Hi Andy,

how's life going?
i have the same problems with chinese navigation and i want to get rid of them asap, please help me because i couldn't able to remove it yet:-(

best wishes,

Elif


and my HijackThis Log is...

Logfile of HijackThis v1.99.1
Scan saved at 01:16:36, on 11/01/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CNNIC\Cdn\cdnup.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\bittorrent.exe
C:\Program Files\Common Files\System\Update.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Spyware Doctor\spydoctor.exe
C:\WINDOWS\FSScrCtl.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexp1ore.exe
C:\Program Files\CNNIC\Cdn\cdnunins.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\tr-tr\msnappau.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Documents and Settings\elif\My Documents\Unzipped\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bilkent.edu.tr/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://client.jogo.cn/cdn/browser/sidesear...esearch-en.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://client.jogo.cn/cdn/browser/customse...msearch-en.html
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\6.bin\MWSSRCAS.DLL (file missing)
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - E:\Program Files\ICQToolbar\toolbaru.dll (file missing)
F3 - REG:win.ini: load=C:\WINDOWS\system\tpkIM32.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: BolgerObj Class - {302A3240-4805-4a34-97D7-1645A0B08410} - C:\WINDOWS\Bolger.dll (file missing)
O2 - BHO: YnrHvbaj Class - {3B68DB41-01D6-028A-D1CF-97742C7A1028} - C:\WINDOWS\DOWNLO~1\mvlvxaxe.dll
O2 - BHO: CdnForIE Class - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll
O2 - BHO: Vision - {6671A431-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\MMSASS~1\mmsass~1.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: System Helper - {B88DBC3F-41FB-40AE-AFB0-4220E842B710} - C:\WINDOWS\system32\flash9.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\tr-tr\msntb.dll
O2 - BHO: WMHlprObj Class - {F5824EFB-728A-4726-A5A5-85A68B20EDC3} - C:\PROGRA~1\CNNIC\Cdn\wmhlpr.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - E:\Program Files\ICQToolbar\toolbaru.dll (file missing)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\tr-tr\msntb.dll
O4 - HKLM\..\Run: [SpySpotter] C:\Program Files\SpySpotter\SpySpotter.exe -onreboot
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [AutoTBar] NDOWS\system32\WBEM;C:\Program Files\ATI Technologies\ATI Control PanelAUTOTBAR.EXE
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Bittorrent] C:\WINDOWS\bittorrent.exe
O4 - HKLM\..\Run: [Update] C:\Program Files\Common Files\update2\Update.exe
O4 - HKLM\..\Run: [CdnCtr] C:\Program Files\CNNIC\Cdn\cdnup.exe
O4 - HKLM\..\Run: [System] C:\Program Files\Common Files\System\Update.exe
O4 - HKLM\..\RunServices: [Media Player] wmplayer.exe
O4 - HKLM\..\RunServices: [Windows Messenger] msmsgs.exe
O4 - HKCU\..\Run: [BackupNotify] C:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\spydoctor.exe" /Q
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [SalaatTime] C:\Program Files\Salaat Time\SalaatTime.exe
O4 - Startup: Screen Saver Control.lnk = C:\WINDOWS\FSScrCtl.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &ICQ Toolbar Search - res://E:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZN
O8 - Extra context menu item: >>²ÊÐÅ·¢ËÍ<< - res://C:\PROGRA~1\MMSASS~1\mmsass~1.dll/mms.htm
O8 - Extra context menu item: Access Internet Keyword - C:\Program Files\CNNIC\Cdn\cnnic.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Grip.com - file://C:\Program Files\GRIPCZ26\Cache\SelectedContextSearch.htm
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Write a Review... - http://client.alexa.com/holiday/script/actions/review.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.1\bin\npjpi141.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.1\bin\npjpi141.dll
O9 - Extra button: ¿á±ê - {1D901067-2529-4A9B-9B6B-7A1DB3A44CB5} - C:\Program Files\coolsign\coolsign.dll
O9 - Extra button: Chinese Navigation - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll
O9 - Extra 'Tools' menuitem: Chinese Navigation - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll
O9 - Extra button: (no name) - {6671A433-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\MMSASS~1\mmsass~1.dll
O9 - Extra 'Tools' menuitem: ²ÊE¾«ÁéÉèÖà - {6671A433-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\MMSASS~1\mmsass~1.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - E:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - E:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\cdnns.dll
O11 - Options group: [CDNCLIENT] Chinese Navigation
O18 - Protocol: ezstor - {6344A3A0-96A7-11D4-88CC-000000000000} - C:\WINDOWS\system32\viewers\ezspp.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: x-mem1 - {C3719F83-7EF8-4BA0-89B0-3360C7AFB7CC} - C:\Program Files\Common Files\EzTools\wowctl2.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe (file missing)
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Internet Protect Service (NHLscA) - Unknown owner - C:\WINDOWS\SYSTEM32\RUNDLL.EXE (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

I split your post so that its easier to help.
Your computer is infected so lets get started.

Run BitDefender Online Scanner

• Using internet Explorer please go HERE to run BitDefender's Online scan.
• Read the terms and then click I Agree
• You may receive a Security Warning about the BitDefender ActiveX control, If you do, please allow it to install.
• On the scanning Options screen, Press Click Here To Scan and then follow the on screen prompts.
• Once bit defender is finished scanning your computer it will automatically remove the infections. Once the removal process is finished press the close button and a dialog box will appear asking if you want to send your scan log back to the makers of bitdefender. You do not have to do this but what you do want to do is press the button that says "view log" and then copy and paste that log into notepad and save it to your desktop as bitdefender.txt.
• Reboot your computer

---------------

Download Superantispyware

1. Load Superantispyware and click the check for updates button.
2. Once the update is finished click the scan your computer button.
3. Check Perform Complete Scan and then next.
4. Superantispyware will now scan your computer and when its finished it will list all the infections it has found.
5. Make sure that they all have a check next to them and press next.
6. Click finish and you will be taken back to the main interface.
7. Click Preferences and then click the statistics/logs tab. Click the dated log and press view log and a text file will appear.
8. Copy and paste the log onto the forum.

Run both scans and come back with a bitdefender log, a superantispyware log, and a new hijackthis log.

thank u so much rridgely,
but after i accepted it was trying then says "could not load the online scanner!"

Try one more time. If you cant get through we will try a different antivirus.

it works this time:)

Great, just follow those directions I posted above and it should go pretty smoothly.

it's scanning now and it has already found many infected files
i found this site by chance, fortunately
it seems taking much time, so untill which time are u going to be here?
thaks

I check in on the site from around 5PM-11PM(eastern US) every 20 or so minutes(depending on what I'm doing and if I'm home). Don't worry I'll be around. Just post those logs I requested once your done.

sure after scanning i'll post the new logs
it says estimated time left is 01:47
so see u then

finally here the logs

BitDefender Online Scanner - Real Time Virus Report
Generated at: Wed, Nov 01, 2006 - 05:46:10


Scan Info
Scanned Files 687280
Infected Files 36


Virus Detected
Trojan.Dropper.Small.HT 1
Trivial.101.C 4
Trojan.Keylogger.143 1
Dropped:Application.ProcKill.Jk 1
Trojan.Downloader.Nsis.A 1
Win32.Worm.RJump.E 1
Trojan.Dropper.Small.UV 1
Trojan.Pws.Delf.AK 1
Trojan.Downloader.Agent.AMI 1
Java.Trojan.Downloader.OpenStream.C 1
Trojan.Java.Classloader.G 1
Application.Keygen.Xpstyle.U 1
Trojan.Dropper.Funweb.A 1
Adware.Clicker.BA 2
Trojan.Spy.Bispy.A 4
Trojan.Agent.CP 3
Trojan.Downloader.Gen 3
Trojan.Dropper.Small.QG 1
Generic.Botget.1350AB97 1
BehavesLike:Trojan.Downloader 1
Trojan.Java.ClassLoader.D 1
Trojan.Downloader.Qqhelper.DK 3
BehavesLike:Win32.ExplorerHijack 1




This summary of the scan process will be used by the BitDefender Antivirus Lab to create agregate statistics about virus activity around the world.

--------------------------

SUPERAntiSpyware Scan Log
Generated 11/01/2006 at 06:51 AM

Application Version : 3.3.1020

Core Rules Database Version : 3118
Trace Rules Database Version: 1141

Scan type : Complete Scan
Total Scan Time : 00:21:25

Memory items scanned : 424
Memory threats detected : 3
Registry items scanned : 5720
Registry threats detected : 87
File items scanned : 35498
File threats detected : 74

Trojan.Downloader-ALBUS
C:\WINDOWS\SYSTEM32\ALBUS.DLL
C:\WINDOWS\SYSTEM32\ALBUS.DLL
C:\PROGRA~1\MMSASS~1\ALBUS.DLL
C:\PROGRA~1\MMSASS~1\ALBUS.DLL
HKLM\System\ControlSet001\Services\Albus
C:\WINDOWS\SYSTEM32\DRIVERS\ALBUS.SYS
HKLM\System\ControlSet003\Services\Albus
HKLM\System\CurrentControlSet\Services\Albus
C:\PROGRAM FILES\MMSASSIST\ALBUS.DLL

Trojan.Downloader-Vision
C:\PROGRA~1\MMSASS~1\MMSASS~1.DLL
C:\PROGRA~1\MMSASS~1\MMSASS~1.DLL
HKLM\Software\Classes\CLSID\{6671A431-5C3D-463d-A7CF-5587F9B7E191}
HKCR\CLSID\{6671A431-5C3D-463D-A7CF-5587F9B7E191}
HKCR\CLSID\{6671A431-5C3D-463D-A7CF-5587F9B7E191}
HKCR\CLSID\{6671A431-5C3D-463D-A7CF-5587F9B7E191}\InprocServer32
HKCR\CLSID\{6671A431-5C3D-463D-A7CF-5587F9B7E191}\InprocServer32#ThreadingModel
HKCR\CLSID\{6671A431-5C3D-463D-A7CF-5587F9B7E191}\ProgID
HKCR\CLSID\{6671A431-5C3D-463D-A7CF-5587F9B7E191}\Programmable
HKCR\CLSID\{6671A431-5C3D-463D-A7CF-5587F9B7E191}\TypeLib
HKCR\CLSID\{6671A431-5C3D-463D-A7CF-5587F9B7E191}\VersionIndependentProgID
HKLM\Software\Classes\CLSID\{6671A432-5C3D-463d-A7CF-5587F9B7E191}
HKCR\CLSID\{6671A432-5C3D-463D-A7CF-5587F9B7E191}
HKCR\CLSID\{6671A432-5C3D-463D-A7CF-5587F9B7E191}
HKCR\CLSID\{6671A432-5C3D-463D-A7CF-5587F9B7E191}\InprocServer32
HKCR\CLSID\{6671A432-5C3D-463D-A7CF-5587F9B7E191}\InprocServer32#ThreadingModel
HKCR\CLSID\{6671A432-5C3D-463D-A7CF-5587F9B7E191}\ProgID
HKCR\CLSID\{6671A432-5C3D-463D-A7CF-5587F9B7E191}\Programmable
HKCR\CLSID\{6671A432-5C3D-463D-A7CF-5587F9B7E191}\TypeLib
HKCR\CLSID\{6671A432-5C3D-463D-A7CF-5587F9B7E191}\VersionIndependentProgID
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6671A431-5C3D-463d-A7CF-5587F9B7E191}
C:\PROGRAM FILES\MMSASSIST\MMSASS~1.DLL
C:\PROGRAM FILES\MMSASSIST\MMSSVER.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{12053741-19F0-4347-BCE0-4B42C68DA7C7}\RP384\A0239323.DLL

Trojan.Fengcent/Quicklink
[System] C:\PROGRAM FILES\COMMON FILES\SYSTEM\UPDATE.EXE
C:\PROGRAM FILES\COMMON FILES\SYSTEM\UPDATE.EXE
HKCR\QuickButton.QuickBtn
HKCR\QuickButton.QuickBtn\CLSID
HKCR\QuickButton.QuickBtn\CurVer
HKCR\sss1.sss2.1
HKCR\sss1.sss2.1\CLSID
HKCR\CLSID\{D1BB7CF4-4463-4e91-88D7-ECC3CE0A13B7}
HKCR\CLSID\{D1BB7CF4-4463-4e91-88D7-ECC3CE0A13B7}\InprocServer32
HKCR\CLSID\{D1BB7CF4-4463-4e91-88D7-ECC3CE0A13B7}\InprocServer32#ThreadingModel
HKCR\CLSID\{D1BB7CF4-4463-4e91-88D7-ECC3CE0A13B7}\ProgID
HKCR\CLSID\{D1BB7CF4-4463-4e91-88D7-ECC3CE0A13B7}\Programmable
HKCR\CLSID\{D1BB7CF4-4463-4e91-88D7-ECC3CE0A13B7}\VersionIndependentProgID
HKLM\Software\Microsoft\Internet Explorer\Extensions\{1D901067-2529-4A9B-9B6B-7A1DB3A44CB5}
HKLM\Software\Microsoft\Internet Explorer\Extensions\{1D901067-2529-4A9B-9B6B-7A1DB3A44CB5}#CLSID
HKLM\Software\Microsoft\Internet Explorer\Extensions\{1D901067-2529-4A9B-9B6B-7A1DB3A44CB5}#ClsidExtension
HKLM\Software\Microsoft\Internet Explorer\Extensions\{1D901067-2529-4A9B-9B6B-7A1DB3A44CB5}#Default Visible
HKLM\Software\Microsoft\Internet Explorer\Extensions\{1D901067-2529-4A9B-9B6B-7A1DB3A44CB5}#ButtonText
HKLM\Software\Microsoft\Internet Explorer\Extensions\{1D901067-2529-4A9B-9B6B-7A1DB3A44CB5}#Icon
HKLM\Software\Microsoft\Internet Explorer\Extensions\{1D901067-2529-4A9B-9B6B-7A1DB3A44CB5}#HotIcon
C:\PROGRAM FILES\COOLSIGN\COOLSIGN.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{12053741-19F0-4347-BCE0-4B42C68DA7C7}\RP382\A0238148.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{12053741-19F0-4347-BCE0-4B42C68DA7C7}\RP384\A0239349.DLL

Adware.MyWay
HKLM\Software\Classes\CLSID\{04079854-5845-4dea-848C-3ECD647AA554}
HKCR\CLSID\{04079854-5845-4DEA-848C-3ECD647AA554}
HKCR\CLSID\{04079854-5845-4DEA-848C-3ECD647AA554}
HKCR\CLSID\{04079854-5845-4DEA-848C-3ECD647AA554}\Control
HKCR\CLSID\{04079854-5845-4DEA-848C-3ECD647AA554}\InprocServer32
HKCR\CLSID\{04079854-5845-4DEA-848C-3ECD647AA554}\InprocServer32#ThreadingModel
HKCR\CLSID\{04079854-5845-4DEA-848C-3ECD647AA554}\MiscStatus
HKCR\CLSID\{04079854-5845-4DEA-848C-3ECD647AA554}\MiscStatus\1
HKCR\CLSID\{04079854-5845-4DEA-848C-3ECD647AA554}\ProgID
HKCR\CLSID\{04079854-5845-4DEA-848C-3ECD647AA554}\Programmable
HKCR\CLSID\{04079854-5845-4DEA-848C-3ECD647AA554}\TypeLib
HKCR\CLSID\{04079854-5845-4DEA-848C-3ECD647AA554}\Version
HKCR\CLSID\{04079854-5845-4DEA-848C-3ECD647AA554}\VersionIndependentProgID
C:\PROGRAM FILES\MYWAY\SRCHASTT\1.BIN\MYSRCHAS.DLL
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWaySearchAssistant
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWaySearchAssistant#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWaySearchAssistant#HelpLink
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWaySearchAssistant#Publisher
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWaySearchAssistant#UninstallString
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWaySearchAssistant#UrlInfoAbout
C:\Program Files\MyWay\myBar\1.bin\MYPOPSWT.DLL
C:\Program Files\MyWay\myBar\1.bin
C:\Program Files\MyWay\myBar\Cache\0023C27A
C:\Program Files\MyWay\myBar\Cache\0023C941
C:\Program Files\MyWay\myBar\Cache\0023CB25.bin
C:\Program Files\MyWay\myBar\Cache\0023CEA0.bin
C:\Program Files\MyWay\myBar\Cache\0023D046.bin
C:\Program Files\MyWay\myBar\Cache\00D49A83
C:\Program Files\MyWay\myBar\Cache\00D4A6F7
C:\Program Files\MyWay\myBar\Cache\00D4B5FA.bin
C:\Program Files\MyWay\myBar\Cache\00D4BA02.bin
C:\Program Files\MyWay\myBar\Cache\00D4BD9B.bin
C:\Program Files\MyWay\myBar\Cache
C:\Program Files\MyWay\myBar\History
C:\Program Files\MyWay\myBar\Settings
C:\Program Files\MyWay\myBar
C:\Program Files\MyWay\SrchAstt\1.bin\PARTNER.DAT
C:\Program Files\MyWay\SrchAstt\1.bin\PARTNER2.DAT
C:\Program Files\MyWay\SrchAstt\1.bin
C:\Program Files\MyWay\SrchAstt\Cache\0023C614
C:\Program Files\MyWay\SrchAstt\Cache\00274400
C:\Program Files\MyWay\SrchAstt\Cache\files.ini
C:\Program Files\MyWay\SrchAstt\Cache
C:\Program Files\MyWay\SrchAstt\Settings\prevcfg.htm
C:\Program Files\MyWay\SrchAstt\Settings
C:\Program Files\MyWay\SrchAstt
C:\Program Files\MyWay

Adware.IExplorr
HKLM\Software\Classes\CLSID\{4CEBBC6B-5CEE-4644-80CF-38980BAE93F6}
HKCR\CLSID\{4CEBBC6B-5CEE-4644-80CF-38980BAE93F6}
HKCR\CLSID\{4CEBBC6B-5CEE-4644-80CF-38980BAE93F6}
HKCR\CLSID\{4CEBBC6B-5CEE-4644-80CF-38980BAE93F6}\Implemented Categories
HKCR\CLSID\{4CEBBC6B-5CEE-4644-80CF-38980BAE93F6}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502}
HKCR\CLSID\{4CEBBC6B-5CEE-4644-80CF-38980BAE93F6}\InprocServer32
HKCR\CLSID\{4CEBBC6B-5CEE-4644-80CF-38980BAE93F6}\InprocServer32#ThreadingModel
HKCR\CLSID\{4CEBBC6B-5CEE-4644-80CF-38980BAE93F6}\ProgID
HKCR\CLSID\{4CEBBC6B-5CEE-4644-80CF-38980BAE93F6}\Programmable
HKCR\CLSID\{4CEBBC6B-5CEE-4644-80CF-38980BAE93F6}\TypeLib
HKCR\CLSID\{4CEBBC6B-5CEE-4644-80CF-38980BAE93F6}\VERSION
C:\WINDOWS\IEXPLORR23.DLL

Trojan.Haxdoor-CNNIC
HKLM\System\ControlSet001\Services\cdnprot
C:\WINDOWS\SYSTEM32\DRIVERS\CDNPROT.SYS
HKLM\System\ControlSet003\Services\cdnprot
HKLM\System\CurrentControlSet\Services\cdnprot
C:\PROGRAM FILES\CNNIC\CDN\UPDATE\CDNPROT.SYS

Adware.Tracking Cookie
C:\Documents and Settings\elif\Cookies\elif@dist.belnk[2].txt
C:\Documents and Settings\elif\Cookies\elif@1072689790[1].txt
C:\Documents and Settings\elif\Cookies\elif@ad.yieldmanager[1].txt
C:\Documents and Settings\elif\Cookies\elif@atdmt[2].txt
C:\Documents and Settings\elif\Cookies\elif@tacoda[1].txt
C:\Documents and Settings\elif\Cookies\elif@ad.e-kolay[1].txt
C:\Documents and Settings\elif\Cookies\elif@e-zbanner[1].txt
C:\Documents and Settings\elif\Cookies\elif@adserver.adsimsar[1].txt
C:\Documents and Settings\elif\Cookies\elif@1067042168[2].txt
C:\Documents and Settings\elif\Cookies\elif@counter.henbang[2].txt
C:\Documents and Settings\elif\Cookies\elif@webstat.toonboom[1].txt
C:\Documents and Settings\elif\Cookies\elif@roiservice[1].txt
C:\Documents and Settings\elif\Cookies\elif@ads2.e-zbanner[1].txt
C:\Documents and Settings\elif\Cookies\elif@campaign.indieclick[1].txt
C:\Documents and Settings\elif\Cookies\elif@anad.tacoda[1].txt
C:\Documents and Settings\elif\Cookies\elif@list[1].txt
C:\Documents and Settings\elif\Cookies\elif@v1.textclick[2].txt
C:\Documents and Settings\elif\Cookies\elif@burstnet[2].txt
C:\Documents and Settings\elif\Cookies\elif@toplist[1].txt
C:\Documents and Settings\elif\Cookies\elif@adserver.denizfeneri.org[1].txt
C:\Documents and Settings\elif\Cookies\elif@serving-sys[2].txt
C:\Documents and Settings\elif\Cookies\elif@belnk[1].txt
C:\Documents and Settings\elif\Cookies\elif@rambler[1].txt
C:\Documents and Settings\Guest\Cookies\guest@atdmt[2].txt
C:\Documents and Settings\Guest\Cookies\guest@cliks[1].txt
C:\Documents and Settings\Guest\Cookies\guest@doubleclick[1].txt
C:\Documents and Settings\Guest\Cookies\guest@offeroptimizer[2].txt
C:\Documents and Settings\LocalService\Cookies\system@atdmt[1].txt

Adware.MyWebSearch
HKCR\CLSID\{00A6FAF6-072E-44CF-8957-5838F569A31D}
HKCR\CLSID\{00A6FAF6-072E-44CF-8957-5838F569A31D}\InprocServer32
HKCR\CLSID\{00A6FAF6-072E-44CF-8957-5838F569A31D}\InprocServer32#ThreadingModel
HKCR\CLSID\{00A6FAF6-072E-44CF-8957-5838F569A31D}\Programmable

Adware.ClearSearch
HKCR\TypeLib\{53F066F0-A4C0-4F46-83EB-2DFD03F938CF}
HKCR\TypeLib\{53F066F0-A4C0-4F46-83EB-2DFD03F938CF}\1.0
HKCR\TypeLib\{53F066F0-A4C0-4F46-83EB-2DFD03F938CF}\1.0\0
HKCR\TypeLib\{53F066F0-A4C0-4F46-83EB-2DFD03F938CF}\1.0\0\win32
HKCR\TypeLib\{53F066F0-A4C0-4F46-83EB-2DFD03F938CF}\1.0\FLAGS
HKCR\TypeLib\{53F066F0-A4C0-4F46-83EB-2DFD03F938CF}\1.0\HELPDIR

Adware.Boran
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6A512BF7-EC78-4e8d-9841-6C02E8FA9838}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6A512BF7-EC78-4e8d-9841-6C02E8FA9838}#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6A512BF7-EC78-4e8d-9841-6C02E8FA9838}#UninstallString

Unclassified.Unknown Origin
C:\SYSTEM VOLUME INFORMATION\_RESTORE{12053741-19F0-4347-BCE0-4B42C68DA7C7}\RP384\A0239363.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{12053741-19F0-4347-BCE0-4B42C68DA7C7}\RP384\A0239366.EXE

Unclassified.Unknown Origin/System
C:\WINDOWS\SYSTEM32\ALSMT.EXE
-------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 07:04:54, on 11/01/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CNNIC\Cdn\cdnup.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\bittorrent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spyware Doctor\spydoctor.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\FSScrCtl.exe
C:\Program Files\Internet Explorer\iexp1ore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\tr-tr\msnappau.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Documents and Settings\elif\My Documents\Unzipped\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bilkent.edu.tr/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://client.jogo.cn/cdn/browser/sidesear...esearch-en.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://client.jogo.cn/cdn/browser/customse...msearch-en.html
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - E:\Program Files\ICQToolbar\toolbaru.dll (file missing)
F3 - REG:win.ini: load=C:\WINDOWS\system\tpkIM32.exe
O2 - BHO: CdnForIE Class - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\tr-tr\msntb.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - E:\Program Files\ICQToolbar\toolbaru.dll (file missing)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\tr-tr\msntb.dll
O4 - HKLM\..\Run: [SpySpotter] C:\Program Files\SpySpotter\SpySpotter.exe -onreboot
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [AutoTBar] NDOWS\system32\WBEM;C:\Program Files\ATI Technologies\ATI Control PanelAUTOTBAR.EXE
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Bittorrent] C:\WINDOWS\bittorrent.exe
O4 - HKLM\..\Run: [Update] C:\Program Files\Common Files\update2\Update.exe
O4 - HKLM\..\Run: [CdnCtr] C:\Program Files\CNNIC\Cdn\cdnup.exe
O4 - HKLM\..\RunServices: [Media Player] wmplayer.exe
O4 - HKLM\..\RunServices: [Windows Messenger] msmsgs.exe
O4 - HKCU\..\Run: [BackupNotify] C:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\spydoctor.exe" /Q
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [SalaatTime] C:\Program Files\Salaat Time\SalaatTime.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: Screen Saver Control.lnk = C:\WINDOWS\FSScrCtl.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &ICQ Toolbar Search - res://E:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZN
O8 - Extra context menu item: >>²ÊÐÅ·¢ËÍ<< - res://C:\PROGRA~1\MMSASS~1\mmsass~1.dll/mms.htm
O8 - Extra context menu item: Access Internet Keyword - C:\Program Files\CNNIC\Cdn\cnnic.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Grip.com - file://C:\Program Files\GRIPCZ26\Cache\SelectedContextSearch.htm
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Write a Review... - http://client.alexa.com/holiday/script/actions/review.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.1\bin\npjpi141.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.1\bin\npjpi141.dll
O9 - Extra button: Chinese Navigation - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll
O9 - Extra 'Tools' menuitem: Chinese Navigation - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll
O9 - Extra button: (no name) - {6671A433-5C3D-463d-A7CF-5587F9B7E191} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: ²ÊE¾«ÁéÉèÖà - {6671A433-5C3D-463d-A7CF-5587F9B7E191} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - E:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - E:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\cdnns.dll
O11 - Options group: [CDNCLIENT] Chinese Navigation
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O18 - Protocol: ezstor - {6344A3A0-96A7-11D4-88CC-000000000000} - C:\WINDOWS\system32\viewers\ezspp.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: x-mem1 - {C3719F83-7EF8-4BA0-89B0-3360C7AFB7CC} - C:\Program Files\Common Files\EzTools\wowctl2.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe (file missing)
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Internet Protect Service (NHLscA) - Unknown owner - C:\WINDOWS\SYSTEM32\RUNDLL.EXE (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

------------------------------

thanks

Please download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

SmitFraudFix v2.117

Scan done at 2:29:17,37, 11/02/2006
Run from C:\Documents and Settings\elif\My Documents\Unzipped\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\elif


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\elif\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\elif\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="http://www.maxgalleries.com/stars/morgan-t/tm_01m/vidcaps/03_patriot/patriot-108-bc.jpg"
"SubscribedURL"="http://www.maxgalleries.com/stars/morgan-t/tm_01m/vidcaps/03_patriot/patriot-108-bc.jpg"
"FriendlyName"=""

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1]
"Source"="http://www.poster.com.pl/walkuski/nieist.jpg"
"SubscribedURL"="http://www.poster.com.pl/walkuski/nieist.jpg"
"FriendlyName"=""
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\2]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32


»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

so it's done?
do i need to do smth else?
thanks

You should print out these instructions, or copy them to a Notepad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

Please reboot your computer in Safe Mode by doing the following :

• Restart your computer
• After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
• Instead of Windows loading as normal, a menu with options should appear;
• Select the first option, to run Windows in Safe Mode, then press "Enter".
• Choose your usual account.

Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmd
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart anyway into normal Windows. A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply along with a new HijackThis log.

SmitFraudFix v2.117

Scan done at 4:23:54,34, 11/02/2006
Run from C:\Documents and Settings\elif\My Documents\Unzipped\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End




Logfile of HijackThis v1.99.1
Scan saved at 04:34:16, on 11/02/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\bittorrent.exe
C:\Program Files\CNNIC\Cdn\cdnup.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spyware Doctor\spydoctor.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\FSScrCtl.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexp1ore.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\tr-tr\msnappau.exe
C:\Documents and Settings\elif\My Documents\Unzipped\hijackthis\HijackThis.exe

R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - E:\Program Files\ICQToolbar\toolbaru.dll (file missing)
F3 - REG:win.ini: load=C:\WINDOWS\system\tpkIM32.exe
O2 - BHO: CdnForIE Class - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\tr-tr\msntb.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - E:\Program Files\ICQToolbar\toolbaru.dll (file missing)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\tr-tr\msntb.dll
O4 - HKLM\..\Run: [SpySpotter] C:\Program Files\SpySpotter\SpySpotter.exe -onreboot
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [AutoTBar] NDOWS\system32\WBEM;C:\Program Files\ATI Technologies\ATI Control PanelAUTOTBAR.EXE
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Bittorrent] C:\WINDOWS\bittorrent.exe
O4 - HKLM\..\Run: [CdnCtr] C:\Program Files\CNNIC\Cdn\cdnup.exe
O4 - HKLM\..\RunServices: [Media Player] wmplayer.exe
O4 - HKLM\..\RunServices: [Windows Messenger] msmsgs.exe
O4 - HKCU\..\Run: [BackupNotify] C:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\spydoctor.exe" /Q
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [SalaatTime] C:\Program Files\Salaat Time\SalaatTime.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: Screen Saver Control.lnk = C:\WINDOWS\FSScrCtl.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &ICQ Toolbar Search - res://E:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZN
O8 - Extra context menu item: >>²ÊÐÅ·¢ËÍ<< - res://C:\PROGRA~1\MMSASS~1\mmsass~1.dll/mms.htm
O8 - Extra context menu item: Access Internet Keyword - C:\Program Files\CNNIC\Cdn\cnnic.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Grip.com - file://C:\Program Files\GRIPCZ26\Cache\SelectedContextSearch.htm
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Write a Review... - http://client.alexa.com/holiday/script/actions/review.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.1\bin\npjpi141.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.1\bin\npjpi141.dll
O9 - Extra button: Chinese Navigation - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll
O9 - Extra 'Tools' menuitem: Chinese Navigation - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll
O9 - Extra button: (no name) - {6671A433-5C3D-463d-A7CF-5587F9B7E191} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: ²ÊE¾«ÁéÉèÖà - {6671A433-5C3D-463d-A7CF-5587F9B7E191} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - E:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - E:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\cdnns.dll
O11 - Options group: [CDNCLIENT] Chinese Navigation
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O18 - Protocol: ezstor - {6344A3A0-96A7-11D4-88CC-000000000000} - C:\WINDOWS\system32\viewers\ezspp.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: x-mem1 - {C3719F83-7EF8-4BA0-89B0-3360C7AFB7CC} - C:\Program Files\Common Files\EzTools\wowctl2.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe (file missing)
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Internet Protect Service (NHLscA) - Unknown owner - C:\WINDOWS\SYSTEM32\RUNDLL.EXE (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

* Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

• Doubleclick the drweb-cureit.exe file and Allow to run the express scan
• This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
• Once the short scan has finished, mark the drives that you want to scan.
• Select all drives. A red dot shows which drives have been chosen.
• Click the green arrow at the right, and the scan will start.
• Click 'Yes to all' if it asks if you want to cure/move the file.
• When the scan has finished, in the menu, click file and choose save report list
• Save the report to your desktop. The report will be called DrWeb.csv
• Close Dr.Web Cureit.
• Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
• After reboot, post the contents of the log from Dr.Web you saved previously in your next reply.

Post the cure it log and a new hijackthis log.

it's still downloading...
by the way my sound device is disappear i don't know why,can it be because of all these applications? do u know what else?how can i download it or repair?
thanks

Is the sound working? Or did the icon just disappear?
Nothing I had you do should have messed up your sound(or even could have)

The file is only 5mb so it shouldn't take that long to download..

yea it's not big but my connection was interrupted
sound is gone also...today i had some changings with avie codecs maybe it causes

cdnforie.dll c:\program files\cnnic\cdn Adware.Cdn
cdnup.exe c:\program files\cnnic\cdn Adware.Cdn
iexp1ore.exe c:\program files\internet explorer Probably DLOADER.Trojan
bittorrent.exe c:\windows Worm.Peerav Incurable.Will be moved after reboot.
hidport.sys c:\windows\system32\drivers Trojan.StartPage.1647 Deleted.
stdupnet.dll c:\windows\system32 Adware.Borlander
bind_40011.exe C:\Documents and Settings\elif Trojan.DownLoader.12538 Incurable.Moved.
icsetup.exe C:\Documents and Settings\elif Adware.Cdn
03623836.exe C:\Documents and Settings\elif\Local Settings\Temp Adware.Serpo
03705782.exe C:\Documents and Settings\elif\Local Settings\Temp Adware.Serpo
cdn.dll C:\Documents and Settings\elif\Local Settings\Temp\sk79 Adware.Cdn
cdnaux.dll C:\Documents and Settings\elif\Local Settings\Temp\sk79 Adware.Cdn
cdncmd.dll C:\Documents and Settings\elif\Local Settings\Temp\sk79 Adware.Cdn
cdndet.dll C:\Documents and Settings\elif\Local Settings\Temp\sk79 Adware.Cdn
cdnforie.dll C:\Documents and Settings\elif\Local Settings\Temp\sk79 Adware.Cdn
cdnins.dll C:\Documents and Settings\elif\Local Settings\Temp\sk79 Adware.Cdn
cdnns.dll C:\Documents and Settings\elif\Local Settings\Temp\sk79 Adware.Cdn
cdnprh.dll C:\Documents and Settings\elif\Local Settings\Temp\sk79 Adware.Cdn
cdnprot.sys C:\Documents and Settings\elif\Local Settings\Temp\sk79 Adware.Cdn
cdnprot.vxd C:\Documents and Settings\elif\Local Settings\Temp\sk79 Adware.Cdn
cdnspie.dll C:\Documents and Settings\elif\Local Settings\Temp\sk79 Adware.Cdn
cdntdns.dll C:\Documents and Settings\elif\Local Settings\Temp\sk79 Adware.Cdn
cdntran.sys C:\Documents and Settings\elif\Local Settings\Temp\sk79 Adware.Cdn
cdntran.vxd C:\Documents and Settings\elif\Local Settings\Temp\sk79 Adware.Cdn
cdnuc.exe C:\Documents and Settings\elif\Local Settings\Temp\sk79 Adware.Cdn
cdnunins.exe C:\Documents and Settings\elif\Local Settings\Temp\sk79 Adware.Cdn
cdnup.exe C:\Documents and Settings\elif\Local Settings\Temp\sk79 Adware.Cdn
client.dll C:\Documents and Settings\elif\Local Settings\Temp\sk79 Adware.Cdn
idnconv.dll C:\Documents and Settings\elif\Local Settings\Temp\sk79 Adware.Cdn
iesrch.dll C:\Documents and Settings\elif\Local Settings\Temp\sk79 Adware.Cdn
imaoe.dll C:\Documents and Settings\elif\Local Settings\Temp\sk79 Adware.Cdn
sk79.exe C:\Documents and Settings\elif\Local Settings\Temp\sk79 Adware.Cdn
wmhlpr.dll C:\Documents and Settings\elif\Local Settings\Temp\sk79 Adware.Cdn
Process.exe C:\Documents and Settings\elif\My Documents\Unzipped\SmitfraudFix\SmitfraudFix Tool.Prockill
restart.exe C:\Documents and Settings\elif\My Documents\Unzipped\SmitfraudFix\SmitfraudFix Tool.ShutDown.11
PhotoShop 8.0 Tr.exe C:\My Downloads\photoshop cdsi\Türkçe Yama Tool.ASEye.2
cdnaux.dll C:\Program Files\CNNIC\Cdn Adware.Cdn
cdncmd.dll C:\Program Files\CNNIC\Cdn Adware.Cdn
cdnforie.dll C:\Program Files\CNNIC\Cdn Adware.Cdn
cdntdns.dll C:\Program Files\CNNIC\Cdn Adware.Cdn
cdnunins.exe C:\Program Files\CNNIC\Cdn Adware.Cdn
cdnup.exe C:\Program Files\CNNIC\Cdn Adware.Cdn
idnconv.dll C:\Program Files\CNNIC\Cdn Adware.Cdn
iesrch.dll C:\Program Files\CNNIC\Cdn Adware.Cdn
imaoe.dll C:\Program Files\CNNIC\Cdn Adware.Cdn
wmhlpr.dll C:\Program Files\CNNIC\Cdn Adware.Cdn
cdnunins.exe C:\Program Files\CNNIC\Cdn\Update Adware.Cdn
iexp1ore.exe C:\Program Files\Internet Explorer Probably DLOADER.Trojan
Patch2.exe C:\Program Files\Quark\QuarkXPress 6.0 Tool.ASEye.2
Quark.exe C:\Program Files\Quark\QuarkXPress 6.0 Tool.ASEye.2
Quark1.exe C:\Program Files\Quark\QuarkXPress 6.0 Tool.ASEye.2
A0237053.sys C:\System Volume Information\_restore{12053741-19F0-4347-BCE0-4B42C68DA7C7}\RP379 Adware.Cdn
A0237056.dll C:\System Volume Information\_restore{12053741-19F0-4347-BCE0-4B42C68DA7C7}\RP379 Adware.Cdn
A0237059.sys C:\System Volume Information\_restore{12053741-19F0-4347-BCE0-4B42C68DA7C7}\RP379 Adware.Cdn
A0237060.sys C:\System Volume Information\_restore{12053741-19F0-4347-BCE0-4B42C68DA7C7}\RP379 Adware.Cdn
A0237061.dll C:\System Volume Information\_restore{12053741-19F0-4347-BCE0-4B42C68DA7C7}\RP379 Adware.Cdn
A0237062.exe C:\System Volume Information\_restore{12053741-19F0-4347-BCE0-4B42C68DA7C7}\RP379 Adware.Cdn
A0238061.SYS C:\System Volume Information\_restore{12053741-19F0-4347-BCE0-4B42C68DA7C7}\RP381 Adware.Borlander
A0238062.exe C:\System Volume Information\_restore{12053741-19F0-4347-BCE0-4B42C68DA7C7}\RP381 Adware.Borlander
A0239286.exe C:\System Volume Information\_restore{12053741-19F0-4347-BCE0-4B42C68DA7C7}\RP384 Adware.Borlander
A0239287.SYS C:\System Volume Information\_restore{12053741-19F0-4347-BCE0-4B42C68DA7C7}\RP384 Adware.Borlander
A0239314.exe C:\System Volume Information\_restore{12053741-19F0-4347-BCE0-4B42C68DA7C7}\RP384 Probably DLOADER.Trojan
A0239316.exe C:\System Volume Information\_restore{12053741-19F0-4347-BCE0-4B42C68DA7C7}\RP384 Probably DLOADER.Trojan
A0239326.exe C:\System Volume Information\_restore{12053741-19F0-4347-BCE0-4B42C68DA7C7}\RP384 Adware.Borlander
A0239362.dll C:\System Volume Information\_restore{12053741-19F0-4347-BCE0-4B42C68DA7C7}\RP384 Trojan.MulDrop.1871 Deleted.
A0239364.exe C:\System Volume Information\_restore{12053741-19F0-4347-BCE0-4B42C68DA7C7}\RP384 Adware.MegaSearch
A0239365.dll C:\System Volume Information\_restore{12053741-19F0-4347-BCE0-4B42C68DA7C7}\RP384 Adware.Rebates
A0239367.exe C:\System Volume Information\_restore{12053741-19F0-4347-BCE0-4B42C68DA7C7}\RP384 Trojan.MulDrop.1117 Deleted.
A0239368.exe C:\System Volume Information\_restore{12053741-19F0-4347-BCE0-4B42C68DA7C7}\RP384 Adware.Rebates
A0239376.SYS C:\System Volume Information\_restore{12053741-19F0-4347-BCE0-4B42C68DA7C7}\RP385 Adware.Borlander
A0239377.DLL C:\System Volume Information\_restore{12053741-19F0-4347-BCE0-4B42C68DA7C7}\RP385 Adware.Borlander
A0239378.exe C:\System Volume Information\_restore{12053741-19F0-4347-BCE0-4B42C68DA7C7}\RP385 Probably DLOADER.Trojan
A0239380.DLL C:\System Volume Information\_restore{12053741-19F0-4347-BCE0-4B42C68DA7C7}\RP385 Adware.MyWay
A0239381.DLL C:\System Volume Information\_restore{12053741-19F0-4347-BCE0-4B42C68DA7C7}\RP385 Adware.Funweb
A0239383.dll C:\System Volume Information\_restore{12053741-19F0-4347-BCE0-4B42C68DA7C7}\RP385 Adware.GoWebSite
A0239385.sys C:\System Volume Information\_restore{12053741-19F0-4347-BCE0-4B42C68DA7C7}\RP385 Adware.Cdn
A0239386.exe C:\System Volume Information\_restore{12053741-19F0-4347-BCE0-4B42C68DA7C7}\RP385 Adware.Borlander
A0239405.sys C:\System Volume Information\_restore{12053741-19F0-4347-BCE0-4B42C68DA7C7}\RP388 Adware.Cdn
A0239488.sys C:\System Volume Information\_restore{12053741-19F0-4347-BCE0-4B42C68DA7C7}\RP396 Adware.Cdn
A0239489.sys C:\System Volume Information\_restore{12053741-19F0-4347-BCE0-4B42C68DA7C7}\RP396 Adware.Cdn
A0239490.sys C:\System Volume Information\_restore{12053741-19F0-4347-BCE0-4B42C68DA7C7}\RP396 Adware.Cdn
A0239527.sys C:\System Volume Information\_restore{12053741-19F0-4347-BCE0-4B42C68DA7C7}\RP396 Trojan.StartPage.1647 Deleted.
A0239528.exe C:\System Volume Information\_restore{12053741-19F0-4347-BCE0-4B42C68DA7C7}\RP396 Trojan.DownLoader.12538 Incurable.Moved.
bittorrent.exe C:\WINDOWS Worm.Peerav Incurable.Moved.
iexplorr11.dll C:\WINDOWS Adware.GoWebSite
megasear.dll C:\WINDOWS\Downloaded Program Files Adware.MegaSearch
mvlvxaxe.dll C:\WINDOWS\Downloaded Program Files Adware.Cdn
bxgyrw72.dll C:\WINDOWS\system32 Adware.QQHelp
cdn.dll C:\WINDOWS\system32 Adware.Cdn
cdnns.dll C:\WINDOWS\system32 Adware.Cdn
irrzzy17.dll C:\WINDOWS\system32 Adware.QQHelp
jetspeed.dll C:\WINDOWS\system32 Trojan.DownLoader.14402 Will be cured after reboot.
oaamsn90.dll C:\WINDOWS\system32 Adware.QQHelp
Process.exe C:\WINDOWS\system32 Tool.Prockill
scqnth38.dll C:\WINDOWS\system32 Adware.QQHelp
stdplay.dll C:\WINDOWS\system32 Adware.Borlander
stdstub.dll C:\WINDOWS\system32 Adware.Borlander
stdupnet.dll C:\WINDOWS\system32 Adware.Borlander
stdvote.dll C:\WINDOWS\system32 Adware.Borlander
bjbcibea.sys C:\WINDOWS\system32\drivers Adware.Cdn
ciiecgda.sys C:\WINDOWS\system32\drivers Adware.Cdn
igjhjcee.sys C:\WINDOWS\system32\drivers Adware.Cdn
rbbact59.dll C:\WINDOWS\system32\wbem Adware.QQHelp
xrjrzn67.dll C:\WINDOWS\system32\wbem Adware.QQHelp
insshell.exe\data001 C:\WINDOWS\Temp\insshell\insshell.exe Adware.Borlander
insshell.exe\data002 C:\WINDOWS\Temp\insshell\insshell.exe Adware.Borlander
insshell.exe\data003 C:\WINDOWS\Temp\insshell\insshell.exe Adware.Borlander
insshell.exe\data004 C:\WINDOWS\Temp\insshell\insshell.exe Adware.Borlander
insshell.exe\data005 C:\WINDOWS\Temp\insshell\insshell.exe Adware.Borlander
insshell.exe C:\WINDOWS\Temp\insshell Archive contains infected objects Moved.
psshutdown.exe D:\murath cdler\CD7\Autopatcher\AutoPatcher XP Tool.Reboot


Logfile of HijackThis v1.99.1
Scan saved at 01:18:48, on 11/03/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\CNNIC\Cdn\cdnup.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spyware Doctor\spydoctor.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\FSScrCtl.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Program Files\Internet Explorer\iexp1ore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\tr-tr\msnappau.exe
C:\Program Files\Microsoft Office\Office10\EXCEL.EXE
C:\WINDOWS\system32\ntvdm.exe
C:\Documents and Settings\elif\My Documents\Unzipped\hijackthis\HijackThis.exe

R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - E:\Program Files\ICQToolbar\toolbaru.dll (file missing)
F3 - REG:win.ini: load=C:\WINDOWS\system\tpkIM32.exe
O2 - BHO: CdnForIE Class - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll
O2 - BHO: NewWeb Controller - {9ACEEE31-1440-471B-AA46-72B061FE7D61} - C:\WINDOWS\system32\SCIntruder.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\tr-tr\msntb.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - E:\Program Files\ICQToolbar\toolbaru.dll (file missing)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\tr-tr\msntb.dll
O4 - HKLM\..\Run: [SpySpotter] C:\Program Files\SpySpotter\SpySpotter.exe -onreboot
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [AutoTBar] NDOWS\system32\WBEM;C:\Program Files\ATI Technologies\ATI Control PanelAUTOTBAR.EXE
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CdnCtr] C:\Program Files\CNNIC\Cdn\cdnup.exe
O4 - HKLM\..\RunServices: [Media Player] wmplayer.exe
O4 - HKLM\..\RunServices: [Windows Messenger] msmsgs.exe
O4 - HKCU\..\Run: [BackupNotify] C:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\spydoctor.exe" /Q
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [SalaatTime] C:\Program Files\Salaat Time\SalaatTime.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: Screen Saver Control.lnk = C:\WINDOWS\FSScrCtl.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &ICQ Toolbar Search - res://E:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZN
O8 - Extra context menu item: >>²ÊÐÅ·¢ËÍ<< - res://C:\PROGRA~1\MMSASS~1\mmsass~1.dll/mms.htm
O8 - Extra context menu item: Access Internet Keyword - C:\Program Files\CNNIC\Cdn\cnnic.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Grip.com - file://C:\Program Files\GRIPCZ26\Cache\SelectedContextSearch.htm
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Write a Review... - http://client.alexa.com/holiday/script/actions/review.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.1\bin\npjpi141.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.1\bin\npjpi141.dll
O9 - Extra button: Chinese Navigation - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll
O9 - Extra 'Tools' menuitem: Chinese Navigation - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll
O9 - Extra button: (no name) - {6671A433-5C3D-463d-A7CF-5587F9B7E191} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: ²ÊE¾«ÁéÉèÖà - {6671A433-5C3D-463d-A7CF-5587F9B7E191} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - E:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - E:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\cdnns.dll
O11 - Options group: [CDNCLIENT] Chinese Navigation
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O18 - Protocol: ezstor - {6344A3A0-96A7-11D4-88CC-000000000000} - C:\WINDOWS\system32\viewers\ezspp.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: x-mem1 - {C3719F83-7EF8-4BA0-89B0-3360C7AFB7CC} - C:\Program Files\Common Files\EzTools\wowctl2.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe (file missing)
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Internet Protect Service (NHLscA) - Unknown owner - C:\WINDOWS\SYSTEM32\RUNDLL.EXE (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

thanks

Nothing seems to be removing the worms on the computer.
Lets try one more antivirus scan and then we'll take another approach.

Run TrendMicro™ HouseCall Java Scan

• Please go HERE to run the Trend Micro™ HouseCall Scan.
• Click Scan now. It's free!
• Read the terms and put a Check next to Yes I accept the terms of use.
• Click the Launching HouseCall>> button.
• If confirmed that HouseCall can run on your system, under Using Java-based HouseCall kernel click the Starting HouseCall>> button.
• You may receive a Security Warning about the TrendMicro Java applet, click YES.
• Under Scan complete computer for malware, grayware, and vulnerabilities click the Next>> button.
• Please be patient while it installs, updates, and scans your system.
• Once the scan is complete, it will take you to the summary page.
• Under Cleanup options, choose clean all detected infections automatically.
• Click the Clean now>> button.
• If anything was found you may be prompted to run the scan again, you can just close the browser window.
• Reboot the PC

This scan can be run with firefox so keep that in mind.
Post a new hijackthis log.