SmitFraudFix v2.260Scan done at 12:01:35.46, 15/12/2007
Run from C:\
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix
S!Ri's WS2Fix: LSP not Found.
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
»»»»»»»»»»»»»»»»»»»»»»»» DNS
HKLM\SYSTEM\CCS\Services\Tcpip\..\{57C822F2-9B76-422D-999E-4E5A923BB629}: DhcpNameServer=192.168.58.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{57C822F2-9B76-422D-999E-4E5A923BB629}: DhcpNameServer=192.168.58.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{57C822F2-9B76-422D-999E-4E5A923BB629}: DhcpNameServer=192.168.58.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.58.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.58.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.58.1
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
Registry Cleaning done.
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» End
---------------------------------------------------------
AVG Anti-Spyware - Scan Report---------------------------------------------------------
+ Created at: 4:49:54 PM 15/12/2007
+ Scan result:
C:\Documents and Settings\Adam\Desktop\smitfraudfix\Kill2Me.exe -> Adware.LookMe : Cleaned.
:mozilla.266:C:\Documents and Settings\Rebecca Tottenham\Application Data\Mozilla\Firefox\Profiles\f2iwd9un.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.157:C:\Documents and Settings\Rebecca Tottenham\Application Data\Mozilla\Firefox\Profiles\f2iwd9un.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.158:C:\Documents and Settings\Rebecca Tottenham\Application Data\Mozilla\Firefox\Profiles\f2iwd9un.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.383:C:\Documents and Settings\Rebecca Tottenham\Application Data\Mozilla\Firefox\Profiles\f2iwd9un.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.147:C:\Documents and Settings\Rebecca Tottenham\Application Data\Mozilla\Firefox\Profiles\f2iwd9un.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.148:C:\Documents and Settings\Rebecca Tottenham\Application Data\Mozilla\Firefox\Profiles\f2iwd9un.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.149:C:\Documents and Settings\Rebecca Tottenham\Application Data\Mozilla\Firefox\Profiles\f2iwd9un.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.274:C:\Documents and Settings\Rebecca Tottenham\Application Data\Mozilla\Firefox\Profiles\f2iwd9un.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.225:C:\Documents and Settings\Rebecca Tottenham\Application Data\Mozilla\Firefox\Profiles\f2iwd9un.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.226:C:\Documents and Settings\Rebecca Tottenham\Application Data\Mozilla\Firefox\Profiles\f2iwd9un.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.227:C:\Documents and Settings\Rebecca Tottenham\Application Data\Mozilla\Firefox\Profiles\f2iwd9un.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.228:C:\Documents and Settings\Rebecca Tottenham\Application Data\Mozilla\Firefox\Profiles\f2iwd9un.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.20:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\udzou5nb.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.24:C:\Documents and Settings\Rebecca Tottenham\Application Data\Mozilla\Firefox\Profiles\f2iwd9un.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.193:C:\Documents and Settings\Rebecca Tottenham\Application Data\Mozilla\Firefox\Profiles\f2iwd9un.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.201:C:\Documents and Settings\Rebecca Tottenham\Application Data\Mozilla\Firefox\Profiles\f2iwd9un.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.202:C:\Documents and Settings\Rebecca Tottenham\Application Data\Mozilla\Firefox\Profiles\f2iwd9un.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.203:C:\Documents and Settings\Rebecca Tottenham\Application Data\Mozilla\Firefox\Profiles\f2iwd9un.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.204:C:\Documents and Settings\Rebecca Tottenham\Application Data\Mozilla\Firefox\Profiles\f2iwd9un.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.205:C:\Documents and Settings\Rebecca Tottenham\Application Data\Mozilla\Firefox\Profiles\f2iwd9un.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.206:C:\Documents and Settings\Rebecca Tottenham\Application Data\Mozilla\Firefox\Profiles\f2iwd9un.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.207:C:\Documents and Settings\Rebecca Tottenham\Application Data\Mozilla\Firefox\Profiles\f2iwd9un.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.208:C:\Documents and Settings\Rebecca Tottenham\Application Data\Mozilla\Firefox\Profiles\f2iwd9un.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.209:C:\Documents and Settings\Rebecca Tottenham\Application Data\Mozilla\Firefox\Profiles\f2iwd9un.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.31:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\udzou5nb.default\cookies.txt -> TrackingCookie.Clickbank : Cleaned.
:mozilla.18:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\udzou5nb.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.66:C:\Documents and Settings\Rebecca Tottenham\Application Data\Mozilla\Firefox\Profiles\f2iwd9un.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.48:C:\Documents and Settings\Rebecca Tottenham\Application Data\Mozilla\Firefox\Profiles\f2iwd9un.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.49:C:\Documents and Settings\Rebecca Tottenham\Application Data\Mozilla\Firefox\Profiles\f2iwd9un.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.50:C:\Documents and Settings\Rebecca Tottenham\Application Data\Mozilla\Firefox\Profiles\f2iwd9un.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.51:C:\Documents and Settings\Rebecca Tottenham\Application Data\Mozilla\Firefox\Profiles\f2iwd9un.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.52:C:\Documents and Settings\Rebecca Tottenham\Application Data\Mozilla\Firefox\Profiles\f2iwd9un.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.53:C:\Documents and Settings\Rebecca Tottenham\Application Data\Mozilla\Firefox\Profiles\f2iwd9un.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.54:C:\Documents and Settings\Rebecca Tottenham\Application Data\Mozilla\Firefox\Profiles\f2iwd9un.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.55:C:\Documents and Settings\Rebecca Tottenham\Application Data\Mozilla\Firefox\Profiles\f2iwd9un.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.56:C:\Documents and Settings\Rebecca Tottenham\Application Data\Mozilla\Firefox\Profiles\f2iwd9un.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.57:C:\Documents and Settings\Rebecca Tottenham\Application Data\Mozilla\Firefox\Profiles\f2iwd9un.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.58:C:\Documents and Settings\Rebecca Tottenham\Application Data\Mozilla\Firefox\Profiles\f2iwd9un.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.59:C:\Documents and Settings\Rebecca Tottenham\Application Data\Mozilla\Firefox\Profiles\f2iwd9un.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.32:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\udzou5nb.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.547:C:\Documents and Settings\Rebecca Tottenham\Application Data\Mozilla\Firefox\Profiles\f2iwd9un.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.229:C:\Documents and Settings\Rebecca Tottenham\Application Data\Mozilla\Firefox\Profiles\f2iwd9un.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.10:C:\Documents and Settings\Rebecca Tottenham\Application Data\Mozilla\Firefox\Profiles\f2iwd9un.default\cookies.txt -> TrackingCookie.Netflame : Cleaned.
:mozilla.240:C:\Documents and Settings\Rebecca Tottenham\Application Data\Mozilla\Firefox\Profiles\f2iwd9un.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.241:C:\Documents and Settings\Rebecca Tottenham\Application Data\Mozilla\Firefox\Profiles\f2iwd9un.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.242:C:\Documents and Settings\Rebecca Tottenham\Application Data\Mozilla\Firefox\Profiles\f2iwd9un.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.243:C:\Documents and Settings\Rebecca Tottenham\Application Data\Mozilla\Firefox\Profiles\f2iwd9un.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.244:C:\Documents and Settings\Rebecca Tottenham\Application Data\Mozilla\Firefox\Profiles\f2iwd9un.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.245:C:\Documents and Settings\Rebecca Tottenham\Application Data\Mozilla\Firefox\Profiles\f2iwd9un.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.246:C:\Documents and Settings\Rebecca Tottenham\Application Data\Mozilla\Firefox\Profiles\f2iwd9un.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.143:C:\Documents and Settings\Rebecca Tottenham\Application Data\Mozilla\Firefox\Profiles\f2iwd9un.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.10:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\udzou5nb.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.11:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\udzou5nb.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.12:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\udzou5nb.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.13:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\udzou5nb.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.14:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\udzou5nb.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.19:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\udzou5nb.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.218:C:\Documents and Settings\Rebecca Tottenham\Application Data\Mozilla\Firefox\Profiles\f2iwd9un.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.219:C:\Documents and Settings\Rebecca Tottenham\Application Data\Mozilla\Firefox\Profiles\f2iwd9un.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.220:C:\Documents and Settings\Rebecca Tottenham\Application Data\Mozilla\Firefox\Profiles\f2iwd9un.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.221:C:\Documents and Settings\Rebecca Tottenham\Application Data\Mozilla\Firefox\Profiles\f2iwd9un.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.222:C:\Documents and Settings\Rebecca Tottenham\Application Data\Mozilla\Firefox\Profiles\f2iwd9un.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.223:C:\Documents and Settings\Rebecca Tottenham\Application Data\Mozilla\Firefox\Profiles\f2iwd9un.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.224:C:\Documents and Settings\Rebecca Tottenham\Application Data\Mozilla\Firefox\Profiles\f2iwd9un.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.9:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\udzou5nb.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.195:C:\Documents and Settings\Rebecca Tottenham\Application Data\Mozilla\Firefox\Profiles\f2iwd9un.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.196:C:\Documents and Settings\Rebecca Tottenham\Application Data\Mozilla\Firefox\Profiles\f2iwd9un.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.197:C:\Documents and Settings\Rebecca Tottenham\Application Data\Mozilla\Firefox\Profiles\f2iwd9un.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.256:C:\Documents and Settings\Rebecca Tottenham\Application Data\Mozilla\Firefox\Profiles\f2iwd9un.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.257:C:\Documents and Settings\Rebecca Tottenham\Application Data\Mozilla\Firefox\Profiles\f2iwd9un.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.163:C:\Documents and Settings\Rebecca Tottenham\Application Data\Mozilla\Firefox\Profiles\f2iwd9un.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.60:C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\p4ydfut5.default\cookies.txt -> TrackingCookie.Webtrends : Cleaned.
:mozilla.126:C:\Documents and Settings\Rebecca Tottenham\Application Data\Mozilla\Firefox\Profiles\f2iwd9un.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.127:C:\Documents and Settings\Rebecca Tottenham\Application Data\Mozilla\Firefox\Profiles\f2iwd9un.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.128:C:\Documents and Settings\Rebecca Tottenham\Application Data\Mozilla\Firefox\Profiles\f2iwd9un.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.129:C:\Documents and Settings\Rebecca Tottenham\Application Data\Mozilla\Firefox\Profiles\f2iwd9un.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.130:C:\Documents and Settings\Rebecca Tottenham\Application Data\Mozilla\Firefox\Profiles\f2iwd9un.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.131:C:\Documents and Settings\Rebecca Tottenham\Application Data\Mozilla\Firefox\Profiles\f2iwd9un.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.132:C:\Documents and Settings\Rebecca Tottenham\Application Data\Mozilla\Firefox\Profiles\f2iwd9un.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.133:C:\Documents and Settings\Rebecca Tottenham\Application Data\Mozilla\Firefox\Profiles\f2iwd9un.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.134:C:\Documents and Settings\Rebecca Tottenham\Application Data\Mozilla\Firefox\Profiles\f2iwd9un.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
::Report end
Logfile of Trend Micro HijackThis v2.0.2Scan saved at 4:52:35 PM, on 15/12/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Safe mode
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://g.msn.ca/0SEENCA/SAOS01?FORM=TOOLBRO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [CPLDBL10] C:\Program Files\EzButton\CPLDBL10.EXE
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [Drag'n Drop CD+DVD] C:\Program Files\Drag'n Drop CD+DVD\BinFiles\DragDrop.exe /StartUp
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 5.0\THGuard.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: &Windows Live Search -
res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Open in new background tab -
res://C:\Program Files\Windows Live Toolbar\Components\en-ca\msntabres.dll.mui/229?7bc6660df57f4666b3780613e95b5c7b
O8 - Extra context menu item: Open in new foreground tab -
res://C:\Program Files\Windows Live Toolbar\Components\en-ca\msntabres.dll.mui/230?7bc6660df57f4666b3780613e95b5c7b
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://update.microsoft.com/windowsupda ... 5714271734O21 - SSODL: gormet - {EA591DAC-0995-4896-BCCD-17C712BC707F} - (no file)
O21 - SSODL: pmkret - {3E367F4C-F116-4003-B5ED-1285B2A96C7D} - (no file)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Program Files\TOSHIBA\Power Management\CeEPwrSvc.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
--
End of file - 5642 bytes
Well Things are looking up. Everything went well until I deleted instead of quarantined those items found in AVG Anti-spyware. And you had it all diagrammed so well - pictures and everything.
Thanks for the help so far...
are there still more steps yet?
ADAM