Hi. This is becoming the more common trojan infections on this site eh?

In anycase I need help with my computer. I was surfing abit before I fell for the: "Download the latest version of codec now!" trick. I did and got hit. Surfing on how to rid myself on it I went to check up on this forums(A friend handed me the address) and saw something that helped. However, a little of the trojan remains and I have yet to remove it completely. Anyone able to help?

I have followed this on how to remove it. Thankfully it has gotten rid of the software that opens pornography whenever I go online. Now I am stuck with this irritating thing that keeps "warning" me that my computer is infected and prompts me to download adwares.

Any help will be greatly appreciated.


Thanks.

PostScript: Darn. We all know where we got this crappy malware from. We should just learn from this. =/

Here are my scan logs by the way:

HijackThis-
Logfile of HijackThis v1.99.1
Scan saved at 7:09:30 PM, on 10/23/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\VideoCompressionCodec\pmsngr.exe
C:\WINDOWS\system32\tp4serv.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\IBMTOOLS\UTILS\ibmprc.exe
C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE
C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\VideoCompressionCodec\pmmon.exe
C:\Documents and Settings\Justinian\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
O1 - Hosts: 58.215.74.131 sky001.e11.163ns.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program

Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1

\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32

\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program

Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7b4d79df-9ef0-429d-a0e9-d9b138c6a53b} - C:\Program

Files\VideoCompressionCodec\isaddon.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program

Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program

Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program

Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Protection Bar - {8aed5df3-6e0b-4930-b1a5-f8aa8d757497} - C:\Program

Files\VideoCompressionCodec\iesplugin.dll (file missing)
O4 - HKLM\..\Run: [S3TRAY2] S3Tray2.exe
O4 - HKLM\..\Run: [TrackPointSrv] tp4serv.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe

irprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
O4 - HKLM\..\Run: [BMMMONWND] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1

\BatInfEx.dll,BMMAutonomicMonitor
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [UC_Start] C:\Program Files\IBM\Updater\\ucstartup.exe
O4 - HKLM\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\\ibmmessages.exe
O4 - HKLM\..\Run: [UpdateManager] "c:\Program Files\Common Files\Sonic\Update

Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [IBMPRC] C:\IBMTOOLS\UTILS\ibmprc.exe
O4 - HKLM\..\Run: [QCTRAY] C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE
O4 - HKLM\..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1

\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [OutpostFeedBack] C:\Program Files\Agnitum\Outpost Firewall 1.0

\feedback.exe /dump:os_startup
O4 - HKLM\..\Run: [DrawDashSoftwareSize] C:\Documents and Settings\All Users\Application

Data\RectDefaultDrawDash\Eachrdr.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0

\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5

\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\RunServices: [0mcamcap] C:\WINDOWS\System32\0mcamcap.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
O4 - HKCU\..\Run: [Bat Else] C:\DOCUME~1\JUSTIN~1\APPLIC~1\MODEGR~1\axis stupid.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma

Loader.exe
O4 - Startup: Cyber-shot Viewer Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture

Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0

\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft

Office\Office\OSA9.EXE
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program

Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program

Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program

Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program

Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program

Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program

Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat

7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat

7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: Ãâ·Ñ¾«²ÊÊÓƵ³¬Á÷³©ÔÚÏß¹Û¿´ - {022C4009-5283-4365-97BF-144054B40E2E} -

http://itv.mop.com (file missing)
O9 - Extra 'Tools' menuitem: ²¥°ÔµçÊÓ - {022C4009-5283-4365-97BF-144054B40E2E} -

http://itv.mop.com (file missing)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Outpost Firewall Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1}

- C:\Program Files\Agnitum\Outpost Firewall 1.0\Plugins\BrowserBar\ie_bar.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O15 - Trusted Zone: http://*.hotmail.com
O15 - Trusted Zone: http://*.ohanatown.org
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) -

https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) -

http://scan.safety.live.com/resource/downl...lscbase5059.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -

http://update.microsoft.com/microsoftupdat.../muweb_site.cab?

1155099456328
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) -

http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -

http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {D88C7675-7CEE-4C9A-BDD4-7A43EED7794D} (Logout Class) -

http://www.tricksteronline.com/control/KALogoutComponent.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1

\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1

\MSGRAP~1.DLL
O20 - AppInit_DLLs: kb7218152.log c:\program files\agnitum\outpost firewall 1.0\wl_hook.dll

c:\progra~1\agnitum\outpos~1.0\wl_hook.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: IvYHxWwbPwrNDH - {D0957B5C-7A3F-D1F6-C97D-E978B1E0C080} - C:\WINDOWS\System32

\gqovjk.dll (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program

Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:\Program Files\IBM\IBM

Rapid Restore Ultra\rrpcsb.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32

\ibmpmsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32

\PsaSrv.exe (file missing)
O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\

and here

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 6:29:09 PM 10/23/2006

+ Scan result:



HKLM\SOFTWARE\Classes\Interface\{0065CDBC-2439-4365-A7E7-BF5B853BF49D} -> Adware.VirusBurster : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\Interface\{19DACF08-A207-4271-AA22-C138F512E787} -> Adware.VirusBurster : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\Interface\{3E37C978-9E24-42FA-B021-B56CAAFDB694} -> Adware.VirusBurster : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\Interface\{4130008C-5697-4EF5-9EDE-EF8F9F10D524} -> Adware.VirusBurster : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\Interface\{4F4A0564-17DE-4EB2-B29E-6D2E167A3BE0} -> Adware.VirusBurster : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\Interface\{6B067ED9-4AEC-474E-B67E-85EF417D68BA} -> Adware.VirusBurster : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\Interface\{9188A88D-3D41-4EB6-A7D8-0F6A5266F685} -> Adware.VirusBurster : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\Interface\{B660CDE9-526E-41FE-AB41-773D78BEE31E} -> Adware.VirusBurster : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\Interface\{BF8A0E53-F417-413A-B849-B5C0086EEF8A} -> Adware.VirusBurster : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\Interface\{C36464A1-2D2F-4804-AAF6-F5BD62536ADB} -> Adware.VirusBurster : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\Interface\{CA74BAFC-1F0C-49B1-8A76-5D55085E71FB} -> Adware.VirusBurster : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\Interface\{D0722752-35B5-44E1-A14A-E2A44C41F509} -> Adware.VirusBurster : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\Interface\{EE2EAC90-8B01-49D4-B46C-8E02BDA1F3B4} -> Adware.VirusBurster : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\Interface\{F7F932D6-A6BE-4273-9950-ECBD72170DBF} -> Adware.VirusBurster : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\Interface\{FD34EB96-89FA-43CC-9C37-D1D5B099D28F} -> Adware.VirusBurster : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\TypeLib\{A569F6C9-29F0-43BC-80CF-6BA138C66108} -> Adware.VirusBurster : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\NProtect.dll -> Dropper.Agent.apw : Cleaned with backup (quarantined).
:mozilla.10:C:\Documents and Settings\Justinian\Application Data\Mozilla\Firefox\Profiles\691w2nc0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.11:C:\Documents and Settings\Justinian\Application Data\Mozilla\Firefox\Profiles\691w2nc0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.12:C:\Documents and Settings\Justinian\Application Data\Mozilla\Firefox\Profiles\691w2nc0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.13:C:\Documents and Settings\Justinian\Application Data\Mozilla\Firefox\Profiles\691w2nc0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.152:C:\Documents and Settings\Justinian\Application Data\Mozilla\Firefox\Profiles\691w2nc0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.174:C:\Documents and Settings\Justinian\Application Data\Mozilla\Firefox\Profiles\691w2nc0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.47:C:\Documents and Settings\Justinian\Application Data\Mozilla\Firefox\Profiles\691w2nc0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.9:C:\Documents and Settings\Justinian\Application Data\Mozilla\Firefox\Profiles\691w2nc0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.231:C:\Documents and Settings\Justinian\Application Data\Mozilla\Firefox\Profiles\691w2nc0.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.232:C:\Documents and Settings\Justinian\Application Data\Mozilla\Firefox\Profiles\691w2nc0.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.74:C:\Documents and Settings\Justinian\Application Data\Mozilla\Firefox\Profiles\691w2nc0.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.75:C:\Documents and Settings\Justinian\Application Data\Mozilla\Firefox\Profiles\691w2nc0.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.256:C:\Documents and Settings\Justinian\Application Data\Mozilla\Firefox\Profiles\691w2nc0.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.76:C:\Documents and Settings\Justinian\Application Data\Mozilla\Firefox\Profiles\691w2nc0.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.229:C:\Documents and Settings\Justinian\Application Data\Mozilla\Firefox\Profiles\691w2nc0.default\cookies.txt -> TrackingCookie.Adserver : Cleaned.
:mozilla.230:C:\Documents and Settings\Justinian\Application Data\Mozilla\Firefox\Profiles\691w2nc0.default\cookies.txt -> TrackingCookie.Adserver : Cleaned.
:mozilla.52:C:\Documents and Settings\Justinian\Application Data\Mozilla\Firefox\Profiles\691w2nc0.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.245:C:\Documents and Settings\Justinian\Application Data\Mozilla\Firefox\Profiles\691w2nc0.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.246:C:\Documents and Settings\Justinian\Application Data\Mozilla\Firefox\Profiles\691w2nc0.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.105:C:\Documents and Settings\Justinian\Application Data\Mozilla\Firefox\Profiles\691w2nc0.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.288:C:\Documents and Settings\Justinian\Application Data\Mozilla\Firefox\Profiles\691w2nc0.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.251:C:\Documents and Settings\Justinian\Application Data\Mozilla\Firefox\Profiles\691w2nc0.default\cookies.txt -> TrackingCookie.Masterstats : Cleaned.
:mozilla.173:C:\Documents and Settings\Justinian\Application Data\Mozilla\Firefox\Profiles\691w2nc0.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.179:C:\Documents and Settings\Justinian\Application Data\Mozilla\Firefox\Profiles\691w2nc0.default\cookies.txt -> TrackingCookie.Paycounter : Cleaned.
:mozilla.77:C:\Documents and Settings\Justinian\Application Data\Mozilla\Firefox\Profiles\691w2nc0.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.78:C:\Documents and Settings\Justinian\Application Data\Mozilla\Firefox\Profiles\691w2nc0.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.79:C:\Documents and Settings\Justinian\Application Data\Mozilla\Firefox\Profiles\691w2nc0.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.80:C:\Documents and Settings\Justinian\Application Data\Mozilla\Firefox\Profiles\691w2nc0.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.186:C:\Documents and Settings\Justinian\Application Data\Mozilla\Firefox\Profiles\691w2nc0.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.187:C:\Documents and Settings\Justinian\Application Data\Mozilla\Firefox\Profiles\691w2nc0.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.189:C:\Documents and Settings\Justinian\Application Data\Mozilla\Firefox\Profiles\691w2nc0.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.190:C:\Documents and Settings\Justinian\Application Data\Mozilla\Firefox\Profiles\691w2nc0.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.106:C:\Documents and Settings\Justinian\Application Data\Mozilla\Firefox\Profiles\691w2nc0.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.107:C:\Documents and Settings\Justinian\Application Data\Mozilla\Firefox\Profiles\691w2nc0.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.108:C:\Documents and Settings\Justinian\Application Data\Mozilla\Firefox\Profiles\691w2nc0.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.109:C:\Documents and Settings\Justinian\Application Data\Mozilla\Firefox\Profiles\691w2nc0.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.20:C:\Documents and Settings\Justinian\Application Data\Mozilla\Firefox\Profiles\691w2nc0.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.209:C:\Documents and Settings\Justinian\Application Data\Mozilla\Firefox\Profiles\691w2nc0.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.224:C:\Documents and Settings\Justinian\Application Data\Mozilla\Firefox\Profiles\691w2nc0.default\cookies.txt -> TrackingCookie.Yadro : Cleaned.
:mozilla.225:C:\Documents and Settings\Justinian\Application Data\Mozilla\Firefox\Profiles\691w2nc0.default\cookies.txt -> TrackingCookie.Yadro : Cleaned.
:mozilla.233:C:\Documents and Settings\Justinian\Application Data\Mozilla\Firefox\Profiles\691w2nc0.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.234:C:\Documents and Settings\Justinian\Application Data\Mozilla\Firefox\Profiles\691w2nc0.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.235:C:\Documents and Settings\Justinian\Application Data\Mozilla\Firefox\Profiles\691w2nc0.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.73:C:\Documents and Settings\Justinian\Application Data\Mozilla\Firefox\Profiles\691w2nc0.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Justinian\Cookies\justinian@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.


::Report end

this log is from the scan i made after i did what the post asked me to do.

Ad-Aware SE Build 1.06r1
Logfile Created on:Monday, October 23, 2006 7:27:41 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R126 12.10.2006
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
MRU List(TAC index:0):10 total references
Tracking Cookie(TAC index:3):2 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R126 12.10.2006
Internal build : 156
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 782898 Bytes
Total size : 2527469 Bytes
Signature data size : 2478468 Bytes
Reference data size : 48489 Bytes
Signatures total : 68024
CSI Fingerprints total : 3957
CSI data size : 164285 Bytes
Target categories : 15
Target families : 988


Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Non Intel
Memory available:29 %
Total physical memory:252336 kb
Available physical memory:72840 kb
Total page file size:620016 kb
Available on page file:203800 kb
Total virtual memory:2097024 kb
Available virtual memory:2036420 kb
OS:Microsoft Windows XP Home Edition Service Pack 2 (Build 2600)

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Search for low-risk threats
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


10-23-2006 7:27:41 PM - Scan started. (Full System Scan)

MRU List Object Recognized!
Location: : C:\Documents and Settings\Justinian\recent
Description : list of recently opened documents


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X


MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw


MRU List Object Recognized!
Location: : S-1-5-21-365607259-75722385-3621012135-1006\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer


MRU List Object Recognized!
Location: : S-1-5-21-365607259-75722385-3621012135-1006\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened


MRU List Object Recognized!
Location: : S-1-5-21-365607259-75722385-3621012135-1006\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension


MRU List Object Recognized!
Location: : S-1-5-21-365607259-75722385-3621012135-1006\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened


MRU List Object Recognized!
Location: : S-1-5-21-365607259-75722385-3621012135-1006\software\microsoft\windows media\wmsdk\general
Description : windows media sdk


MRU List Object Recognized!
Location: : S-1-5-21-365607259-75722385-3621012135-1006\software\winrar\dialogedithistory\extrpath
Description : winrar "extract-to" history


Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 712
ThreadCreationTime : 10-23-2006 10:31:38 AM
BasePriority : Normal


#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 772
ThreadCreationTime : 10-23-2006 10:31:40 AM
BasePriority : Normal


#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 796
ThreadCreationTime : 10-23-2006 10:31:41 AM
BasePriority : High


#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 840
ThreadCreationTime : 10-23-2006 10:31:44 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 852
ThreadCreationTime : 10-23-2006 10:31:44 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [ibmpmsvc.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1016
ThreadCreationTime : 10-23-2006 10:31:46 AM
BasePriority : Normal


#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1044
ThreadCreationTime : 10-23-2006 10:31:46 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1144
ThreadCreationTime : 10-23-2006 10:31:47 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [msmpeng.exe]
FilePath : C:\Program Files\Windows Defender\
ProcessID : 1188
ThreadCreationTime : 10-23-2006 10:31:48 AM
BasePriority : Normal
FileVersion : 1.1.1347.0
ProductVersion : 1.1.1347.0
ProductName : Windows Defender
CompanyName : Microsoft Corporation
FileDescription : Service Executable
InternalName : MsMpEng.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : MsMpEng.exe

#:10 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1240
ThreadCreationTime : 10-23-2006 10:31:48 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:11 [s24evmon.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1300
ThreadCreationTime : 10-23-2006 10:31:48 AM
BasePriority : Normal
FileVersion : 8, 0, 0, 164
ProductVersion : 8, 0, 0, 164
ProductName : Mobile Unit Support Service
CompanyName : Intel Corporation
FileDescription : Event Monitor - Supports driver extensions to NIC Driver for wireless adapters.
InternalName : S24EvMon
LegalCopyright : Copyright © 2001 - 2003 Intel Corporation, 1997 - 2001 Symbol Technologies, Inc. Portions Copyright © MIT
OriginalFilename : S24EvMon.exe

#:12 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1368
ThreadCreationTime : 10-23-2006 10:31:49 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:13 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1464
ThreadCreationTime : 10-23-2006 10:31:49 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:14 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1748
ThreadCreationTime : 10-23-2006 10:31:54 AM
BasePriority : Normal
FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)
ProductVersion : 5.1.2600.2696
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:15 [rrpcsb.exe]
FilePath : C:\Program Files\IBM\IBM Rapid Restore Ultra\
ProcessID : 1888
ThreadCreationTime : 10-23-2006 10:31:55 AM
BasePriority : Normal
FileVersion : 4,0,0,4026
ProductVersion : 4,0,0,4026
ProductName : rrpcsb Module
FileDescription : rrpcsb Module
InternalName : rrpcsb
LegalCopyright : Copyright 2002
OriginalFilename : rrpcsb.EXE

#:16 [hpzipm12.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1920
ThreadCreationTime : 10-23-2006 10:31:56 AM
BasePriority : Normal
FileVersion : 9, 0, 0, 0
ProductVersion : 9, 0, 0, 0
ProductName : HP PML
CompanyName : HP
FileDescription : PML Driver
InternalName : PmlDrv
LegalCopyright : Copyright © 1998, 1999 Hewlett-Packard Company
OriginalFilename : PmlDrv.exe

#:17 [qconsvc.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1988
ThreadCreationTime : 10-23-2006 10:31:56 AM
BasePriority : Normal
FileVersion : 3, 1, 0, 0
ProductVersion : 3, 1, 0, 0
ProductName : IBM ThinkPad Utility
CompanyName : IBM Corp.
FileDescription : IBM Access Connections - Service Component.
InternalName : QConSvc
LegalCopyright : Copyright © IBM Corp. 2001, 2004
OriginalFilename : QConSvc.Exe
Comments : IBM Access Connections Component.

#:18 [regsrvc.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 252
ThreadCreationTime : 10-23-2006 10:31:57 AM
BasePriority : Normal
FileVersion : 8, 0, 0, 164
ProductVersion : 8, 0, 0, 164
ProductName : RegSrvc Module
CompanyName : Intel Corporation
FileDescription : RegSrvc Module
InternalName : RegSrvc
LegalCopyright : Copyright © 2002 - 2003 Intel Corporation
OriginalFilename : RegSrvc.EXE

#:19 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 412
ThreadCreationTime : 10-23-2006 10:31:57 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:20 [tpkmpsvc.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 456
ThreadCreationTime : 10-23-2006 10:31:57 AM
BasePriority : Normal


#:21 [wdfmgr.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 476
ThreadCreationTime : 10-23-2006 10:31:57 AM
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: dnsrv(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe

#:22 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 604
ThreadCreationTime : 10-23-2006 10:32:12 AM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:23 [wscntfy.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 732
ThreadCreationTime : 10-23-2006 10:32:12 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Security Center Notification App
InternalName : wscntfy.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : wscntfy.exe

#:24 [pmsngr.exe]
FilePath : C:\Program Files\VideoCompressionCodec\
ProcessID : 240
ThreadCreationTime : 10-23-2006 10:32:15 AM
BasePriority : Normal


#:25 [tp4serv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 844
ThreadCreationTime : 10-23-2006 10:32:16 AM
BasePriority : Normal
FileVersion : 3.12
ProductVersion : 3.12
ProductName : IBM PS/2 TrackPoint Support
CompanyName : IBM Corporation
FileDescription : IBM PS/2 TrackPoint Daemon
InternalName : daemon.exe
LegalCopyright : Copyright © IBM Corporation 1997-2003
OriginalFilename : daemon.exe

#:26 [igfxtray.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1864
ThreadCreationTime : 10-23-2006 10:32:16 AM
BasePriority : Normal
FileVersion : 3.0.0.2350
ProductVersion : 7.0.0.2350
ProductName : Intel® Common User Interface
CompanyName : Intel Corporation
FileDescription : igfxTray Module
InternalName : IGFXTRAY
LegalCopyright : Copyright 1999-2003, Intel Corporation
OriginalFilename : IGFXTRAY.EXE

#:27 [hkcmd.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1592
ThreadCreationTime : 10-23-2006 10:32:16 AM
BasePriority : Normal
FileVersion : 3.0.0.2350
ProductVersion : 7.0.0.2350
ProductName : Intel® Common User Interface
CompanyName : Intel Corporation
FileDescription : hkcmd Module
InternalName : HKCMD
LegalCopyright : Copyright 1999-2003, Intel Corporation
OriginalFilename : HKCMD.EXE

#:28 [rundll32.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 2064
ThreadCreationTime : 10-23-2006 10:32:17 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Run a DLL as an App
InternalName : rundll
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : RUNDLL.EXE

#:29 [ezejmnap.exe]
FilePath : C:\PROGRA~1\ThinkPad\UTILIT~1\
ProcessID : 2252
ThreadCreationTime : 10-23-2006 10:32:19 AM
BasePriority : Normal
FileVersion : 1, 0, 0, 0
ProductVersion : 1, 0, 0, 0
ProductName : IBM ThinkPad EasyEject Support Application
CompanyName : IBM Corp.
FileDescription : IBM ThinkPad EasyEject Support Application
InternalName : IBM ThinkPad EasyEject Support Application
LegalCopyright : Copyright © IBM Corp. 2002,2004.
OriginalFilename : EzEjMnAp.EXE

#:30 [ibmmessages.exe]
FilePath : C:\Program Files\IBM\Messages By IBM\
ProcessID : 2280
ThreadCreationTime : 10-23-2006 10:32:19 AM
BasePriority : Normal


#:31 [tfswctrl.exe]
FilePath : C:\WINDOWS\system32\dla\
ProcessID : 2324
ThreadCreationTime : 10-23-2006 10:32:20 AM
BasePriority : Normal
FileVersion : 1.04.07a
CompanyName : Sonic Solutions
FileDescription : Drive Letter Access Component
LegalCopyright : Copyright © 2003 Sonic Solutions

#:32 [ibmprc.exe]
FilePath : C:\IBMTOOLS\UTILS\
ProcessID : 2332
ThreadCreationTime : 10-23-2006 10:32:20 AM
BasePriority : Normal
FileVersion : 1, 0, 0, 3
ProductVersion : 1, 0, 0, 1
ProductName : ibmprc Application
CompanyName : IBM Corp.
FileDescription : ibmprc Application
InternalName : ibmprc
LegalCopyright : Copyright © 2004 IBM
OriginalFilename : ibmprc.exe

#:33 [qctray.exe]
FilePath : C:\Program Files\ThinkPad\ConnectUtilities\
ProcessID : 2396
ThreadCreationTime : 10-23-2006 10:32:20 AM
BasePriority : Normal
FileVersion : 3, 1, 0, 0
ProductVersion : 3, 1, 0, 0
ProductName : IBM ThinkPad Utility
CompanyName : IBM Corp.
FileDescription : IBM Access Connections - Taskbar Application.
InternalName : QCTray
LegalCopyright : Copyright © IBM Corp. 2001, 2004
OriginalFilename : QCTray.exe
Comments : IBM Access Connections Component.

#:34 [qcwlicon.exe]
FilePath : C:\Program Files\ThinkPad\ConnectUtilities\
ProcessID : 2460
ThreadCreationTime : 10-23-2006 10:32:21 AM
BasePriority : Normal
FileVersion : 3, 1, 0, 0
ProductVersion : 3, 1, 0, 0
ProductName : IBM ThinkPad Utility
CompanyName : IBM Corp.
FileDescription : IBM Access Connections - Wireless Status Icon.
InternalName : QCWLIcon
LegalCopyright : Copyright © IBM Corp. 2001, 2004
OriginalFilename : QCWLIcon.exe
Comments : IBM Access Connections Component.

#:35 [rundll32.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 2692
ThreadCreationTime : 10-23-2006 10:32:21 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Run a DLL as an App
InternalName : rundll
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : RUNDLL.EXE

#:36 [msascui.exe]
FilePath : C:\Program Files\Windows Defender\
ProcessID : 2708
ThreadCreationTime : 10-23-2006 10:32:22 AM
BasePriority : Normal
FileVersion : 1.1.1347.0
ProductVersion : 1.1.1347.0
ProductName : Windows Defender
CompanyName : Microsoft Corporation
FileDescription : Windows Defender User Interface
InternalName : MSASCUI
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : MSASCUI.exe

#:37 [acrotray.exe]
FilePath : C:\Program Files\Adobe\Acrobat 7.0\Distillr\
ProcessID : 3012
ThreadCreationTime : 10-23-2006 10:32:23 AM
BasePriority : Normal
FileVersion : 6.0.1.2004121400
ProductVersion : 6.0.1.2004121400
ProductName : AcroTray - Adobe Acrobat Distiller helper application.
CompanyName : Adobe Systems Inc.
FileDescription : AcroTray
InternalName : AcroTray
LegalCopyright : Copyright 1984-2004 Adobe Systems Incorporated and its licensors. All rights reserved.
OriginalFilename : AcroTray.exe

#:38 [avgas.exe]
FilePath : C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\
ProcessID : 3144
ThreadCreationTime : 10-23-2006 10:32:23 AM
BasePriority : Normal
FileVersion : 7, 5, 0, 50
ProductVersion : 7, 5, 0, 50
ProductName : AVG Anti-Spyware
CompanyName : Anti-Malware Development a.s.
FileDescription : AVG Anti-Spyware
InternalName : AVG Anti-Spyware
LegalCopyright : Copyright © 2006 Anti-Malware Development a.s.
OriginalFilename : avgas.exe

#:39 [jusched.exe]
FilePath : C:\Program Files\Java\jre1.5.0_06\bin\
ProcessID : 3164
ThreadCreationTime : 10-23-2006 10:32:24 AM
BasePriority : Normal


#:40 [msnmsgr.exe]
FilePath : C:\Program Files\MSN Messenger\
ProcessID : 3172
ThreadCreationTime : 10-23-2006 10:32:24 AM
BasePriority : Normal
FileVersion : 8.0.0812.00
ProductVersion : 8.0.0812
ProductName : Messenger
CompanyName : Microsoft Corporation
FileDescription : Messenger
InternalName : msnmsgr.exe
LegalCopyright : Copyright © Microsoft Corporation. All rights reserved.
OriginalFilename : msnmsgr.exe

#:41 [skype.exe]
FilePath : C:\Program Files\Skype\Phone\
ProcessID : 3212
ThreadCreationTime : 10-23-2006 10:32:26 AM
BasePriority : Normal


#:42 [iexplore.exe]
FilePath : C:\Program Files\Internet Explorer\
ProcessID : 3432
ThreadCreationTime : 10-23-2006 10:32:29 AM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE

#:43 [iexplore.exe]
FilePath : c:\progra~1\intern~1\
ProcessID : 3520
ThreadCreationTime : 10-23-2006 10:32:31 AM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE

#:44 [spuvolumewatcher.exe]
FilePath : C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\
ProcessID : 4060
ThreadCreationTime : 10-23-2006 10:32:37 AM
BasePriority : Normal


#:45 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 3636
ThreadCreationTime : 10-23-2006 10:35:24 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:46 [pmmon.exe]
FilePath : C:\Program Files\VideoCompressionCodec\
ProcessID : 820
ThreadCreationTime : 10-23-2006 11:05:50 AM
BasePriority : Normal


#:47 [iexplore.exe]
FilePath : C:\Program Files\Internet Explorer\
ProcessID : 2436
ThreadCreationTime : 10-23-2006 11:11:05 AM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE

#:48 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 3316
ThreadCreationTime : 10-23-2006 11:24:26 AM
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 10


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 10


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 10


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : justinian@tribalfusion[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:justinian@tribalfusion.com/
Expires : 1-1-2038 8:00:00 AM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : justinian@revenue[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:justinian@revenue.net/
Expires : 6-10-2022 1:05:42 PM
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 2
Objects found so far: 12



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 12


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 12




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 12

7:44:19 PM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:16:37.714
Objects scanned:143223
Objects identified:2
Objects ignored:0
New critical objects:2

Hi Kiro,

This is a pretty new version of the Zlob/Smitfraud codec infection. Ad-aware should have detection for this variant soon, but in the meantime, please use this free tool, should get it.

FYI - You have the desktop Hijacker from that codec as described Here in our September Newsletter.

1. Download SmitfraudFix (by S!Ri) to your Desktop (Win2k/WinXP only!).
http://siri.urz.free.fr/Fix/SmitfraudFix.zip
Extract all the files to your Destop. A folder named SmitfraudFix will be created on your Desktop.

How to extract (decompress) zipped or compressed files
http://www.lvsonline.com/compresstut/index.shtml

Note : process.exe is part of the SmitFraudFix tool and is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky, Panda) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.


2. Reboot into Safe Mode
You can usually do this by restarting your computer and continually tapping F8 until a menu appears. Highlight Safe Mode and hit enter.

How to start the computer in Safe mode
http://service1.symantec.com/SUPPORT/tsgen...src=sec_doc_nam

3. Once in Safe mode, open the SmitfraudFix folder and double-click smitfraudfix.cmd

Select option #2 - Clean by typing 2 and press Enter.
Wait for the tool to complete and disk cleanup to finish.
You will be prompted : "Registry cleaning - Do you want to clean the registry ?" answer Yes by typing Y and hit Enter.
The tool will also check if wininet.dll is infected. If a clean version is found, you will be prompted to replace wininet.dll. Answer Yes to the question "Replace infected file ?" by typing Y and hit Enter.

A reboot may be needed to finish the cleaning process, if you computer does not restart automatically please do it yourself manually.

4. Once back into normal mode, please scan with HijackThis to produce a log. Post that log into your topic along with the other requested logs named below.

Logs needed in your next post are:

rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed

Fresh HijackThis log

Warning : running option #2 on a non infected computer will remove your Desktop background.
[/quote]

Yo. Thanks a bunch calamity. It's done and out. Here's the fresh hijackthis log

Logfile of HijackThis v1.99.1
Scan saved at 9:21:40 AM, on 10/29/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\tp4serv.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\IBMTOOLS\UTILS\ibmprc.exe
C:\Program Files\IBM\Updater\jre\bin\javaw.exe
C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE
C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe
c:\progra~1\intern~1\iexplore.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Justinian\Desktop\Malware Remover AsD.exe

O1 - Hosts: 58.215.74.131 sky001.e11.163ns.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {8bf5b8fc-11cb-409f-8c91-4d4ca04a1b6d} - C:\Program Files\VideoKeyCodec\isaddon.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [S3TRAY2] S3Tray2.exe
O4 - HKLM\..\Run: [TrackPointSrv] tp4serv.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
O4 - HKLM\..\Run: [BMMMONWND] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [UC_Start] C:\Program Files\IBM\Updater\\ucstartup.exe
O4 - HKLM\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\\ibmmessages.exe
O4 - HKLM\..\Run: [UpdateManager] "c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [IBMPRC] C:\IBMTOOLS\UTILS\ibmprc.exe
O4 - HKLM\..\Run: [QCTRAY] C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE
O4 - HKLM\..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [OutpostFeedBack] C:\Program Files\Agnitum\Outpost Firewall 1.0\feedback.exe /dump:os_startup
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
O4 - HKCU\..\Run: [Bat Else] C:\DOCUME~1\JUSTIN~1\APPLIC~1\MODEGR~1\axis stupid.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Cyber-shot Viewer Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: Ãâ·Ñ¾«²ÊÊÓƵ³¬Á÷³©ÔÚÏß¹Û¿´ - {022C4009-5283-4365-97BF-144054B40E2E} - http://itv.mop.com (file missing)
O9 - Extra 'Tools' menuitem: ²¥°ÔµçÊÓ - {022C4009-5283-4365-97BF-144054B40E2E} - http://itv.mop.com (file missing)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Outpost Firewall Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\Program Files\Agnitum\Outpost Firewall 1.0\Plugins\BrowserBar\ie_bar.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O15 - Trusted Zone: http://*.hotmail.com
O15 - Trusted Zone: http://*.ohanatown.org
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://scan.safety.live.com/resource/downl...lscbase5059.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1155099456328
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {D88C7675-7CEE-4C9A-BDD4-7A43EED7794D} (Logout Class) - http://www.tricksteronline.com/control/KALogoutComponent.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: kb7218152.log c:\program files\agnitum\outpost firewall 1.0\wl_hook.dll c:\progra~1\agnitum\outpos~1.0\wl_hook.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: IvYHxWwbPwrNDH - {D0957B5C-7A3F-D1F6-C97D-E978B1E0C080} - C:\WINDOWS\System32\gqovjk.dll (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe

I need to see the report from SmitFraudFix:

Logs needed in your next post are:

rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed