GB Dialler...i need help

[iggyflop]

I’ve got a GB Dialler on my computer that I can’t get rid of, I’ve looked around the forum and got as far as saving a log with HiJackThis, could someone help me out by taking a look at it and suggesting what to do next. Thanks.

Logfile of HijackThis v1.99.1
Scan saved at 13:56:04, on 17/04/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\sistray.EXE
C:\WINDOWS\System32\keyhook.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\BLUEYO~1\SMARTB~1\blueyonder-istnotifier.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\blueyonder IST\bin\mpbtn.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\HJT\HijackThis.exe
C:\WINDOWS\system32\mspaint.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.blueyonder.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.iqon.ie
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {149F2B7A-C2C3-B845-E23F-C819127A879B} - C:\WINDOWS\System32\pll.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\System32\sistray.EXE
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\System32\keyhook.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\BLUEYO~1\SMARTB~1\blueyonder-istnotifier.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: blueyonder Instant Support Tool.lnk = C:\Program Files\blueyonder IST\bin\blueyonder-istconfig.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O14 - IERESET.INF: START_PAGE_URL=http://www.iqon.ie
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/Yazzl...cab?refid=1123
O16 - DPF: {97B79133-88F0-45F0-8D57-0F2EF27D9C66} - http://85.255.114.166/1/rdgGB2404.exe
O20 - Winlogon Notify: winmqx32 - C:\WINDOWS\SYSTEM32\winmqx32.dll
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

[Vikesrock8411]

Hello and welcome to TSF

I reccommend you Subscribe to this thread so you are notified of any replies via email. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Please print out or copy this page to Notepad in order to assist you when carrying out the following instructions.

Downloads(make sure to save these in a permanent location)
Cleanup! (Alternate Link)- Install it. You will use this later.
*NOTE* Cleanup deletes EVERYTHING out of temporary folders and does not make backups.
Ewido Security Suite

• Install Ewido Security Suite
• When installing, under "Additional Options" uncheck..
  • Install background guard
  • Install scan via context menu
• Double-click the icon on Desktop to launch Ewido

You will need to update Ewido to the latest definition files.

• On the left hand side of the main screen click update.
• Then click on Start Update.

The update will start and a progress bar will show the updates being installed.
If you are having problems with the updater, you can use this link to manually update Ewido
When you have finished updating, EXIT Ewido.

Next, please reboot your computer in SafeMode by doing the following:

• Restart your computer
• After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
• Instead of Windows loading as normal, a menu should appear
• Select the first option, to run Windows in Safe Mode.

HijackThis!
Open Hijack This and click on Scan. Check the following entries (make sure you do not miss any)
O2 - BHO: (no name) - {149F2B7A-C2C3-B845-E23F-C819127A879B} - C:\WINDOWS\System32\pll.dll (file missing)
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/Yazzl...cab?refid=1123
O16 - DPF: {97B79133-88F0-45F0-8D57-0F2EF27D9C66} - http://85.255.114.166/1/rdgGB2404.exe
O20 - Winlogon Notify: winmqx32 - C:\WINDOWS\SYSTEM32\winmqx32.dll

Please remember to close all other windows, including browsers then click Fix checked.

File and Folder Deletions
Delete the following Files indicated in RED and Folders indicated in BLUE if they still exist.
C:\WINDOWS\System32\pll.dll
C:\WINDOWS\SYSTEM32\winmqx32.dll

Tools
Open Cleanup! by double-clicking the icon on your desktop (or from Start > All Programs). Set the program up as follows:

Click Options
Move the slider button down to Custom CleanUp!

Check the following:

• Empty Recycle Bins
• Delete Cookies
• Delete Prefetch files
• Cleanup! All Users

Uncheck the following :

• Scan local drives for temporary files

Click OK, Press the CleanUp! button to start the program. If prompted to reboot, click No

Run Ewido with it's updated definitions:(...it's important that all windows must be closed)

• Click Scanner
• Click Complete System Scan to begin scanning.
• Click OK when prompted to clean files

With the first file it prompts to clean, select the option:

• "Perform action on all infections"
• Choose clean and click OK.

Once finished, click the Save report button & save the report to your desktop

** This scan may take over an hour, after choosing the action for the first item you do not need to stay at the PC.

Reboot your system in Normal Mode.

Online Scans
Perform an online scan with Internet Explorer with Panda ActiveScan
** click on "Free use ActiveScan" located on the top right hand corner

1. Click Scan your PC & a 'pop up' window shall appear. *ensure that your pop up blocker doesn't block it
2. Click Scan Now
3. Enter your e-mail address & click Scan Now ...begins downloading 8 MB Panda's ActiveX controls

Begin the scan by selecting My Computer

• If it finds any malware, it will offer you a report.
• Click on see report. Then click Save report

Post the contents of the report in your next reply

*You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report.
*Turn off the real time scanner of any existing antivirus program while performing the online scan

In your next post please include:

• Panda Activescan Log
• Ewido Log
• A new Hijackthis! Log

[iggyflop]

Panda Activescan Log:

Incident Status Location

Adware:adware/mediatickets Not disinfected Windows Registry
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\nicola\Cookies\nicola@atdmt[1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\nicola\Cookies\nicola@doubleclick[1].txt
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\nicola\Cookies\nicola@statse.webtrendslive[1].txt
Spyware:Cookie/Xmts Not disinfected C:\Documents and Settings\nicola\Application Data\Mozilla\Firefox\Profiles\4vvs7ily.default\cookies.txt[.xmts.net/]
Spyware:Cookie/Xmts Not disinfected C:\Documents and Settings\nicola\Application Data\Mozilla\Firefox\Profiles\4vvs7ily.default\cookies.txt[]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\nicola\Cookies\nicola@atdmt[1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\nicola\Cookies\nicola@doubleclick[1].txt
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\nicola\Cookies\nicola@statse.webtrendslive[1].txt

Ewido Log:

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 14:51:03, 19/04/2006
+ Report-Checksum: 8F929571

+ Scan result:

[200] C:\WINDOWS\system32\winmqx32.dll -> Trojan.Agent.qt : Error during cleaning
:mozilla.14:C:\Documents and Settings\nicola\Application Data\Mozilla\Firefox\Profiles\4vvs7ily.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.33:C:\Documents and Settings\nicola\Application Data\Mozilla\Firefox\Profiles\4vvs7ily.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.34:C:\Documents and Settings\nicola\Application Data\Mozilla\Firefox\Profiles\4vvs7ily.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned with backup
:mozilla.35:C:\Documents and Settings\nicola\Application Data\Mozilla\Firefox\Profiles\4vvs7ily.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned with backup
:mozilla.36:C:\Documents and Settings\nicola\Application Data\Mozilla\Firefox\Profiles\4vvs7ily.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.57:C:\Documents and Settings\nicola\Application Data\Mozilla\Firefox\Profiles\4vvs7ily.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.59:C:\Documents and Settings\nicola\Application Data\Mozilla\Firefox\Profiles\4vvs7ily.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.60:C:\Documents and Settings\nicola\Application Data\Mozilla\Firefox\Profiles\4vvs7ily.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.61:C:\Documents and Settings\nicola\Application Data\Mozilla\Firefox\Profiles\4vvs7ily.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.62:C:\Documents and Settings\nicola\Application Data\Mozilla\Firefox\Profiles\4vvs7ily.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.63:C:\Documents and Settings\nicola\Application Data\Mozilla\Firefox\Profiles\4vvs7ily.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.64:C:\Documents and Settings\nicola\Application Data\Mozilla\Firefox\Profiles\4vvs7ily.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.65:C:\Documents and Settings\nicola\Application Data\Mozilla\Firefox\Profiles\4vvs7ily.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup
:mozilla.66:C:\Documents and Settings\nicola\Application Data\Mozilla\Firefox\Profiles\4vvs7ily.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup
:mozilla.69:C:\Documents and Settings\nicola\Application Data\Mozilla\Firefox\Profiles\4vvs7ily.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.70:C:\Documents and Settings\nicola\Application Data\Mozilla\Firefox\Profiles\4vvs7ily.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.71:C:\Documents and Settings\nicola\Application Data\Mozilla\Firefox\Profiles\4vvs7ily.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.72:C:\Documents and Settings\nicola\Application Data\Mozilla\Firefox\Profiles\4vvs7ily.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.73:C:\Documents and Settings\nicola\Application Data\Mozilla\Firefox\Profiles\4vvs7ily.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.74:C:\Documents and Settings\nicola\Application Data\Mozilla\Firefox\Profiles\4vvs7ily.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.84:C:\Documents and Settings\nicola\Application Data\Mozilla\Firefox\Profiles\4vvs7ily.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.85:C:\Documents and Settings\nicola\Application Data\Mozilla\Firefox\Profiles\4vvs7ily.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.86:C:\Documents and Settings\nicola\Application Data\Mozilla\Firefox\Profiles\4vvs7ily.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.87:C:\Documents and Settings\nicola\Application Data\Mozilla\Firefox\Profiles\4vvs7ily.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.88:C:\Documents and Settings\nicola\Application Data\Mozilla\Firefox\Profiles\4vvs7ily.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.89:C:\Documents and Settings\nicola\Application Data\Mozilla\Firefox\Profiles\4vvs7ily.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.92:C:\Documents and Settings\nicola\Application Data\Mozilla\Firefox\Profiles\4vvs7ily.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup
:mozilla.100:C:\Documents and Settings\nicola\Application Data\Mozilla\Firefox\Profiles\4vvs7ily.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup
:mozilla.103:C:\Documents and Settings\nicola\Application Data\Mozilla\Firefox\Profiles\4vvs7ily.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.104:C:\Documents and Settings\nicola\Application Data\Mozilla\Firefox\Profiles\4vvs7ily.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.105:C:\Documents and Settings\nicola\Application Data\Mozilla\Firefox\Profiles\4vvs7ily.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.106:C:\Documents and Settings\nicola\Application Data\Mozilla\Firefox\Profiles\4vvs7ily.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.110:C:\Documents and Settings\nicola\Application Data\Mozilla\Firefox\Profiles\4vvs7ily.default\cookies.txt -> TrackingCookie.Adviva : Cleaned with backup
:mozilla.111:C:\Documents and Settings\nicola\Application Data\Mozilla\Firefox\Profiles\4vvs7ily.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup
:mozilla.123:C:\Documents and Settings\nicola\Application Data\Mozilla\Firefox\Profiles\4vvs7ily.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.124:C:\Documents and Settings\nicola\Application Data\Mozilla\Firefox\Profiles\4vvs7ily.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.125:C:\Documents and Settings\nicola\Application Data\Mozilla\Firefox\Profiles\4vvs7ily.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.126:C:\Documents and Settings\nicola\Application Data\Mozilla\Firefox\Profiles\4vvs7ily.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup
:mozilla.127:C:\Documents and Settings\nicola\Application Data\Mozilla\Firefox\Profiles\4vvs7ily.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup
:mozilla.140:C:\Documents and Settings\nicola\Application Data\Mozilla\Firefox\Profiles\4vvs7ily.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.141:C:\Documents and Settings\nicola\Application Data\Mozilla\Firefox\Profiles\4vvs7ily.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.142:C:\Documents and Settings\nicola\Application Data\Mozilla\Firefox\Profiles\4vvs7ily.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.143:C:\Documents and Settings\nicola\Application Data\Mozilla\Firefox\Profiles\4vvs7ily.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.149:C:\Documents and Settings\nicola\Application Data\Mozilla\Firefox\Profiles\4vvs7ily.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.150:C:\Documents and Settings\nicola\Application Data\Mozilla\Firefox\Profiles\4vvs7ily.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.151:C:\Documents and Settings\nicola\Application Data\Mozilla\Firefox\Profiles\4vvs7ily.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.152:C:\Documents and Settings\nicola\Application Data\Mozilla\Firefox\Profiles\4vvs7ily.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.153:C:\Documents and Settings\nicola\Application Data\Mozilla\Firefox\Profiles\4vvs7ily.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.154:C:\Documents and Settings\nicola\Application Data\Mozilla\Firefox\Profiles\4vvs7ily.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.155:C:\Documents and Settings\nicola\Application Data\Mozilla\Firefox\Profiles\4vvs7ily.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.156:C:\Documents and Settings\nicola\Application Data\Mozilla\Firefox\Profiles\4vvs7ily.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.169:C:\Documents and Settings\nicola\Application Data\Mozilla\Firefox\Profiles\4vvs7ily.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.170:C:\Documents and Settings\nicola\Application Data\Mozilla\Firefox\Profiles\4vvs7ily.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.171:C:\Documents and Settings\nicola\Application Data\Mozilla\Firefox\Profiles\4vvs7ily.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.172:C:\Documents and Settings\nicola\Application Data\Mozilla\Firefox\Profiles\4vvs7ily.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.173:C:\Documents and Settings\nicola\Application Data\Mozilla\Firefox\Profiles\4vvs7ily.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.174:C:\Documents and Settings\nicola\Application Data\Mozilla\Firefox\Profiles\4vvs7ily.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.175:C:\Documents and Settings\nicola\Application Data\Mozilla\Firefox\Profiles\4vvs7ily.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.180:C:\Documents and Settings\nicola\Application Data\Mozilla\Firefox\Profiles\4vvs7ily.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup
:mozilla.204:C:\Documents and Settings\nicola\Application Data\Mozilla\Firefox\Profiles\4vvs7ily.default\cookies.txt -> TrackingCookie.Clickbank : Cleaned with backup
:mozilla.206:C:\Documents and Settings\nicola\Application Data\Mozilla\Firefox\Profiles\4vvs7ily.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.210:C:\Documents and Settings\nicola\Application Data\Mozilla\Firefox\Profiles\4vvs7ily.default\cookies.txt -> TrackingCookie.Bfast : Cleaned with backup
:mozilla.216:C:\Documents and Settings\nicola\Application Data\Mozilla\Firefox\Profiles\4vvs7ily.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.217:C:\Documents and Settings\nicola\Application Data\Mozilla\Firefox\Profiles\4vvs7ily.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.218:C:\Documents and Settings\nicola\Application Data\Mozilla\Firefox\Profiles\4vvs7ily.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.219:C:\Documents and Settings\nicola\Application Data\Mozilla\Firefox\Profiles\4vvs7ily.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.221:C:\Documents and Settings\nicola\Application Data\Mozilla\Firefox\Profiles\4vvs7ily.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.222:C:\Documents and Settings\nicola\Application Data\Mozilla\Firefox\Profiles\4vvs7ily.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.241:C:\Documents and Settings\nicola\Application Data\Mozilla\Firefox\Profiles\4vvs7ily.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup
:mozilla.252:C:\Documents and Settings\nicola\Application Data\Mozilla\Firefox\Profiles\4vvs7ily.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup
:mozilla.253:C:\Documents and Settings\nicola\Application Data\Mozilla\Firefox\Profiles\4vvs7ily.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup
:mozilla.254:C:\Documents and Settings\nicola\Application Data\Mozilla\Firefox\Profiles\4vvs7ily.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup
:mozilla.255:C:\Documents and Settings\nicola\Application Data\Mozilla\Firefox\Profiles\4vvs7ily.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup
:mozilla.256:C:\Documents and Settings\nicola\Application Data\Mozilla\Firefox\Profiles\4vvs7ily.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup
:mozilla.258:C:\Documents and Settings\nicola\Application Data\Mozilla\Firefox\Profiles\4vvs7ily.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.261:C:\Documents and Settings\nicola\Application Data\Mozilla\Firefox\Profiles\4vvs7ily.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.262:C:\Documents and Settings\nicola\Application Data\Mozilla\Firefox\Profiles\4vvs7ily.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.263:C:\Documents and Settings\nicola\Application Data\Mozilla\Firefox\Profiles\4vvs7ily.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.297:C:\Documents and Settings\nicola\Application Data\Mozilla\Firefox\Profiles\4vvs7ily.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned with backup
:mozilla.313:C:\Documents and Settings\nicola\Application Data\Mozilla\Firefox\Profiles\4vvs7ily.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.316:C:\Documents and Settings\nicola\Application Data\Mozilla\Firefox\Profiles\4vvs7ily.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.330:C:\Documents and Settings\nicola\Application Data\Mozilla\Firefox\Profiles\4vvs7ily.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.331:C:\Documents and Settings\nicola\Application Data\Mozilla\Firefox\Profiles\4vvs7ily.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.332:C:\Documents and Settings\nicola\Application Data\Mozilla\Firefox\Profiles\4vvs7ily.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.333:C:\Documents and Settings\nicola\Application Data\Mozilla\Firefox\Profiles\4vvs7ily.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.334:C:\Documents and Settings\nicola\Application Data\Mozilla\Firefox\Profiles\4vvs7ily.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.343:C:\Documents and Settings\nicola\Application Data\Mozilla\Firefox\Profiles\4vvs7ily.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.349:C:\Documents and Settings\nicola\Application Data\Mozilla\Firefox\Profiles\4vvs7ily.default\cookies.txt -> TrackingCookie.Trafic : Cleaned with backup
:mozilla.350:C:\Documents and Settings\nicola\Application Data\Mozilla\Firefox\Profiles\4vvs7ily.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.351:C:\Documents and Settings\nicola\Application Data\Mozilla\Firefox\Profiles\4vvs7ily.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.355:C:\Documents and Settings\nicola\Application Data\Mozilla\Firefox\Profiles\4vvs7ily.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.357:C:\Documents and Settings\nicola\Application Data\Mozilla\Firefox\Profiles\4vvs7ily.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.366:C:\Documents and Settings\nicola\Application Data\Mozilla\Firefox\Profiles\4vvs7ily.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.370:C:\Documents and Settings\nicola\Application Data\Mozilla\Firefox\Profiles\4vvs7ily.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.371:C:\Documents and Settings\nicola\Application Data\Mozilla\Firefox\Profiles\4vvs7ily.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.375:C:\Documents and Settings\nicola\Application Data\Mozilla\Firefox\Profiles\4vvs7ily.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.376:C:\Documents and Settings\nicola\Application Data\Mozilla\Firefox\Profiles\4vvs7ily.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\rdgGB2404.exe -> Dialer.GBDialer.d : Cleaned with backup
C:\WINDOWS\mtuninst.exe -> Adware.MediaTickets : Cleaned with backup
C:\WINDOWS\system32\__delete_on_reboot__winmqx32.dll -> Trojan.Agent.qt : Cleaned with backup
C:\WINDOWS\winres.dll -> Downloader.IstBar.ff : Cleaned with backup


::Report End

New Hijackthis! Log:

Logfile of HijackThis v1.99.1
Scan saved at 15:33:26, on 19/04/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\sistray.EXE
C:\WINDOWS\System32\keyhook.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\BLUEYO~1\SMARTB~1\blueyonder-istnotifier.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\blueyonder IST\bin\mpbtn.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.blueyonder.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.iqon.ie
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\System32\sistray.EXE
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\System32\keyhook.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\BLUEYO~1\SMARTB~1\blueyonder-istnotifier.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: blueyonder Instant Support Tool.lnk = C:\Program Files\blueyonder IST\bin\blueyonder-istconfig.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O14 - IERESET.INF: START_PAGE_URL=http://www.iqon.ie
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O20 - Winlogon Notify: winmqx32 - winmqx32.dll (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE



Thank you so much for your help.

[Vikesrock8411]

Please download KillBox v2.0.0.175.exe (it's important that you get version v2.0.0.175)

Launch KillBox.exe & select the following options:

• delete on Reboot

Select all the filenames below & then right-click & select Copy

• C:\WINDOWS\SYSTEM32\winmqx32.dll
  

* Go to the File menu, and choose Paste from Clipboard
* Click the RED X button.
* Click Yes at the Delete on Reboot prompt.
* Click Yes at the 'Pending Operations prompt'.

HijackThis!
Open Hijack This and click on Scan. Check the following entries (make sure you do not miss any)
O20 - Winlogon Notify: winmqx32 - winmqx32.dll (file missing)
Please remember to close all other windows, including browsers then click Fix checked.

Reboot and post a new hijackthis log

[iggyflop]

New Hijackthis! Log

Logfile of HijackThis v1.99.1
Scan saved at 08:34:12, on 20/04/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\sistray.EXE
C:\WINDOWS\System32\keyhook.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\BLUEYO~1\SMARTB~1\blueyonder-istnotifier.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\blueyonder IST\bin\mpbtn.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.blueyonder.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.iqon.ie
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\System32\sistray.EXE
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\System32\keyhook.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\BLUEYO~1\SMARTB~1\blueyonder-istnotifier.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: blueyonder Instant Support Tool.lnk = C:\Program Files\blueyonder IST\bin\blueyonder-istconfig.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O14 - IERESET.INF: START_PAGE_URL=http://www.iqon.ie
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

[Vikesrock8411]

Your log appears to be clean. If you still have any problems let me know and we will work on diagnosing those through other means. If not, there are just a few more things to go through to finish this off and help prevent future infections. Please post one more time even if you have no problems so we can mark this thread as resolved.

Disabling the Viewing of Hidden and System Files

• Click Start.
• Open My Computer.
• Select the Tools menu and click Folder Options.
• Select the View tab.
• Deselect the Show hidden files and folders option.
• Select the Hide file extensions for known types option.
• Select the Hide protected operating system files option.
• Click Yes to confirm.
• Click OK.

Setting a new Restore Point
Go to Start >> Run - type control sysdm.cpl,,4 & press Enter.

• Tick the checkbox - Turn off System Restore on all drives
• Click Apply
• Turn it back 'On' by unticking the same checkbox & click OK

Windows Update
Make sure to get the latest updates for Windows and Internet Explorer at Microsoft Update Site.

Prevention
A good virus scanner is a necessity in today's computer environment. Many virus scanners include active components that protect you from infection without even running a scan. Some good free antivirus programs include:
AVG Free
Avast! Home Edition (Antivirus & Firewall)
AntiVir

A firewall is the first line of defense standing between the internet and your computer. Some good free firewalls are:
Zone Alarm
Outpost
Tiny Personal Firewall
Sunbelt Kerio Personal Firewall

Adaware SE and Spybot SD are a pair of anti-spyware scanners that should be run every week or two. Although there is some overlap there are many pieces of malware that is caught by one of these and not the other, therefore it is recommended you use both to compliment each other. Spybot also contains two other useful pieces. The first is "Immunize", this helps protect your computer against known exploits. The second is "TeaTimer", with this feature enabled you will receive notifications of all changes to the registry such as programs adding themselves to start-up and you default search page being changed.

Spyware Blaster is a powerful tool that prevents "drive-by" downloads and other unwanted installations. It also uses no system resources, run it once and you're all set. Spyware Guard Is a realtime protection engine to guard your computer from spyware. This program does for spyware what an antivirus program does for viruses.

IE-Spyad is a program that only needs to be run once to protect you from many malicious sites. It adds domains of known adware companies into the Restricted List of Internet Explorer, preventing them from performing malicious actions on your PC.

The MVPS HOSTS file is a file you can download and use to replace your regular hosts file. It prevents many sites from performing malicious actions by blocking the sites from ever being accessed.

Together these programs form a powerful barrier between the Internet and your computer. However, all the programs stand alone and feel free to eliminate any you are not comfortable with. Any protection you add to your PC is better than no protection at all.

Alternative Programs
Here are some alternatives that are either less suceptible than others to malware or don't contain malware where similar programs do.

Trillian or Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)

Desktop Weather - Free taskbar weather program that is free, malware free, and resource light.

Firefox - This is an increasingly popular alternate browser. Whilst Internet Explorer is not a bad browser, almost every exploit crafted is targeted to take advantage of an IE weakness.

Sun's Java - It's much more secure than Microsoft's Java Virtual Machine.

[iggyflop]

everything seems to be working perfectly, muchos thanks for the help.