Hi all,
I have been getting spammed (about 200 p/d) and most have a MAILER DEAMON origin (have not an idea what this means?)
I asked an acquantance for help (he's into computers and helping) and he produced a hijack this log and it had several 017 entries which he checked and fixed but then i could not log onto the internet...(am using broadband with router firewall).
Anyway, he cannot figure it out...so we did a restore to a previous point and everything works (including the spamming!). I've kicked him out of the house.
Please have a look at my log....

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 8:17:24 PM, on 8/13/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
E:\Program Files\Eset\nod32krn.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
E:\WINDOWS\system32\ctfmon.exe
E:\WINDOWS\system32\wscntfy.exe
E:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
E:\WINDOWS\SOUNDMAN.EXE
E:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
E:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
E:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5 a.exe
E:\Program Files\Eset\nod32kui.exe
E:\Program Files\Picasa2\PicasaMediaDetector.exe
E:\Program Files\iTunes\iTunesHelper.exe
E:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe
E:\Program Files\QuickTime\qttask.exe
E:\Program Files\iPod\bin\iPodService.exe
E:\Program Files\Webroot\Spy Sweeper\SSU.EXE
E:\Program Files\Internet Explorer\iexplore.exe
E:\Documents and Settings\tony\Desktop\HiJackThis_v2.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 192.168.1.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: 66.98.148.65 auto.search.msn.com
O1 - Hosts: 66.98.148.65 auto.search.msn.es
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - E:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - E:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SpySweeper] "E:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "E:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [FinePrint Dispatcher v5] "E:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5 a.exe" /source=HKLM
O4 - HKLM\..\Run: [DRam prosessor] plscd.exe
O4 - HKLM\..\Run: [nod32kui] "E:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Picasa Media Detector] "E:\Program Files\Picasa2\PicasaMediaDetector.exe"
O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "E:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] E:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\RunServices: [DRam prosessor] plscd.exe
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON Stylus CX6900F Series] "E:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIB KP.EXE" /FU "E:\WINDOWS\TEMP\E_S5BB.tmp" /EF "HKCU"
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = E:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{417025B8-4EE2-42AE-A811-DD723AC05AA8}: NameServer = 85.255.114.78,85.255.112.101
O17 - HKLM\System\CCS\Services\Tcpip\..\{BCF3E2FC-718A-47CD-8A45-44F9622AD577}: NameServer = 85.255.114.78,85.255.112.101
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.78 85.255.112.101
O17 - HKLM\System\CS1\Services\Tcpip\..\{417025B8-4EE2-42AE-A811-DD723AC05AA8}: NameServer = 85.255.114.78,85.255.112.101
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.114.78 85.255.112.101
O17 - HKLM\System\CS2\Services\Tcpip\..\{417025B8-4EE2-42AE-A811-DD723AC05AA8}: NameServer = 85.255.114.78,85.255.112.101
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.114.78 85.255.112.101
O17 - HKLM\System\CS3\Services\Tcpip\..\{417025B8-4EE2-42AE-A811-DD723AC05AA8}: NameServer = 85.255.114.78,85.255.112.101
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.78 85.255.112.101
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - E:\PROGRA~1\MICROS~1\Office12\GR99D3~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - E:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - E:\WINDOWS\System32\browseui.dll
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - E:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: Google Updater Service (gusvc) - Google - E:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - E:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - E:\Program Files\Eset\nod32krn.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - E:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 6630 bytes

Cheers
Anton(using NODE32 and webroot SPY SWEEPER)

Your friend was on the right track, assuming you are not posting from Ukraine... However, a partial fix is not a good idea... Please do this:

You may want to print out these instructions for reference, since you will need to restart your computer during the fix.

Please download FixWareout from one of these sites:
http://downloads.subratam.org/Fixwareout.exe
http://download.bleepingcomputer.com/lonny/Fixwareout.exe

Save it to your desktop and run it. Click Next, then Install, make sure "Run fixit" is checked and click Finish.
The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.

Once the Desktop loads please post the text that will open (report.txt) and a new Hijackthis log.

and then........

1. Download this file - combofix.exe (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall...

and then...

Reboot and post the logs with a fresh HJT log... Note that this is a serious infection and your data is probably compromised...

Hi Budfred,
Below is the results for ...
1. text from fixwareout (it did say to mention...and that i did have, an internet connection problem and had to add dnsbak.reg to my the registry)

2.new hijack this log

3. Could not run combofix ...just would not accept me initiating it with pressing the number "1".



Username "tony" - 2007-08-14 5:25:28 [Fixwareout edited 2007/07/05]

»»»»»Prerun check
HKLM\SOFTWARE\~\Winlogon\ "System"="kdvxp.exe"

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Tcpip\Parameters
"nameserver"="85.255.114.78 85.255.112.101" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\tcpip\parameters\interfaces\{417025B8-4EE2-42AE-A811-DD723AC05AA8}
"nameserver"="85.255.114.78,85.255.112.101" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\tcpip\parameters\interfaces\{BCF3E2FC-718A-47CD-8A45-44F9622AD577}
"nameserver"="85.255.114.78,85.255.112.101" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\tcpip\parameters\interfaces\{BCF3E2FC-718A-47CD-8A45-44F9622AD577}
"DhcpNameServer"="85.255.114.78,85.255.112.101" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\tcpip\parameters\interfaces\{C8BD953B-F190-470A-9DCA-A95A5A1599B2}
"DhcpNameServer"="85.255.114.78,85.255.112.101" <Value cleared.

Successfully flushed the DNS Resolver Cache.


System was rebooted successfully.

»»»»» Postrun check
HKLM\SOFTWARE\~\Winlogon\ "system"=""
....
....
»»»»» Misc files.
....
»»»»» Checking for older varients.
....

»»»»» Current runs (hklm hkcu "run" Keys Only)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"SpySweeper"="\"E:\\Program Files\\Webroot\\Spy Sweeper\\SpySweeperUI.exe\" /startintray"
"SoundMan"="SOUNDMAN.EXE"
"GrooveMonitor"="\"E:\\Program Files\\Microsoft Office\\Office12\\GrooveMonitor.exe\""
"SunJavaUpdateSched"="\"E:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe\""
"FinePrint Dispatcher v5"="\"E:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\ fpdisp5a.exe\" /source=HKLM"
"DRam prosessor"="plscd.exe"
"nod32kui"="\"E:\\Program Files\\Eset\\nod32kui.exe\" /WAITSERVICE"
"Picasa Media Detector"="\"E:\\Program Files\\Picasa2\\PicasaMediaDetector.exe\""
"iTunesHelper"="\"E:\\Program Files\\iTunes\\iTunesHelper.exe\""
"Adobe Photo Downloader"="\"E:\\Program Files\\Adobe\\Photoshop Elements 5.0\\apdproxy.exe\""
"QuickTime Task"="\"E:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"NeroFilterCheck"="E:\\WINDOWS\\system32\\NeroCheck.exe"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="E:\\WINDOWS\\system32\\ctfmon.exe"
"EPSON Stylus CX6900F Series"="\"E:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\ E_FATIBKP.EXE\" /FU \"E:\\WINDOWS\\TEMP\\E_S5BB.tmp\" /EF \"HKCU\""
....
Hosts file was reset, If you use a custom hosts file please replace it
»»»»» End report »»»»»



Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 05:51, on 2007-08-14
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\Explorer.EXE
E:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
E:\Program Files\Eset\nod32krn.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
E:\WINDOWS\system32\wscntfy.exe
E:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
E:\WINDOWS\SOUNDMAN.EXE
E:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
E:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
E:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5 a.exe
E:\Program Files\Eset\nod32kui.exe
E:\Program Files\iTunes\iTunesHelper.exe
E:\Program Files\QuickTime\qttask.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\iPod\bin\iPodService.exe
E:\Program Files\Webroot\Spy Sweeper\SSU.EXE
E:\Mozilla Firefox\firefox.exe
E:\Documents and Settings\tony\Desktop\HiJackThis_v2.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 192.168.1.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - E:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - E:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SpySweeper] "E:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "E:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [FinePrint Dispatcher v5] "E:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5 a.exe" /source=HKLM
O4 - HKLM\..\Run: [DRam prosessor] plscd.exe
O4 - HKLM\..\Run: [nod32kui] "E:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Picasa Media Detector] "E:\Program Files\Picasa2\PicasaMediaDetector.exe"
O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "E:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] E:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\RunServices: [DRam prosessor] plscd.exe
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON Stylus CX6900F Series] "E:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIB KP.EXE" /FU "E:\WINDOWS\TEMP\E_S5BB.tmp" /EF "HKCU"
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = E:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - [url]http://support.f-secure.com/ols/fscax.cab[/url]
O17 - HKLM\System\CCS\Services\Tcpip\..\{417025B8-4EE2-42AE-A811-DD723AC05AA8}: NameServer = 85.255.114.78,85.255.112.101
O17 - HKLM\System\CCS\Services\Tcpip\..\{BCF3E2FC-718A-47CD-8A45-44F9622AD577}: NameServer = 85.255.114.78,85.255.112.101
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.78 85.255.112.101
O17 - HKLM\System\CS1\Services\Tcpip\..\{417025B8-4EE2-42AE-A811-DD723AC05AA8}: NameServer = 85.255.114.78,85.255.112.101
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.114.78 85.255.112.101
O17 - HKLM\System\CS2\Services\Tcpip\..\{417025B8-4EE2-42AE-A811-DD723AC05AA8}: NameServer = 85.255.114.78,85.255.112.101
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.78 85.255.112.101
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - E:\PROGRA~1\MICROS~1\Office12\GR99D3~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - E:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - E:\WINDOWS\System32\browseui.dll
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - E:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: Google Updater Service (gusvc) - Google - E:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - E:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - E:\Program Files\Eset\nod32krn.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - E:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 6318 bytes

cheers
Anton

Hi Budfred,
I ran combofix in safe mode and it worked, here's the log...


ComboFix 07-08-09.3 - "Administrator" 2007-08-14 6:08:42.1 - NTFSx86 MINIMAL
CScript Error: Can't find script engine "VBScript" for script "E:\ComboFix\osid.vbs".
CScript Error: Can't find script engine "VBScript" for script "E:\ComboFix\restore_pt.vbs".


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


E:\WINDOWS\system32\_003576_.tmp.dll
E:\WINDOWS\system32\_003729_.tmp.dll
E:\WINDOWS\system32\_003730_.tmp.dll
E:\WINDOWS\system32\_003731_.tmp.dll
E:\WINDOWS\system32\_003732_.tmp.dll


((((((((((((((((((((((((( Files Created from 2007-07-14 to 2007-08-14 )))))))))))))))))))))))))))))))


2007-08-14 06:06 524,288 --ah----- E:\DOCUME~1\ADMINI~1\NTUSER.DAT
2007-08-14 05:40 51,200 --a------ E:\WINDOWS\nircmd.exe
2007-08-14 05:25 6,804 --a------ E:\dnsbak.reg
2007-08-11 21:11 3,985,408 --a------ E:\DOCUME~1\tony\ntuser.dat
2007-08-09 16:29 <DIR> d-------- E:\Program Files\AviSynth 2.5
2007-08-09 16:28 <DIR> d-------- E:\Program Files\Avi2Dvd
2007-08-09 09:05 5,504 --------- E:\WINDOWS\system32\drivers\imagedrv.sys
2007-08-09 09:05 476,320 --------- E:\WINDOWS\system32\ImagXpr7.dll
2007-08-09 09:05 471,040 --------- E:\WINDOWS\system32\ImagXRA7.dll
2007-08-09 09:05 262,144 --------- E:\WINDOWS\system32\ImagXR7.dll
2007-08-09 09:05 155,648 --a------ E:\WINDOWS\system32\NeroCheck.exe
2007-08-09 09:05 125,184 --------- E:\WINDOWS\system32\drivers\imagesrv.sys
2007-08-09 09:05 106,496 --a------ E:\WINDOWS\system32\TwnLib20.dll
2007-08-09 09:05 1,568,768 --------- E:\WINDOWS\system32\ImagX7.dll
2007-08-09 09:05 <DIR> d-------- E:\Program Files\Common Files\Ahead
2007-08-09 09:05 <DIR> d-------- E:\Program Files\Ahead
2007-08-03 09:10 <DIR> d-------- E:\Program Files\dvdSanta
2007-07-27 11:10 <DIR> d-------- E:\Program Files\7-Zip
2007-07-23 18:05 <DIR> d-------- E:\Program Files\QuickTime
2007-07-20 20:43 <DIR> d-------- E:\DOCUME~1\ALLUSE~1\APPLIC~1\espionServerData
2007-07-20 20:41 <DIR> d-------- E:\DOCUME~1\tony\APPLIC~1\Opera
2007-07-20 18:51 109,568 --------- E:\WINDOWS\system32\pxinsi64.exe
2007-07-20 18:51 108,544 --------- E:\WINDOWS\system32\pxcpyi64.exe


(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))

2007-08-12 15:40 664 --a------ E:\WINDOWS\system32\d3d9caps.dat
2007-08-03 11:30 --------- d-------- E:\Program Files\DVD Shrink
2007-07-13 23:29 --------- d-------- E:\Program Files\Smart Projects
2007-07-10 20:36 --------- d-------- E:\Program Files\Microsoft SQL Server
2007-07-10 20:35 --------- d-------- E:\Program Files\VstPlugins
2007-07-10 20:34 --------- d-------- E:\Program Files\Sony
2007-07-10 20:19 --------- d-------- E:\Program Files\Sony Setup
2007-07-04 21:04 --------- d-------- E:\Program Files\DVD Flick
2007-07-04 19:11 --------- d-------- E:\Program Files\Cucusoft
2007-06-25 20:41 359808 --a--c--- E:\WINDOWS\system32\dllcache\TCPIP.SYS
2007-06-25 20:41 359808 --a------ E:\WINDOWS\system32\drivers\TCPIP.SYS.ORIGINAL
2007-06-25 20:41 359808 --a------ E:\WINDOWS\system32\drivers\TCPIP.SYS
2007-06-25 00:05 --------- d-------- E:\Program Files\iTunes
2007-06-25 00:05 --------- d-------- E:\Program Files\iPod
2007-06-25 00:04 --------- d-------- E:\Program Files\Apple Software Update
2007-06-21 08:26 --------- d--h----- E:\Program Files\InstallShield Installation Information
2007-06-21 08:25 --------- d-------- E:\Program Files\Common Files\InstallShield
2007-06-21 08:24 --------- d-------- E:\Program Files\epson
2007-06-19 16:05 --------- d-------- E:\Program Files\VLC
2007-05-17 08:30 318976 --a------ E:\WINDOWS\system32\avisynth.dll
2007-05-16 08:12 86528 -----c--- E:\WINDOWS\system32\dllcache\directdb.dll
2007-05-16 08:12 85504 -----c--- E:\WINDOWS\system32\dllcache\wabimp.dll
2007-05-16 08:12 683520 --a------ E:\WINDOWS\system32\inetcomm.dll
2007-05-16 08:12 683520 -----c--- E:\WINDOWS\system32\dllcache\inetcomm.dll
2007-05-16 08:12 510976 -----c--- E:\WINDOWS\system32\dllcache\wab32.dll
2007-05-16 08:12 1314816 -----c--- E:\WINDOWS\system32\dllcache\msoe.dll
2006-11-30 08:46 70064 --a------ E:\Program Files\filter.log.idx
2006-11-30 08:46 2713005 --a------ E:\Program Files\filter.log
2006-11-19 20:57 837616 --a------ E:\Program Files\Belarcadvisor.exe


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"SpySweeper"="E:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2006-11-01 18:17]
"SoundMan"="SOUNDMAN.EXE" [2005-10-23 23:45 E:\WINDOWS\soundman.exe]
"GrooveMonitor"="E:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 01:47]
"SunJavaUpdateSched"="E:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"FinePrint Dispatcher v5"="E:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5 a.exe" [2006-12-08 23:10]
"DRam prosessor"="plscd.exe" []
"nod32kui"="E:\Program Files\Eset\nod32kui.exe" [2007-03-14 14:13]
"Picasa Media Detector"="E:\Program Files\Picasa2\PicasaMediaDetector.exe" [2006-12-11 17:36]
"iTunesHelper"="E:\Program Files\iTunes\iTunesHelper.exe" [2007-06-01 16:51]
"Adobe Photo Downloader"="E:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe" [2006-12-22 07:29]
"QuickTime Task"="E:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54]
"NeroFilterCheck"="E:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="E:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56]
"EPSON Stylus CX6900F Series"="E:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIB KP.exe" [2006-05-21 21:00]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\runservices]
"DRam prosessor"=plscd.exe

[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\lsa]
"Notification Packages"= :\WINDOWS\syste

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\E:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=E:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=E:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\E:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=E:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=E:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eraser]
"E:\Program Files\Eraser\eraser.exe" -hide


Contents of the 'Scheduled Tasks' folder
2007-08-11 00:31:00 E:\WINDOWS\Tasks\AppleSoftwareUpdate.job

************************************************** ************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [url]http://www.gmer.net[/url]
Rootkit scan 2007-08-14 06:10:52
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************

Completion time: 2007-08-14 6:12:07 - machine was rebooted
E:\ComboFix-quarantined-files.txt ... 2007-08-14 06:12

--- E O F ---

thanks for your patience
Anton

Please post a fresh HJT log from after running ComboFix... However, run this first to see if it picks up some more... Start with ATF so that the log is reduced...

http://www.atribune.org/ccount/click.php?id=1

* Double-click ATF-Cleaner.exe to run the program.
* Under Main choose: Select All
* Click the Empty Selected button.

If you use Firefox browser

* Click Firefox at the top and choose:Select All
* Click the Empty Selected button.
* NOTE: If you would like to keep your saved passwords, please click
* No at the prompt.

If you use Opera browser

* Click Opera at the top and choose: Select All
* Click the Empty Selected button.
* NOTE:If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

and then..............

Download AVG Anti-Spyware from HERE (http://www.ewido.net/en/download/)
Install AVG Anti-Spyware
Double-click the icon on Desktop to launch AVG Anti-Spyware
You will need to update AVG Anti-Spyware to the latest definition files.
On the top of the main screen click Shield and then [active] to change it to inactive
On the top of the main screen click Update and then Start Update.
Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
Once in the Settings screen click on "Recommended actions" and then select "Quarantine".


Close ALL open Windows / Programs / Folders. Run AVG Anti-Spyware with it's updated definitions: (...it's important that all windows must be closed)

* Click Scanner and then the Scan tab
* Click Complete System Scan to begin scanning.

Once the scan is complete do the following:
* If you have any infections you will prompted, then select "Apply all actions"
* Once finished, click the Save report button, then click Save Report As and save it to your Desktop. (make sure to remember where you saved that file, this is important).

Close AVG Anti-Spyware and Reboot.

Post the AVG AS and HJT logs in your next posts...

HI Budfred,
While i was waiting, i ran online bitdefender and it stalled, however it did find at least 5 trojans (of the type trojan.peed.a (and .b) and generic.trojan.phish) it did try to disinfect them but i'm not sure if it did. It found them in my thunderbird profiles. Would these be involved in the spamming action?

Anyway, i'll run AVG now.

cheers
Anton

Hi Budfred,

here is my hijack log..
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 1:10:00 PM, on 8/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\Explorer.EXE
E:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
E:\Program Files\Eset\nod32krn.exe
E:\WINDOWS\SOUNDMAN.EXE
E:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
E:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
E:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5 a.exe
E:\Program Files\iTunes\iTunesHelper.exe
E:\Program Files\QuickTime\qttask.exe
E:\WINDOWS\system32\ctfmon.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\iPod\bin\iPodService.exe
E:\WINDOWS\system32\wscntfy.exe
E:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
E:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
E:\Program Files\Webroot\Spy Sweeper\SSU.EXE
E:\Mozilla Firefox\firefox.exe
E:\Documents and Settings\tony\Desktop\HiJackThis_v2.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 192.168.1.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - E:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - E:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SpySweeper] "E:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "E:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [FinePrint Dispatcher v5] "E:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5 a.exe" /source=HKLM
O4 - HKLM\..\Run: [DRam prosessor] plscd.exe
O4 - HKLM\..\Run: [nod32kui] "E:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Picasa Media Detector] "E:\Program Files\Picasa2\PicasaMediaDetector.exe"
O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "E:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] E:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\RunServices: [DRam prosessor] plscd.exe
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON Stylus CX6900F Series] "E:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIB KP.EXE" /FU "E:\WINDOWS\TEMP\E_S5BB.tmp" /EF "HKCU"
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = E:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - [url]http://support.f-secure.com/ols/fscax.cab[/url]
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - [url]http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab[/url]
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - [url]http://downloads.ewido.net/ewidoOnlineScan.cab[/url]
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - [url]http://download.bitdefender.com/resources/scan8/oscan8.cab[/url]
O17 - HKLM\System\CCS\Services\Tcpip\..\{417025B8-4EE2-42AE-A811-DD723AC05AA8}: NameServer = 85.255.114.78,85.255.112.101
O17 - HKLM\System\CCS\Services\Tcpip\..\{BCF3E2FC-718A-47CD-8A45-44F9622AD577}: NameServer = 85.255.114.78,85.255.112.101
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.78 85.255.112.101
O17 - HKLM\System\CS1\Services\Tcpip\..\{417025B8-4EE2-42AE-A811-DD723AC05AA8}: NameServer = 85.255.114.78,85.255.112.101
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.114.78 85.255.112.101
O17 - HKLM\System\CS2\Services\Tcpip\..\{417025B8-4EE2-42AE-A811-DD723AC05AA8}: NameServer = 85.255.114.78,85.255.112.101
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.114.78 85.255.112.101
O17 - HKLM\System\CS3\Services\Tcpip\..\{417025B8-4EE2-42AE-A811-DD723AC05AA8}: NameServer = 85.255.114.78,85.255.112.101
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.78 85.255.112.101
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - E:\PROGRA~1\MICROS~1\Office12\GR99D3~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - E:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - E:\WINDOWS\System32\browseui.dll
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - E:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - E:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - E:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - E:\Program Files\Eset\nod32krn.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - E:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 7508 bytes

and the AVG report (found 1 adware and the rest cookies)....is hosted online here...
[url]http://www.sharebigfile.com/file/204140/avg-report-scan-txt.html[/url]

cheers
Anton

Did you run the HJT log before or after the AVG AS log?? I don't go to other sites or download things to look at logs, so please just remove the cookie entries and post the remainder here...

Open a HJT scan and put checks by:

O4 - HKLM\..\Run: [DRam prosessor] plscd.exe
O4 - HKLM\..\RunServices: [DRam prosessor] plscd.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{417025B8-4EE2-42AE-A811-DD723AC05AA8}: NameServer = 85.255.114.78,85.255.112.101
O17 - HKLM\System\CCS\Services\Tcpip\..\{BCF3E2FC-718A-47CD-8A45-44F9622AD577}: NameServer = 85.255.114.78,85.255.112.101
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.78 85.255.112.101
O17 - HKLM\System\CS1\Services\Tcpip\..\{417025B8-4EE2-42AE-A811-DD723AC05AA8}: NameServer = 85.255.114.78,85.255.112.101
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.114.78 85.255.112.101
O17 - HKLM\System\CS2\Services\Tcpip\..\{417025B8-4EE2-42AE-A811-DD723AC05AA8}: NameServer = 85.255.114.78,85.255.112.101
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.114.78 85.255.112.101
O17 - HKLM\System\CS3\Services\Tcpip\..\{417025B8-4EE2-42AE-A811-DD723AC05AA8}: NameServer = 85.255.114.78,85.255.112.101
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.78 85.255.112.101

Close all open windows except HJT and press Fix checked...

Find and delete this file:

plscd.exe

You will need to use Windows Search and use the advanced options to dig into hidden/system files... Delete all instances that you find...

It looks like you have at least one and possibly 2 or 3 resident anti-spyware protection programs... Please turn them all off for now and run only one at a time when we are done since they will conflict and weaken each other...

And yes, these infections are used to SPAM and attack other computers with DDoS, so they will use your email programs and they essentially own you... When this is cleaned up, you will need to contact any business that you have account numbers with to change them and alert them to possible abuse... You will also need to change all of your passwords... Do not do that yet since they will just get the new info until you are clean...

Please reboot and post the AVG AS log and a fresh HJT log...

Hi Budfred,
Below are logs for HJT and AVG after a reboot. A search could not find any file with plscd.
Also, as happened before (when i fixed the 017 entries) my pc could not connect to the internet, so i added dnsbak.reg to the registry and
was able to connect.

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 3:49:32 PM, on 8/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\Explorer.EXE
E:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
E:\WINDOWS\SOUNDMAN.EXE
E:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
E:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
E:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
E:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5 a.exe
E:\Program Files\Eset\nod32kui.exe
E:\Program Files\Picasa2\PicasaMediaDetector.exe
E:\Program Files\iTunes\iTunesHelper.exe
E:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe
E:\Program Files\QuickTime\qttask.exe
E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
E:\Program Files\Eset\nod32krn.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
E:\Program Files\iPod\bin\iPodService.exe
E:\Program Files\Webroot\Spy Sweeper\SSU.EXE
E:\WINDOWS\system32\wuauclt.exe
E:\WINDOWS\system32\wscntfy.exe
E:\Documents and Settings\tony\Desktop\HiJackThis_v2.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 192.168.1.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - E:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - E:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SpySweeper] "E:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "E:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [FinePrint Dispatcher v5] "E:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5 a.exe" /source=HKLM
O4 - HKLM\..\Run: [nod32kui] "E:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Picasa Media Detector] "E:\Program Files\Picasa2\PicasaMediaDetector.exe"
O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "E:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] E:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON Stylus CX6900F Series] "E:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIB KP.EXE" /FU "E:\WINDOWS\TEMP\E_S5BB.tmp" /EF "HKCU"
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = E:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - [url]http://support.f-secure.com/ols/fscax.cab[/url]
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - [url]http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab[/url]
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - [url]http://downloads.ewido.net/ewidoOnlineScan.cab[/url]
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - [url]http://download.bitdefender.com/resources/scan8/oscan8.cab[/url]
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - [url]http://ax.emsisoft.com/asquared.cab[/url]
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - E:\PROGRA~1\MICROS~1\Office12\GR99D3~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - E:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - E:\WINDOWS\System32\browseui.dll
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - E:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - E:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - E:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - E:\Program Files\Eset\nod32krn.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - E:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
--
End of file - 6681 bytes



AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 1:04:13 PM 8/14/2007

+ Scan result:



HKLM\SYSTEM\CurrentControlSet\Control\DeviceClasse s\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#STORAGE#VOLUME#1&3735C57B&0&LDM#{8DC1E904-EC67-4C9F-9003-0241F817DE95}#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\DeviceInstance -> Adware.NetworkEssentials : Cleaned with backup (quarantined).
:mozilla.10:E:\Documents and Settings\tony\Application Data\Mozilla\Firefox\Profiles\r54fqmfk.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.11:E:\Documents and Settings\tony\Application Data\Mozilla\Firefox\Profiles\r54fqmfk.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.12:E:\Documents and Settings\tony\Application Data\Mozilla\Firefox\Profiles\r54fqmfk.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.13:E:\Documents and Settings\tony\Application Data\Mozilla\Firefox\Profiles\r54fqmfk.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.14:E:\Documents and Settings\tony\Application Data\Mozilla\Firefox\Profiles\r54fqmfk.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.15:E:\Documents and Settings\tony\Application Data\Mozilla\Firefox\Profiles\r54fqmfk.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.16:E:\Documents and Settings\tony\Application Data\Mozilla\Firefox\Profiles\r54fqmfk.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.17:E:\Documents and Settings\tony\Application Data\Mozilla\Firefox\Profiles\r54fqmfk.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.18:E:\Documents and Settings\tony\Application Data\Mozilla\Firefox\Profiles\r54fqmfk.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.19:E:\Documents and Settings\tony\Application Data\Mozilla\Firefox\Profiles\r54fqmfk.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.20:E:\Documents and Settings\tony\Application Data\Mozilla\Firefox\Profiles\r54fqmfk.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.21:E:\Documents and Settings\tony\Application Data\Mozilla\Firefox\Profiles\r54fqmfk.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.22:E:\Documents and Settings\tony\Application Data\Mozilla\Firefox\Profiles\r54fqmfk.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.23:E:\Documents and Settings\tony\Application Data\Mozilla\Firefox\Profiles\r54fqmfk.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.24:E:\Documents and Settings\tony\Application Data\Mozilla\Firefox\Profiles\r54fqmfk.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.

::Report end

thanks for your assist
Anton

continue...

:mozilla.26:E:\Documents and Settings\tony\Application Data\Mozilla\Firefox\Profiles\r54fqmfk.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.27:E:\Documents and Settings\tony\Application Data\Mozilla\Firefox\Profiles\r54fqmfk.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.28:E:\Documents and Settings\tony\Application Data\Mozilla\Firefox\Profiles\r54fqmfk.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.29:E:\Documents and Settings\tony\Application Data\Mozilla\Firefox\Profiles\r54fqmfk.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.30:E:\Documents and Settings\tony\Application Data\Mozilla\Firefox\Profiles\r54fqmfk.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.31:E:\Documents and Settings\tony\Application Data\Mozilla\Firefox\Profiles\r54fqmfk.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.32:E:\Documents and Settings\tony\Application Data\Mozilla\Firefox\Profiles\r54fqmfk.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.33:E:\Documents and Settings\tony\Application Data\Mozilla\Firefox\Profiles\r54fqmfk.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.348:E:\Documents and Settings\tony\Application Data\Mozilla\Firefox\Profiles\r54fqmfk.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.34:E:\Documents and Settings\tony\Application Data\Mozilla\Firefox\Profiles\r54fqmfk.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.35:E:\Documents and Settings\tony\Application Data\Mozilla\Firefox\Profiles\r54fqmfk.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.36:E:\Documents and Settings\tony\Application Data\Mozilla\Firefox\Profiles\r54fqmfk.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.37:E:\Documents and Settings\tony\Application Data\Mozilla\Firefox\Profiles\r54fqmfk.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.38:E:\Documents and Settings\tony\Application Data\Mozilla\Firefox\Profiles\r54fqmfk.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.41:E:\Documents and Settings\tony\Application Data\Mozilla\Firefox\Profiles\r54fqmfk.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.42:E:\Documents and Settings\tony\Application Data\Mozilla\Firefox\Profiles\r54fqmfk.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.43:E:\Documents and Settings\tony\Application Data\Mozilla\Firefox\Profiles\r54fqmfk.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.44:E:\Documents and Settings\tony\Application Data\Mozilla\Firefox\Profiles\r54fqmfk.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.45:E:\Documents and Settings\tony\Application Data\Mozilla\Firefox\Profiles\r54fqmfk.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.46:E:\Documents and Settings\tony\Application Data\Mozilla\Firefox\Profiles\r54fqmfk.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.47:E:\Documents and Settings\tony\Application Data\Mozilla\Firefox\Profiles\r54fqmfk.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.48:E:\Documents and Settings\tony\Application Data\Mozilla\Firefox\Profiles\r54fqmfk.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.49:E:\Documents and Settings\tony\Application Data\Mozilla\Firefox\Profiles\r54fqmfk.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.50:E:\Documents and Settings\tony\Application Data\Mozilla\Firefox\Profiles\r54fqmfk.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.51:E:\Documents and Settings\tony\Application Data\Mozilla\Firefox\Profiles\r54fqmfk.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.52:E:\Documents and Settings\tony\Application Data\Mozilla\Firefox\Profiles\r54fqmfk.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.53:E:\Documents and Settings\tony\Application Data\Mozilla\Firefox\Profiles\r54fqmfk.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.54:E:\Documents and Settings\tony\Application Data\Mozilla\Firefox\Profiles\r54fqmfk.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.55:E:\Documents and Settings\tony\Application Data\Mozilla\Firefox\Profiles\r54fqmfk.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.56:E:\Documents and Settings\tony\Application Data\Mozilla\Firefox\Profiles\r54fqmfk.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.57:E:\Documents and Settings\tony\Application Data\Mozilla\Firefox\Profiles\r54fqmfk.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.58:E:\Documents and Settings\tony\Application Data\Mozilla\Firefox\Profiles\r54fqmfk.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.651:E:\Documents and Settings\tony\Application Data\Mozilla\Firefox\Profiles\r54fqmfk.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.693:E:\Documents and Settings\tony\Application Data\Mozilla\Firefox\Profiles\r54fqmfk.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.6:E:\Documents and Settings\tony\Application Data\Mozilla\Firefox\Profiles\r54fqmfk.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.704:E:\Documents and Settings\tony\Application Data\Mozilla\Firefox\Profiles\r54fqmfk.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.736:E:\Documents and Settings\tony\Application Data\Mozilla\Firefox\Profiles\r54fqmfk.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.7:E:\Documents and Settings\tony\Application Data\Mozilla\Firefox\Profiles\r54fqmfk.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.819:E:\Documents and Settings\tony\Application Data\Mozilla\Firefox\Profiles\r54fqmfk.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.8:E:\Documents and Settings\tony\Application Data\Mozilla\Firefox\Profiles\r54fqmfk.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.9:E:\Documents and Settings\tony\Application Data\Mozilla\Firefox\Profiles\r54fqmfk.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
E:\Documents and Settings\tony\Cookies\tony@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.416:E:\Documents and Settings\tony\Application Data\Mozilla\Firefox\Profiles\r54fqmfk.default\coo kies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.417:E:\Documents and Settings\tony\Application Data\Mozilla\Firefox\Profiles\r54fqmfk.default\coo kies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.418:E:\Documents and Settings\tony\Application Data\Mozilla\Firefox\Profiles\r54fqmfk.default\coo kies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.419:E:\Documents and Settings\tony\Application Data\Mozilla\Firefox\Profiles\r54fqmfk.default\coo kies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.423:E:\Documents and Settings\tony\Application Data\Mozilla\Firefox\Profiles\r54fqmfk.default\coo kies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.873:E:\Documents and Settings\tony\Application Data\Mozilla\Firefox\Profiles\r54fqmfk.default\coo kies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.874:E:\Documents and Settings\tony\Application Data\Mozilla\Firefox\Profiles\r54fqmfk.default\coo kies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.875:E:\Documents and Settings\tony\Application Data\Mozilla\Firefox\Profiles\r54fqmfk.default\coo kies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.876:E:\Documents and Settings\tony\Application Data\Mozilla\Firefox\Profiles\r54fqmfk.default\coo kies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.877:E:\Documents and Settings\tony\Application Data\Mozilla\Firefox\Profiles\r54fqmfk.default\coo kies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.106:E:\Documents and Settings\tony\Application Data\Mozilla\Firefox\Profiles\r54fqmfk.default\coo kies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.107:E:\Documents and Settings\tony\Application Data\Mozilla\Firefox\Profiles\r54fqmfk.default\coo kies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.248:E:\Documents and Settings\tony\Application Data\Mozilla\Firefox\Profiles\r54fqmfk.default\coo kies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.249:E:\Documents and Settings\tony\Application Data\Mozilla\Firefox\Profiles\r54fqmfk.default\coo kies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.250:E:\Documents and Settings\tony\Application Data\Mozilla\Firefox\Profiles\r54fqmfk.default\coo kies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.251:E:\Documents and Settings\tony\Application Data\Mozilla\Firefox\Profiles\r54fqmfk.default\coo kies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.252:E:\Documents and Settings\tony\Application Data\Mozilla\Firefox\Profiles\r54fqmfk.default\coo kies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.108:E:\Documents and Settings\tony\Application Data\Mozilla\Firefox\Profiles\r54fqmfk.default\coo kies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.712:E:\Documents and Settings\tony\Application Data\Mozilla\Firefox\Profiles\r54fqmfk.default\coo kies.txt -> TrackingCookie.Bluestreak : Cleaned.
:mozilla.475:E:\Documents and Settings\tony\Application Data\Mozilla\Firefox\Profiles\r54fqmfk.default\coo kies.txt -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.287:E:\Documents and Settings\tony\Application Data\Mozilla\Firefox\Profiles\r54fqmfk.default\coo kies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.288:E:\Documents and Settings\tony\Application Data\Mozilla\Firefox\Profiles\r54fqmfk.default\coo kies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.289:E:\Documents and Settings\tony\Application Data\Mozilla\Firefox\Profiles\r54fqmfk.default\coo kies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.469:E:\Documents and Settings\tony\Application Data\Mozilla\Firefox\Profiles\r54fqmfk.default\coo kies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.470:E:\Documents and Settings\tony\Application Data\Mozilla\Firefox\Profiles\r54fqmfk.default\coo kies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.471:E:\Documents and Settings\tony\Application Data\Mozilla\Firefox\Profiles\r54fqmfk.default\coo kies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.472:E:\Documents and Settings\tony\Application Data\Mozilla\Firefox\Profiles\r54fqmfk.default\coo kies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.473:E:\Documents and Settings\tony\Application Data\Mozilla\Firefox\Profiles\r54fqmfk.default\coo kies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.474:E:\Documents and Settings\tony\Application Data\Mozilla\Firefox\Profiles\r54fqmfk.default\coo kies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.420:E:\Documents and Settings\tony\Application Data\Mozilla\Firefox\Profiles\r54fqmfk.default\coo kies.txt -> TrackingCookie.Clickhype : Cleaned.
:mozilla.421:E:\Documents and Settings\tony\Application Data\Mozilla\Firefox\Profiles\r54fqmfk.default\coo kies.txt -> TrackingCookie.Clickhype : Cleaned.

:mozilla.422:E:\Documents and Settings\tony\Application Data\Mozilla\Firefox\Profiles\r54fqmfk.default\coo kies.txt -> TrackingCookie.Clickhype : Cleaned.
:mozilla.817:E:\Documents and Settings\tony\Application Data\Mozilla\Firefox\Profiles\r54fqmfk.default\coo kies.txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.818:E:\Documents and Settings\tony\Application Data\Mozilla\Firefox\Profiles\r54fqmfk.default\coo kies.txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.321:E:\Documents and Settings\tony\Application Data\Mozilla\Firefox\Profiles\r54fqmfk.default\coo kies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.176:E:\Documents and Settings\tony\Application Data\Mozilla\Firefox\Profiles\r54fqmfk.default\coo kies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.59:E:\Documents and Settings\tony\Application Data\Mozilla\Firefox\Profiles\r54fqmfk.default\coo kies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.60:E:\Documents and Settings\tony\Application Data\Mozilla\Firefox\Profiles\r54fqmfk.default\coo kies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.393:E:\Documents and Settings\tony\Application Data\Mozilla\Firefox\Profiles\r54fqmfk.default\coo kies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.394:E:\Documents and Settings\tony\Application Data\Mozilla\Firefox\Profiles\r54fqmfk.default\coo kies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.395:E:\Documents and Settings\tony\Application Data\Mozilla\Firefox\Profiles\r54fqmfk.default\coo kies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.396:E:\Documents and Settings\tony\Application Data\Mozilla\Firefox\Profiles\r54fqmfk.default\coo kies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.397:E:\Documents and Settings\tony\Application Data\Mozilla\Firefox\Profiles\r54fqmfk.default\coo kies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.398:E:\Documents and Settings\tony\Application Data\Mozilla\Firefox\Profiles\r54fqmfk.default\coo kies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.431:E:\Documents and Settings\tony\Application Data\Mozilla\Firefox\Profiles\r54fqmfk.default\coo kies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.267:E:\Documents and Settings\tony\Application Data\Mozilla\Firefox\Profiles\r54fqmfk.default\coo kies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.268:E:\Documents and Settings\tony\Application Data\Mozilla\Firefox\Profiles\r54fqmfk.default\coo kies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.269:E:\Documents and Settings\tony\Application Data\Mozilla\Firefox\Profiles\r54fqmfk.default\coo kies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.270:E:\Documents and Settings\tony\Application Data\Mozilla\Firefox\Profiles\r54fqmfk.default\coo kies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.271:E:\Documents and Settings\tony\Application Data\Mozilla\Firefox\Profiles\r54fqmfk.default\coo kies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.272:E:\Documents and Settings\tony\Application Data\Mozilla\Firefox\Profiles\r54fqmfk.default\coo kies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.273:E:\Documents and Settings\tony\Application Data\Mozilla\Firefox\Profiles\r54fqmfk.default\coo kies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.274:E:\Documents and Settings\tony\Application Data\Mozilla\Firefox\Profiles\r54fqmfk.default\coo kies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.275:E:\Documents and Settings\tony\Application Data\Mozilla\Firefox\Profiles\r54fqmfk.default\coo kies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.276:E:\Documents and Settings\tony\Application Data\Mozilla\Firefox\Profiles\r54fqmfk.default\coo kies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.296:E:\Documents and Settings\tony\Application Data\Mozilla\Firefox\Profiles\r54fqmfk.default\coo kies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.120:E:\Documents and Settings\tony\Application Data\Mozilla\Firefox\Profiles\r54fqmfk.default\coo kies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.683:E:\Documents and Settings\tony\Application Data\Mozilla\Firefox\Profiles\r54fqmfk.default\coo kies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.386:E:\Documents and Settings\tony\Application Data\Mozilla\Firefox\Profiles\r54fqmfk.default\coo kies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.387:E:\Documents and Settings\tony\Application Data\Mozilla\Firefox\Profiles\r54fqmfk.default\coo kies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.388:E:\Documents and Settings\tony\Application Data\Mozilla\Firefox\Profiles\r54fqmfk.default\coo kies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.461:E:\Documents and Settings\tony\Application Data\Mozilla\Firefox\Profiles\r54fqmfk.default\coo kies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.737:E:\Documents and Settings\tony\Application Data\Mozilla\Firefox\Profiles\r54fqmfk.default\coo kies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.738:E:\Documents and Settings\tony\Application Data\Mozilla\Firefox\Profiles\r54fqmfk.default\coo kies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.739:E:\Documents and Settings\tony\Application Data\Mozilla\Firefox\Profiles\r54fqmfk.default\coo kies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.740:E:\Documents and Settings\tony\Application Data\Mozilla\Firefox\Profiles\r54fqmfk.default\coo kies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.741:E:\Documents and Settings\tony\Application Data\Mozilla\Firefox\Profiles\r54fqmfk.default\coo kies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.742:E:\Documents and Settings\tony\Application Data\Mozilla\Firefox\Profiles\r54fqmfk.default\coo kies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.743:E:\Documents and Settings\tony\Application Data\Mozilla\Firefox\Profiles\r54fqmfk.default\coo kies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.809:E:\Documents and Settings\tony\Application Data\Mozilla\Firefox\Profiles\r54fqmfk.default\coo kies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.883:E:\Documents and Settings\tony\Application Data\Mozilla\Firefox\Profiles\r54fqmfk.default\coo kies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.39:E:\Documents and Settings\tony\Application Data\Mozilla\Firefox\Profiles\r54fqmfk.default\coo kies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.40:E:\Documents and Settings\tony\Application Data\Mozilla\Firefox\Profiles\r54fqmfk.default\coo kies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.389:E:\Documents and Settings\tony\Application Data\Mozilla\Firefox\Profiles\r54fqmfk.default\coo kies.txt -> TrackingCookie.Intelli-direct : Cleaned.
:mozilla.529:E:\Documents and Settings\tony\Application Data\Mozilla\Firefox\Profiles\r54fqmfk.default\coo kies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.83:E:\Documents and Settings\tony\Application Data\Mozilla\Firefox\Profiles\r54fqmfk.default\coo kies.txt -> TrackingCookie.Netflame : Cleaned.
:mozilla.84:E:\Documents and Settings\tony\Application Data\Mozilla\Firefox\Profiles\r54fqmfk.default\coo kies.txt -> TrackingCookie.Netflame : Cleaned.
:mozilla.85:E:\Documents and Settings\tony\Application Data\Mozilla\Firefox\Profiles\r54fqmfk.default\coo kies.txt -> TrackingCookie.Netflame : Cleaned.
:mozilla.86:E:\Documents and Settings\tony\Application Data\Mozilla\Firefox\Profiles\r54fqmfk.default\coo kies.txt -> TrackingCookie.Netflame : Cleaned.
:mozilla.663:E:\Documents and Settings\tony\Application Data\Mozilla\Firefox\Profiles\r54fqmfk.default\coo kies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.664:E:\Documents and Settings\tony\Application Data\Mozilla\Firefox\Profiles\r54fqmfk.default\coo kies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.144:E:\Documents and Settings\tony\Application Data\Mozilla\Firefox\Profiles\r54fqmfk.default\coo kies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.145:E:\Documents and Settings\tony\Application Data\Mozilla\Firefox\Profiles\r54fqmfk.default\coo kies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.146:E:\Documents and Settings\tony\Application Data\Mozilla\Firefox\Profiles\r54fqmfk.default\coo kies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.138:E:\Documents and Settings\tony\Application Data\Mozilla\Firefox\Profiles\r54fqmfk.default\coo kies.txt -> TrackingCookie.Paypal : Cleaned.
:mozilla.166:E:\Documents and Settings\tony\Application Data\Mozilla\Firefox\Profiles\r54fqmfk.default\coo kies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.170:E:\Documents and Settings\tony\Application Data\Mozilla\Firefox\Profiles\r54fqmfk.default\coo kies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.173:E:\Documents and Settings\tony\Application Data\Mozilla\Firefox\Profiles\r54fqmfk.default\coo kies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.714:E:\Documents and Settings\tony\Application Data\Mozilla\Firefox\Profiles\r54fqmfk.default\coo kies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.363:E:\Documents and Settings\tony\Application Data\Mozilla\Firefox\Profiles\r54fqmfk.default\coo kies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.364:E:\Documents and Settings\tony\Application Data\Mozilla\Firefox\Profiles\r54fqmfk.default\coo kies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.365:E:\Documents and Settings\tony\Application Data\Mozilla\Firefox\Profiles\r54fqmfk.default\coo kies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.366:E:\Documents and Settings\tony\Application Data\Mozilla\Firefox\Profiles\r54fqmfk.default\coo kies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.367:E:\Documents and Settings\tony\Application Data\Mozilla\Firefox\Profiles\r54fqmfk.default\coo kies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.368:E:\Documents and Settings\tony\Application Data\Mozilla\Firefox\Profiles\r54fqmfk.default\coo kies.txt -> TrackingCookie.Revsci : Cleaned.

:mozilla.369:E:\Documents and Settings\tony\Application Data\Mozilla\Firefox\Profiles\r54fqmfk.default\coo kies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.370:E:\Documents and Settings\tony\Application Data\Mozilla\Firefox\Profiles\r54fqmfk.default\coo kies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.371:E:\Documents and Settings\tony\Application Data\Mozilla\Firefox\Profiles\r54fqmfk.default\coo kies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.372:E:\Documents and Settings\tony\Application Data\Mozilla\Firefox\Profiles\r54fqmfk.default\coo kies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.373:E:\Documents and Settings\tony\Application Data\Mozilla\Firefox\Profiles\r54fqmfk.default\coo kies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.374:E:\Documents and Settings\tony\Application Data\Mozilla\Firefox\Profiles\r54fqmfk.default\coo kies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.375:E:\Documents and Settings\tony\Application Data\Mozilla\Firefox\Profiles\r54fqmfk.default\coo kies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.376:E:\Documents and Settings\tony\Application Data\Mozilla\Firefox\Profiles\r54fqmfk.default\coo kies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.377:E:\Documents and Settings\tony\Application Data\Mozilla\Firefox\Profiles\r54fqmfk.default\coo kies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.378:E:\Documents and Settings\tony\Application Data\Mozilla\Firefox\Profiles\r54fqmfk.default\coo kies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.379:E:\Documents and Settings\tony\Application Data\Mozilla\Firefox\Profiles\r54fqmfk.default\coo kies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.380:E:\Documents and Settings\tony\Application Data\Mozilla\Firefox\Profiles\r54fqmfk.default\coo kies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.381:E:\Documents and Settings\tony\Application Data\Mozilla\Firefox\Profiles\r54fqmfk.default\coo kies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.327:E:\Documents and Settings\tony\Application Data\Mozilla\Firefox\Profiles\r54fqmfk.default\coo kies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.328:E:\Documents and Settings\tony\Application Data\Mozilla\Firefox\Profiles\r54fqmfk.default\coo kies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.329:E:\Documents and Settings\tony\Application Data\Mozilla\Firefox\Profiles\r54fqmfk.default\coo kies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.330:E:\Documents and Settings\tony\Application Data\Mozilla\Firefox\Profiles\r54fqmfk.default\coo kies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.331:E:\Documents and Settings\tony\Application Data\Mozilla\Firefox\Profiles\r54fqmfk.default\coo kies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.332:E:\Documents and Settings\tony\Application Data\Mozilla\Firefox\Profiles\r54fqmfk.default\coo kies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.761:E:\Documents and Settings\tony\Application Data\Mozilla\Firefox\Profiles\r54fqmfk.default\coo kies.txt -> TrackingCookie.Sexlist : Cleaned.
:mozilla.762:E:\Documents and Settings\tony\Application Data\Mozilla\Firefox\Profiles\r54fqmfk.default\coo kies.txt -> TrackingCookie.Sexlist : Cleaned.
:mozilla.710:E:\Documents and Settings\tony\Application Data\Mozilla\Firefox\Profiles\r54fqmfk.default\coo kies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.711:E:\Documents and Settings\tony\Application Data\Mozilla\Firefox\Profiles\r54fqmfk.default\coo kies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.799:E:\Documents and Settings\tony\Application Data\Mozilla\Firefox\Profiles\r54fqmfk.default\coo kies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.281:E:\Documents and Settings\tony\Application Data\Mozilla\Firefox\Profiles\r54fqmfk.default\coo kies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.282:E:\Documents and Settings\tony\Application Data\Mozilla\Firefox\Profiles\r54fqmfk.default\coo kies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.283:E:\Documents and Settings\tony\Application Data\Mozilla\Firefox\Profiles\r54fqmfk.default\coo kies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.284:E:\Documents and Settings\tony\Application Data\Mozilla\Firefox\Profiles\r54fqmfk.default\coo kies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.285:E:\Documents and Settings\tony\Application Data\Mozilla\Firefox\Profiles\r54fqmfk.default\coo kies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.286:E:\Documents and Settings\tony\Application Data\Mozilla\Firefox\Profiles\r54fqmfk.default\coo kies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.694:E:\Documents and Settings\tony\Application Data\Mozilla\Firefox\Profiles\r54fqmfk.default\coo kies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.695:E:\Documents and Settings\tony\Application Data\Mozilla\Firefox\Profiles\r54fqmfk.default\coo kies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.696:E:\Documents and Settings\tony\Application Data\Mozilla\Firefox\Profiles\r54fqmfk.default\coo kies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.697:E:\Documents and Settings\tony\Application Data\Mozilla\Firefox\Profiles\r54fqmfk.default\coo kies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.167:E:\Documents and Settings\tony\Application Data\Mozilla\Firefox\Profiles\r54fqmfk.default\coo kies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.168:E:\Documents and Settings\tony\Application Data\Mozilla\Firefox\Profiles\r54fqmfk.default\coo kies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.169:E:\Documents and Settings\tony\Application Data\Mozilla\Firefox\Profiles\r54fqmfk.default\coo kies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.171:E:\Documents and Settings\tony\Application Data\Mozilla\Firefox\Profiles\r54fqmfk.default\coo kies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.172:E:\Documents and Settings\tony\Application Data\Mozilla\Firefox\Profiles\r54fqmfk.default\coo kies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.297:E:\Documents and Settings\tony\Application Data\Mozilla\Firefox\Profiles\r54fqmfk.default\coo kies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.298:E:\Documents and Settings\tony\Application Data\Mozilla\Firefox\Profiles\r54fqmfk.default\coo kies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.497:E:\Documents and Settings\tony\Application Data\Mozilla\Firefox\Profiles\r54fqmfk.default\coo kies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.800:E:\Documents and Settings\tony\Application Data\Mozilla\Firefox\Profiles\r54fqmfk.default\coo kies.txt -> TrackingCookie.Yadro : Cleaned.
:mozilla.801:E:\Documents and Settings\tony\Application Data\Mozilla\Firefox\Profiles\r54fqmfk.default\coo kies.txt -> TrackingCookie.Yadro : Cleaned.
:mozilla.432:E:\Documents and Settings\tony\Application Data\Mozilla\Firefox\Profiles\r54fqmfk.default\coo kies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.433:E:\Documents and Settings\tony\Application Data\Mozilla\Firefox\Profiles\r54fqmfk.default\coo kies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.434:E:\Documents and Settings\tony\Application Data\Mozilla\Firefox\Profiles\r54fqmfk.default\coo kies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.435:E:\Documents and Settings\tony\Application Data\Mozilla\Firefox\Profiles\r54fqmfk.default\coo kies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.436:E:\Documents and Settings\tony\Application Data\Mozilla\Firefox\Profiles\r54fqmfk.default\coo kies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.310:E:\Documents and Settings\tony\Application Data\Mozilla\Firefox\Profiles\r54fqmfk.default\coo kies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.311:E:\Documents and Settings\tony\Application Data\Mozilla\Firefox\Profiles\r54fqmfk.default\coo kies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.312:E:\Documents and Settings\tony\Application Data\Mozilla\Firefox\Profiles\r54fqmfk.default\coo kies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.313:E:\Documents and Settings\tony\Application Data\Mozilla\Firefox\Profiles\r54fqmfk.default\coo kies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.314:E:\Documents and Settings\tony\Application Data\Mozilla\Firefox\Profiles\r54fqmfk.default\coo kies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.315:E:\Documents and Settings\tony\Application Data\Mozilla\Firefox\Profiles\r54fqmfk.default\coo kies.txt -> TrackingCookie.Zedo : Cleaned.


::Report end

Apparently you missed this comment: "I don't go to other sites or download things to look at logs, so please just remove the cookie entries and post the remainder here..."

You also seem to still have multiple anti-spyware programs running in resident mode and that will make each of them less effective... Given the hassle this infection is likely to cause you, I would think you would want to be more secure this time...

Your HJT log is looking clean... Are you still having any problems?? If you are, please download a fresh copy of ComboFix (it is updated daily), run it and post the log here...

Thanks Budfred,
Things seemed to settle down so far...i'll wait 24 hrs. However, i'm curious
about your assumption that i'm running more than one anti-spyware programs:confused: .
All i have is Webroot spy sweeper.

cheers
Anton

Because of these:

O4 - HKLM\..\Run: [SpySweeper] "E:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - E:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

Also, you are one update behind on Java...

And please remember what I said about your financial security... You really need to protect yourself or you may be involved in legal wrangling for a long time to come, not to mention trying to recover your funds...

Hi Budfred,
oooops,
I forgot to uninstall AVG!....thanks for that heads up.
I thought i was protecting myself adequately, but obviously this is a lesson in
there is no such "guarantee" .

thanks for your help
Anton