After a long time without having any problems and applying what I've picked up from your site to a big number of systems, I now have an infected system.
My mistake, as I had disabled all the protection apps to check something and forgot to turn them back on before goinf online.
I have followed all the steps found here: http://www.geekstogo..._Log-t2852.html
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 02:09:12 01/05/2007
+ Scan result:
Nothing found.
::Report end
SUPERAntiSpyware Scan Log
Generated 05/01/2007 at 02:57 AM
Application Version : 3.6.1000
Core Rules Database Version : 3190
Trace Rules Database Version: 1200
Scan type : Complete Scan
Total Scan Time : 00:28:00
Memory items scanned : 468
Memory threats detected : 0
Registry items scanned : 5091
Registry threats detected : 115
File items scanned : 33303
File threats detected : 3
Adware.MyWay
HKLM\Software\Classes\CLSID\{014DA6C9-189F-421a-88CD-07CFE51CFF10}
HKCR\CLSID\{014DA6C9-189F-421A-88CD-07CFE51CFF10}
HKCR\CLSID\{014DA6C9-189F-421A-88CD-07CFE51CFF10}\InProcServer32
F:\PROGRAM FILES\MYWAY\MYBAR\1.BIN\MYBAR.DLL
HKLM\Software\Classes\CLSID\{04079851-5845-4dea-848C-3ECD647AA554}
HKCR\CLSID\{04079851-5845-4DEA-848C-3ECD647AA554}
HKCR\CLSID\{04079851-5845-4DEA-848C-3ECD647AA554}
HKCR\CLSID\{04079851-5845-4DEA-848C-3ECD647AA554}\InprocServer32
HKCR\CLSID\{04079851-5845-4DEA-848C-3ECD647AA554}\InprocServer32#ThreadingModel
HKCR\CLSID\{04079851-5845-4DEA-848C-3ECD647AA554}\Programmable
F:\PROGRAM FILES\MYWAY\SRCHASTT\1.BIN\MYSRCHAS.DLL
HKLM\Software\Classes\CLSID\{0494D0D1-F8E0-41ad-92A3-14154ECE70AC}
HKCR\CLSID\{0494D0D1-F8E0-41AD-92A3-14154ECE70AC}
HKCR\CLSID\{0494D0D1-F8E0-41AD-92A3-14154ECE70AC}
HKCR\CLSID\{0494D0D1-F8E0-41AD-92A3-14154ECE70AC}\InprocServer32
HKCR\CLSID\{0494D0D1-F8E0-41AD-92A3-14154ECE70AC}\InprocServer32#ThreadingModel
HKCR\CLSID\{0494D0D1-F8E0-41AD-92A3-14154ECE70AC}\Programmable
HKCR\CLSID\{0494D0D1-F8E0-41AD-92A3-14154ECE70AC}\TypeLib
HKLM\Software\Classes\CLSID\{0494D0D9-F8E0-41ad-92A3-14154ECE70AC}
HKCR\CLSID\{0494D0D9-F8E0-41AD-92A3-14154ECE70AC}
HKCR\CLSID\{0494D0D9-F8E0-41AD-92A3-14154ECE70AC}
HKCR\CLSID\{0494D0D9-F8E0-41AD-92A3-14154ECE70AC}\InprocServer32
HKCR\CLSID\{0494D0D9-F8E0-41AD-92A3-14154ECE70AC}\InprocServer32#ThreadingModel
HKCR\CLSID\{0494D0D9-F8E0-41AD-92A3-14154ECE70AC}\Programmable
HKCR\CLSID\{0494D0D9-F8E0-41AD-92A3-14154ECE70AC}\TypeLib
HKCR\CLSID\{014DA6C9-189F-421A-88CD-07CFE51CFF10}
HKCR\MyWayToolBar.NetscapeShutdown
HKCR\MyWayToolBar.NetscapeShutdown\CLSID
HKCR\MyWayToolBar.NetscapeShutdown\CurVer
HKCR\MyWayToolBar.NetscapeShutdown.1
HKCR\MyWayToolBar.NetscapeShutdown.1\CLSID
HKCR\MyWayToolBar.NetscapeStartup
HKCR\MyWayToolBar.NetscapeStartup\CLSID
HKCR\MyWayToolBar.NetscapeStartup\CurVer
HKCR\MyWayToolBar.NetscapeStartup.1
HKCR\MyWayToolBar.NetscapeStartup.1\CLSID
HKCR\MyWayToolBar.SettingsPlugin
HKCR\MyWayToolBar.SettingsPlugin\CLSID
HKCR\MyWayToolBar.SettingsPlugin\CurVer
HKCR\MyWayToolBar.SettingsPlugin.1
HKCR\MyWayToolBar.SettingsPlugin.1\CLSID
HKCR\CLSID\{014DA6CD-189F-421a-88CD-07CFE51CFF10}
HKCR\CLSID\{014DA6CD-189F-421a-88CD-07CFE51CFF10}\InProcServer32
HKCR\CLSID\{0494D0D2-F8E0-41ad-92A3-14154ECE70AC}
HKCR\CLSID\{0494D0D2-F8E0-41ad-92A3-14154ECE70AC}\Control
HKCR\CLSID\{0494D0D2-F8E0-41ad-92A3-14154ECE70AC}\InprocServer32
HKCR\CLSID\{0494D0D2-F8E0-41ad-92A3-14154ECE70AC}\InprocServer32#ThreadingModel
HKCR\CLSID\{0494D0D2-F8E0-41ad-92A3-14154ECE70AC}\MiscStatus
HKCR\CLSID\{0494D0D2-F8E0-41ad-92A3-14154ECE70AC}\MiscStatus\1
HKCR\CLSID\{0494D0D2-F8E0-41ad-92A3-14154ECE70AC}\Programmable
HKCR\CLSID\{0494D0D2-F8E0-41ad-92A3-14154ECE70AC}\TypeLib
HKCR\CLSID\{0494D0D2-F8E0-41ad-92A3-14154ECE70AC}\Version
HKCR\CLSID\{0494D0D3-F8E0-41ad-92A3-14154ECE70AC}
HKCR\CLSID\{0494D0D3-F8E0-41ad-92A3-14154ECE70AC}\Control
HKCR\CLSID\{0494D0D3-F8E0-41ad-92A3-14154ECE70AC}\InprocServer32
HKCR\CLSID\{0494D0D3-F8E0-41ad-92A3-14154ECE70AC}\InprocServer32#ThreadingModel
HKCR\CLSID\{0494D0D3-F8E0-41ad-92A3-14154ECE70AC}\MiscStatus
HKCR\CLSID\{0494D0D3-F8E0-41ad-92A3-14154ECE70AC}\MiscStatus\1
HKCR\CLSID\{0494D0D3-F8E0-41ad-92A3-14154ECE70AC}\Programmable
HKCR\CLSID\{0494D0D3-F8E0-41ad-92A3-14154ECE70AC}\TypeLib
HKCR\CLSID\{0494D0D3-F8E0-41ad-92A3-14154ECE70AC}\Version
HKCR\CLSID\{0494D0D5-F8E0-41ad-92A3-14154ECE70AC}
HKCR\CLSID\{0494D0D5-F8E0-41ad-92A3-14154ECE70AC}\InprocServer32
HKCR\CLSID\{0494D0D5-F8E0-41ad-92A3-14154ECE70AC}\InprocServer32#ThreadingModel
HKCR\CLSID\{0494D0D5-F8E0-41ad-92A3-14154ECE70AC}\ProgID
HKCR\CLSID\{0494D0D5-F8E0-41ad-92A3-14154ECE70AC}\Programmable
HKCR\CLSID\{0494D0D5-F8E0-41ad-92A3-14154ECE70AC}\TypeLib
HKCR\CLSID\{0494D0D5-F8E0-41ad-92A3-14154ECE70AC}\VersionIndependentProgID
HKCR\CLSID\{0494D0D7-F8E0-41ad-92A3-14154ECE70AC}
HKCR\CLSID\{0494D0D7-F8E0-41ad-92A3-14154ECE70AC}\InprocServer32
HKCR\CLSID\{0494D0D7-F8E0-41ad-92A3-14154ECE70AC}\InprocServer32#ThreadingModel
HKCR\CLSID\{0494D0D7-F8E0-41ad-92A3-14154ECE70AC}\ProgID
HKCR\CLSID\{0494D0D7-F8E0-41ad-92A3-14154ECE70AC}\Programmable
HKCR\CLSID\{0494D0D7-F8E0-41ad-92A3-14154ECE70AC}\TypeLib
HKCR\CLSID\{0494D0D7-F8E0-41ad-92A3-14154ECE70AC}\VersionIndependentProgID
HKCR\CLSID\{0494D0DB-F8E0-41ad-92A3-14154ECE70AC}
HKCR\CLSID\{0494D0DB-F8E0-41ad-92A3-14154ECE70AC}\Control
HKCR\CLSID\{0494D0DB-F8E0-41ad-92A3-14154ECE70AC}\InprocServer32
HKCR\CLSID\{0494D0DB-F8E0-41ad-92A3-14154ECE70AC}\InprocServer32#ThreadingModel
HKCR\CLSID\{0494D0DB-F8E0-41ad-92A3-14154ECE70AC}\MiscStatus
HKCR\CLSID\{0494D0DB-F8E0-41ad-92A3-14154ECE70AC}\MiscStatus\1
HKCR\CLSID\{0494D0DB-F8E0-41ad-92A3-14154ECE70AC}\ProgID
HKCR\CLSID\{0494D0DB-F8E0-41ad-92A3-14154ECE70AC}\Programmable
HKCR\CLSID\{0494D0DB-F8E0-41ad-92A3-14154ECE70AC}\TypeLib
HKCR\CLSID\{0494D0DB-F8E0-41ad-92A3-14154ECE70AC}\Version
HKCR\CLSID\{0494D0DB-F8E0-41ad-92A3-14154ECE70AC}\VersionIndependentProgID
HKCR\TypeLib\{0494D0D0-F8E0-41AD-92A3-14154ECE70AC}
HKCR\TypeLib\{0494D0D0-F8E0-41AD-92A3-14154ECE70AC}\1.0
HKCR\TypeLib\{0494D0D0-F8E0-41AD-92A3-14154ECE70AC}\1.0\0
HKCR\TypeLib\{0494D0D0-F8E0-41AD-92A3-14154ECE70AC}\1.0\0\win32
HKCR\TypeLib\{0494D0D0-F8E0-41AD-92A3-14154ECE70AC}\1.0\FLAGS
HKCR\TypeLib\{0494D0D0-F8E0-41AD-92A3-14154ECE70AC}\1.0\HELPDIR
HKLM\Software\MyWay
HKLM\Software\MyWay\myBar
HKLM\Software\MyWay\myBar#Dir
HKLM\Software\MyWay\myBar#pid
HKLM\Software\MyWay\myBar#CurInstall
HKLM\Software\MyWay\myBar#sr
HKLM\Software\MyWay\myBar#pl
HKLM\Software\MyWay\SearchAssistant
HKLM\Software\MyWay\SearchAssistant#Dir
HKLM\Software\MyWay\SearchAssistant#pid
HKLM\Software\MyWay\SearchAssistant#CurInstall
HKLM\Software\MyWay\SearchAssistant#sr
HKLM\Software\MyWay\SearchAssistant#pl
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\My Way Speedbar Uninstall
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\My Way Speedbar Uninstall#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\My Way Speedbar Uninstall#HelpLink
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\My Way Speedbar Uninstall#Publisher
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\My Way Speedbar Uninstall#UninstallString
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\My Way Speedbar Uninstall#UrlInfoAbout
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWaySearchAssistant
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWaySearchAssistant#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWaySearchAssistant#HelpLink
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWaySearchAssistant#Publisher
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWaySearchAssistant#UninstallString
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWaySearchAssistant#UrlInfoAbout
BearShare File Sharing Client
F:\PROGRAM FILES\BEARSHARE APPLICATIONS\BEARSHARE\BEARSHARE.EXE
Panda Activescan log
Incident Status Location
Spyware:Cookie/cs.sexcounter Not disinfected F:\Documents and Settings\z-plane\Application Data\Mozilla\Firefox\Profiles\150hvq1x.default\cookies.txt[.cs.sexcounter.com/]
Spyware:Cookie/Ccbill Not disinfected F:\Documents and Settings\z-plane\Application Data\Mozilla\Firefox\Profiles\150hvq1x.default\cookies.txt[.ccbill.com/]
Spyware:Cookie/Atwola Not disinfected F:\Documents and Settings\z-plane\Cookies\z-plane@atwola[1].txt
Potentially unwanted tool:Application/Processor Not disinfected F:\Documents and Settings\z-plane\my stuff\d partittion\Programes\install for progs\protection\fix team\nailfix.exe[nailfix/Process.exe]
Potentially unwanted tool:Application/Processor Not disinfected F:\Documents and Settings\z-plane\my stuff\d partittion\Programes\install for progs\protection\fix team\SmitfraudFix.zip[SmitfraudFix/Process.exe]
Potentially unwanted tool:Application/Processor Not disinfected F:\Documents and Settings\z-plane\my stuff\d partittion\Programes\install for progs\protection\nailfix\Process.exe
Potentially unwanted tool:Application/RealSpy Not disinfected F:\WINDOWS\system32\actskn45.ocx
I have manually located and deleted all of the above but nailfix.exe and SmitfraudFix.exe
Logfile of HijackThis v1.99.1
Scan saved at 09:13:31, on 01/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
F:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
F:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
F:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
F:\Program Files\Digidesign\Drivers\MMERefresh.exe
F:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
F:\WINDOWS\Explorer.EXE
F:\WINDOWS\system32\nvsvc32.exe
F:\WINDOWS\system32\svchost.exe
F:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
F:\Program Files\M-Audio\Transit\Install\TUSBInst.exe
F:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
F:\WINDOWS\System32\M-AudioTaskBarIcon.exe
F:\Program Files\Lexmark 2300 Series\ezprint.exe
F:\WINDOWS\VM_STI.EXE
F:\Program Files\Messenger\msmsgs.exe
F:\WINDOWS\system32\ctfmon.exe
F:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
F:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
F:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
F:\Program Files\SpywareGuard\sgmain.exe
F:\Program Files\SpywareGuard\sgbhp.exe
F:\WINDOWS\system32\lxcgcoms.exe
F:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
F:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
F:\PROGRA~1\MICROS~2\Office10\OUTLOOK.EXE
F:\Program Files\Mozilla Firefox\firefox.exe
F:\Documents and Settings\z-plane\Desktop\Cleaning\HijackThis.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - F:\Program Files\SpywareGuard\dlprotect.dll
O4 - HKLM\..\Run: [AVG7_CC] F:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [M-Audio Taskbar Icon] F:\WINDOWS\System32\M-AudioTaskBarIcon.exe
O4 - HKLM\..\Run: [DigidesignMMERefresh] F:\Program Files\Digidesign\Drivers\MMERefresh.exe
O4 - HKLM\..\Run: [LXCGCATS] rundll32 F:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "F:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [MSConfig] F:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - Startup: SpywareGuard.lnk = F:\Program Files\SpywareGuard\sgmain.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "F:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: !SASWinLogon - F:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - F:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - F:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - F:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - F:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - F:\Program Files\Digidesign\Drivers\MMERefresh.exe
O23 - Service: digiSPTIService - Digidesign, A Division of Avid Technology, Inc. - F:\Program Files\Digidesign\Pro Tools\digiSPTIService.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - F:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
O23 - Service: lxcg_device - Unknown owner - F:\WINDOWS\system32\lxcgcoms.exe
O23 - Service: NBService - Nero AG - F:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - F:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\system32\nvsvc32.exe
O23 - Service: M-Audio Transit Installer (TransitInstallerService) - M-Audio - F:\Program Files\M-Audio\Transit\Install\TUSBInst.exe
Thanks in advance