Hijack log, please help.

[makapacs]

Since yesterday, I notice that any of my browsers(firefox and IE) hungs whenever i load a page. To fully load i have to click refresh button for couple of times. The spybot search and destroy also find 7X problems. Here is my log from hijack this:
Logfile of HijackThis v1.99.1
Scan saved at 12:45:36 AM, on 2/16/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\BRMFRSMG.EXE
C:\WINDOWS\services.exe
C:\WINDOWS\System32\mqsvc.exe
C:\WINDOWS\System32\mqtgsvc.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\windows\winsysban8.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Scansoft\PaperPort\SmartUI\SmartUI.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\WPC54CFG.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
E:\Spybot - Search & Destroy\SpybotSD.exe
E:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
O2 - BHO: bitlocker - {01EB5130-FC0C-4d75-B9CE-4801B1B854F5} - C:\WINDOWS\System32\nsa20.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\Scansoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl03a\BrStDvPt.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [gimmygames] C:\\gimmygames.exe
O4 - HKLM\..\Run: [winsysban] C:\windows\winsysban8.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SmartUI.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Wireless-G Notebook Adapter Utility.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\WPC54CFG.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_10\bin\npjpi142_10.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_10\bin\npjpi142_10.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by20fd.bay20.hotmail.msn.com/...s/MsnPUpld.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B01BE24B-2138-43E3-8284-DA7F2F622148}: NameServer = 205.171.3.65,205.171.2.65
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe" -service (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NICSer_WPC54 - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
O23 - Service: Microsoft Windows Update Service (Windows Update Service) - Unknown owner - C:\WINDOWS\services.exe

Thank you.

[Acrobaze]

Hi,

1- Start->run->type: services.msc
Double click : Microsoft Windows Update Service
Stop and disable it.

2- Run HijackThis->config->misc tools->delete an NT service
In the box, copy/paste : Windows Update Service
->ok and follow the prompts.

3- Download the trial version of Ewido Security Suite from HERE.
Install it (When installing, under "Additional Options" uncheck : -Install background guard and -Install scan via context menu), and update the definitions to the newest files. Do NOT run a scan yet.

Reboot your computer in SafeMode .

1- Run HijackThis and tick :

O2 - BHO: bitlocker - {01EB5130-FC0C-4d75-B9CE-4801B1B854F5} - C:\WINDOWS\System32\nsa20.dll

O4 - HKLM\..\Run: [gimmygames] C:\\gimmygames.exe
O4 - HKLM\..\Run: [winsysban] C:\windows\winsysban8.exe

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

Click "Fix checked".

2- Make sure that you can view hidden files and folders,
as explained HERE
uncheck "Hide Extensions for Known File Types".
Delete :
C:\\gimmygames.exe
C:\windows\winsysban8.exe
C:\WINDOWS\services.exe <- in THIS folder, not in system32 !
Empty the recycle bin.

3- Run Ewido:
Click on scanner
Click Complete System Scan and the scan will begin.
During the scan it will prompt you to clean files, click OK
When it asks if you want to clean the first file, put a check in the lower left corner of the box that says "Perform action on all infections" then choose clean and click OK.
When the scan is finished, click the Save report button at the bottom of the screen.
Save the report to your desktop
Close Ewido

Reboot in normal mode and here:
- Post a new HijackThis log.
- Copy/paste the Ewido report, please.

[makapacs]

Thank's Acrobaze for those excelent directions. I did all as you said, except, I was not able to find C:\WINDOWS\services.exe in the safe mode.

Here is my Hijack log and E report:
Hicjack log

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Brother\Brmfl03a\BrStDvPt.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Scansoft\PaperPort\SmartUI\SmartUI.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\WPC54CFG.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\Brmfrmps.exe
E:\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\mqsvc.exe
C:\WINDOWS\System32\BRMFRSMG.EXE
C:\WINDOWS\System32\mqtgsvc.exe
E:\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: RieMon Class - {70F6A776-579A-4C95-BA88-134253907752} - C:\WINDOWS\System32\irsmoyyj.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\Scansoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl03a\BrStDvPt.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [irssyncd] C:\WINDOWS\System32\irssyncd.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SmartUI.lnk = ?
O4 - Global Startup: Wireless-G Notebook Adapter Utility.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\WPC54CFG.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_10\bin\npjpi142_10.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_10\bin\npjpi142_10.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by20fd.bay20.hotmail.msn.com/...s/MsnPUpld.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B01BE24B-2138-43E3-8284-DA7F2F622148}: NameServer = 205.171.3.65,205.171.2.65
O17 - HKLM\System\CCS\Services\Tcpip\..\{FD12FEA5-3BC5-431A-83F7-16F3D7924357}: NameServer = 205.171.3.65,205.171.2.65
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe" -service (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: ewido security suite control - ewido networks - E:\ewido anti-malware\ewidoctrl.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NICSer_WPC54 - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe

[makapacs]

@@@@@@@@@@@@@@@@@
E-report:
---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 1:14:06 AM, 2/21/2006
+ Report-Checksum: BE8D778A

+ Scan result:

C:\WINDOWS\system32\irismon.dll -> Adware.SafeSurfing : Cleaned with backup
C:\WINDOWS\system32\irssyncd.exe -> Adware.SafeSurfing : Cleaned with backup
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\YA5724CG\fran-forever[1].exe -> Adware.EZula : Cleaned with backup
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\MBW5GXFV\drsmartload[1].exe -> Downloader.VB.wr : Cleaned with backup
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\WCPFCVZM\d72[1].exe -> Downloader.Adload.q : Cleaned with backup
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\WCPFCVZM\NNSCAA638[1].EXE -> Adware.NewDotNet : Cleaned with backup
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\WCPFCVZM\gimmygames[1].exe -> Downloader.VB.wd : Cleaned with backup
C:\Documents and Settings\margotsk\Local Settings\Temp\mndcntas.tmp -> Adware.SafeSurfing : Cleaned with backup
C:\Documents and Settings\margotsk\Cookies\margotsk@statcounter[2].txt -> TrackingCookie.Statcounter : Cleaned with backup
C:\Documents and Settings\margotsk\Cookies\margotsk@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup
C:\Documents and Settings\margotsk\Cookies\margotsk@statcounter[1].txt -> TrackingCookie.Statcounter : Cleaned with backup
C:\Documents and Settings\margotsk\Cookies\margotsk@serving-sys[4].txt -> TrackingCookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\margotsk\Cookies\margotsk@trafficmp[3].txt -> TrackingCookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\margotsk\Cookies\margotsk@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\margotsk\Cookies\margotsk@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Cleaned with backup
C:\Documents and Settings\margotsk\Cookies\margotsk@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned with backup
C:\Documents and Settings\margotsk\Cookies\margotsk@edge.ru4[4].txt -> TrackingCookie.Ru4 : Cleaned with backup
C:\Documents and Settings\margotsk\Cookies\margotsk@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup
C:\Documents and Settings\margotsk\Cookies\margotsk@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\margotsk\Cookies\margotsk@as-eu.falkag[1].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\Documents and Settings\margotsk\Cookies\margotsk@valueclick[2].txt -> TrackingCookie.Valueclick : Cleaned with backup
C:\Documents and Settings\margotsk\Cookies\margotsk@starware[2].txt -> TrackingCookie.Starware : Cleaned with backup
C:\Documents and Settings\margotsk\Cookies\margotsk@yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\margotsk\Cookies\margotsk@hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\margotsk\Cookies\margotsk@2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\margotsk\Cookies\margotsk@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned with backup
C:\Documents and Settings\margotsk\Cookies\margotsk@spylog[2].txt -> TrackingCookie.Spylog : Cleaned with backup
C:\Documents and Settings\margotsk\Cookies\margotsk@trafficmp[2].txt -> TrackingCookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\margotsk\Cookies\margotsk@servedby.advert ising[2].txt -> TrackingCookie.Advertising : Cleaned with backup
C:\Documents and Settings\margotsk\Cookies\margotsk@zedo[1].txt -> TrackingCookie.Zedo : Cleaned with backup
C:\Documents and Settings\margotsk\Cookies\margotsk@overture[2].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\margotsk\Cookies\margotsk@centrport[1].txt -> TrackingCookie.Centrport : Cleaned with backup
C:\Documents and Settings\margotsk\Cookies\margotsk@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\margotsk\Cookies\margotsk@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\margotsk\Cookies\margotsk@z1.adserver[1].txt -> TrackingCookie.Adserver : Cleaned with backup
C:\Documents and Settings\margotsk\Cookies\margotsk@ads.addynamix[1].txt -> TrackingCookie.Addynamix : Cleaned with backup
C:\Documents and Settings\margotsk\Cookies\margotsk@adopt.specificc lick[2].txt -> TrackingCookie.Specificclick : Cleaned with backup
C:\Documents and Settings\margotsk\Cookies\margotsk@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\margotsk\Cookies\margotsk@advertising[1].txt -> TrackingCookie.Advertising : Cleaned with backup
C:\Documents and Settings\margotsk\Cookies\margotsk@edge.ru4[1].txt -> TrackingCookie.Ru4 : Cleaned with backup
C:\Documents and Settings\margotsk\Cookies\margotsk@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\margotsk\Cookies\margotsk@ehg-theviptour.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\margotsk\Cookies\margotsk@ad.adocean[1].txt -> TrackingCookie.Adocean : Cleaned with backup
C:\Documents and Settings\margotsk\Cookies\margotsk@adopt.specificc lick[3].txt -> TrackingCookie.Specificclick : Cleaned with backup
C:\Documents and Settings\margotsk\Cookies\margotsk@adrevolver[3].txt -> TrackingCookie.Adrevolver : Cleaned with backup
C:\Documents and Settings\margotsk\Cookies\margotsk@ehg-vonage.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\margotsk\Cookies\margotsk@bfast[2].txt -> TrackingCookie.Bfast : Cleaned with backup
C:\Documents and Settings\margotsk\Cookies\margotsk@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\margotsk\Cookies\margotsk@webstat[1].txt -> TrackingCookie.Web-stat : Cleaned with backup
C:\Documents and Settings\margotsk\Cookies\margotsk@spylog[1].txt -> TrackingCookie.Spylog : Cleaned with backup
C:\Documents and Settings\margotsk\Cookies\margotsk@z1.adserver[3].txt -> TrackingCookie.Adserver : Cleaned with backup
C:\Documents and Settings\margotsk\Cookies\margotsk@pro-market[2].txt -> TrackingCookie.Pro-market : Cleaned with backup
C:\Documents and Settings\margotsk\Cookies\margotsk@stats1.reliable stats[1].txt -> TrackingCookie.Reliablestats : Cleaned with backup
C:\Documents and Settings\margotsk\Cookies\margotsk@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\margotsk\Cookies\margotsk@fastclick[3].txt -> TrackingCookie.Fastclick : Cleaned with backup
C:\Documents and Settings\margotsk\Cookies\margotsk@zedo[2].txt -> TrackingCookie.Zedo : Cleaned with backup
C:\Documents and Settings\margotsk\Cookies\margotsk@2o7[3].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\margotsk\Cookies\margotsk@overture[3].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\margotsk\Cookies\margotsk@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\margotsk\Cookies\margotsk@bluestreak[2].txt -> TrackingCookie.Bluestreak : Cleaned with backup
C:\Documents and Settings\margotsk\Cookies\margotsk@revenue[2].txt -> TrackingCookie.Revenue : Cleaned with backup
C:\Documents and Settings\margotsk\Cookies\margotsk@valueclick[3].txt -> TrackingCookie.Valueclick : Cleaned with backup
C:\Documents and Settings\margotsk\Cookies\margotsk@www.burstbeacon[2].txt -> TrackingCookie.Burstbeacon : Cleaned with backup
C:\Documents and Settings\margotsk\Cookies\margotsk@mediaplex[2].txt -> TrackingCookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\margotsk\Cookies\margotsk@hitbox[3].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\margotsk\Cookies\margotsk@qksrv[2].txt -> TrackingCookie.Qksrv : Cleaned with backup
C:\Documents and Settings\margotsk\Cookies\margotsk@com[2].txt -> TrackingCookie.Com : Cleaned with backup
C:\Documents and Settings\margotsk\Cookies\margotsk@servedby.advert ising[3].txt -> TrackingCookie.Advertising : Cleaned with backup
C:\Documents and Settings\margotsk\Cookies\margotsk@trafficmp[1].txt -> TrackingCookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\margotsk\Cookies\margotsk@statcounter[3].txt -> TrackingCookie.Statcounter : Cleaned with backup
C:\Documents and Settings\margotsk\Cookies\margotsk@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned with backup
C:\Documents and Settings\margotsk\Cookies\margotsk@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Cleaned with backup
C:\Documents and Settings\margotsk\Cookies\margotsk@cc.bridgetrack[2].txt -> TrackingCookie.Bridgetrack : Cleaned with backup
C:\Documents and Settings\margotsk\Cookies\margotsk@ehg-sonymusic.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\margotsk\Cookies\margotsk@linksynergy[1].txt -> TrackingCookie.Linksynergy : Cleaned with backup
C:\Documents and Settings\margotsk\Cookies\margotsk@as-us.falkag[1].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\Documents and Settings\margotsk\Cookies\margotsk@centrport[3].txt -> TrackingCookie.Centrport : Cleaned with backup
C:\Documents and Settings\margotsk\Cookies\margotsk@ads.pointroll[3].txt -> TrackingCookie.Pointroll : Cleaned with backup
C:\Documents and Settings\margotsk\Cookies\margotsk@serving-sys[3].txt -> TrackingCookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\margotsk\Cookies\margotsk@statse.webtrend slive[1].txt -> TrackingCookie.Webtrendslive : Cleaned with backup
C:\Documents and Settings\margotsk\Cookies\margotsk@sec1.liveperson[1].txt -> TrackingCookie.Liveperson : Cleaned with backup
C:\Documents and Settings\margotsk\Cookies\margotsk@citi.bridgetrac k[1].txt -> TrackingCookie.Bridgetrack : Cleaned with backup
C:\Documents and Settings\margotsk\Cookies\margotsk@microsofteup.11 2.2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\margotsk\Cookies\margotsk@stat.onestat[1].txt -> TrackingCookie.Onestat : Cleaned with backup
C:\Documents and Settings\margotsk\Cookies\margotsk@ehg-randomhouse.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\margotsk\Cookies\margotsk@ehg-idg.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\margotsk\Cookies\margotsk@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\margotsk\Cookies\margotsk@ads.addynamix[3].txt -> TrackingCookie.Addynamix : Cleaned with backup
C:\Documents and Settings\margotsk\Cookies\margotsk@advertising[2].txt -> TrackingCookie.Advertising : Cleaned with backup
C:\Documents and Settings\margotsk\Cookies\margotsk@edge.ru4[3].txt -> TrackingCookie.Ru4 : Cleaned with backup
C:\Documents and Settings\margotsk\Cookies\margotsk@ehg-findlaw.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\margotsk\Cookies\margotsk@ehg-traderpublishing.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\System Volume Information\_restore{5DD052F9-9114-4085-BAD4-00A7BD049191}\RP301\A0072028.exe -> Downloader.Adload.q : Cleaned with backup
C:\System Volume Information\_restore{5DD052F9-9114-4085-BAD4-00A7BD049191}\RP301\A0072029.exe -> Downloader.VB.wr : Cleaned with backup
C:\System Volume Information\_restore{5DD052F9-9114-4085-BAD4-00A7BD049191}\RP301\A0072032.exe -> Adware.NewDotNet : Cleaned with backup
C:\System Volume Information\_restore{5DD052F9-9114-4085-BAD4-00A7BD049191}\RP301\A0072033.exe -> Adware.NewDotNet : Cleaned with backup
C:\System Volume Information\_restore{5DD052F9-9114-4085-BAD4-00A7BD049191}\RP301\A0072034.dll -> Adware.NewDotNet : Cleaned with backup
C:\System Volume Information\_restore{5DD052F9-9114-4085-BAD4-00A7BD049191}\RP301\A0072040.exe -> Downloader.Adload.q : Cleaned with backup
C:\System Volume Information\_restore{5DD052F9-9114-4085-BAD4-00A7BD049191}\RP301\A0072041.exe -> Downloader.VB.wr : Cleaned with backup
C:\System Volume Information\_restore{5DD052F9-9114-4085-BAD4-00A7BD049191}\RP302\A0072056.exe -> Downloader.Adload.q : Cleaned with backup
C:\System Volume Information\_restore{5DD052F9-9114-4085-BAD4-00A7BD049191}\RP302\A0073044.exe -> Downloader.Adload.q : Cleaned with backup
C:\System Volume Information\_restore{5DD052F9-9114-4085-BAD4-00A7BD049191}\RP302\A0073045.exe -> Downloader.VB.wr : Cleaned with backup
C:\System Volume Information\_restore{5DD052F9-9114-4085-BAD4-00A7BD049191}\RP302\A0073066.exe -> Downloader.Adload.q : Cleaned with backup
C:\System Volume Information\_restore{5DD052F9-9114-4085-BAD4-00A7BD049191}\RP304\A0073171.dll -> Adware.HotSearchBar : Cleaned with backup
C:\System Volume Information\_restore{5DD052F9-9114-4085-BAD4-00A7BD049191}\RP306\A0074206.exe -> Downloader.Adload.q : Cleaned with backup
C:\System Volume Information\_restore{5DD052F9-9114-4085-BAD4-00A7BD049191}\RP306\A0074209.exe -> Adware.EZula : Cleaned with backup
C:\System Volume Information\_restore{5DD052F9-9114-4085-BAD4-00A7BD049191}\RP306\A0074213.EXE -> Adware.NewDotNet : Cleaned with backup
C:\System Volume Information\_restore{5DD052F9-9114-4085-BAD4-00A7BD049191}\RP306\A0074215.exe -> Downloader.Adload.q : Cleaned with backup
C:\System Volume Information\_restore{5DD052F9-9114-4085-BAD4-00A7BD049191}\RP306\A0074216.exe -> Downloader.VB.wd : Cleaned with backup
C:\System Volume Information\_restore{5DD052F9-9114-4085-BAD4-00A7BD049191}\RP306\A0075210.exe -> Downloader.Adload.q : Cleaned with backup
C:\System Volume Information\_restore{5DD052F9-9114-4085-BAD4-00A7BD049191}\RP306\A0075213.exe -> Downloader.Adload.q : Cleaned with backup


::Report End

Thank You a lot... you guys are great!

[Acrobaze]

Good cleaning. There is a new entry :
O4 - HKCU\..\Run: [irssyncd] C:\WINDOWS\System32\irssyncd.exe

Make sure that you can view hidden files and folders,
as explained HERE
uncheck "Hide Extensions for Known File Types".

Go to this SITE.
Upload : C:\WINDOWS\System32\irssyncd.exe
Click "Submit" and copy/paste the results, please.

[makapacs]

Hi,
Thanks for replying and appologies for not posting back right away.
The file C:\WINDOWS\System32\irssyncd.exe does not exist at this time anymore. Perhaps, one of the anti-virus programs deleted. I started a new thread already. http://www.cybertechhelp.com/forums/...d.php?t=111321
Thanks for your help.
Margots

[Acrobaze]

Ok. then run HijackThis and check :

O4 - HKCU\..\Run: [irssyncd] C:\WINDOWS\System32\irssyncd.exe

Click "Fix checked", reboot and post a new log, please.