tunes Helper.exe"O4 - HKLM\..\Run: [Quick Finder Scheduler] "c:\Program Files\Word Perfect Office 11\Programs\QFSCHD110. DLLO20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\Omni Pass\O20 - Winlogon Notify: Wga Logon - C:\WINDOWS\SYSTEM32\Wga O23 - Service: i Pod Service - Apple Computer, Inc. Advision]127.0.0.1 adviva.com127.0.0.1 ads.adviva.net127.0.0.1 adstats.adviva.net127.0.0.1 tracker.#[msvrl.dll]127.0.0.1 banners.affiliatefuel.com127.0.0.1 affiliatetarget.com127.0.0.1 fcds.affiliatetracking.net127.0.0.1 our.affiliatetracking.net127.0.0.1 partner.#[Troj/Subsear-A][Adware-SSF.dr]127.0.0.1 adserver.aim4media.com127.0.0.1 adtest.aim4media.com127.0.0.1 pops.aim4media.com127.0.0.1 crs.akamai.com127.0.0.1 soap.#[Spyware. Auto Startup]127.0.0.1 cploving.#[Trojan Clicker. ]127.0.0.1 perso.estat.com127.0.0.1 prof.estat.com127.0.0.1 Zone site]127.0.0.1 eu-adcenter.net127.0.0.1 thinknyc.eu-adcenter.net127.0.0.1 ugo.#[evidence-eliminator.com]127.0.0.1 Bar][Installer X Class]127.0.0.1 engage.everyone.net127.0.0.1 static.everyone.net127.0.0.1 exitexchange.com127.0.0.1 count.exitexchange.com127.0.0.1 images.exitexchange.com127.0.0.1 Zone site]127.0.0.1 #[EZCyber Search. A]127.0.0.1 net #[Grolier Network]127.0.0.1 micorsoft.com127.0.0.1 hijacker]127.0.0.1 adserver.mindshare.de127.0.0.1 Mini-Player]127.0.0.1 banner.missingkids.com127.0.0.1 ads.monster.com127.0.0.1 adserver.monster.com127.0.0.1 adserver.monster.com127.0.0.1 ads.monstermoving.com127.0.0.1 cookie.monster.com127.0.0.1 mp3today.net127.0.0.1 mpamexit.com127.0.0.1 msgtag.com127.0.0.1 img.#[Restricted Zone site]127.0.0.1 multi1co.uk127.0.0.1 #[Multimpp Obj Class][Adv Ware. Now Box]127.0.0.1 mediatickets.nubela.net127.0.0.1 nz127.0.0.1 okcounter.com127.0.0.1 net #[Trojan. C]127.0.0.1 stat.onestat.com127.0.0.1 one.ru127.0.0.1 ru127.0.0.1 stats0ru127.0.0.1 stats1ru127.0.0.1 stats2ru127.0.0.1 server1.opentracker.net127.0.0.1 ccc00.opinionlab.com127.0.0.1 rate.opinionlab.com127.0.0.1 net127.0.0.1 Organizer Class]127.0.0.1 com127.0.0.1 com127.0.0.1 otx5.otxresearch.com127.0.0.1 otx.#[OTXMedia.dll]127.0.0.1 Class]127.0.0.1 adpopper.#[bargain-buddy.net]127.0.0.1 click.payserve.com127.0.0.1 ad1com127.0.0.1 ad3com127.0.0.1 com127.0.0.1 ad4com127.0.0.1 ads5com127.0.0.1 com127.0.0.1 net127.0.0.1 ads.#[addynamix.com]127.0.0.1 banners.pennyweb.com127.0.0.1 D]127.0.0.1 ads.photosight.ru127.0.0.1 phpadsnew.com127.0.0.1 #[Backdoor.

EXE"O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [One Care UI] "C:\Program Files\Microsoft Windows One Care Live\winssnotify.exe"O4 - HKCU\..\Run: [Backup Notify] c:\Program Files\Hewlett-Packard\Digital Imaging\bin\O4 - HKCU\..\Run: [NVIEW] rundll32nview.dll,n View Load Hook O4 - HKCU\..\Run: [Real Player] "C:\Program Files\Real\Real One Player\realplay.exe" /Run UPGTool Command Re Boot O4 - HKCU\..\Run: [update Mgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\Adobe Update Ac Rd B7_0_9O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\O4 - Startup: Auto O4 - Global Startup: Adobe Reader Speed = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_O4 - Global Startup: HP Digital Imaging = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08O4 - Global Startup: Motorola Wireless USB = ? - C:\Program Files\i Pod\bin\i Pod O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32O23 - Service: Softex Omni Pass Service (omniserv) - Unknown owner - C:\Program Files\Softex\Omni Pass\O23 - Service: Ventrilo - Unknown owner - C:\Program Files\Vent Srv\ventrilo_O23 - Service: Windows Network Log Manage - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\MSInfo\Smit Fraud Fix v2.166Scan done at .25, Fri 04/13/2007Run from C:\Documents and Settings\Owner\Desktop\Smitfraud Fix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NTThe filesystem type is NTFSFix run in safe mode Shared Task Scheduler Before Smit Fraud Fix!!! Alexa][Alexa Toolbar]127.0.0.1 #[Backdoor-CIE]127.0.0.1 ads.as4#[Ticketmaster]127.0.0.1 net127.0.0.1 net127.0.0.1 ads.amazingmedia.com127.0.0.1 bohema.#[Trojan. H]127.0.0.1 adserver04.#[Real Media]127.0.0.1 ads.antionline.com127.0.0.1 net127.0.0.1 banner.arttoday.com127.0.0.1 #[amazon.com]127.0.0.1 #[UCSearch][W32. Surebar]127.0.0.1 ads.ezcybersearch.com127.0.0.1 everyone.net127.0.0.1 Search]127.0.0.1 ads.au127.0.0.1 au127.0.0.1 redirect.au127.0.0.1 campaigns.f2au127.0.0.1 Search][TROJ_STARTPAG. Bi Spy.o]127.0.0.1 mvtracker.com127.0.0.1 mvr3#[Nav Excel\n-CASE]127.0.0.1 #[Parasite. No Adware]127.0.0.1 ad.nobreak.com127.0.0.1 #[spam][server down?

O4 - Global Startup: Quicken Scheduled = C:\Program Files\Quicken\O4 - Global Startup: Updates from = C:\Program Files\Updates from HP\137903\Program\Back Web-137903O8 - Extra context menu item: &Yahoo! Attention, following keys are not inevitably infected!!! Ri Search Shared Task Scheduler's .dll[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Explorer\Shared Task Scheduler]""="frisbee"[HKEY_CLASSES_ROOT\CLSID\\In Proc Server32]@="C:\WINDOWS\system32\ygjun.dll"[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\\In Proc Server32]@="C:\WINDOWS\system32\ygjun.dll" Killing process hosts127.0.0.1 downloads.aaa1#[Bargin Buddy]127.0.0.1 dl.aaascreensavers.com127.0.0.1 abcsearch.com127.0.0.1 admin.abcsearch.com127.0.0.1 www3.#[Browseraid]127.0.0.1 abc517#[Trojan. Nav Excel]127.0.0.1 us127.0.0.1 ads.mydailyhoroscope.net127.0.0.1 Horoscope]127.0.0.1 com127.0.0.1 myhitlogger.com127.0.0.1 #[Parasite. My Page Finder]127.0.0.1 hit.namimedia.com127.0.0.1 ads.nandomedia.com127.0.0.1 #[Adware. Needed Ware]127.0.0.1 www6.netbroadcaster.com127.0.0.1 code.au127.0.0.1 money2.netfirms.com127.0.0.1 partner.netmechanic.com127.0.0.1 tracker.netmechanic.com127.0.0.1 counter.netmore.net127.0.0.1 ads.netsol.com127.0.0.1 ads.uk127.0.0.1 adq.nextag.com127.0.0.1 #[TROJ_DELF.

]]Lm Hosts[[

EXE\"""Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide""One Care UI"="\"C:\\Program Files\\Microsoft Windows One Care Live\\winssnotify.exe\"" [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]"DWQueued Reporting"="\"C:\\PROGRA~1\\COMMON~1\\MICROS~1\\DW\\dwtrig20.exe\" -t"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"Disable Task Mgr"=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]""="frisbee"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]""="Microsoft Anti Malware Shell Execute Hook"HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]"Security Providers"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages REG_MULTI_SZ msv1_0\0\0 Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0 Notification Packages REG_MULTI_SZ scecli\0\0HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\One Care MP [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\Current Version\Svchost]Local Service REG_MULTI_SZ Alerter\0Web Client\0Lm Hosts\0Remote Registry\0upnphost\0SSDPSRV\0\0Network Service REG_MULTI_SZ Dns Cache\0\0rpcss REG_MULTI_SZ Rpc Ss\0\0imgsvc REG_MULTI_SZ Sti Svc\0\0termsvcs REG_MULTI_SZ Term Service\0\0HTTPFilter REG_MULTI_SZ HTTPFilter\0\0Dcom Launch REG_MULTI_SZ Dcom Launch\0Term Service\0\0Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\MP Scheduled Quick C:\WINDOWS\tasks\MP Scheduled C:\WINDOWS\tasks\MP Scheduled Signature C:\WINDOWS\tasks\Symantec Net Detect.job********************************************************************catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006 hidden processes ...scanning hidden services ...scanning hidden autostart entries ...scanning hidden files ..completed successfullyhidden processes: 0hidden services: 0hidden files: 0********************************************************************Completion time: 07-04-13 C:\Combo ... EXEO4 - HKLM\..\Run: [Storage Guard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [Tk Bell Exe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Auto TKit] C:\hp\bin\AUTOTKIT. EXE C:\WINDOWS\System32\Nv Cpl.dll, Nv Startup O4 - HKLM\..\Run: [nwiz] /installquiet /keeploaded /nodetect O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\O4 - HKLM\..\Run: [Alcx Monitor] ALCXMNTR. DLLO18 - Protocol: msnim - - C:\PROGRA~1\MSNMES~1\MSGRAP~1. Adtomi]127.0.0.1 downldcl.adtoolsinc.com127.0.0.1 survey.advantageresearch.com127.0.0.1 ad.tw127.0.0.1 ads.advertise.net127.0.0.1 #[Adware. Arm Bender]127.0.0.1 audiogalaxy.com127.0.0.1 Zone site]127.0.0.1 adserving.autotrader.com127.0.0.1 Moe Money]127.0.0.1 Page-DA]127.0.0.1 c.#[ah-ha.com]127.0.0.1 #[xzoomy.com]127.0.0.1 epeople.com127.0.0.1 errorpage404#[JS_TRAFFICHBAR. Tiny Bar]127.0.0.1 er.errorplace.com127.0.0.1 vipuk.#[123Messenger Hijacker]127.0.0.1 antivirus spyware]127.0.0.1 Page-EZ][server down? Meerhits.nl]127.0.0.1 pokpok.meerhits.nl127.0.0.1 exit.megago.com127.0.0.1 squatter]127.0.0.1 Zone site]127.0.0.1 If so, click it, then click the next icon right below and select "Move incurable". Please copy/paste the content of that report into your next reply.*****************************Launch HJThis,click 'Open the Misc Tools Section'. EXEC:\Program Files\Microsoft Windows One Care Live\Firewall\C:\Program Files\Microsoft Windows One Care Live\C:\Program Files\Softex\Omni Pass\C:\WINDOWS\Explorer. Download Plus]127.0.0.1 ad.tomshardware.com127.0.0.1 #[IEDLL. EXEC:\windows\system\C:\WINDOWS\System32\C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\C:\Program Files\HP\HP Software Update\HPWu C:\WINDOWS\System32\hphmon05C:\HP\KBD\KBD. 07-04-13 Hijack logs Logfile of Hijack This v1.99.1Scan saved at AM, on 4/13/2007Platform: Windows XP SP2 (Win NT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16414)Running processes: C:\WINDOWS\System32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\Program Files\Microsoft Windows One Care Live\Antivirus\Ms Mp C:\WINDOWS\system32\C:\Program Files\Softex\Omni Pass\C:\WINDOWS\C:\Documents and Settings\Owner\Desktop\Hijack R1 - HKCU\Software\Microsoft\Internet Connection Wizard, Shell Next = - HKCU\Software\Microsoft\Windows\Current Version\Internet Settings, Proxy Override = localhost R3 - URLSearch Hook: Yahoo! EXEO4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD. EXEO4 - HKLM\..\Run: [Igfx Tray] C:\WINDOWS\System32\O4 - HKLM\..\Run: [Quick Time Task] "C:\Program Files\Quick Time\qttask.exe" -atboottime O4 - HKLM\..\Run: [i Tunes Helper] "C:\Program Files\i Tunes\i Tunes Helper.exe"O4 - HKLM\..\Run: [Quick Finder Scheduler] "c:\Program Files\Word Perfect Office 11\Programs\QFSCHD110. DLLO20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\Omni Pass\O20 - Winlogon Notify: Wga Logon - C:\WINDOWS\SYSTEM32\Wga O23 - Service: i Pod Service - Apple Computer, Inc. Advision]127.0.0.1 adviva.com127.0.0.1 ads.adviva.net127.0.0.1 adstats.adviva.net127.0.0.1 tracker.#[msvrl.dll]127.0.0.1 banners.affiliatefuel.com127.0.0.1 affiliatetarget.com127.0.0.1 fcds.affiliatetracking.net127.0.0.1 our.affiliatetracking.net127.0.0.1 partner.#[Troj/Subsear-A][Adware-SSF.dr]127.0.0.1 adserver.aim4media.com127.0.0.1 adtest.aim4media.com127.0.0.1 pops.aim4media.com127.0.0.1 crs.akamai.com127.0.0.1 soap.#[Spyware. Auto Startup]127.0.0.1 cploving.#[Trojan Clicker. ]127.0.0.1 perso.estat.com127.0.0.1 prof.estat.com127.0.0.1 Zone site]127.0.0.1 eu-adcenter.net127.0.0.1 thinknyc.eu-adcenter.net127.0.0.1 ugo.#[evidence-eliminator.com]127.0.0.1 Bar][Installer X Class]127.0.0.1 engage.everyone.net127.0.0.1 static.everyone.net127.0.0.1 exitexchange.com127.0.0.1 count.exitexchange.com127.0.0.1 images.exitexchange.com127.0.0.1 Zone site]127.0.0.1 #[EZCyber Search. A]127.0.0.1 net #[Grolier Network]127.0.0.1 micorsoft.com127.0.0.1 hijacker]127.0.0.1 adserver.mindshare.de127.0.0.1 Mini-Player]127.0.0.1 banner.missingkids.com127.0.0.1 ads.monster.com127.0.0.1 adserver.monster.com127.0.0.1 adserver.monster.com127.0.0.1 ads.monstermoving.com127.0.0.1 cookie.monster.com127.0.0.1 mp3today.net127.0.0.1 mpamexit.com127.0.0.1 msgtag.com127.0.0.1 img.#[Restricted Zone site]127.0.0.1 multi1co.uk127.0.0.1 #[Multimpp Obj Class][Adv Ware. Now Box]127.0.0.1 mediatickets.nubela.net127.0.0.1 nz127.0.0.1 okcounter.com127.0.0.1 net #[Trojan. C]127.0.0.1 stat.onestat.com127.0.0.1 one.ru127.0.0.1 ru127.0.0.1 stats0ru127.0.0.1 stats1ru127.0.0.1 stats2ru127.0.0.1 server1.opentracker.net127.0.0.1 ccc00.opinionlab.com127.0.0.1 rate.opinionlab.com127.0.0.1 net127.0.0.1 Organizer Class]127.0.0.1 com127.0.0.1 com127.0.0.1 otx5.otxresearch.com127.0.0.1 otx.#[OTXMedia.dll]127.0.0.1 Class]127.0.0.1 adpopper.#[bargain-buddy.net]127.0.0.1 click.payserve.com127.0.0.1 ad1com127.0.0.1 ad3com127.0.0.1 com127.0.0.1 ad4com127.0.0.1 ads5com127.0.0.1 com127.0.0.1 net127.0.0.1 ads.#[addynamix.com]127.0.0.1 banners.pennyweb.com127.0.0.1 D]127.0.0.1 ads.photosight.ru127.0.0.1 phpadsnew.com127.0.0.1 #[Backdoor. EXE"O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [One Care UI] "C:\Program Files\Microsoft Windows One Care Live\winssnotify.exe"O4 - HKCU\..\Run: [Backup Notify] c:\Program Files\Hewlett-Packard\Digital Imaging\bin\O4 - HKCU\..\Run: [NVIEW] rundll32nview.dll,n View Load Hook O4 - HKCU\..\Run: [Real Player] "C:\Program Files\Real\Real One Player\realplay.exe" /Run UPGTool Command Re Boot O4 - HKCU\..\Run: [update Mgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\Adobe Update Ac Rd B7_0_9O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\O4 - Startup: Auto O4 - Global Startup: Adobe Reader Speed = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_O4 - Global Startup: HP Digital Imaging = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08O4 - Global Startup: Motorola Wireless USB = ? - C:\Program Files\i Pod\bin\i Pod O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32O23 - Service: Softex Omni Pass Service (omniserv) - Unknown owner - C:\Program Files\Softex\Omni Pass\O23 - Service: Ventrilo - Unknown owner - C:\Program Files\Vent Srv\ventrilo_O23 - Service: Windows Network Log Manage - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\MSInfo\Smit Fraud Fix v2.166Scan done at .25, Fri 04/13/2007Run from C:\Documents and Settings\Owner\Desktop\Smitfraud Fix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NTThe filesystem type is NTFSFix run in safe mode Shared Task Scheduler Before Smit Fraud Fix!!! Alexa][Alexa Toolbar]127.0.0.1 #[Backdoor-CIE]127.0.0.1 ads.as4#[Ticketmaster]127.0.0.1 net127.0.0.1 net127.0.0.1 ads.amazingmedia.com127.0.0.1 bohema.#[Trojan. H]127.0.0.1 adserver04.#[Real Media]127.0.0.1 ads.antionline.com127.0.0.1 net127.0.0.1 banner.arttoday.com127.0.0.1 #[amazon.com]127.0.0.1 #[UCSearch][W32. Surebar]127.0.0.1 ads.ezcybersearch.com127.0.0.1 everyone.net127.0.0.1 Search]127.0.0.1 ads.au127.0.0.1 au127.0.0.1 redirect.au127.0.0.1 campaigns.f2au127.0.0.1 Search][TROJ_STARTPAG. Bi Spy.o]127.0.0.1 mvtracker.com127.0.0.1 mvr3#[Nav Excel\n-CASE]127.0.0.1 #[Parasite. No Adware]127.0.0.1 ad.nobreak.com127.0.0.1 #[spam][server down? O4 - Global Startup: Quicken Scheduled = C:\Program Files\Quicken\O4 - Global Startup: Updates from = C:\Program Files\Updates from HP\137903\Program\Back Web-137903O8 - Extra context menu item: &Yahoo! Attention, following keys are not inevitably infected!!! Ri Search Shared Task Scheduler's .dll[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Explorer\Shared Task Scheduler]""="frisbee"[HKEY_CLASSES_ROOT\CLSID\\In Proc Server32]@="C:\WINDOWS\system32\ygjun.dll"[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\\In Proc Server32]@="C:\WINDOWS\system32\ygjun.dll" Killing process hosts127.0.0.1 downloads.aaa1#[Bargin Buddy]127.0.0.1 dl.aaascreensavers.com127.0.0.1 abcsearch.com127.0.0.1 admin.abcsearch.com127.0.0.1 www3.#[Browseraid]127.0.0.1 abc517#[Trojan. Nav Excel]127.0.0.1 us127.0.0.1 ads.mydailyhoroscope.net127.0.0.1 Horoscope]127.0.0.1 com127.0.0.1 myhitlogger.com127.0.0.1 #[Parasite. My Page Finder]127.0.0.1 hit.namimedia.com127.0.0.1 ads.nandomedia.com127.0.0.1 #[Adware. Needed Ware]127.0.0.1 www6.netbroadcaster.com127.0.0.1 code.au127.0.0.1 money2.netfirms.com127.0.0.1 partner.netmechanic.com127.0.0.1 tracker.netmechanic.com127.0.0.1 counter.netmore.net127.0.0.1 ads.netsol.com127.0.0.1 ads.uk127.0.0.1 adq.nextag.com127.0.0.1 #[TROJ_DELF.

||

EXE\"""Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide""One Care UI"="\"C:\\Program Files\\Microsoft Windows One Care Live\\winssnotify.exe\"" [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]"DWQueued Reporting"="\"C:\\PROGRA~1\\COMMON~1\\MICROS~1\\DW\\dwtrig20.exe\" -t"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"Disable Task Mgr"=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]""="frisbee"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]""="Microsoft Anti Malware Shell Execute Hook"HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]"Security Providers"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages REG_MULTI_SZ msv1_0\0\0 Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0 Notification Packages REG_MULTI_SZ scecli\0\0HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\One Care MP [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\Current Version\Svchost]Local Service REG_MULTI_SZ Alerter\0Web Client\0Lm Hosts\0Remote Registry\0upnphost\0SSDPSRV\0\0Network Service REG_MULTI_SZ Dns Cache\0\0rpcss REG_MULTI_SZ Rpc Ss\0\0imgsvc REG_MULTI_SZ Sti Svc\0\0termsvcs REG_MULTI_SZ Term Service\0\0HTTPFilter REG_MULTI_SZ HTTPFilter\0\0Dcom Launch REG_MULTI_SZ Dcom Launch\0Term Service\0\0Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\MP Scheduled Quick C:\WINDOWS\tasks\MP Scheduled C:\WINDOWS\tasks\MP Scheduled Signature C:\WINDOWS\tasks\Symantec Net Detect.job********************************************************************catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006 hidden processes ...scanning hidden services ...scanning hidden autostart entries ...scanning hidden files ..completed successfullyhidden processes: 0hidden services: 0hidden files: 0********************************************************************Completion time: 07-04-13 C:\Combo ... EXEO4 - HKLM\..\Run: [Storage Guard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [Tk Bell Exe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Auto TKit] C:\hp\bin\AUTOTKIT. EXE C:\WINDOWS\System32\Nv Cpl.dll, Nv Startup O4 - HKLM\..\Run: [nwiz] /installquiet /keeploaded /nodetect O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\O4 - HKLM\..\Run: [Alcx Monitor] ALCXMNTR. DLLO18 - Protocol: msnim - - C:\PROGRA~1\MSNMES~1\MSGRAP~1. Adtomi]127.0.0.1 downldcl.adtoolsinc.com127.0.0.1 survey.advantageresearch.com127.0.0.1 ad.tw127.0.0.1 ads.advertise.net127.0.0.1 #[Adware. Arm Bender]127.0.0.1 audiogalaxy.com127.0.0.1 Zone site]127.0.0.1 adserving.autotrader.com127.0.0.1 Moe Money]127.0.0.1 Page-DA]127.0.0.1 c.#[ah-ha.com]127.0.0.1 #[xzoomy.com]127.0.0.1 epeople.com127.0.0.1 errorpage404#[JS_TRAFFICHBAR. Tiny Bar]127.0.0.1 er.errorplace.com127.0.0.1 vipuk.#[123Messenger Hijacker]127.0.0.1 antivirus spyware]127.0.0.1 Page-EZ][server down? Meerhits.nl]127.0.0.1 pokpok.meerhits.nl127.0.0.1 exit.megago.com127.0.0.1 squatter]127.0.0.1 Zone site]127.0.0.1

If so, click it, then click the next icon right below and select "Move incurable". Please copy/paste the content of that report into your next reply.*****************************Launch HJThis,click 'Open the Misc Tools Section'. EXEC:\Program Files\Microsoft Windows One Care Live\Firewall\C:\Program Files\Microsoft Windows One Care Live\C:\Program Files\Softex\Omni Pass\C:\WINDOWS\Explorer. Download Plus]127.0.0.1 ad.tomshardware.com127.0.0.1 #[IEDLL.

EXEC:\windows\system\C:\WINDOWS\System32\C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\C:\Program Files\HP\HP Software Update\HPWu C:\WINDOWS\System32\hphmon05C:\HP\KBD\KBD.

07-04-13 Hijack logs Logfile of Hijack This v1.99.1Scan saved at AM, on 4/13/2007Platform: Windows XP SP2 (Win NT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16414)Running processes: C:\WINDOWS\System32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\Program Files\Microsoft Windows One Care Live\Antivirus\Ms Mp C:\WINDOWS\system32\C:\Program Files\Softex\Omni Pass\C:\WINDOWS\C:\Documents and Settings\Owner\Desktop\Hijack R1 - HKCU\Software\Microsoft\Internet Connection Wizard, Shell Next = - HKCU\Software\Microsoft\Windows\Current Version\Internet Settings, Proxy Override = localhost R3 - URLSearch Hook: Yahoo! EXEO4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD. EXEO4 - HKLM\..\Run: [Igfx Tray] C:\WINDOWS\System32\O4 - HKLM\..\Run: [Quick Time Task] "C:\Program Files\Quick Time\qttask.exe" -atboottime O4 - HKLM\..\Run: [i Tunes Helper] "C:\Program Files\i Tunes\i Tunes Helper.exe"O4 - HKLM\..\Run: [Quick Finder Scheduler] "c:\Program Files\Word Perfect Office 11\Programs\QFSCHD110. DLLO20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\Omni Pass\O20 - Winlogon Notify: Wga Logon - C:\WINDOWS\SYSTEM32\Wga O23 - Service: i Pod Service - Apple Computer, Inc. Advision]127.0.0.1 adviva.com127.0.0.1 ads.adviva.net127.0.0.1 adstats.adviva.net127.0.0.1 tracker.#[msvrl.dll]127.0.0.1 banners.affiliatefuel.com127.0.0.1 affiliatetarget.com127.0.0.1 fcds.affiliatetracking.net127.0.0.1 our.affiliatetracking.net127.0.0.1 partner.#[Troj/Subsear-A][Adware-SSF.dr]127.0.0.1 adserver.aim4media.com127.0.0.1 adtest.aim4media.com127.0.0.1 pops.aim4media.com127.0.0.1 crs.akamai.com127.0.0.1 soap.#[Spyware. Auto Startup]127.0.0.1 cploving.#[Trojan Clicker. ]127.0.0.1 perso.estat.com127.0.0.1 prof.estat.com127.0.0.1 Zone site]127.0.0.1 eu-adcenter.net127.0.0.1 thinknyc.eu-adcenter.net127.0.0.1 ugo.#[evidence-eliminator.com]127.0.0.1 Bar][Installer X Class]127.0.0.1 engage.everyone.net127.0.0.1 static.everyone.net127.0.0.1 exitexchange.com127.0.0.1 count.exitexchange.com127.0.0.1 images.exitexchange.com127.0.0.1 Zone site]127.0.0.1 #[EZCyber Search. A]127.0.0.1 net #[Grolier Network]127.0.0.1 micorsoft.com127.0.0.1 hijacker]127.0.0.1 adserver.mindshare.de127.0.0.1 Mini-Player]127.0.0.1 banner.missingkids.com127.0.0.1 ads.monster.com127.0.0.1 adserver.monster.com127.0.0.1 adserver.monster.com127.0.0.1 ads.monstermoving.com127.0.0.1 cookie.monster.com127.0.0.1 mp3today.net127.0.0.1 mpamexit.com127.0.0.1 msgtag.com127.0.0.1 img.#[Restricted Zone site]127.0.0.1 multi1co.uk127.0.0.1 #[Multimpp Obj Class][Adv Ware. Now Box]127.0.0.1 mediatickets.nubela.net127.0.0.1 nz127.0.0.1 okcounter.com127.0.0.1 net #[Trojan. C]127.0.0.1 stat.onestat.com127.0.0.1 one.ru127.0.0.1 ru127.0.0.1 stats0ru127.0.0.1 stats1ru127.0.0.1 stats2ru127.0.0.1 server1.opentracker.net127.0.0.1 ccc00.opinionlab.com127.0.0.1 rate.opinionlab.com127.0.0.1 net127.0.0.1 Organizer Class]127.0.0.1 com127.0.0.1 com127.0.0.1 otx5.otxresearch.com127.0.0.1 otx.#[OTXMedia.dll]127.0.0.1 Class]127.0.0.1 adpopper.#[bargain-buddy.net]127.0.0.1 click.payserve.com127.0.0.1 ad1com127.0.0.1 ad3com127.0.0.1 com127.0.0.1 ad4com127.0.0.1 ads5com127.0.0.1 com127.0.0.1 net127.0.0.1 ads.#[addynamix.com]127.0.0.1 banners.pennyweb.com127.0.0.1 D]127.0.0.1 ads.photosight.ru127.0.0.1 phpadsnew.com127.0.0.1 #[Backdoor.

EXE"O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [One Care UI] "C:\Program Files\Microsoft Windows One Care Live\winssnotify.exe"O4 - HKCU\..\Run: [Backup Notify] c:\Program Files\Hewlett-Packard\Digital Imaging\bin\O4 - HKCU\..\Run: [NVIEW] rundll32nview.dll,n View Load Hook O4 - HKCU\..\Run: [Real Player] "C:\Program Files\Real\Real One Player\realplay.exe" /Run UPGTool Command Re Boot O4 - HKCU\..\Run: [update Mgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\Adobe Update Ac Rd B7_0_9O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\O4 - Startup: Auto O4 - Global Startup: Adobe Reader Speed = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_O4 - Global Startup: HP Digital Imaging = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08O4 - Global Startup: Motorola Wireless USB = ? - C:\Program Files\i Pod\bin\i Pod O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32O23 - Service: Softex Omni Pass Service (omniserv) - Unknown owner - C:\Program Files\Softex\Omni Pass\O23 - Service: Ventrilo - Unknown owner - C:\Program Files\Vent Srv\ventrilo_O23 - Service: Windows Network Log Manage - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\MSInfo\Smit Fraud Fix v2.166Scan done at .25, Fri 04/13/2007Run from C:\Documents and Settings\Owner\Desktop\Smitfraud Fix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NTThe filesystem type is NTFSFix run in safe mode Shared Task Scheduler Before Smit Fraud Fix!!! Alexa][Alexa Toolbar]127.0.0.1 #[Backdoor-CIE]127.0.0.1 ads.as4#[Ticketmaster]127.0.0.1 net127.0.0.1 net127.0.0.1 ads.amazingmedia.com127.0.0.1 bohema.#[Trojan. H]127.0.0.1 adserver04.#[Real Media]127.0.0.1 ads.antionline.com127.0.0.1 net127.0.0.1 banner.arttoday.com127.0.0.1 #[amazon.com]127.0.0.1 #[UCSearch][W32. Surebar]127.0.0.1 ads.ezcybersearch.com127.0.0.1 everyone.net127.0.0.1 Search]127.0.0.1 ads.au127.0.0.1 au127.0.0.1 redirect.au127.0.0.1 campaigns.f2au127.0.0.1 Search][TROJ_STARTPAG. Bi Spy.o]127.0.0.1 mvtracker.com127.0.0.1 mvr3#[Nav Excel\n-CASE]127.0.0.1 #[Parasite. No Adware]127.0.0.1 ad.nobreak.com127.0.0.1 #[spam][server down?

O4 - Global Startup: Quicken Scheduled = C:\Program Files\Quicken\O4 - Global Startup: Updates from = C:\Program Files\Updates from HP\137903\Program\Back Web-137903O8 - Extra context menu item: &Yahoo! Attention, following keys are not inevitably infected!!! Ri Search Shared Task Scheduler's .dll[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Explorer\Shared Task Scheduler]""="frisbee"[HKEY_CLASSES_ROOT\CLSID\\In Proc Server32]@="C:\WINDOWS\system32\ygjun.dll"[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\\In Proc Server32]@="C:\WINDOWS\system32\ygjun.dll" Killing process hosts127.0.0.1 downloads.aaa1#[Bargin Buddy]127.0.0.1 dl.aaascreensavers.com127.0.0.1 abcsearch.com127.0.0.1 admin.abcsearch.com127.0.0.1 www3.#[Browseraid]127.0.0.1 abc517#[Trojan. Nav Excel]127.0.0.1 us127.0.0.1 ads.mydailyhoroscope.net127.0.0.1 Horoscope]127.0.0.1 com127.0.0.1 myhitlogger.com127.0.0.1 #[Parasite. My Page Finder]127.0.0.1 hit.namimedia.com127.0.0.1 ads.nandomedia.com127.0.0.1 #[Adware. Needed Ware]127.0.0.1 www6.netbroadcaster.com127.0.0.1 code.au127.0.0.1 money2.netfirms.com127.0.0.1 partner.netmechanic.com127.0.0.1 tracker.netmechanic.com127.0.0.1 counter.netmore.net127.0.0.1 ads.netsol.com127.0.0.1 ads.uk127.0.0.1 adq.nextag.com127.0.0.1 #[TROJ_DELF.

]]Remote Registry[[

EXE\"""Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide""One Care UI"="\"C:\\Program Files\\Microsoft Windows One Care Live\\winssnotify.exe\"" [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]"DWQueued Reporting"="\"C:\\PROGRA~1\\COMMON~1\\MICROS~1\\DW\\dwtrig20.exe\" -t"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"Disable Task Mgr"=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]""="frisbee"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]""="Microsoft Anti Malware Shell Execute Hook"HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]"Security Providers"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages REG_MULTI_SZ msv1_0\0\0 Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0 Notification Packages REG_MULTI_SZ scecli\0\0HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\One Care MP [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\Current Version\Svchost]Local Service REG_MULTI_SZ Alerter\0Web Client\0Lm Hosts\0Remote Registry\0upnphost\0SSDPSRV\0\0Network Service REG_MULTI_SZ Dns Cache\0\0rpcss REG_MULTI_SZ Rpc Ss\0\0imgsvc REG_MULTI_SZ Sti Svc\0\0termsvcs REG_MULTI_SZ Term Service\0\0HTTPFilter REG_MULTI_SZ HTTPFilter\0\0Dcom Launch REG_MULTI_SZ Dcom Launch\0Term Service\0\0Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\MP Scheduled Quick C:\WINDOWS\tasks\MP Scheduled C:\WINDOWS\tasks\MP Scheduled Signature C:\WINDOWS\tasks\Symantec Net Detect.job********************************************************************catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006 hidden processes ...scanning hidden services ...scanning hidden autostart entries ...scanning hidden files ..completed successfullyhidden processes: 0hidden services: 0hidden files: 0********************************************************************Completion time: 07-04-13 C:\Combo ... EXEO4 - HKLM\..\Run: [Storage Guard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [Tk Bell Exe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Auto TKit] C:\hp\bin\AUTOTKIT. EXE C:\WINDOWS\System32\Nv Cpl.dll, Nv Startup O4 - HKLM\..\Run: [nwiz] /installquiet /keeploaded /nodetect O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\O4 - HKLM\..\Run: [Alcx Monitor] ALCXMNTR. DLLO18 - Protocol: msnim - - C:\PROGRA~1\MSNMES~1\MSGRAP~1. Adtomi]127.0.0.1 downldcl.adtoolsinc.com127.0.0.1 survey.advantageresearch.com127.0.0.1 ad.tw127.0.0.1 ads.advertise.net127.0.0.1 #[Adware. Arm Bender]127.0.0.1 audiogalaxy.com127.0.0.1 Zone site]127.0.0.1 adserving.autotrader.com127.0.0.1 Moe Money]127.0.0.1 Page-DA]127.0.0.1 c.#[ah-ha.com]127.0.0.1 #[xzoomy.com]127.0.0.1 epeople.com127.0.0.1 errorpage404#[JS_TRAFFICHBAR. Tiny Bar]127.0.0.1 er.errorplace.com127.0.0.1 vipuk.#[123Messenger Hijacker]127.0.0.1 antivirus spyware]127.0.0.1 Page-EZ][server down? Meerhits.nl]127.0.0.1 pokpok.meerhits.nl127.0.0.1 exit.megago.com127.0.0.1 squatter]127.0.0.1 Zone site]127.0.0.1 If so, click it, then click the next icon right below and select "Move incurable". Please copy/paste the content of that report into your next reply.*****************************Launch HJThis,click 'Open the Misc Tools Section'. EXEC:\Program Files\Microsoft Windows One Care Live\Firewall\C:\Program Files\Microsoft Windows One Care Live\C:\Program Files\Softex\Omni Pass\C:\WINDOWS\Explorer. Download Plus]127.0.0.1 ad.tomshardware.com127.0.0.1 #[IEDLL. EXEC:\windows\system\C:\WINDOWS\System32\C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\C:\Program Files\HP\HP Software Update\HPWu C:\WINDOWS\System32\hphmon05C:\HP\KBD\KBD. 07-04-13 Hijack logs Logfile of Hijack This v1.99.1Scan saved at AM, on 4/13/2007Platform: Windows XP SP2 (Win NT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16414)Running processes: C:\WINDOWS\System32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\Program Files\Microsoft Windows One Care Live\Antivirus\Ms Mp C:\WINDOWS\system32\C:\Program Files\Softex\Omni Pass\C:\WINDOWS\C:\Documents and Settings\Owner\Desktop\Hijack R1 - HKCU\Software\Microsoft\Internet Connection Wizard, Shell Next = - HKCU\Software\Microsoft\Windows\Current Version\Internet Settings, Proxy Override = localhost R3 - URLSearch Hook: Yahoo! EXEO4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD. EXEO4 - HKLM\..\Run: [Igfx Tray] C:\WINDOWS\System32\O4 - HKLM\..\Run: [Quick Time Task] "C:\Program Files\Quick Time\qttask.exe" -atboottime O4 - HKLM\..\Run: [i Tunes Helper] "C:\Program Files\i Tunes\i Tunes Helper.exe"O4 - HKLM\..\Run: [Quick Finder Scheduler] "c:\Program Files\Word Perfect Office 11\Programs\QFSCHD110. DLLO20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\Omni Pass\O20 - Winlogon Notify: Wga Logon - C:\WINDOWS\SYSTEM32\Wga O23 - Service: i Pod Service - Apple Computer, Inc. Advision]127.0.0.1 adviva.com127.0.0.1 ads.adviva.net127.0.0.1 adstats.adviva.net127.0.0.1 tracker.#[msvrl.dll]127.0.0.1 banners.affiliatefuel.com127.0.0.1 affiliatetarget.com127.0.0.1 fcds.affiliatetracking.net127.0.0.1 our.affiliatetracking.net127.0.0.1 partner.#[Troj/Subsear-A][Adware-SSF.dr]127.0.0.1 adserver.aim4media.com127.0.0.1 adtest.aim4media.com127.0.0.1 pops.aim4media.com127.0.0.1 crs.akamai.com127.0.0.1 soap.#[Spyware. Auto Startup]127.0.0.1 cploving.#[Trojan Clicker. ]127.0.0.1 perso.estat.com127.0.0.1 prof.estat.com127.0.0.1 Zone site]127.0.0.1 eu-adcenter.net127.0.0.1 thinknyc.eu-adcenter.net127.0.0.1 ugo.#[evidence-eliminator.com]127.0.0.1 Bar][Installer X Class]127.0.0.1 engage.everyone.net127.0.0.1 static.everyone.net127.0.0.1 exitexchange.com127.0.0.1 count.exitexchange.com127.0.0.1 images.exitexchange.com127.0.0.1 Zone site]127.0.0.1 #[EZCyber Search. A]127.0.0.1 net #[Grolier Network]127.0.0.1 micorsoft.com127.0.0.1 hijacker]127.0.0.1 adserver.mindshare.de127.0.0.1 Mini-Player]127.0.0.1 banner.missingkids.com127.0.0.1 ads.monster.com127.0.0.1 adserver.monster.com127.0.0.1 adserver.monster.com127.0.0.1 ads.monstermoving.com127.0.0.1 cookie.monster.com127.0.0.1 mp3today.net127.0.0.1 mpamexit.com127.0.0.1 msgtag.com127.0.0.1 img.#[Restricted Zone site]127.0.0.1 multi1co.uk127.0.0.1 #[Multimpp Obj Class][Adv Ware. Now Box]127.0.0.1 mediatickets.nubela.net127.0.0.1 nz127.0.0.1 okcounter.com127.0.0.1 net #[Trojan. C]127.0.0.1 stat.onestat.com127.0.0.1 one.ru127.0.0.1 ru127.0.0.1 stats0ru127.0.0.1 stats1ru127.0.0.1 stats2ru127.0.0.1 server1.opentracker.net127.0.0.1 ccc00.opinionlab.com127.0.0.1 rate.opinionlab.com127.0.0.1 net127.0.0.1 Organizer Class]127.0.0.1 com127.0.0.1 com127.0.0.1 otx5.otxresearch.com127.0.0.1 otx.#[OTXMedia.dll]127.0.0.1 Class]127.0.0.1 adpopper.#[bargain-buddy.net]127.0.0.1 click.payserve.com127.0.0.1 ad1com127.0.0.1 ad3com127.0.0.1 com127.0.0.1 ad4com127.0.0.1 ads5com127.0.0.1 com127.0.0.1 net127.0.0.1 ads.#[addynamix.com]127.0.0.1 banners.pennyweb.com127.0.0.1 D]127.0.0.1 ads.photosight.ru127.0.0.1 phpadsnew.com127.0.0.1 #[Backdoor. EXE"O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [One Care UI] "C:\Program Files\Microsoft Windows One Care Live\winssnotify.exe"O4 - HKCU\..\Run: [Backup Notify] c:\Program Files\Hewlett-Packard\Digital Imaging\bin\O4 - HKCU\..\Run: [NVIEW] rundll32nview.dll,n View Load Hook O4 - HKCU\..\Run: [Real Player] "C:\Program Files\Real\Real One Player\realplay.exe" /Run UPGTool Command Re Boot O4 - HKCU\..\Run: [update Mgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\Adobe Update Ac Rd B7_0_9O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\O4 - Startup: Auto O4 - Global Startup: Adobe Reader Speed = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_O4 - Global Startup: HP Digital Imaging = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08O4 - Global Startup: Motorola Wireless USB = ? - C:\Program Files\i Pod\bin\i Pod O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32O23 - Service: Softex Omni Pass Service (omniserv) - Unknown owner - C:\Program Files\Softex\Omni Pass\O23 - Service: Ventrilo - Unknown owner - C:\Program Files\Vent Srv\ventrilo_O23 - Service: Windows Network Log Manage - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\MSInfo\Smit Fraud Fix v2.166Scan done at .25, Fri 04/13/2007Run from C:\Documents and Settings\Owner\Desktop\Smitfraud Fix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NTThe filesystem type is NTFSFix run in safe mode Shared Task Scheduler Before Smit Fraud Fix!!! Alexa][Alexa Toolbar]127.0.0.1 #[Backdoor-CIE]127.0.0.1 ads.as4#[Ticketmaster]127.0.0.1 net127.0.0.1 net127.0.0.1 ads.amazingmedia.com127.0.0.1 bohema.#[Trojan. H]127.0.0.1 adserver04.#[Real Media]127.0.0.1 ads.antionline.com127.0.0.1 net127.0.0.1 banner.arttoday.com127.0.0.1 #[amazon.com]127.0.0.1 #[UCSearch][W32. Surebar]127.0.0.1 ads.ezcybersearch.com127.0.0.1 everyone.net127.0.0.1 Search]127.0.0.1 ads.au127.0.0.1 au127.0.0.1 redirect.au127.0.0.1 campaigns.f2au127.0.0.1 Search][TROJ_STARTPAG. Bi Spy.o]127.0.0.1 mvtracker.com127.0.0.1 mvr3#[Nav Excel\n-CASE]127.0.0.1 #[Parasite. No Adware]127.0.0.1 ad.nobreak.com127.0.0.1 #[spam][server down? O4 - Global Startup: Quicken Scheduled = C:\Program Files\Quicken\O4 - Global Startup: Updates from = C:\Program Files\Updates from HP\137903\Program\Back Web-137903O8 - Extra context menu item: &Yahoo! Attention, following keys are not inevitably infected!!! Ri Search Shared Task Scheduler's .dll[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Explorer\Shared Task Scheduler]""="frisbee"[HKEY_CLASSES_ROOT\CLSID\\In Proc Server32]@="C:\WINDOWS\system32\ygjun.dll"[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\\In Proc Server32]@="C:\WINDOWS\system32\ygjun.dll" Killing process hosts127.0.0.1 downloads.aaa1#[Bargin Buddy]127.0.0.1 dl.aaascreensavers.com127.0.0.1 abcsearch.com127.0.0.1 admin.abcsearch.com127.0.0.1 www3.#[Browseraid]127.0.0.1 abc517#[Trojan. Nav Excel]127.0.0.1 us127.0.0.1 ads.mydailyhoroscope.net127.0.0.1 Horoscope]127.0.0.1 com127.0.0.1 myhitlogger.com127.0.0.1 #[Parasite. My Page Finder]127.0.0.1 hit.namimedia.com127.0.0.1 ads.nandomedia.com127.0.0.1 #[Adware. Needed Ware]127.0.0.1 www6.netbroadcaster.com127.0.0.1 code.au127.0.0.1 money2.netfirms.com127.0.0.1 partner.netmechanic.com127.0.0.1 tracker.netmechanic.com127.0.0.1 counter.netmore.net127.0.0.1 ads.netsol.com127.0.0.1 ads.uk127.0.0.1 adq.nextag.com127.0.0.1 #[TROJ_DELF.

||

EXE\"""Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide""One Care UI"="\"C:\\Program Files\\Microsoft Windows One Care Live\\winssnotify.exe\"" [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]"DWQueued Reporting"="\"C:\\PROGRA~1\\COMMON~1\\MICROS~1\\DW\\dwtrig20.exe\" -t"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"Disable Task Mgr"=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]""="frisbee"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]""="Microsoft Anti Malware Shell Execute Hook"HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]"Security Providers"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages REG_MULTI_SZ msv1_0\0\0 Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0 Notification Packages REG_MULTI_SZ scecli\0\0HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\One Care MP [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\Current Version\Svchost]Local Service REG_MULTI_SZ Alerter\0Web Client\0Lm Hosts\0Remote Registry\0upnphost\0SSDPSRV\0\0Network Service REG_MULTI_SZ Dns Cache\0\0rpcss REG_MULTI_SZ Rpc Ss\0\0imgsvc REG_MULTI_SZ Sti Svc\0\0termsvcs REG_MULTI_SZ Term Service\0\0HTTPFilter REG_MULTI_SZ HTTPFilter\0\0Dcom Launch REG_MULTI_SZ Dcom Launch\0Term Service\0\0Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\MP Scheduled Quick C:\WINDOWS\tasks\MP Scheduled C:\WINDOWS\tasks\MP Scheduled Signature C:\WINDOWS\tasks\Symantec Net Detect.job********************************************************************catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006 hidden processes ...scanning hidden services ...scanning hidden autostart entries ...scanning hidden files ..completed successfullyhidden processes: 0hidden services: 0hidden files: 0********************************************************************Completion time: 07-04-13 C:\Combo ... EXEO4 - HKLM\..\Run: [Storage Guard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [Tk Bell Exe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Auto TKit] C:\hp\bin\AUTOTKIT. EXE C:\WINDOWS\System32\Nv Cpl.dll, Nv Startup O4 - HKLM\..\Run: [nwiz] /installquiet /keeploaded /nodetect O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\O4 - HKLM\..\Run: [Alcx Monitor] ALCXMNTR. DLLO18 - Protocol: msnim - - C:\PROGRA~1\MSNMES~1\MSGRAP~1. Adtomi]127.0.0.1 downldcl.adtoolsinc.com127.0.0.1 survey.advantageresearch.com127.0.0.1 ad.tw127.0.0.1 ads.advertise.net127.0.0.1 #[Adware. Arm Bender]127.0.0.1 audiogalaxy.com127.0.0.1 Zone site]127.0.0.1 adserving.autotrader.com127.0.0.1 Moe Money]127.0.0.1 Page-DA]127.0.0.1 c.#[ah-ha.com]127.0.0.1 #[xzoomy.com]127.0.0.1 epeople.com127.0.0.1 errorpage404#[JS_TRAFFICHBAR. Tiny Bar]127.0.0.1 er.errorplace.com127.0.0.1 vipuk.#[123Messenger Hijacker]127.0.0.1 antivirus spyware]127.0.0.1 Page-EZ][server down? Meerhits.nl]127.0.0.1 pokpok.meerhits.nl127.0.0.1 exit.megago.com127.0.0.1 squatter]127.0.0.1 Zone site]127.0.0.1

If so, click it, then click the next icon right below and select "Move incurable". Please copy/paste the content of that report into your next reply.*****************************Launch HJThis,click 'Open the Misc Tools Section'. EXEC:\Program Files\Microsoft Windows One Care Live\Firewall\C:\Program Files\Microsoft Windows One Care Live\C:\Program Files\Softex\Omni Pass\C:\WINDOWS\Explorer. Download Plus]127.0.0.1 ad.tomshardware.com127.0.0.1 #[IEDLL.

EXEC:\windows\system\C:\WINDOWS\System32\C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\C:\Program Files\HP\HP Software Update\HPWu C:\WINDOWS\System32\hphmon05C:\HP\KBD\KBD.

07-04-13 Hijack logs Logfile of Hijack This v1.99.1Scan saved at AM, on 4/13/2007Platform: Windows XP SP2 (Win NT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16414)Running processes: C:\WINDOWS\System32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\Program Files\Microsoft Windows One Care Live\Antivirus\Ms Mp C:\WINDOWS\system32\C:\Program Files\Softex\Omni Pass\C:\WINDOWS\C:\Documents and Settings\Owner\Desktop\Hijack R1 - HKCU\Software\Microsoft\Internet Connection Wizard, Shell Next = - HKCU\Software\Microsoft\Windows\Current Version\Internet Settings, Proxy Override = localhost R3 - URLSearch Hook: Yahoo! EXEO4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD. EXEO4 - HKLM\..\Run: [Igfx Tray] C:\WINDOWS\System32\O4 - HKLM\..\Run: [Quick Time Task] "C:\Program Files\Quick Time\qttask.exe" -atboottime O4 - HKLM\..\Run: [i Tunes Helper] "C:\Program Files\i Tunes\i Tunes Helper.exe"O4 - HKLM\..\Run: [Quick Finder Scheduler] "c:\Program Files\Word Perfect Office 11\Programs\QFSCHD110. DLLO20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\Omni Pass\O20 - Winlogon Notify: Wga Logon - C:\WINDOWS\SYSTEM32\Wga O23 - Service: i Pod Service - Apple Computer, Inc. Advision]127.0.0.1 adviva.com127.0.0.1 ads.adviva.net127.0.0.1 adstats.adviva.net127.0.0.1 tracker.#[msvrl.dll]127.0.0.1 banners.affiliatefuel.com127.0.0.1 affiliatetarget.com127.0.0.1 fcds.affiliatetracking.net127.0.0.1 our.affiliatetracking.net127.0.0.1 partner.#[Troj/Subsear-A][Adware-SSF.dr]127.0.0.1 adserver.aim4media.com127.0.0.1 adtest.aim4media.com127.0.0.1 pops.aim4media.com127.0.0.1 crs.akamai.com127.0.0.1 soap.#[Spyware. Auto Startup]127.0.0.1 cploving.#[Trojan Clicker. ]127.0.0.1 perso.estat.com127.0.0.1 prof.estat.com127.0.0.1 Zone site]127.0.0.1 eu-adcenter.net127.0.0.1 thinknyc.eu-adcenter.net127.0.0.1 ugo.#[evidence-eliminator.com]127.0.0.1 Bar][Installer X Class]127.0.0.1 engage.everyone.net127.0.0.1 static.everyone.net127.0.0.1 exitexchange.com127.0.0.1 count.exitexchange.com127.0.0.1 images.exitexchange.com127.0.0.1 Zone site]127.0.0.1 #[EZCyber Search. A]127.0.0.1 net #[Grolier Network]127.0.0.1 micorsoft.com127.0.0.1 hijacker]127.0.0.1 adserver.mindshare.de127.0.0.1 Mini-Player]127.0.0.1 banner.missingkids.com127.0.0.1 ads.monster.com127.0.0.1 adserver.monster.com127.0.0.1 adserver.monster.com127.0.0.1 ads.monstermoving.com127.0.0.1 cookie.monster.com127.0.0.1 mp3today.net127.0.0.1 mpamexit.com127.0.0.1 msgtag.com127.0.0.1 img.#[Restricted Zone site]127.0.0.1 multi1co.uk127.0.0.1 #[Multimpp Obj Class][Adv Ware. Now Box]127.0.0.1 mediatickets.nubela.net127.0.0.1 nz127.0.0.1 okcounter.com127.0.0.1 net #[Trojan. C]127.0.0.1 stat.onestat.com127.0.0.1 one.ru127.0.0.1 ru127.0.0.1 stats0ru127.0.0.1 stats1ru127.0.0.1 stats2ru127.0.0.1 server1.opentracker.net127.0.0.1 ccc00.opinionlab.com127.0.0.1 rate.opinionlab.com127.0.0.1 net127.0.0.1 Organizer Class]127.0.0.1 com127.0.0.1 com127.0.0.1 otx5.otxresearch.com127.0.0.1 otx.#[OTXMedia.dll]127.0.0.1 Class]127.0.0.1 adpopper.#[bargain-buddy.net]127.0.0.1 click.payserve.com127.0.0.1 ad1com127.0.0.1 ad3com127.0.0.1 com127.0.0.1 ad4com127.0.0.1 ads5com127.0.0.1 com127.0.0.1 net127.0.0.1 ads.#[addynamix.com]127.0.0.1 banners.pennyweb.com127.0.0.1 D]127.0.0.1 ads.photosight.ru127.0.0.1 phpadsnew.com127.0.0.1 #[Backdoor.

EXE"O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [One Care UI] "C:\Program Files\Microsoft Windows One Care Live\winssnotify.exe"O4 - HKCU\..\Run: [Backup Notify] c:\Program Files\Hewlett-Packard\Digital Imaging\bin\O4 - HKCU\..\Run: [NVIEW] rundll32nview.dll,n View Load Hook O4 - HKCU\..\Run: [Real Player] "C:\Program Files\Real\Real One Player\realplay.exe" /Run UPGTool Command Re Boot O4 - HKCU\..\Run: [update Mgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\Adobe Update Ac Rd B7_0_9O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\O4 - Startup: Auto O4 - Global Startup: Adobe Reader Speed = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_O4 - Global Startup: HP Digital Imaging = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08O4 - Global Startup: Motorola Wireless USB = ? - C:\Program Files\i Pod\bin\i Pod O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32O23 - Service: Softex Omni Pass Service (omniserv) - Unknown owner - C:\Program Files\Softex\Omni Pass\O23 - Service: Ventrilo - Unknown owner - C:\Program Files\Vent Srv\ventrilo_O23 - Service: Windows Network Log Manage - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\MSInfo\Smit Fraud Fix v2.166Scan done at .25, Fri 04/13/2007Run from C:\Documents and Settings\Owner\Desktop\Smitfraud Fix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NTThe filesystem type is NTFSFix run in safe mode Shared Task Scheduler Before Smit Fraud Fix!!! Alexa][Alexa Toolbar]127.0.0.1 #[Backdoor-CIE]127.0.0.1 ads.as4#[Ticketmaster]127.0.0.1 net127.0.0.1 net127.0.0.1 ads.amazingmedia.com127.0.0.1 bohema.#[Trojan. H]127.0.0.1 adserver04.#[Real Media]127.0.0.1 ads.antionline.com127.0.0.1 net127.0.0.1 banner.arttoday.com127.0.0.1 #[amazon.com]127.0.0.1 #[UCSearch][W32. Surebar]127.0.0.1 ads.ezcybersearch.com127.0.0.1 everyone.net127.0.0.1 Search]127.0.0.1 ads.au127.0.0.1 au127.0.0.1 redirect.au127.0.0.1 campaigns.f2au127.0.0.1 Search][TROJ_STARTPAG. Bi Spy.o]127.0.0.1 mvtracker.com127.0.0.1 mvr3#[Nav Excel\n-CASE]127.0.0.1 #[Parasite. No Adware]127.0.0.1 ad.nobreak.com127.0.0.1 #[spam][server down?

O4 - Global Startup: Quicken Scheduled = C:\Program Files\Quicken\O4 - Global Startup: Updates from = C:\Program Files\Updates from HP\137903\Program\Back Web-137903O8 - Extra context menu item: &Yahoo! Attention, following keys are not inevitably infected!!! Ri Search Shared Task Scheduler's .dll[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Explorer\Shared Task Scheduler]""="frisbee"[HKEY_CLASSES_ROOT\CLSID\\In Proc Server32]@="C:\WINDOWS\system32\ygjun.dll"[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\\In Proc Server32]@="C:\WINDOWS\system32\ygjun.dll" Killing process hosts127.0.0.1 downloads.aaa1#[Bargin Buddy]127.0.0.1 dl.aaascreensavers.com127.0.0.1 abcsearch.com127.0.0.1 admin.abcsearch.com127.0.0.1 www3.#[Browseraid]127.0.0.1 abc517#[Trojan. Nav Excel]127.0.0.1 us127.0.0.1 ads.mydailyhoroscope.net127.0.0.1 Horoscope]127.0.0.1 com127.0.0.1 myhitlogger.com127.0.0.1 #[Parasite. My Page Finder]127.0.0.1 hit.namimedia.com127.0.0.1 ads.nandomedia.com127.0.0.1 #[Adware. Needed Ware]127.0.0.1 www6.netbroadcaster.com127.0.0.1 code.au127.0.0.1 money2.netfirms.com127.0.0.1 partner.netmechanic.com127.0.0.1 tracker.netmechanic.com127.0.0.1 counter.netmore.net127.0.0.1 ads.netsol.com127.0.0.1 ads.uk127.0.0.1 adq.nextag.com127.0.0.1 #[TROJ_DELF.

]]upnphost[[

EXE\"""Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide""One Care UI"="\"C:\\Program Files\\Microsoft Windows One Care Live\\winssnotify.exe\"" [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]"DWQueued Reporting"="\"C:\\PROGRA~1\\COMMON~1\\MICROS~1\\DW\\dwtrig20.exe\" -t"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"Disable Task Mgr"=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]""="frisbee"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]""="Microsoft Anti Malware Shell Execute Hook"HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]"Security Providers"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages REG_MULTI_SZ msv1_0\0\0 Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0 Notification Packages REG_MULTI_SZ scecli\0\0HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\One Care MP [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\Current Version\Svchost]Local Service REG_MULTI_SZ Alerter\0Web Client\0Lm Hosts\0Remote Registry\0upnphost\0SSDPSRV\0\0Network Service REG_MULTI_SZ Dns Cache\0\0rpcss REG_MULTI_SZ Rpc Ss\0\0imgsvc REG_MULTI_SZ Sti Svc\0\0termsvcs REG_MULTI_SZ Term Service\0\0HTTPFilter REG_MULTI_SZ HTTPFilter\0\0Dcom Launch REG_MULTI_SZ Dcom Launch\0Term Service\0\0Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\MP Scheduled Quick C:\WINDOWS\tasks\MP Scheduled C:\WINDOWS\tasks\MP Scheduled Signature C:\WINDOWS\tasks\Symantec Net Detect.job********************************************************************catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006 hidden processes ...scanning hidden services ...scanning hidden autostart entries ...scanning hidden files ..completed successfullyhidden processes: 0hidden services: 0hidden files: 0********************************************************************Completion time: 07-04-13 C:\Combo ... EXEO4 - HKLM\..\Run: [Storage Guard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [Tk Bell Exe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Auto TKit] C:\hp\bin\AUTOTKIT. EXE C:\WINDOWS\System32\Nv Cpl.dll, Nv Startup O4 - HKLM\..\Run: [nwiz] /installquiet /keeploaded /nodetect O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\O4 - HKLM\..\Run: [Alcx Monitor] ALCXMNTR. DLLO18 - Protocol: msnim - - C:\PROGRA~1\MSNMES~1\MSGRAP~1. Adtomi]127.0.0.1 downldcl.adtoolsinc.com127.0.0.1 survey.advantageresearch.com127.0.0.1 ad.tw127.0.0.1 ads.advertise.net127.0.0.1 #[Adware. Arm Bender]127.0.0.1 audiogalaxy.com127.0.0.1 Zone site]127.0.0.1 adserving.autotrader.com127.0.0.1 Moe Money]127.0.0.1 Page-DA]127.0.0.1 c.#[ah-ha.com]127.0.0.1 #[xzoomy.com]127.0.0.1 epeople.com127.0.0.1 errorpage404#[JS_TRAFFICHBAR. Tiny Bar]127.0.0.1 er.errorplace.com127.0.0.1 vipuk.#[123Messenger Hijacker]127.0.0.1 antivirus spyware]127.0.0.1 Page-EZ][server down? Meerhits.nl]127.0.0.1 pokpok.meerhits.nl127.0.0.1 exit.megago.com127.0.0.1 squatter]127.0.0.1 Zone site]127.0.0.1 If so, click it, then click the next icon right below and select "Move incurable". Please copy/paste the content of that report into your next reply.*****************************Launch HJThis,click 'Open the Misc Tools Section'. EXEC:\Program Files\Microsoft Windows One Care Live\Firewall\C:\Program Files\Microsoft Windows One Care Live\C:\Program Files\Softex\Omni Pass\C:\WINDOWS\Explorer. Download Plus]127.0.0.1 ad.tomshardware.com127.0.0.1 #[IEDLL. EXEC:\windows\system\C:\WINDOWS\System32\C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\C:\Program Files\HP\HP Software Update\HPWu C:\WINDOWS\System32\hphmon05C:\HP\KBD\KBD. 07-04-13 Hijack logs Logfile of Hijack This v1.99.1Scan saved at AM, on 4/13/2007Platform: Windows XP SP2 (Win NT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16414)Running processes: C:\WINDOWS\System32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\Program Files\Microsoft Windows One Care Live\Antivirus\Ms Mp C:\WINDOWS\system32\C:\Program Files\Softex\Omni Pass\C:\WINDOWS\C:\Documents and Settings\Owner\Desktop\Hijack R1 - HKCU\Software\Microsoft\Internet Connection Wizard, Shell Next = - HKCU\Software\Microsoft\Windows\Current Version\Internet Settings, Proxy Override = localhost R3 - URLSearch Hook: Yahoo! EXEO4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD. EXEO4 - HKLM\..\Run: [Igfx Tray] C:\WINDOWS\System32\O4 - HKLM\..\Run: [Quick Time Task] "C:\Program Files\Quick Time\qttask.exe" -atboottime O4 - HKLM\..\Run: [i Tunes Helper] "C:\Program Files\i Tunes\i Tunes Helper.exe"O4 - HKLM\..\Run: [Quick Finder Scheduler] "c:\Program Files\Word Perfect Office 11\Programs\QFSCHD110. DLLO20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\Omni Pass\O20 - Winlogon Notify: Wga Logon - C:\WINDOWS\SYSTEM32\Wga O23 - Service: i Pod Service - Apple Computer, Inc. Advision]127.0.0.1 adviva.com127.0.0.1 ads.adviva.net127.0.0.1 adstats.adviva.net127.0.0.1 tracker.#[msvrl.dll]127.0.0.1 banners.affiliatefuel.com127.0.0.1 affiliatetarget.com127.0.0.1 fcds.affiliatetracking.net127.0.0.1 our.affiliatetracking.net127.0.0.1 partner.#[Troj/Subsear-A][Adware-SSF.dr]127.0.0.1 adserver.aim4media.com127.0.0.1 adtest.aim4media.com127.0.0.1 pops.aim4media.com127.0.0.1 crs.akamai.com127.0.0.1 soap.#[Spyware. Auto Startup]127.0.0.1 cploving.#[Trojan Clicker. ]127.0.0.1 perso.estat.com127.0.0.1 prof.estat.com127.0.0.1 Zone site]127.0.0.1 eu-adcenter.net127.0.0.1 thinknyc.eu-adcenter.net127.0.0.1 ugo.#[evidence-eliminator.com]127.0.0.1 Bar][Installer X Class]127.0.0.1 engage.everyone.net127.0.0.1 static.everyone.net127.0.0.1 exitexchange.com127.0.0.1 count.exitexchange.com127.0.0.1 images.exitexchange.com127.0.0.1 Zone site]127.0.0.1 #[EZCyber Search. A]127.0.0.1 net #[Grolier Network]127.0.0.1 micorsoft.com127.0.0.1 hijacker]127.0.0.1 adserver.mindshare.de127.0.0.1 Mini-Player]127.0.0.1 banner.missingkids.com127.0.0.1 ads.monster.com127.0.0.1 adserver.monster.com127.0.0.1 adserver.monster.com127.0.0.1 ads.monstermoving.com127.0.0.1 cookie.monster.com127.0.0.1 mp3today.net127.0.0.1 mpamexit.com127.0.0.1 msgtag.com127.0.0.1 img.#[Restricted Zone site]127.0.0.1 multi1co.uk127.0.0.1 #[Multimpp Obj Class][Adv Ware. Now Box]127.0.0.1 mediatickets.nubela.net127.0.0.1 nz127.0.0.1 okcounter.com127.0.0.1 net #[Trojan. C]127.0.0.1 stat.onestat.com127.0.0.1 one.ru127.0.0.1 ru127.0.0.1 stats0ru127.0.0.1 stats1ru127.0.0.1 stats2ru127.0.0.1 server1.opentracker.net127.0.0.1 ccc00.opinionlab.com127.0.0.1 rate.opinionlab.com127.0.0.1 net127.0.0.1 Organizer Class]127.0.0.1 com127.0.0.1 com127.0.0.1 otx5.otxresearch.com127.0.0.1 otx.#[OTXMedia.dll]127.0.0.1 Class]127.0.0.1 adpopper.#[bargain-buddy.net]127.0.0.1 click.payserve.com127.0.0.1 ad1com127.0.0.1 ad3com127.0.0.1 com127.0.0.1 ad4com127.0.0.1 ads5com127.0.0.1 com127.0.0.1 net127.0.0.1 ads.#[addynamix.com]127.0.0.1 banners.pennyweb.com127.0.0.1 D]127.0.0.1 ads.photosight.ru127.0.0.1 phpadsnew.com127.0.0.1 #[Backdoor. EXE"O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [One Care UI] "C:\Program Files\Microsoft Windows One Care Live\winssnotify.exe"O4 - HKCU\..\Run: [Backup Notify] c:\Program Files\Hewlett-Packard\Digital Imaging\bin\O4 - HKCU\..\Run: [NVIEW] rundll32nview.dll,n View Load Hook O4 - HKCU\..\Run: [Real Player] "C:\Program Files\Real\Real One Player\realplay.exe" /Run UPGTool Command Re Boot O4 - HKCU\..\Run: [update Mgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\Adobe Update Ac Rd B7_0_9O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\O4 - Startup: Auto O4 - Global Startup: Adobe Reader Speed = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_O4 - Global Startup: HP Digital Imaging = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08O4 - Global Startup: Motorola Wireless USB = ? - C:\Program Files\i Pod\bin\i Pod O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32O23 - Service: Softex Omni Pass Service (omniserv) - Unknown owner - C:\Program Files\Softex\Omni Pass\O23 - Service: Ventrilo - Unknown owner - C:\Program Files\Vent Srv\ventrilo_O23 - Service: Windows Network Log Manage - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\MSInfo\Smit Fraud Fix v2.166Scan done at .25, Fri 04/13/2007Run from C:\Documents and Settings\Owner\Desktop\Smitfraud Fix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NTThe filesystem type is NTFSFix run in safe mode Shared Task Scheduler Before Smit Fraud Fix!!! Alexa][Alexa Toolbar]127.0.0.1 #[Backdoor-CIE]127.0.0.1 ads.as4#[Ticketmaster]127.0.0.1 net127.0.0.1 net127.0.0.1 ads.amazingmedia.com127.0.0.1 bohema.#[Trojan. H]127.0.0.1 adserver04.#[Real Media]127.0.0.1 ads.antionline.com127.0.0.1 net127.0.0.1 banner.arttoday.com127.0.0.1 #[amazon.com]127.0.0.1 #[UCSearch][W32. Surebar]127.0.0.1 ads.ezcybersearch.com127.0.0.1 everyone.net127.0.0.1 Search]127.0.0.1 ads.au127.0.0.1 au127.0.0.1 redirect.au127.0.0.1 campaigns.f2au127.0.0.1 Search][TROJ_STARTPAG. Bi Spy.o]127.0.0.1 mvtracker.com127.0.0.1 mvr3#[Nav Excel\n-CASE]127.0.0.1 #[Parasite. No Adware]127.0.0.1 ad.nobreak.com127.0.0.1 #[spam][server down? O4 - Global Startup: Quicken Scheduled = C:\Program Files\Quicken\O4 - Global Startup: Updates from = C:\Program Files\Updates from HP\137903\Program\Back Web-137903O8 - Extra context menu item: &Yahoo! Attention, following keys are not inevitably infected!!! Ri Search Shared Task Scheduler's .dll[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Explorer\Shared Task Scheduler]""="frisbee"[HKEY_CLASSES_ROOT\CLSID\\In Proc Server32]@="C:\WINDOWS\system32\ygjun.dll"[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\\In Proc Server32]@="C:\WINDOWS\system32\ygjun.dll" Killing process hosts127.0.0.1 downloads.aaa1#[Bargin Buddy]127.0.0.1 dl.aaascreensavers.com127.0.0.1 abcsearch.com127.0.0.1 admin.abcsearch.com127.0.0.1 www3.#[Browseraid]127.0.0.1 abc517#[Trojan. Nav Excel]127.0.0.1 us127.0.0.1 ads.mydailyhoroscope.net127.0.0.1 Horoscope]127.0.0.1 com127.0.0.1 myhitlogger.com127.0.0.1 #[Parasite. My Page Finder]127.0.0.1 hit.namimedia.com127.0.0.1 ads.nandomedia.com127.0.0.1 #[Adware. Needed Ware]127.0.0.1 www6.netbroadcaster.com127.0.0.1 code.au127.0.0.1 money2.netfirms.com127.0.0.1 partner.netmechanic.com127.0.0.1 tracker.netmechanic.com127.0.0.1 counter.netmore.net127.0.0.1 ads.netsol.com127.0.0.1 ads.uk127.0.0.1 adq.nextag.com127.0.0.1 #[TROJ_DELF.

||

EXE\"""Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide""One Care UI"="\"C:\\Program Files\\Microsoft Windows One Care Live\\winssnotify.exe\"" [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]"DWQueued Reporting"="\"C:\\PROGRA~1\\COMMON~1\\MICROS~1\\DW\\dwtrig20.exe\" -t"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"Disable Task Mgr"=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]""="frisbee"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]""="Microsoft Anti Malware Shell Execute Hook"HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]"Security Providers"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages REG_MULTI_SZ msv1_0\0\0 Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0 Notification Packages REG_MULTI_SZ scecli\0\0HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\One Care MP [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\Current Version\Svchost]Local Service REG_MULTI_SZ Alerter\0Web Client\0Lm Hosts\0Remote Registry\0upnphost\0SSDPSRV\0\0Network Service REG_MULTI_SZ Dns Cache\0\0rpcss REG_MULTI_SZ Rpc Ss\0\0imgsvc REG_MULTI_SZ Sti Svc\0\0termsvcs REG_MULTI_SZ Term Service\0\0HTTPFilter REG_MULTI_SZ HTTPFilter\0\0Dcom Launch REG_MULTI_SZ Dcom Launch\0Term Service\0\0Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\MP Scheduled Quick C:\WINDOWS\tasks\MP Scheduled C:\WINDOWS\tasks\MP Scheduled Signature C:\WINDOWS\tasks\Symantec Net Detect.job********************************************************************catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006 hidden processes ...scanning hidden services ...scanning hidden autostart entries ...scanning hidden files ..completed successfullyhidden processes: 0hidden services: 0hidden files: 0********************************************************************Completion time: 07-04-13 C:\Combo ... EXEO4 - HKLM\..\Run: [Storage Guard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [Tk Bell Exe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Auto TKit] C:\hp\bin\AUTOTKIT. EXE C:\WINDOWS\System32\Nv Cpl.dll, Nv Startup O4 - HKLM\..\Run: [nwiz] /installquiet /keeploaded /nodetect O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\O4 - HKLM\..\Run: [Alcx Monitor] ALCXMNTR. DLLO18 - Protocol: msnim - - C:\PROGRA~1\MSNMES~1\MSGRAP~1. Adtomi]127.0.0.1 downldcl.adtoolsinc.com127.0.0.1 survey.advantageresearch.com127.0.0.1 ad.tw127.0.0.1 ads.advertise.net127.0.0.1 #[Adware. Arm Bender]127.0.0.1 audiogalaxy.com127.0.0.1 Zone site]127.0.0.1 adserving.autotrader.com127.0.0.1 Moe Money]127.0.0.1 Page-DA]127.0.0.1 c.#[ah-ha.com]127.0.0.1 #[xzoomy.com]127.0.0.1 epeople.com127.0.0.1 errorpage404#[JS_TRAFFICHBAR. Tiny Bar]127.0.0.1 er.errorplace.com127.0.0.1 vipuk.#[123Messenger Hijacker]127.0.0.1 antivirus spyware]127.0.0.1 Page-EZ][server down? Meerhits.nl]127.0.0.1 pokpok.meerhits.nl127.0.0.1 exit.megago.com127.0.0.1 squatter]127.0.0.1 Zone site]127.0.0.1

If so, click it, then click the next icon right below and select "Move incurable". Please copy/paste the content of that report into your next reply.*****************************Launch HJThis,click 'Open the Misc Tools Section'. EXEC:\Program Files\Microsoft Windows One Care Live\Firewall\C:\Program Files\Microsoft Windows One Care Live\C:\Program Files\Softex\Omni Pass\C:\WINDOWS\Explorer. Download Plus]127.0.0.1 ad.tomshardware.com127.0.0.1 #[IEDLL.

EXEC:\windows\system\C:\WINDOWS\System32\C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\C:\Program Files\HP\HP Software Update\HPWu C:\WINDOWS\System32\hphmon05C:\HP\KBD\KBD.

07-04-13 Hijack logs Logfile of Hijack This v1.99.1Scan saved at AM, on 4/13/2007Platform: Windows XP SP2 (Win NT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16414)Running processes: C:\WINDOWS\System32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\Program Files\Microsoft Windows One Care Live\Antivirus\Ms Mp C:\WINDOWS\system32\C:\Program Files\Softex\Omni Pass\C:\WINDOWS\C:\Documents and Settings\Owner\Desktop\Hijack R1 - HKCU\Software\Microsoft\Internet Connection Wizard, Shell Next = - HKCU\Software\Microsoft\Windows\Current Version\Internet Settings, Proxy Override = localhost R3 - URLSearch Hook: Yahoo! EXEO4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD. EXEO4 - HKLM\..\Run: [Igfx Tray] C:\WINDOWS\System32\O4 - HKLM\..\Run: [Quick Time Task] "C:\Program Files\Quick Time\qttask.exe" -atboottime O4 - HKLM\..\Run: [i Tunes Helper] "C:\Program Files\i Tunes\i Tunes Helper.exe"O4 - HKLM\..\Run: [Quick Finder Scheduler] "c:\Program Files\Word Perfect Office 11\Programs\QFSCHD110. DLLO20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\Omni Pass\O20 - Winlogon Notify: Wga Logon - C:\WINDOWS\SYSTEM32\Wga O23 - Service: i Pod Service - Apple Computer, Inc. Advision]127.0.0.1 adviva.com127.0.0.1 ads.adviva.net127.0.0.1 adstats.adviva.net127.0.0.1 tracker.#[msvrl.dll]127.0.0.1 banners.affiliatefuel.com127.0.0.1 affiliatetarget.com127.0.0.1 fcds.affiliatetracking.net127.0.0.1 our.affiliatetracking.net127.0.0.1 partner.#[Troj/Subsear-A][Adware-SSF.dr]127.0.0.1 adserver.aim4media.com127.0.0.1 adtest.aim4media.com127.0.0.1 pops.aim4media.com127.0.0.1 crs.akamai.com127.0.0.1 soap.#[Spyware. Auto Startup]127.0.0.1 cploving.#[Trojan Clicker. ]127.0.0.1 perso.estat.com127.0.0.1 prof.estat.com127.0.0.1 Zone site]127.0.0.1 eu-adcenter.net127.0.0.1 thinknyc.eu-adcenter.net127.0.0.1 ugo.#[evidence-eliminator.com]127.0.0.1 Bar][Installer X Class]127.0.0.1 engage.everyone.net127.0.0.1 static.everyone.net127.0.0.1 exitexchange.com127.0.0.1 count.exitexchange.com127.0.0.1 images.exitexchange.com127.0.0.1 Zone site]127.0.0.1 #[EZCyber Search. A]127.0.0.1 net #[Grolier Network]127.0.0.1 micorsoft.com127.0.0.1 hijacker]127.0.0.1 adserver.mindshare.de127.0.0.1 Mini-Player]127.0.0.1 banner.missingkids.com127.0.0.1 ads.monster.com127.0.0.1 adserver.monster.com127.0.0.1 adserver.monster.com127.0.0.1 ads.monstermoving.com127.0.0.1 cookie.monster.com127.0.0.1 mp3today.net127.0.0.1 mpamexit.com127.0.0.1 msgtag.com127.0.0.1 img.#[Restricted Zone site]127.0.0.1 multi1co.uk127.0.0.1 #[Multimpp Obj Class][Adv Ware. Now Box]127.0.0.1 mediatickets.nubela.net127.0.0.1 nz127.0.0.1 okcounter.com127.0.0.1 net #[Trojan. C]127.0.0.1 stat.onestat.com127.0.0.1 one.ru127.0.0.1 ru127.0.0.1 stats0ru127.0.0.1 stats1ru127.0.0.1 stats2ru127.0.0.1 server1.opentracker.net127.0.0.1 ccc00.opinionlab.com127.0.0.1 rate.opinionlab.com127.0.0.1 net127.0.0.1 Organizer Class]127.0.0.1 com127.0.0.1 com127.0.0.1 otx5.otxresearch.com127.0.0.1 otx.#[OTXMedia.dll]127.0.0.1 Class]127.0.0.1 adpopper.#[bargain-buddy.net]127.0.0.1 click.payserve.com127.0.0.1 ad1com127.0.0.1 ad3com127.0.0.1 com127.0.0.1 ad4com127.0.0.1 ads5com127.0.0.1 com127.0.0.1 net127.0.0.1 ads.#[addynamix.com]127.0.0.1 banners.pennyweb.com127.0.0.1 D]127.0.0.1 ads.photosight.ru127.0.0.1 phpadsnew.com127.0.0.1 #[Backdoor.

EXE"O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [One Care UI] "C:\Program Files\Microsoft Windows One Care Live\winssnotify.exe"O4 - HKCU\..\Run: [Backup Notify] c:\Program Files\Hewlett-Packard\Digital Imaging\bin\O4 - HKCU\..\Run: [NVIEW] rundll32nview.dll,n View Load Hook O4 - HKCU\..\Run: [Real Player] "C:\Program Files\Real\Real One Player\realplay.exe" /Run UPGTool Command Re Boot O4 - HKCU\..\Run: [update Mgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\Adobe Update Ac Rd B7_0_9O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\O4 - Startup: Auto O4 - Global Startup: Adobe Reader Speed = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_O4 - Global Startup: HP Digital Imaging = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08O4 - Global Startup: Motorola Wireless USB = ? - C:\Program Files\i Pod\bin\i Pod O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32O23 - Service: Softex Omni Pass Service (omniserv) - Unknown owner - C:\Program Files\Softex\Omni Pass\O23 - Service: Ventrilo - Unknown owner - C:\Program Files\Vent Srv\ventrilo_O23 - Service: Windows Network Log Manage - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\MSInfo\Smit Fraud Fix v2.166Scan done at .25, Fri 04/13/2007Run from C:\Documents and Settings\Owner\Desktop\Smitfraud Fix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NTThe filesystem type is NTFSFix run in safe mode Shared Task Scheduler Before Smit Fraud Fix!!! Alexa][Alexa Toolbar]127.0.0.1 #[Backdoor-CIE]127.0.0.1 ads.as4#[Ticketmaster]127.0.0.1 net127.0.0.1 net127.0.0.1 ads.amazingmedia.com127.0.0.1 bohema.#[Trojan. H]127.0.0.1 adserver04.#[Real Media]127.0.0.1 ads.antionline.com127.0.0.1 net127.0.0.1 banner.arttoday.com127.0.0.1 #[amazon.com]127.0.0.1 #[UCSearch][W32. Surebar]127.0.0.1 ads.ezcybersearch.com127.0.0.1 everyone.net127.0.0.1 Search]127.0.0.1 ads.au127.0.0.1 au127.0.0.1 redirect.au127.0.0.1 campaigns.f2au127.0.0.1 Search][TROJ_STARTPAG. Bi Spy.o]127.0.0.1 mvtracker.com127.0.0.1 mvr3#[Nav Excel\n-CASE]127.0.0.1 #[Parasite. No Adware]127.0.0.1 ad.nobreak.com127.0.0.1 #[spam][server down?

O4 - Global Startup: Quicken Scheduled = C:\Program Files\Quicken\O4 - Global Startup: Updates from = C:\Program Files\Updates from HP\137903\Program\Back Web-137903O8 - Extra context menu item: &Yahoo! Attention, following keys are not inevitably infected!!! Ri Search Shared Task Scheduler's .dll[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Explorer\Shared Task Scheduler]""="frisbee"[HKEY_CLASSES_ROOT\CLSID\\In Proc Server32]@="C:\WINDOWS\system32\ygjun.dll"[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\\In Proc Server32]@="C:\WINDOWS\system32\ygjun.dll" Killing process hosts127.0.0.1 downloads.aaa1#[Bargin Buddy]127.0.0.1 dl.aaascreensavers.com127.0.0.1 abcsearch.com127.0.0.1 admin.abcsearch.com127.0.0.1 www3.#[Browseraid]127.0.0.1 abc517#[Trojan. Nav Excel]127.0.0.1 us127.0.0.1 ads.mydailyhoroscope.net127.0.0.1 Horoscope]127.0.0.1 com127.0.0.1 myhitlogger.com127.0.0.1 #[Parasite. My Page Finder]127.0.0.1 hit.namimedia.com127.0.0.1 ads.nandomedia.com127.0.0.1 #[Adware. Needed Ware]127.0.0.1 www6.netbroadcaster.com127.0.0.1 code.au127.0.0.1 money2.netfirms.com127.0.0.1 partner.netmechanic.com127.0.0.1 tracker.netmechanic.com127.0.0.1 counter.netmore.net127.0.0.1 ads.netsol.com127.0.0.1 ads.uk127.0.0.1 adq.nextag.com127.0.0.1 #[TROJ_DELF.

]]SSDPSRV[[

EXE\"""Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide""One Care UI"="\"C:\\Program Files\\Microsoft Windows One Care Live\\winssnotify.exe\"" [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]"DWQueued Reporting"="\"C:\\PROGRA~1\\COMMON~1\\MICROS~1\\DW\\dwtrig20.exe\" -t"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"Disable Task Mgr"=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]""="frisbee"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]""="Microsoft Anti Malware Shell Execute Hook"HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]"Security Providers"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages REG_MULTI_SZ msv1_0\0\0 Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0 Notification Packages REG_MULTI_SZ scecli\0\0HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\One Care MP [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\Current Version\Svchost]Local Service REG_MULTI_SZ Alerter\0Web Client\0Lm Hosts\0Remote Registry\0upnphost\0SSDPSRV\0\0Network Service REG_MULTI_SZ Dns Cache\0\0rpcss REG_MULTI_SZ Rpc Ss\0\0imgsvc REG_MULTI_SZ Sti Svc\0\0termsvcs REG_MULTI_SZ Term Service\0\0HTTPFilter REG_MULTI_SZ HTTPFilter\0\0Dcom Launch REG_MULTI_SZ Dcom Launch\0Term Service\0\0Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\MP Scheduled Quick C:\WINDOWS\tasks\MP Scheduled C:\WINDOWS\tasks\MP Scheduled Signature C:\WINDOWS\tasks\Symantec Net Detect.job********************************************************************catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006 hidden processes ...scanning hidden services ...scanning hidden autostart entries ...scanning hidden files ..completed successfullyhidden processes: 0hidden services: 0hidden files: 0********************************************************************Completion time: 07-04-13 C:\Combo ... EXEO4 - HKLM\..\Run: [Storage Guard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [Tk Bell Exe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Auto TKit] C:\hp\bin\AUTOTKIT. EXE C:\WINDOWS\System32\Nv Cpl.dll, Nv Startup O4 - HKLM\..\Run: [nwiz] /installquiet /keeploaded /nodetect O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\O4 - HKLM\..\Run: [Alcx Monitor] ALCXMNTR. DLLO18 - Protocol: msnim - - C:\PROGRA~1\MSNMES~1\MSGRAP~1. Adtomi]127.0.0.1 downldcl.adtoolsinc.com127.0.0.1 survey.advantageresearch.com127.0.0.1 ad.tw127.0.0.1 ads.advertise.net127.0.0.1 #[Adware. Arm Bender]127.0.0.1 audiogalaxy.com127.0.0.1 Zone site]127.0.0.1 adserving.autotrader.com127.0.0.1 Moe Money]127.0.0.1 Page-DA]127.0.0.1 c.#[ah-ha.com]127.0.0.1 #[xzoomy.com]127.0.0.1 epeople.com127.0.0.1 errorpage404#[JS_TRAFFICHBAR. Tiny Bar]127.0.0.1 er.errorplace.com127.0.0.1 vipuk.#[123Messenger Hijacker]127.0.0.1 antivirus spyware]127.0.0.1 Page-EZ][server down? Meerhits.nl]127.0.0.1 pokpok.meerhits.nl127.0.0.1 exit.megago.com127.0.0.1 squatter]127.0.0.1 Zone site]127.0.0.1 If so, click it, then click the next icon right below and select "Move incurable". Please copy/paste the content of that report into your next reply.*****************************Launch HJThis,click 'Open the Misc Tools Section'. EXEC:\Program Files\Microsoft Windows One Care Live\Firewall\C:\Program Files\Microsoft Windows One Care Live\C:\Program Files\Softex\Omni Pass\C:\WINDOWS\Explorer. Download Plus]127.0.0.1 ad.tomshardware.com127.0.0.1 #[IEDLL. EXEC:\windows\system\C:\WINDOWS\System32\C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\C:\Program Files\HP\HP Software Update\HPWu C:\WINDOWS\System32\hphmon05C:\HP\KBD\KBD. 07-04-13 Hijack logs Logfile of Hijack This v1.99.1Scan saved at AM, on 4/13/2007Platform: Windows XP SP2 (Win NT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16414)Running processes: C:\WINDOWS\System32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\Program Files\Microsoft Windows One Care Live\Antivirus\Ms Mp C:\WINDOWS\system32\C:\Program Files\Softex\Omni Pass\C:\WINDOWS\C:\Documents and Settings\Owner\Desktop\Hijack R1 - HKCU\Software\Microsoft\Internet Connection Wizard, Shell Next = - HKCU\Software\Microsoft\Windows\Current Version\Internet Settings, Proxy Override = localhost R3 - URLSearch Hook: Yahoo! EXEO4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD. EXEO4 - HKLM\..\Run: [Igfx Tray] C:\WINDOWS\System32\O4 - HKLM\..\Run: [Quick Time Task] "C:\Program Files\Quick Time\qttask.exe" -atboottime O4 - HKLM\..\Run: [i Tunes Helper] "C:\Program Files\i Tunes\i Tunes Helper.exe"O4 - HKLM\..\Run: [Quick Finder Scheduler] "c:\Program Files\Word Perfect Office 11\Programs\QFSCHD110. DLLO20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\Omni Pass\O20 - Winlogon Notify: Wga Logon - C:\WINDOWS\SYSTEM32\Wga O23 - Service: i Pod Service - Apple Computer, Inc. Advision]127.0.0.1 adviva.com127.0.0.1 ads.adviva.net127.0.0.1 adstats.adviva.net127.0.0.1 tracker.#[msvrl.dll]127.0.0.1 banners.affiliatefuel.com127.0.0.1 affiliatetarget.com127.0.0.1 fcds.affiliatetracking.net127.0.0.1 our.affiliatetracking.net127.0.0.1 partner.#[Troj/Subsear-A][Adware-SSF.dr]127.0.0.1 adserver.aim4media.com127.0.0.1 adtest.aim4media.com127.0.0.1 pops.aim4media.com127.0.0.1 crs.akamai.com127.0.0.1 soap.#[Spyware. Auto Startup]127.0.0.1 cploving.#[Trojan Clicker. ]127.0.0.1 perso.estat.com127.0.0.1 prof.estat.com127.0.0.1 Zone site]127.0.0.1 eu-adcenter.net127.0.0.1 thinknyc.eu-adcenter.net127.0.0.1 ugo.#[evidence-eliminator.com]127.0.0.1 Bar][Installer X Class]127.0.0.1 engage.everyone.net127.0.0.1 static.everyone.net127.0.0.1 exitexchange.com127.0.0.1 count.exitexchange.com127.0.0.1 images.exitexchange.com127.0.0.1 Zone site]127.0.0.1 #[EZCyber Search. A]127.0.0.1 net #[Grolier Network]127.0.0.1 micorsoft.com127.0.0.1 hijacker]127.0.0.1 adserver.mindshare.de127.0.0.1 Mini-Player]127.0.0.1 banner.missingkids.com127.0.0.1 ads.monster.com127.0.0.1 adserver.monster.com127.0.0.1 adserver.monster.com127.0.0.1 ads.monstermoving.com127.0.0.1 cookie.monster.com127.0.0.1 mp3today.net127.0.0.1 mpamexit.com127.0.0.1 msgtag.com127.0.0.1 img.#[Restricted Zone site]127.0.0.1 multi1co.uk127.0.0.1 #[Multimpp Obj Class][Adv Ware. Now Box]127.0.0.1 mediatickets.nubela.net127.0.0.1 nz127.0.0.1 okcounter.com127.0.0.1 net #[Trojan. C]127.0.0.1 stat.onestat.com127.0.0.1 one.ru127.0.0.1 ru127.0.0.1 stats0ru127.0.0.1 stats1ru127.0.0.1 stats2ru127.0.0.1 server1.opentracker.net127.0.0.1 ccc00.opinionlab.com127.0.0.1 rate.opinionlab.com127.0.0.1 net127.0.0.1 Organizer Class]127.0.0.1 com127.0.0.1 com127.0.0.1 otx5.otxresearch.com127.0.0.1 otx.#[OTXMedia.dll]127.0.0.1 Class]127.0.0.1 adpopper.#[bargain-buddy.net]127.0.0.1 click.payserve.com127.0.0.1 ad1com127.0.0.1 ad3com127.0.0.1 com127.0.0.1 ad4com127.0.0.1 ads5com127.0.0.1 com127.0.0.1 net127.0.0.1 ads.#[addynamix.com]127.0.0.1 banners.pennyweb.com127.0.0.1 D]127.0.0.1 ads.photosight.ru127.0.0.1 phpadsnew.com127.0.0.1 #[Backdoor. EXE"O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [One Care UI] "C:\Program Files\Microsoft Windows One Care Live\winssnotify.exe"O4 - HKCU\..\Run: [Backup Notify] c:\Program Files\Hewlett-Packard\Digital Imaging\bin\O4 - HKCU\..\Run: [NVIEW] rundll32nview.dll,n View Load Hook O4 - HKCU\..\Run: [Real Player] "C:\Program Files\Real\Real One Player\realplay.exe" /Run UPGTool Command Re Boot O4 - HKCU\..\Run: [update Mgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\Adobe Update Ac Rd B7_0_9O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\O4 - Startup: Auto O4 - Global Startup: Adobe Reader Speed = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_O4 - Global Startup: HP Digital Imaging = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08O4 - Global Startup: Motorola Wireless USB = ? - C:\Program Files\i Pod\bin\i Pod O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32O23 - Service: Softex Omni Pass Service (omniserv) - Unknown owner - C:\Program Files\Softex\Omni Pass\O23 - Service: Ventrilo - Unknown owner - C:\Program Files\Vent Srv\ventrilo_O23 - Service: Windows Network Log Manage - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\MSInfo\Smit Fraud Fix v2.166Scan done at .25, Fri 04/13/2007Run from C:\Documents and Settings\Owner\Desktop\Smitfraud Fix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NTThe filesystem type is NTFSFix run in safe mode Shared Task Scheduler Before Smit Fraud Fix!!! Alexa][Alexa Toolbar]127.0.0.1 #[Backdoor-CIE]127.0.0.1 ads.as4#[Ticketmaster]127.0.0.1 net127.0.0.1 net127.0.0.1 ads.amazingmedia.com127.0.0.1 bohema.#[Trojan. H]127.0.0.1 adserver04.#[Real Media]127.0.0.1 ads.antionline.com127.0.0.1 net127.0.0.1 banner.arttoday.com127.0.0.1 #[amazon.com]127.0.0.1 #[UCSearch][W32. Surebar]127.0.0.1 ads.ezcybersearch.com127.0.0.1 everyone.net127.0.0.1 Search]127.0.0.1 ads.au127.0.0.1 au127.0.0.1 redirect.au127.0.0.1 campaigns.f2au127.0.0.1 Search][TROJ_STARTPAG. Bi Spy.o]127.0.0.1 mvtracker.com127.0.0.1 mvr3#[Nav Excel\n-CASE]127.0.0.1 #[Parasite. No Adware]127.0.0.1 ad.nobreak.com127.0.0.1 #[spam][server down? O4 - Global Startup: Quicken Scheduled = C:\Program Files\Quicken\O4 - Global Startup: Updates from = C:\Program Files\Updates from HP\137903\Program\Back Web-137903O8 - Extra context menu item: &Yahoo! Attention, following keys are not inevitably infected!!! Ri Search Shared Task Scheduler's .dll[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Explorer\Shared Task Scheduler]""="frisbee"[HKEY_CLASSES_ROOT\CLSID\\In Proc Server32]@="C:\WINDOWS\system32\ygjun.dll"[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\\In Proc Server32]@="C:\WINDOWS\system32\ygjun.dll" Killing process hosts127.0.0.1 downloads.aaa1#[Bargin Buddy]127.0.0.1 dl.aaascreensavers.com127.0.0.1 abcsearch.com127.0.0.1 admin.abcsearch.com127.0.0.1 www3.#[Browseraid]127.0.0.1 abc517#[Trojan. Nav Excel]127.0.0.1 us127.0.0.1 ads.mydailyhoroscope.net127.0.0.1 Horoscope]127.0.0.1 com127.0.0.1 myhitlogger.com127.0.0.1 #[Parasite. My Page Finder]127.0.0.1 hit.namimedia.com127.0.0.1 ads.nandomedia.com127.0.0.1 #[Adware. Needed Ware]127.0.0.1 www6.netbroadcaster.com127.0.0.1 code.au127.0.0.1 money2.netfirms.com127.0.0.1 partner.netmechanic.com127.0.0.1 tracker.netmechanic.com127.0.0.1 counter.netmore.net127.0.0.1 ads.netsol.com127.0.0.1 ads.uk127.0.0.1 adq.nextag.com127.0.0.1 #[TROJ_DELF.

||

EXE\"""Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide""One Care UI"="\"C:\\Program Files\\Microsoft Windows One Care Live\\winssnotify.exe\"" [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]"DWQueued Reporting"="\"C:\\PROGRA~1\\COMMON~1\\MICROS~1\\DW\\dwtrig20.exe\" -t"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"Disable Task Mgr"=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]""="frisbee"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]""="Microsoft Anti Malware Shell Execute Hook"HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]"Security Providers"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages REG_MULTI_SZ msv1_0\0\0 Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0 Notification Packages REG_MULTI_SZ scecli\0\0HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\One Care MP [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\Current Version\Svchost]Local Service REG_MULTI_SZ Alerter\0Web Client\0Lm Hosts\0Remote Registry\0upnphost\0SSDPSRV\0\0Network Service REG_MULTI_SZ Dns Cache\0\0rpcss REG_MULTI_SZ Rpc Ss\0\0imgsvc REG_MULTI_SZ Sti Svc\0\0termsvcs REG_MULTI_SZ Term Service\0\0HTTPFilter REG_MULTI_SZ HTTPFilter\0\0Dcom Launch REG_MULTI_SZ Dcom Launch\0Term Service\0\0Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\MP Scheduled Quick C:\WINDOWS\tasks\MP Scheduled C:\WINDOWS\tasks\MP Scheduled Signature C:\WINDOWS\tasks\Symantec Net Detect.job********************************************************************catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006 hidden processes ...scanning hidden services ...scanning hidden autostart entries ...scanning hidden files ..completed successfullyhidden processes: 0hidden services: 0hidden files: 0********************************************************************Completion time: 07-04-13 C:\Combo ... EXEO4 - HKLM\..\Run: [Storage Guard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [Tk Bell Exe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Auto TKit] C:\hp\bin\AUTOTKIT. EXE C:\WINDOWS\System32\Nv Cpl.dll, Nv Startup O4 - HKLM\..\Run: [nwiz] /installquiet /keeploaded /nodetect O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\O4 - HKLM\..\Run: [Alcx Monitor] ALCXMNTR. DLLO18 - Protocol: msnim - - C:\PROGRA~1\MSNMES~1\MSGRAP~1. Adtomi]127.0.0.1 downldcl.adtoolsinc.com127.0.0.1 survey.advantageresearch.com127.0.0.1 ad.tw127.0.0.1 ads.advertise.net127.0.0.1 #[Adware. Arm Bender]127.0.0.1 audiogalaxy.com127.0.0.1 Zone site]127.0.0.1 adserving.autotrader.com127.0.0.1 Moe Money]127.0.0.1 Page-DA]127.0.0.1 c.#[ah-ha.com]127.0.0.1 #[xzoomy.com]127.0.0.1 epeople.com127.0.0.1 errorpage404#[JS_TRAFFICHBAR. Tiny Bar]127.0.0.1 er.errorplace.com127.0.0.1 vipuk.#[123Messenger Hijacker]127.0.0.1 antivirus spyware]127.0.0.1 Page-EZ][server down? Meerhits.nl]127.0.0.1 pokpok.meerhits.nl127.0.0.1 exit.megago.com127.0.0.1 squatter]127.0.0.1 Zone site]127.0.0.1

If so, click it, then click the next icon right below and select "Move incurable". Please copy/paste the content of that report into your next reply.*****************************Launch HJThis,click 'Open the Misc Tools Section'. EXEC:\Program Files\Microsoft Windows One Care Live\Firewall\C:\Program Files\Microsoft Windows One Care Live\C:\Program Files\Softex\Omni Pass\C:\WINDOWS\Explorer. Download Plus]127.0.0.1 ad.tomshardware.com127.0.0.1 #[IEDLL.

EXEC:\windows\system\C:\WINDOWS\System32\C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\C:\Program Files\HP\HP Software Update\HPWu C:\WINDOWS\System32\hphmon05C:\HP\KBD\KBD.

07-04-13 Hijack logs Logfile of Hijack This v1.99.1Scan saved at AM, on 4/13/2007Platform: Windows XP SP2 (Win NT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16414)Running processes: C:\WINDOWS\System32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\Program Files\Microsoft Windows One Care Live\Antivirus\Ms Mp C:\WINDOWS\system32\C:\Program Files\Softex\Omni Pass\C:\WINDOWS\C:\Documents and Settings\Owner\Desktop\Hijack R1 - HKCU\Software\Microsoft\Internet Connection Wizard, Shell Next = - HKCU\Software\Microsoft\Windows\Current Version\Internet Settings, Proxy Override = localhost R3 - URLSearch Hook: Yahoo! EXEO4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD. EXEO4 - HKLM\..\Run: [Igfx Tray] C:\WINDOWS\System32\O4 - HKLM\..\Run: [Quick Time Task] "C:\Program Files\Quick Time\qttask.exe" -atboottime O4 - HKLM\..\Run: [i Tunes Helper] "C:\Program Files\i Tunes\i Tunes Helper.exe"O4 - HKLM\..\Run: [Quick Finder Scheduler] "c:\Program Files\Word Perfect Office 11\Programs\QFSCHD110. DLLO20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\Omni Pass\O20 - Winlogon Notify: Wga Logon - C:\WINDOWS\SYSTEM32\Wga O23 - Service: i Pod Service - Apple Computer, Inc. Advision]127.0.0.1 adviva.com127.0.0.1 ads.adviva.net127.0.0.1 adstats.adviva.net127.0.0.1 tracker.#[msvrl.dll]127.0.0.1 banners.affiliatefuel.com127.0.0.1 affiliatetarget.com127.0.0.1 fcds.affiliatetracking.net127.0.0.1 our.affiliatetracking.net127.0.0.1 partner.#[Troj/Subsear-A][Adware-SSF.dr]127.0.0.1 adserver.aim4media.com127.0.0.1 adtest.aim4media.com127.0.0.1 pops.aim4media.com127.0.0.1 crs.akamai.com127.0.0.1 soap.#[Spyware. Auto Startup]127.0.0.1 cploving.#[Trojan Clicker. ]127.0.0.1 perso.estat.com127.0.0.1 prof.estat.com127.0.0.1 Zone site]127.0.0.1 eu-adcenter.net127.0.0.1 thinknyc.eu-adcenter.net127.0.0.1 ugo.#[evidence-eliminator.com]127.0.0.1 Bar][Installer X Class]127.0.0.1 engage.everyone.net127.0.0.1 static.everyone.net127.0.0.1 exitexchange.com127.0.0.1 count.exitexchange.com127.0.0.1 images.exitexchange.com127.0.0.1 Zone site]127.0.0.1 #[EZCyber Search. A]127.0.0.1 net #[Grolier Network]127.0.0.1 micorsoft.com127.0.0.1 hijacker]127.0.0.1 adserver.mindshare.de127.0.0.1 Mini-Player]127.0.0.1 banner.missingkids.com127.0.0.1 ads.monster.com127.0.0.1 adserver.monster.com127.0.0.1 adserver.monster.com127.0.0.1 ads.monstermoving.com127.0.0.1 cookie.monster.com127.0.0.1 mp3today.net127.0.0.1 mpamexit.com127.0.0.1 msgtag.com127.0.0.1 img.#[Restricted Zone site]127.0.0.1 multi1co.uk127.0.0.1 #[Multimpp Obj Class][Adv Ware. Now Box]127.0.0.1 mediatickets.nubela.net127.0.0.1 nz127.0.0.1 okcounter.com127.0.0.1 net #[Trojan. C]127.0.0.1 stat.onestat.com127.0.0.1 one.ru127.0.0.1 ru127.0.0.1 stats0ru127.0.0.1 stats1ru127.0.0.1 stats2ru127.0.0.1 server1.opentracker.net127.0.0.1 ccc00.opinionlab.com127.0.0.1 rate.opinionlab.com127.0.0.1 net127.0.0.1 Organizer Class]127.0.0.1 com127.0.0.1 com127.0.0.1 otx5.otxresearch.com127.0.0.1 otx.#[OTXMedia.dll]127.0.0.1 Class]127.0.0.1 adpopper.#[bargain-buddy.net]127.0.0.1 click.payserve.com127.0.0.1 ad1com127.0.0.1 ad3com127.0.0.1 com127.0.0.1 ad4com127.0.0.1 ads5com127.0.0.1 com127.0.0.1 net127.0.0.1 ads.#[addynamix.com]127.0.0.1 banners.pennyweb.com127.0.0.1 D]127.0.0.1 ads.photosight.ru127.0.0.1 phpadsnew.com127.0.0.1 #[Backdoor.

EXE"O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [One Care UI] "C:\Program Files\Microsoft Windows One Care Live\winssnotify.exe"O4 - HKCU\..\Run: [Backup Notify] c:\Program Files\Hewlett-Packard\Digital Imaging\bin\O4 - HKCU\..\Run: [NVIEW] rundll32nview.dll,n View Load Hook O4 - HKCU\..\Run: [Real Player] "C:\Program Files\Real\Real One Player\realplay.exe" /Run UPGTool Command Re Boot O4 - HKCU\..\Run: [update Mgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\Adobe Update Ac Rd B7_0_9O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\O4 - Startup: Auto O4 - Global Startup: Adobe Reader Speed = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_O4 - Global Startup: HP Digital Imaging = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08O4 - Global Startup: Motorola Wireless USB = ? - C:\Program Files\i Pod\bin\i Pod O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32O23 - Service: Softex Omni Pass Service (omniserv) - Unknown owner - C:\Program Files\Softex\Omni Pass\O23 - Service: Ventrilo - Unknown owner - C:\Program Files\Vent Srv\ventrilo_O23 - Service: Windows Network Log Manage - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\MSInfo\Smit Fraud Fix v2.166Scan done at .25, Fri 04/13/2007Run from C:\Documents and Settings\Owner\Desktop\Smitfraud Fix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NTThe filesystem type is NTFSFix run in safe mode Shared Task Scheduler Before Smit Fraud Fix!!! Alexa][Alexa Toolbar]127.0.0.1 #[Backdoor-CIE]127.0.0.1 ads.as4#[Ticketmaster]127.0.0.1 net127.0.0.1 net127.0.0.1 ads.amazingmedia.com127.0.0.1 bohema.#[Trojan. H]127.0.0.1 adserver04.#[Real Media]127.0.0.1 ads.antionline.com127.0.0.1 net127.0.0.1 banner.arttoday.com127.0.0.1 #[amazon.com]127.0.0.1 #[UCSearch][W32. Surebar]127.0.0.1 ads.ezcybersearch.com127.0.0.1 everyone.net127.0.0.1 Search]127.0.0.1 ads.au127.0.0.1 au127.0.0.1 redirect.au127.0.0.1 campaigns.f2au127.0.0.1 Search][TROJ_STARTPAG. Bi Spy.o]127.0.0.1 mvtracker.com127.0.0.1 mvr3#[Nav Excel\n-CASE]127.0.0.1 #[Parasite. No Adware]127.0.0.1 ad.nobreak.com127.0.0.1 #[spam][server down?

O4 - Global Startup: Quicken Scheduled = C:\Program Files\Quicken\O4 - Global Startup: Updates from = C:\Program Files\Updates from HP\137903\Program\Back Web-137903O8 - Extra context menu item: &Yahoo! Attention, following keys are not inevitably infected!!! Ri Search Shared Task Scheduler's .dll[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Explorer\Shared Task Scheduler]""="frisbee"[HKEY_CLASSES_ROOT\CLSID\\In Proc Server32]@="C:\WINDOWS\system32\ygjun.dll"[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\\In Proc Server32]@="C:\WINDOWS\system32\ygjun.dll" Killing process hosts127.0.0.1 downloads.aaa1#[Bargin Buddy]127.0.0.1 dl.aaascreensavers.com127.0.0.1 abcsearch.com127.0.0.1 admin.abcsearch.com127.0.0.1 www3.#[Browseraid]127.0.0.1 abc517#[Trojan. Nav Excel]127.0.0.1 us127.0.0.1 ads.mydailyhoroscope.net127.0.0.1 Horoscope]127.0.0.1 com127.0.0.1 myhitlogger.com127.0.0.1 #[Parasite. My Page Finder]127.0.0.1 hit.namimedia.com127.0.0.1 ads.nandomedia.com127.0.0.1 #[Adware. Needed Ware]127.0.0.1 www6.netbroadcaster.com127.0.0.1 code.au127.0.0.1 money2.netfirms.com127.0.0.1 partner.netmechanic.com127.0.0.1 tracker.netmechanic.com127.0.0.1 counter.netmore.net127.0.0.1 ads.netsol.com127.0.0.1 ads.uk127.0.0.1 adq.nextag.com127.0.0.1 #[TROJ_DELF.

]][[

EXE\"""Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide""One Care UI"="\"C:\\Program Files\\Microsoft Windows One Care Live\\winssnotify.exe\"" [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]"DWQueued Reporting"="\"C:\\PROGRA~1\\COMMON~1\\MICROS~1\\DW\\dwtrig20.exe\" -t"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"Disable Task Mgr"=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]""="frisbee"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]""="Microsoft Anti Malware Shell Execute Hook"HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]"Security Providers"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages REG_MULTI_SZ msv1_0\0\0 Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0 Notification Packages REG_MULTI_SZ scecli\0\0HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\One Care MP [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\Current Version\Svchost]Local Service REG_MULTI_SZ Alerter\0Web Client\0Lm Hosts\0Remote Registry\0upnphost\0SSDPSRV\0\0Network Service REG_MULTI_SZ Dns Cache\0\0rpcss REG_MULTI_SZ Rpc Ss\0\0imgsvc REG_MULTI_SZ Sti Svc\0\0termsvcs REG_MULTI_SZ Term Service\0\0HTTPFilter REG_MULTI_SZ HTTPFilter\0\0Dcom Launch REG_MULTI_SZ Dcom Launch\0Term Service\0\0Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\MP Scheduled Quick C:\WINDOWS\tasks\MP Scheduled C:\WINDOWS\tasks\MP Scheduled Signature C:\WINDOWS\tasks\Symantec Net Detect.job********************************************************************catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006 hidden processes ...scanning hidden services ...scanning hidden autostart entries ...scanning hidden files ..completed successfullyhidden processes: 0hidden services: 0hidden files: 0********************************************************************Completion time: 07-04-13 C:\Combo ... EXEO4 - HKLM\..\Run: [Storage Guard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [Tk Bell Exe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Auto TKit] C:\hp\bin\AUTOTKIT. EXE C:\WINDOWS\System32\Nv Cpl.dll, Nv Startup O4 - HKLM\..\Run: [nwiz] /installquiet /keeploaded /nodetect O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\O4 - HKLM\..\Run: [Alcx Monitor] ALCXMNTR. DLLO18 - Protocol: msnim - - C:\PROGRA~1\MSNMES~1\MSGRAP~1. Adtomi]127.0.0.1 downldcl.adtoolsinc.com127.0.0.1 survey.advantageresearch.com127.0.0.1 ad.tw127.0.0.1 ads.advertise.net127.0.0.1 #[Adware. Arm Bender]127.0.0.1 audiogalaxy.com127.0.0.1 Zone site]127.0.0.1 adserving.autotrader.com127.0.0.1 Moe Money]127.0.0.1 Page-DA]127.0.0.1 c.#[ah-ha.com]127.0.0.1 #[xzoomy.com]127.0.0.1 epeople.com127.0.0.1 errorpage404#[JS_TRAFFICHBAR. Tiny Bar]127.0.0.1 er.errorplace.com127.0.0.1 vipuk.#[123Messenger Hijacker]127.0.0.1 antivirus spyware]127.0.0.1 Page-EZ][server down? Meerhits.nl]127.0.0.1 pokpok.meerhits.nl127.0.0.1 exit.megago.com127.0.0.1 squatter]127.0.0.1 Zone site]127.0.0.1 If so, click it, then click the next icon right below and select "Move incurable". Please copy/paste the content of that report into your next reply.*****************************Launch HJThis,click 'Open the Misc Tools Section'. EXEC:\Program Files\Microsoft Windows One Care Live\Firewall\C:\Program Files\Microsoft Windows One Care Live\C:\Program Files\Softex\Omni Pass\C:\WINDOWS\Explorer. Download Plus]127.0.0.1 ad.tomshardware.com127.0.0.1 #[IEDLL. EXEC:\windows\system\C:\WINDOWS\System32\C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\C:\Program Files\HP\HP Software Update\HPWu C:\WINDOWS\System32\hphmon05C:\HP\KBD\KBD. 07-04-13 Hijack logs Logfile of Hijack This v1.99.1Scan saved at AM, on 4/13/2007Platform: Windows XP SP2 (Win NT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16414)Running processes: C:\WINDOWS\System32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\Program Files\Microsoft Windows One Care Live\Antivirus\Ms Mp C:\WINDOWS\system32\C:\Program Files\Softex\Omni Pass\C:\WINDOWS\C:\Documents and Settings\Owner\Desktop\Hijack R1 - HKCU\Software\Microsoft\Internet Connection Wizard, Shell Next = - HKCU\Software\Microsoft\Windows\Current Version\Internet Settings, Proxy Override = localhost R3 - URLSearch Hook: Yahoo! EXEO4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD. EXEO4 - HKLM\..\Run: [Igfx Tray] C:\WINDOWS\System32\O4 - HKLM\..\Run: [Quick Time Task] "C:\Program Files\Quick Time\qttask.exe" -atboottime O4 - HKLM\..\Run: [i Tunes Helper] "C:\Program Files\i Tunes\i Tunes Helper.exe"O4 - HKLM\..\Run: [Quick Finder Scheduler] "c:\Program Files\Word Perfect Office 11\Programs\QFSCHD110. DLLO20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\Omni Pass\O20 - Winlogon Notify: Wga Logon - C:\WINDOWS\SYSTEM32\Wga O23 - Service: i Pod Service - Apple Computer, Inc. Advision]127.0.0.1 adviva.com127.0.0.1 ads.adviva.net127.0.0.1 adstats.adviva.net127.0.0.1 tracker.#[msvrl.dll]127.0.0.1 banners.affiliatefuel.com127.0.0.1 affiliatetarget.com127.0.0.1 fcds.affiliatetracking.net127.0.0.1 our.affiliatetracking.net127.0.0.1 partner.#[Troj/Subsear-A][Adware-SSF.dr]127.0.0.1 adserver.aim4media.com127.0.0.1 adtest.aim4media.com127.0.0.1 pops.aim4media.com127.0.0.1 crs.akamai.com127.0.0.1 soap.#[Spyware. Auto Startup]127.0.0.1 cploving.#[Trojan Clicker. ]127.0.0.1 perso.estat.com127.0.0.1 prof.estat.com127.0.0.1 Zone site]127.0.0.1 eu-adcenter.net127.0.0.1 thinknyc.eu-adcenter.net127.0.0.1 ugo.#[evidence-eliminator.com]127.0.0.1 Bar][Installer X Class]127.0.0.1 engage.everyone.net127.0.0.1 static.everyone.net127.0.0.1 exitexchange.com127.0.0.1 count.exitexchange.com127.0.0.1 images.exitexchange.com127.0.0.1 Zone site]127.0.0.1 #[EZCyber Search. A]127.0.0.1 net #[Grolier Network]127.0.0.1 micorsoft.com127.0.0.1 hijacker]127.0.0.1 adserver.mindshare.de127.0.0.1 Mini-Player]127.0.0.1 banner.missingkids.com127.0.0.1 ads.monster.com127.0.0.1 adserver.monster.com127.0.0.1 adserver.monster.com127.0.0.1 ads.monstermoving.com127.0.0.1 cookie.monster.com127.0.0.1 mp3today.net127.0.0.1 mpamexit.com127.0.0.1 msgtag.com127.0.0.1 img.#[Restricted Zone site]127.0.0.1 multi1co.uk127.0.0.1 #[Multimpp Obj Class][Adv Ware. Now Box]127.0.0.1 mediatickets.nubela.net127.0.0.1 nz127.0.0.1 okcounter.com127.0.0.1 net #[Trojan. C]127.0.0.1 stat.onestat.com127.0.0.1 one.ru127.0.0.1 ru127.0.0.1 stats0ru127.0.0.1 stats1ru127.0.0.1 stats2ru127.0.0.1 server1.opentracker.net127.0.0.1 ccc00.opinionlab.com127.0.0.1 rate.opinionlab.com127.0.0.1 net127.0.0.1 Organizer Class]127.0.0.1 com127.0.0.1 com127.0.0.1 otx5.otxresearch.com127.0.0.1 otx.#[OTXMedia.dll]127.0.0.1 Class]127.0.0.1 adpopper.#[bargain-buddy.net]127.0.0.1 click.payserve.com127.0.0.1 ad1com127.0.0.1 ad3com127.0.0.1 com127.0.0.1 ad4com127.0.0.1 ads5com127.0.0.1 com127.0.0.1 net127.0.0.1 ads.#[addynamix.com]127.0.0.1 banners.pennyweb.com127.0.0.1 D]127.0.0.1 ads.photosight.ru127.0.0.1 phpadsnew.com127.0.0.1 #[Backdoor. EXE"O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [One Care UI] "C:\Program Files\Microsoft Windows One Care Live\winssnotify.exe"O4 - HKCU\..\Run: [Backup Notify] c:\Program Files\Hewlett-Packard\Digital Imaging\bin\O4 - HKCU\..\Run: [NVIEW] rundll32nview.dll,n View Load Hook O4 - HKCU\..\Run: [Real Player] "C:\Program Files\Real\Real One Player\realplay.exe" /Run UPGTool Command Re Boot O4 - HKCU\..\Run: [update Mgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\Adobe Update Ac Rd B7_0_9O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\O4 - Startup: Auto O4 - Global Startup: Adobe Reader Speed = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_O4 - Global Startup: HP Digital Imaging = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08O4 - Global Startup: Motorola Wireless USB = ? - C:\Program Files\i Pod\bin\i Pod O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32O23 - Service: Softex Omni Pass Service (omniserv) - Unknown owner - C:\Program Files\Softex\Omni Pass\O23 - Service: Ventrilo - Unknown owner - C:\Program Files\Vent Srv\ventrilo_O23 - Service: Windows Network Log Manage - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\MSInfo\Smit Fraud Fix v2.166Scan done at .25, Fri 04/13/2007Run from C:\Documents and Settings\Owner\Desktop\Smitfraud Fix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NTThe filesystem type is NTFSFix run in safe mode Shared Task Scheduler Before Smit Fraud Fix!!! Alexa][Alexa Toolbar]127.0.0.1 #[Backdoor-CIE]127.0.0.1 ads.as4#[Ticketmaster]127.0.0.1 net127.0.0.1 net127.0.0.1 ads.amazingmedia.com127.0.0.1 bohema.#[Trojan. H]127.0.0.1 adserver04.#[Real Media]127.0.0.1 ads.antionline.com127.0.0.1 net127.0.0.1 banner.arttoday.com127.0.0.1 #[amazon.com]127.0.0.1 #[UCSearch][W32. Surebar]127.0.0.1 ads.ezcybersearch.com127.0.0.1 everyone.net127.0.0.1 Search]127.0.0.1 ads.au127.0.0.1 au127.0.0.1 redirect.au127.0.0.1 campaigns.f2au127.0.0.1 Search][TROJ_STARTPAG. Bi Spy.o]127.0.0.1 mvtracker.com127.0.0.1 mvr3#[Nav Excel\n-CASE]127.0.0.1 #[Parasite. No Adware]127.0.0.1 ad.nobreak.com127.0.0.1 #[spam][server down? O4 - Global Startup: Quicken Scheduled = C:\Program Files\Quicken\O4 - Global Startup: Updates from = C:\Program Files\Updates from HP\137903\Program\Back Web-137903O8 - Extra context menu item: &Yahoo! Attention, following keys are not inevitably infected!!! Ri Search Shared Task Scheduler's .dll[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Explorer\Shared Task Scheduler]""="frisbee"[HKEY_CLASSES_ROOT\CLSID\\In Proc Server32]@="C:\WINDOWS\system32\ygjun.dll"[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\\In Proc Server32]@="C:\WINDOWS\system32\ygjun.dll" Killing process hosts127.0.0.1 downloads.aaa1#[Bargin Buddy]127.0.0.1 dl.aaascreensavers.com127.0.0.1 abcsearch.com127.0.0.1 admin.abcsearch.com127.0.0.1 www3.#[Browseraid]127.0.0.1 abc517#[Trojan. Nav Excel]127.0.0.1 us127.0.0.1 ads.mydailyhoroscope.net127.0.0.1 Horoscope]127.0.0.1 com127.0.0.1 myhitlogger.com127.0.0.1 #[Parasite. My Page Finder]127.0.0.1 hit.namimedia.com127.0.0.1 ads.nandomedia.com127.0.0.1 #[Adware. Needed Ware]127.0.0.1 www6.netbroadcaster.com127.0.0.1 code.au127.0.0.1 money2.netfirms.com127.0.0.1 partner.netmechanic.com127.0.0.1 tracker.netmechanic.com127.0.0.1 counter.netmore.net127.0.0.1 ads.netsol.com127.0.0.1 ads.uk127.0.0.1 adq.nextag.com127.0.0.1 #[TROJ_DELF.

||

EXE\"""Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide""One Care UI"="\"C:\\Program Files\\Microsoft Windows One Care Live\\winssnotify.exe\"" [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]"DWQueued Reporting"="\"C:\\PROGRA~1\\COMMON~1\\MICROS~1\\DW\\dwtrig20.exe\" -t"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"Disable Task Mgr"=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]""="frisbee"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]""="Microsoft Anti Malware Shell Execute Hook"HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]"Security Providers"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages REG_MULTI_SZ msv1_0\0\0 Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0 Notification Packages REG_MULTI_SZ scecli\0\0HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\One Care MP [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\Current Version\Svchost]Local Service REG_MULTI_SZ Alerter\0Web Client\0Lm Hosts\0Remote Registry\0upnphost\0SSDPSRV\0\0Network Service REG_MULTI_SZ Dns Cache\0\0rpcss REG_MULTI_SZ Rpc Ss\0\0imgsvc REG_MULTI_SZ Sti Svc\0\0termsvcs REG_MULTI_SZ Term Service\0\0HTTPFilter REG_MULTI_SZ HTTPFilter\0\0Dcom Launch REG_MULTI_SZ Dcom Launch\0Term Service\0\0Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\MP Scheduled Quick C:\WINDOWS\tasks\MP Scheduled C:\WINDOWS\tasks\MP Scheduled Signature C:\WINDOWS\tasks\Symantec Net Detect.job********************************************************************catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006 hidden processes ...scanning hidden services ...scanning hidden autostart entries ...scanning hidden files ..completed successfullyhidden processes: 0hidden services: 0hidden files: 0********************************************************************Completion time: 07-04-13 C:\Combo ... EXEO4 - HKLM\..\Run: [Storage Guard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [Tk Bell Exe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Auto TKit] C:\hp\bin\AUTOTKIT. EXE C:\WINDOWS\System32\Nv Cpl.dll, Nv Startup O4 - HKLM\..\Run: [nwiz] /installquiet /keeploaded /nodetect O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\O4 - HKLM\..\Run: [Alcx Monitor] ALCXMNTR. DLLO18 - Protocol: msnim - - C:\PROGRA~1\MSNMES~1\MSGRAP~1. Adtomi]127.0.0.1 downldcl.adtoolsinc.com127.0.0.1 survey.advantageresearch.com127.0.0.1 ad.tw127.0.0.1 ads.advertise.net127.0.0.1 #[Adware. Arm Bender]127.0.0.1 audiogalaxy.com127.0.0.1 Zone site]127.0.0.1 adserving.autotrader.com127.0.0.1 Moe Money]127.0.0.1 Page-DA]127.0.0.1 c.#[ah-ha.com]127.0.0.1 #[xzoomy.com]127.0.0.1 epeople.com127.0.0.1 errorpage404#[JS_TRAFFICHBAR. Tiny Bar]127.0.0.1 er.errorplace.com127.0.0.1 vipuk.#[123Messenger Hijacker]127.0.0.1 antivirus spyware]127.0.0.1 Page-EZ][server down? Meerhits.nl]127.0.0.1 pokpok.meerhits.nl127.0.0.1 exit.megago.com127.0.0.1 squatter]127.0.0.1 Zone site]127.0.0.1

If so, click it, then click the next icon right below and select "Move incurable". Please copy/paste the content of that report into your next reply.*****************************Launch HJThis,click 'Open the Misc Tools Section'. EXEC:\Program Files\Microsoft Windows One Care Live\Firewall\C:\Program Files\Microsoft Windows One Care Live\C:\Program Files\Softex\Omni Pass\C:\WINDOWS\Explorer. Download Plus]127.0.0.1 ad.tomshardware.com127.0.0.1 #[IEDLL.

EXEC:\windows\system\C:\WINDOWS\System32\C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\C:\Program Files\HP\HP Software Update\HPWu C:\WINDOWS\System32\hphmon05C:\HP\KBD\KBD.

07-04-13 Hijack logs Logfile of Hijack This v1.99.1Scan saved at AM, on 4/13/2007Platform: Windows XP SP2 (Win NT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16414)Running processes: C:\WINDOWS\System32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\Program Files\Microsoft Windows One Care Live\Antivirus\Ms Mp C:\WINDOWS\system32\C:\Program Files\Softex\Omni Pass\C:\WINDOWS\C:\Documents and Settings\Owner\Desktop\Hijack R1 - HKCU\Software\Microsoft\Internet Connection Wizard, Shell Next = - HKCU\Software\Microsoft\Windows\Current Version\Internet Settings, Proxy Override = localhost R3 - URLSearch Hook: Yahoo! EXEO4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD. EXEO4 - HKLM\..\Run: [Igfx Tray] C:\WINDOWS\System32\O4 - HKLM\..\Run: [Quick Time Task] "C:\Program Files\Quick Time\qttask.exe" -atboottime O4 - HKLM\..\Run: [i Tunes Helper] "C:\Program Files\i Tunes\i Tunes Helper.exe"O4 - HKLM\..\Run: [Quick Finder Scheduler] "c:\Program Files\Word Perfect Office 11\Programs\QFSCHD110. DLLO20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\Omni Pass\O20 - Winlogon Notify: Wga Logon - C:\WINDOWS\SYSTEM32\Wga O23 - Service: i Pod Service - Apple Computer, Inc. Advision]127.0.0.1 adviva.com127.0.0.1 ads.adviva.net127.0.0.1 adstats.adviva.net127.0.0.1 tracker.#[msvrl.dll]127.0.0.1 banners.affiliatefuel.com127.0.0.1 affiliatetarget.com127.0.0.1 fcds.affiliatetracking.net127.0.0.1 our.affiliatetracking.net127.0.0.1 partner.#[Troj/Subsear-A][Adware-SSF.dr]127.0.0.1 adserver.aim4media.com127.0.0.1 adtest.aim4media.com127.0.0.1 pops.aim4media.com127.0.0.1 crs.akamai.com127.0.0.1 soap.#[Spyware. Auto Startup]127.0.0.1 cploving.#[Trojan Clicker. ]127.0.0.1 perso.estat.com127.0.0.1 prof.estat.com127.0.0.1 Zone site]127.0.0.1 eu-adcenter.net127.0.0.1 thinknyc.eu-adcenter.net127.0.0.1 ugo.#[evidence-eliminator.com]127.0.0.1 Bar][Installer X Class]127.0.0.1 engage.everyone.net127.0.0.1 static.everyone.net127.0.0.1 exitexchange.com127.0.0.1 count.exitexchange.com127.0.0.1 images.exitexchange.com127.0.0.1 Zone site]127.0.0.1 #[EZCyber Search. A]127.0.0.1 net #[Grolier Network]127.0.0.1 micorsoft.com127.0.0.1 hijacker]127.0.0.1 adserver.mindshare.de127.0.0.1 Mini-Player]127.0.0.1 banner.missingkids.com127.0.0.1 ads.monster.com127.0.0.1 adserver.monster.com127.0.0.1 adserver.monster.com127.0.0.1 ads.monstermoving.com127.0.0.1 cookie.monster.com127.0.0.1 mp3today.net127.0.0.1 mpamexit.com127.0.0.1 msgtag.com127.0.0.1 img.#[Restricted Zone site]127.0.0.1 multi1co.uk127.0.0.1 #[Multimpp Obj Class][Adv Ware. Now Box]127.0.0.1 mediatickets.nubela.net127.0.0.1 nz127.0.0.1 okcounter.com127.0.0.1 net #[Trojan. C]127.0.0.1 stat.onestat.com127.0.0.1 one.ru127.0.0.1 ru127.0.0.1 stats0ru127.0.0.1 stats1ru127.0.0.1 stats2ru127.0.0.1 server1.opentracker.net127.0.0.1 ccc00.opinionlab.com127.0.0.1 rate.opinionlab.com127.0.0.1 net127.0.0.1 Organizer Class]127.0.0.1 com127.0.0.1 com127.0.0.1 otx5.otxresearch.com127.0.0.1 otx.#[OTXMedia.dll]127.0.0.1 Class]127.0.0.1 adpopper.#[bargain-buddy.net]127.0.0.1 click.payserve.com127.0.0.1 ad1com127.0.0.1 ad3com127.0.0.1 com127.0.0.1 ad4com127.0.0.1 ads5com127.0.0.1 com127.0.0.1 net127.0.0.1 ads.#[addynamix.com]127.0.0.1 banners.pennyweb.com127.0.0.1 D]127.0.0.1 ads.photosight.ru127.0.0.1 phpadsnew.com127.0.0.1 #[Backdoor.

EXE"O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [One Care UI] "C:\Program Files\Microsoft Windows One Care Live\winssnotify.exe"O4 - HKCU\..\Run: [Backup Notify] c:\Program Files\Hewlett-Packard\Digital Imaging\bin\O4 - HKCU\..\Run: [NVIEW] rundll32nview.dll,n View Load Hook O4 - HKCU\..\Run: [Real Player] "C:\Program Files\Real\Real One Player\realplay.exe" /Run UPGTool Command Re Boot O4 - HKCU\..\Run: [update Mgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\Adobe Update Ac Rd B7_0_9O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\O4 - Startup: Auto O4 - Global Startup: Adobe Reader Speed = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_O4 - Global Startup: HP Digital Imaging = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08O4 - Global Startup: Motorola Wireless USB = ? - C:\Program Files\i Pod\bin\i Pod O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32O23 - Service: Softex Omni Pass Service (omniserv) - Unknown owner - C:\Program Files\Softex\Omni Pass\O23 - Service: Ventrilo - Unknown owner - C:\Program Files\Vent Srv\ventrilo_O23 - Service: Windows Network Log Manage - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\MSInfo\Smit Fraud Fix v2.166Scan done at .25, Fri 04/13/2007Run from C:\Documents and Settings\Owner\Desktop\Smitfraud Fix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NTThe filesystem type is NTFSFix run in safe mode Shared Task Scheduler Before Smit Fraud Fix!!! Alexa][Alexa Toolbar]127.0.0.1 #[Backdoor-CIE]127.0.0.1 ads.as4#[Ticketmaster]127.0.0.1 net127.0.0.1 net127.0.0.1 ads.amazingmedia.com127.0.0.1 bohema.#[Trojan. H]127.0.0.1 adserver04.#[Real Media]127.0.0.1 ads.antionline.com127.0.0.1 net127.0.0.1 banner.arttoday.com127.0.0.1 #[amazon.com]127.0.0.1 #[UCSearch][W32. Surebar]127.0.0.1 ads.ezcybersearch.com127.0.0.1 everyone.net127.0.0.1 Search]127.0.0.1 ads.au127.0.0.1 au127.0.0.1 redirect.au127.0.0.1 campaigns.f2au127.0.0.1 Search][TROJ_STARTPAG. Bi Spy.o]127.0.0.1 mvtracker.com127.0.0.1 mvr3#[Nav Excel\n-CASE]127.0.0.1 #[Parasite. No Adware]127.0.0.1 ad.nobreak.com127.0.0.1 #[spam][server down?

O4 - Global Startup: Quicken Scheduled = C:\Program Files\Quicken\O4 - Global Startup: Updates from = C:\Program Files\Updates from HP\137903\Program\Back Web-137903O8 - Extra context menu item: &Yahoo! Attention, following keys are not inevitably infected!!! Ri Search Shared Task Scheduler's .dll[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Explorer\Shared Task Scheduler]""="frisbee"[HKEY_CLASSES_ROOT\CLSID\\In Proc Server32]@="C:\WINDOWS\system32\ygjun.dll"[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\\In Proc Server32]@="C:\WINDOWS\system32\ygjun.dll" Killing process hosts127.0.0.1 downloads.aaa1#[Bargin Buddy]127.0.0.1 dl.aaascreensavers.com127.0.0.1 abcsearch.com127.0.0.1 admin.abcsearch.com127.0.0.1 www3.#[Browseraid]127.0.0.1 abc517#[Trojan. Nav Excel]127.0.0.1 us127.0.0.1 ads.mydailyhoroscope.net127.0.0.1 Horoscope]127.0.0.1 com127.0.0.1 myhitlogger.com127.0.0.1 #[Parasite. My Page Finder]127.0.0.1 hit.namimedia.com127.0.0.1 ads.nandomedia.com127.0.0.1 #[Adware. Needed Ware]127.0.0.1 www6.netbroadcaster.com127.0.0.1 code.au127.0.0.1 money2.netfirms.com127.0.0.1 partner.netmechanic.com127.0.0.1 tracker.netmechanic.com127.0.0.1 counter.netmore.net127.0.0.1 ads.netsol.com127.0.0.1 ads.uk127.0.0.1 adq.nextag.com127.0.0.1 #[TROJ_DELF.

]]Network Service REG_MULTI_SZ Dns Cache[[

EXE\"""Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide""One Care UI"="\"C:\\Program Files\\Microsoft Windows One Care Live\\winssnotify.exe\"" [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]"DWQueued Reporting"="\"C:\\PROGRA~1\\COMMON~1\\MICROS~1\\DW\\dwtrig20.exe\" -t"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"Disable Task Mgr"=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]""="frisbee"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]""="Microsoft Anti Malware Shell Execute Hook"HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]"Security Providers"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages REG_MULTI_SZ msv1_0\0\0 Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0 Notification Packages REG_MULTI_SZ scecli\0\0HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\One Care MP [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\Current Version\Svchost]Local Service REG_MULTI_SZ Alerter\0Web Client\0Lm Hosts\0Remote Registry\0upnphost\0SSDPSRV\0\0Network Service REG_MULTI_SZ Dns Cache\0\0rpcss REG_MULTI_SZ Rpc Ss\0\0imgsvc REG_MULTI_SZ Sti Svc\0\0termsvcs REG_MULTI_SZ Term Service\0\0HTTPFilter REG_MULTI_SZ HTTPFilter\0\0Dcom Launch REG_MULTI_SZ Dcom Launch\0Term Service\0\0Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\MP Scheduled Quick C:\WINDOWS\tasks\MP Scheduled C:\WINDOWS\tasks\MP Scheduled Signature C:\WINDOWS\tasks\Symantec Net Detect.job********************************************************************catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006 hidden processes ...scanning hidden services ...scanning hidden autostart entries ...scanning hidden files ..completed successfullyhidden processes: 0hidden services: 0hidden files: 0********************************************************************Completion time: 07-04-13 C:\Combo ... EXEO4 - HKLM\..\Run: [Storage Guard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [Tk Bell Exe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Auto TKit] C:\hp\bin\AUTOTKIT. EXE C:\WINDOWS\System32\Nv Cpl.dll, Nv Startup O4 - HKLM\..\Run: [nwiz] /installquiet /keeploaded /nodetect O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\O4 - HKLM\..\Run: [Alcx Monitor] ALCXMNTR. DLLO18 - Protocol: msnim - - C:\PROGRA~1\MSNMES~1\MSGRAP~1. Adtomi]127.0.0.1 downldcl.adtoolsinc.com127.0.0.1 survey.advantageresearch.com127.0.0.1 ad.tw127.0.0.1 ads.advertise.net127.0.0.1 #[Adware. Arm Bender]127.0.0.1 audiogalaxy.com127.0.0.1 Zone site]127.0.0.1 adserving.autotrader.com127.0.0.1 Moe Money]127.0.0.1 Page-DA]127.0.0.1 c.#[ah-ha.com]127.0.0.1 #[xzoomy.com]127.0.0.1 epeople.com127.0.0.1 errorpage404#[JS_TRAFFICHBAR. Tiny Bar]127.0.0.1 er.errorplace.com127.0.0.1 vipuk.#[123Messenger Hijacker]127.0.0.1 antivirus spyware]127.0.0.1 Page-EZ][server down? Meerhits.nl]127.0.0.1 pokpok.meerhits.nl127.0.0.1 exit.megago.com127.0.0.1 squatter]127.0.0.1 Zone site]127.0.0.1 If so, click it, then click the next icon right below and select "Move incurable". Please copy/paste the content of that report into your next reply.*****************************Launch HJThis,click 'Open the Misc Tools Section'. EXEC:\Program Files\Microsoft Windows One Care Live\Firewall\C:\Program Files\Microsoft Windows One Care Live\C:\Program Files\Softex\Omni Pass\C:\WINDOWS\Explorer. Download Plus]127.0.0.1 ad.tomshardware.com127.0.0.1 #[IEDLL. EXEC:\windows\system\C:\WINDOWS\System32\C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\C:\Program Files\HP\HP Software Update\HPWu C:\WINDOWS\System32\hphmon05C:\HP\KBD\KBD. 07-04-13 Hijack logs Logfile of Hijack This v1.99.1Scan saved at AM, on 4/13/2007Platform: Windows XP SP2 (Win NT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16414)Running processes: C:\WINDOWS\System32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\Program Files\Microsoft Windows One Care Live\Antivirus\Ms Mp C:\WINDOWS\system32\C:\Program Files\Softex\Omni Pass\C:\WINDOWS\C:\Documents and Settings\Owner\Desktop\Hijack R1 - HKCU\Software\Microsoft\Internet Connection Wizard, Shell Next = - HKCU\Software\Microsoft\Windows\Current Version\Internet Settings, Proxy Override = localhost R3 - URLSearch Hook: Yahoo! EXEO4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD. EXEO4 - HKLM\..\Run: [Igfx Tray] C:\WINDOWS\System32\O4 - HKLM\..\Run: [Quick Time Task] "C:\Program Files\Quick Time\qttask.exe" -atboottime O4 - HKLM\..\Run: [i Tunes Helper] "C:\Program Files\i Tunes\i Tunes Helper.exe"O4 - HKLM\..\Run: [Quick Finder Scheduler] "c:\Program Files\Word Perfect Office 11\Programs\QFSCHD110. DLLO20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\O20 - Winlogon Notif