My Hijackthis Log .. Please Help


Recommended Posts

brief description of IE problem :

I get a lot of "page not display" problems. It says to click on "detect netowrk setting" but it does absolutely nothing.

Here's one site i go to that gives me problems. After trying to download from it's page it cancel and in the address window it has "http://smiley.smileycentral.com/download/verisign_cancelled.jhtml". Why is verisign cancelling or block a page that is marked as "trusted" ?

also, upon shutting down, the last thing to end is "shellconhiddenwindow". What is that ? I can't even locate with a search command. Please help.

this is what i got when i ran hijackthis.exe :

Logfile of HijackThis v1.99.1

Scan saved at 3:20:57 PM, on 3/11/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe

C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe

C:\Program Files\Real\RealPlayer\RealPlay.exe

C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe

C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Kazaa Lite Revolution\kazaalite.kpp

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\VVSN\VVSN.exe

C:\Program Files\webHancer\Programs\whAgent.exe

C:\WINDOWS\wdskctl.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\MSN Messenger\MsnMsgr.Exe

C:\Program Files\HPQ\SHARED\HPQWMI.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\PROGRA~1\SOFTWA~1\soproc.exe

C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe

C:\Program Files\Musicmatch\Musicmatch Jukebox\MMDiag.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\Shawn Ryan\Local Settings\Temporary Internet Files\Content.IE5\QM75UKZF\HijackThis[1].exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...ilion&pf=laptop

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.supremetoolbar.com

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet7_22.dll

O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL

O2 - BHO: Supreme Toolbar - {4E7BD74F-2B8D-469E-D7F3-FA7EA480A97D} - C:\WINDOWS\DOWNLO~1\supreme.dll

O2 - BHO: RXResultTracker Class - {59879FA4-4790-461c-A1CC-4EC4DE4CA483} - (no file)

O2 - BHO: WhIeHelperObj Class - {c900b400-cdfe-11d3-976a-00e02913a9e0} - C:\Program Files\webHancer\programs\whiehlpr.dll

O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL

O3 - Toolbar: Supreme Toolbar - {4E7BD74F-2B8D-469E-D7F3-FA7EA480A97D} - C:\WINDOWS\DOWNLO~1\supreme.dll

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe

O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start

O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe

O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe

O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"

O4 - HKLM\..\Run: [semanticInsight] C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe

O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s

O4 - HKLM\..\Run: [winsync] C:\WINDOWS\system32\wyyirr.exe reg_run

O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe

O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"

O4 - HKLM\..\Run: [KAZAA] "C:\Program Files\Kazaa Lite Revolution\kpp.exe" "C:\Program Files\Kazaa Lite Revolution\kazaalite.kpp" /SYSTRAY

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [VVSN] C:\Program Files\VVSN\VVSN.exe

O4 - HKLM\..\Run: [webHancer Agent] "C:\Program Files\webHancer\Programs\whAgent.exe"

O4 - HKLM\..\Run: [wdskctl] C:\WINDOWS\wdskctl.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [sOProc_SoRefRegSoAlertWxLiteNnAj] rundll32 shell32.dll,ShellExec_RunDLL C:\PROGRA~1\SOFTWA~1\soproc.exe -pack SoRefRegSoAlertWxLiteNnAj

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Hijacked Internet access by New.Net

O10 - Hijacked Internet access by WebHancer

O10 - Hijacked Internet access by WebHancer

O10 - Hijacked Internet access by WebHancer

O10 - Hijacked Internet access by WebHancer

O10 - Hijacked Internet access by New.Net

O10 - Hijacked Internet access by New.Net

O10 - Hijacked Internet access by New.Net

O10 - Hijacked Internet access by New.Net

O10 - Hijacked Internet access by WebHancer

O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=laptop

O15 - Trusted Zone: http://ak.imgfarm.com

O15 - Trusted Zone: http://gallery.myfuncards.com

O15 - Trusted Zone: http://www.rselby.net

O15 - Trusted Zone: http://help.smileycentral.com

O15 - Trusted Zone: http://smiley.smileycentral.com

O15 - Trusted Zone: http://www.smiley.smileycentral.com

O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab

O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} (Hewlett-Packard Online Support Services) - http://h50203.www5.hp.com/HPISWeb/Customer...DataManager.CAB

O16 - DPF: {15589FA1-C456-11CE-BF01-00AA0055595A} - http://ax.web-nexus.net/download/ax/279/installer.exe

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab

O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540013} (CInstall Class) - http://adserver.sharewareonline.com/adserver/Install.cab

O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab

O16 - DPF: {4E7BD74F-2B8D-469E-DEFA-EB76B1D5FA7D} - http://ezgreets.aavalue.com/EZG/Toolbar/ezg-toolbar.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1139440267890

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} (MediaGatewayX) - http://static.zangocash.com/cab/Zango/ie/bridge-c356.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file)

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

Link to post
Share on other sites

Hi illmatic rob! Welcome to Besttechie! I will be assiting you in cleaning p your computer! :)

Please print out these directions and all directions I give you for use if/when you cannot access this page.

One thing I need you to do first is to place HiJackThis into a permanent folder. The reason for this is so that when HJT makes backups, they will be stored in a safe place.

*Go to Start > My Computer > and double click on C:.

* Now right click an open area and click New > folder and change the folder name to HJT.

* Extract HijackThis from the zipped file into this new folder.

First, Download LSPFix.exe to a convenient location. Do NOT run this program. This is only to be used if you lose Internet Access after removing NewDotNet.

To Get rid of NewDotNet, go to:

Start > Control Panel > Add or Remove Programs and remove the following:

New.Net Applications or New.Net Domains (anything that says New.Net)

If it is not there, go here and follow Procedure 4: NewDotNet Removal Procedure 4.

In the event that you lose Internet access after removing New.Net, please double-click LSPFix.exe that you downloaded earlier. You will see 2 panels. If there is any file listed in the "Remove" panel on the right-side, leave it as is and just click "Finish>>" then reboot your computer and you should now have access to the Internet. If nothing is listed under the "Remove Panel", do NOT do anything - just close the program. You will need to use another computer to come back here for further instructions on what to do.

Once New.Net has been removed, post a new HJT log, and we will continue with the fix! :thumbsup:

Matt

Link to post
Share on other sites

Thanks Matt,

I followed your steps and download the "LSPFix.exe" in to a folder. I found a new.net domain and removed it and then rebooted. I'm still having trouble with some pages that are blank, page not able to display and some don't finish loading. I'm pretty sure that when I shut down to reboot the "shellconhiddenwindow" was gone but IE is still a problem not loading some website pages.

here is my latest hijackthis log :

Logfile of HijackThis v1.99.1

Scan saved at 11:25:44 PM, on 3/11/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe

C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe

C:\Program Files\Real\RealPlayer\RealPlay.exe

C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe

C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\HPQ\SHARED\HPQWMI.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Kazaa Lite Revolution\kazaalite.kpp

C:\Program Files\VVSN\VVSN.exe

C:\Program Files\webHancer\Programs\whAgent.exe

C:\WINDOWS\wdskctl.exe

C:\PROGRA~1\MUSICM~1\MUSICM~2\MMDiag.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\MSN Messenger\MsnMsgr.Exe

C:\PROGRA~1\SOFTWA~1\soproc.exe

C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe

C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...ilion&pf=laptop

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.supremetoolbar.com

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL

O2 - BHO: Supreme Toolbar - {4E7BD74F-2B8D-469E-D7F3-FA7EA480A97D} - C:\WINDOWS\DOWNLO~1\supreme.dll

O2 - BHO: RXResultTracker Class - {59879FA4-4790-461c-A1CC-4EC4DE4CA483} - (no file)

O2 - BHO: WhIeHelperObj Class - {c900b400-cdfe-11d3-976a-00e02913a9e0} - C:\Program Files\webHancer\programs\whiehlpr.dll

O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL

O3 - Toolbar: Supreme Toolbar - {4E7BD74F-2B8D-469E-D7F3-FA7EA480A97D} - C:\WINDOWS\DOWNLO~1\supreme.dll

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe

O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start

O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe

O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe

O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"

O4 - HKLM\..\Run: [semanticInsight] C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe

O4 - HKLM\..\Run: [winsync] C:\WINDOWS\system32\wyyirr.exe reg_run

O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe

O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"

O4 - HKLM\..\Run: [KAZAA] "C:\Program Files\Kazaa Lite Revolution\kpp.exe" "C:\Program Files\Kazaa Lite Revolution\kazaalite.kpp" /SYSTRAY

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [VVSN] C:\Program Files\VVSN\VVSN.exe

O4 - HKLM\..\Run: [webHancer Agent] "C:\Program Files\webHancer\Programs\whAgent.exe"

O4 - HKLM\..\Run: [wdskctl] C:\WINDOWS\wdskctl.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [sOProc_SoRefRegSoAlertWxLiteNnAj] rundll32 shell32.dll,ShellExec_RunDLL C:\PROGRA~1\SOFTWA~1\soproc.exe -pack SoRefRegSoAlertWxLiteNnAj

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Hijacked Internet access by WebHancer

O10 - Hijacked Internet access by WebHancer

O10 - Hijacked Internet access by WebHancer

O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=laptop

O15 - Trusted Zone: http://ak.imgfarm.com

O15 - Trusted Zone: http://gallery.myfuncards.com

O15 - Trusted Zone: http://www.rselby.net

O15 - Trusted Zone: http://help.smileycentral.com

O15 - Trusted Zone: http://smiley.smileycentral.com

O15 - Trusted Zone: http://www.smiley.smileycentral.com

O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab

O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} (Hewlett-Packard Online Support Services) - http://h50203.www5.hp.com/HPISWeb/Customer...DataManager.CAB

O16 - DPF: {15589FA1-C456-11CE-BF01-00AA0055595A} - http://ax.web-nexus.net/download/ax/279/installer.exe

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab

O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540013} (CInstall Class) - http://adserver.sharewareonline.com/adserver/Install.cab

O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab

O16 - DPF: {4E7BD74F-2B8D-469E-DEFA-EB76B1D5FA7D} - http://ezgreets.aavalue.com/EZG/Toolbar/ezg-toolbar.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1139440267890

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} (MediaGatewayX) - http://static.zangocash.com/cab/Zango/ie/bridge-c356.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file)

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

________________________________________________________________________________

_________________________________________________________________________________

_________________

Hi illmatic rob! Welcome to Besttechie! I will be assiting you in cleaning p your computer! :)

Please print out these directions and all directions I give you for use if/when you cannot access this page.

One thing I need you to do first is to place HiJackThis into a permanent folder. The reason for this is so that when HJT makes backups, they will be stored in a safe place.

*Go to Start > My Computer > and double click on C:.

* Now right click an open area and click New > folder and change the folder name to HJT.

* Extract HijackThis from the zipped file into this new folder.

First, Download LSPFix.exe to a convenient location. Do NOT run this program. This is only to be used if you lose Internet Access after removing NewDotNet.

To Get rid of NewDotNet, go to:

Start > Control Panel > Add or Remove Programs and remove the following:

New.Net Applications or New.Net Domains (anything that says New.Net)

If it is not there, go here and follow Procedure 4: NewDotNet Removal Procedure 4.

In the event that you lose Internet access after removing New.Net, please double-click LSPFix.exe that you downloaded earlier. You will see 2 panels. If there is any file listed in the "Remove" panel on the right-side, leave it as is and just click "Finish>>" then reboot your computer and you should now have access to the Internet. If nothing is listed under the "Remove Panel", do NOT do anything - just close the program. You will need to use another computer to come back here for further instructions on what to do.

Once New.Net has been removed, post a new HJT log, and we will continue with the fix! :thumbsup:

Matt

Link to post
Share on other sites

Welcome back! You've got quite a mess there, but we got rid of the most dangerous part first. To deal with the amount of infections you have, and how serious they are, we're going to run a scan.

Please print out these directionis for use in Safe Mode

Please download ewido anti-malware it is a free version of the program.

  1. Install ewido anti-malware
  2. When installing, under "Additional Options" uncheck..
    • Install background guard
    • Install scan via context menu

[*]Launch ewido, there should be an icon on your desktop, double-click it.

[*]The program will now open to the main screen.

[*]When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.

[*]You will need to update ewido to the latest definition files.

  • On the left hand side of the main screen click update.
  • Then click on Start Update.

[*]The update will start and a progress bar will show the updates being installed.

(the status bar at the bottom will display ("Update successful")

If you are having problems with the updater, you can use this link to manually update ewido.

ewido manual updates

Once the updates are installed do the following:

  • Click on scanner
  • Click on Complete System Scan and the scan will begin.
  • You will be prompted to clean the first infection.
  • Select "Perform action on all infections", then proceed.
  • Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report.
  • Save the report .txt file to your desktop or a location where you can find it easily.

Close ewido anti-malware.

Post back with the Ewido Report and a new HJT log.

Link to post
Share on other sites

ok .. I ran the Ewido anit-malware program as suggested. Here is the report :

---------------------------------------------------------

ewido anti-malware - Scan report

---------------------------------------------------------

+ Created on: 11:03:17 AM, 3/12/2006

+ Report-Checksum: 6ED95B0F

+ Scan result:

HKLM\SOFTWARE\Classes\ADM25.ADM25 -> Adware.Altnet : Cleaned with backup

HKLM\SOFTWARE\Classes\ADM25.ADM25\CurVer -> Adware.Altnet : Cleaned with backup

HKLM\SOFTWARE\Classes\ADM25.ADM25.1 -> Adware.Altnet : Cleaned with backup

HKLM\SOFTWARE\Classes\ADM4.ADM4 -> Adware.Altnet : Cleaned with backup

HKLM\SOFTWARE\Classes\ADM4.ADM4\CurVer -> Adware.Altnet : Cleaned with backup

HKLM\SOFTWARE\Classes\ADM4.ADM4.1 -> Adware.Altnet : Cleaned with backup

HKLM\SOFTWARE\Classes\AppID\adm.EXE -> Adware.Altnet : Cleaned with backup

HKLM\SOFTWARE\Classes\AppID\Altnet Signing Module.EXE -> Adware.Altnet : Cleaned with backup

HKLM\SOFTWARE\Classes\ClientAX.ClientInstaller -> Adware.180Solutions : Error during cleaning

HKLM\SOFTWARE\Classes\ClientAX.ClientInstaller.1 -> Adware.180Solutions : Error during cleaning

HKLM\SOFTWARE\Classes\ClientAX.RequiredComponent -> Adware.Zango : Error during cleaning

HKLM\SOFTWARE\Classes\ClientAX.RequiredComponent.1 -> Adware.Zango : Error during cleaning

HKLM\SOFTWARE\Classes\CLSID\{59879FA4-4790-461c-A1CC-4EC4DE4CA483} -> Adware.RXToolbar : Cleaned with backup

HKLM\SOFTWARE\Classes\TopSearch.TSLink -> Adware.Altnet : Cleaned with backup

HKLM\SOFTWARE\Classes\TopSearch.TSLink\CLSID -> Adware.Altnet : Cleaned with backup

HKLM\SOFTWARE\Classes\TopSearch.TSLink\CurVer -> Adware.Altnet : Cleaned with backup

HKLM\SOFTWARE\Classes\TopSearch.TSLink.1 -> Adware.Altnet : Cleaned with backup

HKLM\SOFTWARE\Classes\WhIeHelperObj.WhIeHelperObj -> Adware.WebHancer : Cleaned with backup

HKLM\SOFTWARE\Classes\WhIeHelperObj.WhIeHelperObj\CurVer -> Adware.WebHancer : Cleaned with backup

HKLM\SOFTWARE\Classes\WhIeHelperObj.WhIeHelperObj.1 -> Adware.WebHancer : Cleaned with backup

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59879FA4-4790-461c-A1CC-4EC4DE4CA483} -> Adware.RXToolbar : Cleaned with backup

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\webHancer Agent -> Adware.WebHancer : Cleaned with backup

HKLM\SOFTWARE\webHancer -> Adware.WebHancer : Cleaned with backup

HKLM\SOFTWARE\webHancer\CC -> Adware.WebHancer : Cleaned with backup

HKLM\SOFTWARE\webHancer\ESO -> Adware.WebHancer : Cleaned with backup

HKU\S-1-5-21-3124652315-718845266-150805356-1006\Software\dsktb -> Adware.IEPlugin : Cleaned with backup

HKU\S-1-5-21-3124652315-718845266-150805356-1006\Software\dsktb\DesktopToolbar -> Adware.IEPlugin : Cleaned with backup

HKU\S-1-5-21-3124652315-718845266-150805356-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2FE29DE6-B70C-498B-80BF-CFEB9540F747} -> Adware.EZ-Greets : Cleaned with backup

HKU\S-1-5-21-3124652315-718845266-150805356-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{56F1D444-11BF-4879-A12B-79CF0177F038} -> Adware.180Solutions : Cleaned with backup

HKU\S-1-5-21-3124652315-718845266-150805356-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{59879FA4-4790-461C-A1CC-4EC4DE4CA483} -> Adware.RXToolbar : Cleaned with backup

HKU\S-1-5-21-3124652315-718845266-150805356-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{78B99003-748F-4167-A5AD-634E4278AF6D} -> Adware.EZ-Greets : Cleaned with backup

HKU\S-1-5-21-3124652315-718845266-150805356-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EA0D26BD-9029-431A-86E0-83152D67828A} -> Adware.180Solutions : Cleaned with backup

C:\Documents and Settings\Evie\Cookies\evie@2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup

C:\Documents and Settings\Evie\Cookies\[email protected][2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup

C:\Documents and Settings\Evie\Cookies\evie@adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned with backup

C:\Documents and Settings\Evie\Cookies\[email protected][1].txt -> TrackingCookie.Specificclick : Cleaned with backup

C:\Documents and Settings\Evie\Cookies\evie@adrevolver[1].txt -> TrackingCookie.Adrevolver : Cleaned with backup

C:\Documents and Settings\Evie\Cookies\[email protected][2].txt -> TrackingCookie.Pointroll : Cleaned with backup

C:\Documents and Settings\Evie\Cookies\evie@advertising[2].txt -> TrackingCookie.Advertising : Cleaned with backup

C:\Documents and Settings\Evie\Cookies\[email protected][1].txt -> TrackingCookie.Falkag : Cleaned with backup

C:\Documents and Settings\Evie\Cookies\evie@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup

C:\Documents and Settings\Evie\Cookies\evie@bestoffersnetworks[2].txt -> TrackingCookie.Bestoffersnetworks : Cleaned with backup

C:\Documents and Settings\Evie\Cookies\evie@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned with backup

C:\Documents and Settings\Evie\Cookies\evie@cliks[2].txt -> TrackingCookie.Cliks : Cleaned with backup

C:\Documents and Settings\Evie\Cookies\evie@com[2].txt -> TrackingCookie.Com : Cleaned with backup

C:\Documents and Settings\Evie\Cookies\evie@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup

C:\Documents and Settings\Evie\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : Cleaned with backup

C:\Documents and Settings\Evie\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : Cleaned with backup

C:\Documents and Settings\Evie\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : Cleaned with backup

C:\Documents and Settings\Evie\Cookies\evie@fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned with backup

C:\Documents and Settings\Evie\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup

C:\Documents and Settings\Evie\Cookies\evie@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup

C:\Documents and Settings\Evie\Cookies\[email protected][2].txt -> TrackingCookie.Tracking101 : Cleaned with backup

C:\Documents and Settings\Evie\Cookies\evie@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned with backup

C:\Documents and Settings\Evie\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup

C:\Documents and Settings\Evie\Cookies\evie@need2find[1].txt -> TrackingCookie.Need2find : Cleaned with backup

C:\Documents and Settings\Evie\Cookies\evie@overture[2].txt -> TrackingCookie.Overture : Cleaned with backup

C:\Documents and Settings\Evie\Cookies\evie@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned with backup

C:\Documents and Settings\Evie\Cookies\[email protected][1].txt -> TrackingCookie.Falkag : Cleaned with backup

C:\Documents and Settings\Evie\Cookies\evie@starware[2].txt -> TrackingCookie.Starware : Cleaned with backup

C:\Documents and Settings\Evie\Cookies\[email protected][1].txt -> TrackingCookie.Webtrendslive : Cleaned with backup

C:\Documents and Settings\Evie\Cookies\evie@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Cleaned with backup

C:\Documents and Settings\Evie\Cookies\evie@trafficmp[1].txt -> TrackingCookie.Trafficmp : Cleaned with backup

C:\Documents and Settings\Evie\Cookies\evie@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned with backup

C:\Documents and Settings\Evie\Cookies\evie@valueclick[1].txt -> TrackingCookie.Valueclick : Cleaned with backup

C:\Documents and Settings\Evie\Cookies\[email protected][2].txt -> TrackingCookie.Burstbeacon : Cleaned with backup

C:\Documents and Settings\Evie\Cookies\[email protected][1].txt -> TrackingCookie.Adserver : Cleaned with backup

C:\Documents and Settings\Evie\Cookies\evie@zedo[2].txt -> TrackingCookie.Zedo : Cleaned with backup

C:\Documents and Settings\Evie\Local Settings\Temp\Del11A.tmp -> Adware.180Solutions : Cleaned with backup

C:\Documents and Settings\Isaac\Cookies\isaac@2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup

C:\Documents and Settings\Isaac\Cookies\isaac@7search[2].txt -> TrackingCookie.7search : Cleaned with backup

C:\Documents and Settings\Isaac\Cookies\[email protected][2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup

C:\Documents and Settings\Isaac\Cookies\[email protected][2].txt -> TrackingCookie.Euroclick : Cleaned with backup

C:\Documents and Settings\Isaac\Cookies\[email protected][2].txt -> TrackingCookie.Specificclick : Cleaned with backup

C:\Documents and Settings\Isaac\Cookies\isaac@adrevolver[3].txt -> TrackingCookie.Adrevolver : Cleaned with backup

C:\Documents and Settings\Isaac\Cookies\[email protected][2].txt -> TrackingCookie.Pointroll : Cleaned with backup

C:\Documents and Settings\Isaac\Cookies\isaac@advertising[2].txt -> TrackingCookie.Advertising : Cleaned with backup

C:\Documents and Settings\Isaac\Cookies\[email protected][2].txt -> TrackingCookie.Falkag : Cleaned with backup

C:\Documents and Settings\Isaac\Cookies\[email protected][2].txt -> TrackingCookie.Falkag : Cleaned with backup

C:\Documents and Settings\Isaac\Cookies\isaac@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup

C:\Documents and Settings\Isaac\Cookies\isaac@bestoffersnetworks[1].txt -> TrackingCookie.Bestoffersnetworks : Cleaned with backup

C:\Documents and Settings\Isaac\Cookies\isaac@bluestreak[2].txt -> TrackingCookie.Bluestreak : Cleaned with backup

C:\Documents and Settings\Isaac\Cookies\isaac@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned with backup

C:\Documents and Settings\Isaac\Cookies\isaac@cliks[1].txt -> TrackingCookie.Cliks : Cleaned with backup

C:\Documents and Settings\Isaac\Cookies\isaac@com[2].txt -> TrackingCookie.Com : Cleaned with backup

C:\Documents and Settings\Isaac\Cookies\[email protected][1].txt -> TrackingCookie.Sextracker : Cleaned with backup

C:\Documents and Settings\Isaac\Cookies\isaac@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Cleaned with backup

C:\Documents and Settings\Isaac\Cookies\isaac@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup

C:\Documents and Settings\Isaac\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup

C:\Documents and Settings\Isaac\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup

C:\Documents and Settings\Isaac\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup

C:\Documents and Settings\Isaac\Cookies\[email protected][2].txt -> TrackingCookie.Ru4 : Cleaned with backup

C:\Documents and Settings\Isaac\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : Cleaned with backup

C:\Documents and Settings\Isaac\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : Cleaned with backup

C:\Documents and Settings\Isaac\Cookies\[email protected][2].txt -> TrackingCookie.Aavalue : Cleaned with backup

C:\Documents and Settings\Isaac\Cookies\[email protected][2].txt -> TrackingCookie.Aavalue : Cleaned with backup

C:\Documents and Settings\Isaac\Cookies\isaac@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned with backup

C:\Documents and Settings\Isaac\Cookies\[email protected][1].txt -> TrackingCookie.Starware : Cleaned with backup

C:\Documents and Settings\Isaac\Cookies\[email protected][2].txt -> TrackingCookie.Tracking101 : Cleaned with backup

C:\Documents and Settings\Isaac\Cookies\isaac@need2find[1].txt -> TrackingCookie.Need2find : Cleaned with backup

C:\Documents and Settings\Isaac\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup

C:\Documents and Settings\Isaac\Cookies\[email protected][1].txt -> TrackingCookie.Overture : Cleaned with backup

C:\Documents and Settings\Isaac\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : Cleaned with backup

C:\Documents and Settings\Isaac\Cookies\[email protected][2].txt -> TrackingCookie.Liveperson : Cleaned with backup

C:\Documents and Settings\Isaac\Cookies\isaac@sextracker[2].txt -> TrackingCookie.Sextracker : Cleaned with backup

C:\Documents and Settings\Isaac\Cookies\isaac@starware[2].txt -> TrackingCookie.Starware : Cleaned with backup

C:\Documents and Settings\Isaac\Cookies\isaac@statcounter[1].txt -> TrackingCookie.Statcounter : Cleaned with backup

C:\Documents and Settings\Isaac\Cookies\[email protected][2].txt -> TrackingCookie.Webtrendslive : Cleaned with backup

C:\Documents and Settings\Isaac\Cookies\isaac@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup

C:\Documents and Settings\Isaac\Cookies\isaac@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Cleaned with backup

C:\Documents and Settings\Isaac\Cookies\isaac@trafficmp[2].txt -> TrackingCookie.Trafficmp : Cleaned with backup

C:\Documents and Settings\Isaac\Cookies\[email protected][1].txt -> TrackingCookie.Starware : Cleaned with backup

C:\Documents and Settings\Isaac\Cookies\isaac@yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup

C:\Documents and Settings\Isaac\Cookies\[email protected][1].txt -> TrackingCookie.Adserver : Cleaned with backup

:mozilla.9:C:\Documents and Settings\Nina\Application Data\Netscape\NSB\Profiles\73pgmxm1.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup

:mozilla.10:C:\Documents and Settings\Nina\Application Data\Netscape\NSB\Profiles\73pgmxm1.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup

:mozilla.11:C:\Documents and Settings\Nina\Application Data\Netscape\NSB\Profiles\73pgmxm1.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup

C:\Documents and Settings\Nina\Cookies\nina@2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup

C:\Documents and Settings\Nina\Cookies\[email protected][2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup

C:\Documents and Settings\Nina\Cookies\nina@adrevolver[3].txt -> TrackingCookie.Adrevolver : Cleaned with backup

C:\Documents and Settings\Nina\Cookies\[email protected][2].txt -> TrackingCookie.Addynamix : Cleaned with backup

C:\Documents and Settings\Nina\Cookies\nina@advertising[2].txt -> TrackingCookie.Advertising : Cleaned with backup

C:\Documents and Settings\Nina\Cookies\[email protected][1].txt -> TrackingCookie.Falkag : Cleaned with backup

C:\Documents and Settings\Nina\Cookies\nina@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup

C:\Documents and Settings\Nina\Cookies\[email protected][1].txt -> TrackingCookie.Zedo : Cleaned with backup

C:\Documents and Settings\Nina\Cookies\nina@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned with backup

C:\Documents and Settings\Nina\Cookies\nina@com[2].txt -> TrackingCookie.Com : Cleaned with backup

C:\Documents and Settings\Nina\Cookies\nina@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup

C:\Documents and Settings\Nina\Cookies\[email protected][1].txt -> TrackingCookie.Hitbox : Cleaned with backup

C:\Documents and Settings\Nina\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : Cleaned with backup

C:\Documents and Settings\Nina\Cookies\[email protected][1].txt -> TrackingCookie.Aavalue : Cleaned with backup

C:\Documents and Settings\Nina\Cookies\[email protected][2].txt -> TrackingCookie.Aavalue : Cleaned with backup

C:\Documents and Settings\Nina\Cookies\nina@fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned with backup

C:\Documents and Settings\Nina\Cookies\nina@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup

C:\Documents and Settings\Nina\Cookies\[email protected][2].txt -> TrackingCookie.Tracking101 : Cleaned with backup

C:\Documents and Settings\Nina\Cookies\nina@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned with backup

C:\Documents and Settings\Nina\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup

C:\Documents and Settings\Nina\Cookies\nina@overture[1].txt -> TrackingCookie.Overture : Cleaned with backup

C:\Documents and Settings\Nina\Cookies\nina@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned with backup

C:\Documents and Settings\Nina\Cookies\[email protected][1].txt -> TrackingCookie.Falkag : Cleaned with backup

C:\Documents and Settings\Nina\Cookies\nina@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup

C:\Documents and Settings\Nina\Cookies\nina@targetnet[2].txt -> TrackingCookie.Targetnet : Cleaned with backup

C:\Documents and Settings\Nina\Cookies\nina@trafficmp[1].txt -> TrackingCookie.Trafficmp : Cleaned with backup

C:\Documents and Settings\Nina\Cookies\nina@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned with backup

C:\Documents and Settings\Nina\Cookies\nina@yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup

C:\Documents and Settings\Nina\Cookies\[email protected][1].txt -> TrackingCookie.Adserver : Cleaned with backup

C:\Documents and Settings\Nina\Cookies\nina@zedo[2].txt -> TrackingCookie.Zedo : Cleaned with backup

:mozilla.19:C:\Documents and Settings\Shawn Ryan\Application Data\Netscape\NSB\Profiles\gk49q6j6\cookies.txt -> TrackingCookie.Overture : Cleaned with backup

:mozilla.20:C:\Documents and Settings\Shawn Ryan\Application Data\Netscape\NSB\Profiles\gk49q6j6\cookies.txt -> TrackingCookie.Overture : Cleaned with backup

:mozilla.30:C:\Documents and Settings\Shawn Ryan\Application Data\Netscape\NSB\Profiles\gk49q6j6\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup

:mozilla.31:C:\Documents and Settings\Shawn Ryan\Application Data\Netscape\NSB\Profiles\gk49q6j6\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup

:mozilla.32:C:\Documents and Settings\Shawn Ryan\Application Data\Netscape\NSB\Profiles\gk49q6j6\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup

:mozilla.33:C:\Documents and Settings\Shawn Ryan\Application Data\Netscape\NSB\Profiles\gk49q6j6\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup

:mozilla.36:C:\Documents and Settings\Shawn Ryan\Application Data\Netscape\NSB\Profiles\gk49q6j6\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup

C:\Documents and Settings\Shawn Ryan\Application Data\Netscape\NSB\Profiles\mgu26d6s.default\Cache\C8D542DDd01 -> Adware.180Solutions : Cleaned with backup

:mozilla.9:C:\Documents and Settings\Shawn Ryan\Application Data\Netscape\NSB\Profiles\mgu26d6s.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup

:mozilla.10:C:\Documents and Settings\Shawn Ryan\Application Data\Netscape\NSB\Profiles\mgu26d6s.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup

:mozilla.11:C:\Documents and Settings\Shawn Ryan\Application Data\Netscape\NSB\Profiles\mgu26d6s.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup

:mozilla.12:C:\Documents and Settings\Shawn Ryan\Application Data\Netscape\NSB\Profiles\mgu26d6s.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup

:mozilla.13:C:\Documents and Settings\Shawn Ryan\Application Data\Netscape\NSB\Profiles\mgu26d6s.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup

:mozilla.14:C:\Documents and Settings\Shawn Ryan\Application Data\Netscape\NSB\Profiles\mgu26d6s.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup

:mozilla.15:C:\Documents and Settings\Shawn Ryan\Application Data\Netscape\NSB\Profiles\mgu26d6s.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup

:mozilla.17:C:\Documents and Settings\Shawn Ryan\Application Data\Netscape\NSB\Profiles\mgu26d6s.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup

:mozilla.65:C:\Documents and Settings\Shawn Ryan\Application Data\Netscape\NSB\Profiles\mgu26d6s.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup

:mozilla.69:C:\Documents and Settings\Shawn Ryan\Application Data\Netscape\NSB\Profiles\mgu26d6s.default\cookies.txt -> TrackingCookie.Weborama : Cleaned with backup

:mozilla.70:C:\Documents and Settings\Shawn Ryan\Application Data\Netscape\NSB\Profiles\mgu26d6s.default\cookies.txt -> TrackingCookie.Weborama : Cleaned with backup

:mozilla.85:C:\Documents and Settings\Shawn Ryan\Application Data\Netscape\NSB\Profiles\mgu26d6s.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup

:mozilla.105:C:\Documents and Settings\Shawn Ryan\Application Data\Netscape\NSB\Profiles\mgu26d6s.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup

:mozilla.111:C:\Documents and Settings\Shawn Ryan\Application Data\Netscape\NSB\Profiles\mgu26d6s.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup

:mozilla.112:C:\Documents and Settings\Shawn Ryan\Application Data\Netscape\NSB\Profiles\mgu26d6s.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup

:mozilla.113:C:\Documents and Settings\Shawn Ryan\Application Data\Netscape\NSB\Profiles\mgu26d6s.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup

:mozilla.114:C:\Documents and Settings\Shawn Ryan\Application Data\Netscape\NSB\Profiles\mgu26d6s.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup

:mozilla.119:C:\Documents and Settings\Shawn Ryan\Application Data\Netscape\NSB\Profiles\mgu26d6s.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup

:mozilla.122:C:\Documents and Settings\Shawn Ryan\Application Data\Netscape\NSB\Profiles\mgu26d6s.default\cookies.txt -> TrackingCookie.Clickhype : Cleaned with backup

:mozilla.128:C:\Documents and Settings\Shawn Ryan\Application Data\Netscape\NSB\Profiles\mgu26d6s.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup

:mozilla.130:C:\Documents and Settings\Shawn Ryan\Application Data\Netscape\NSB\Profiles\mgu26d6s.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup

:mozilla.135:C:\Documents and Settings\Shawn Ryan\Application Data\Netscape\NSB\Profiles\mgu26d6s.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup

:mozilla.138:C:\Documents and Settings\Shawn Ryan\Application Data\Netscape\NSB\Profiles\mgu26d6s.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup

:mozilla.139:C:\Documents and Settings\Shawn Ryan\Application Data\Netscape\NSB\Profiles\mgu26d6s.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup

:mozilla.140:C:\Documents and Settings\Shawn Ryan\Application Data\Netscape\NSB\Profiles\mgu26d6s.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup

:mozilla.141:C:\Documents and Settings\Shawn Ryan\Application Data\Netscape\NSB\Profiles\mgu26d6s.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup

C:\Documents and Settings\Shawn Ryan\Cookies\shawn ryan@2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup

C:\Documents and Settings\Shawn Ryan\Cookies\shawn [email protected][1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup

C:\Documents and Settings\Shawn Ryan\Cookies\shawn [email protected][1].txt -> TrackingCookie.Clickhype : Cleaned with backup

C:\Documents and Settings\Shawn Ryan\Cookies\shawn [email protected][1].txt -> TrackingCookie.Realcastmedia : Cleaned with backup

C:\Documents and Settings\Shawn Ryan\Cookies\shawn ryan@bestoffersnetworks[2].txt -> TrackingCookie.Bestoffersnetworks : Cleaned with backup

C:\Documents and Settings\Shawn Ryan\Cookies\shawn ryan@clickbank[1].txt -> TrackingCookie.Clickbank : Cleaned with backup

C:\Documents and Settings\Shawn Ryan\Cookies\shawn ryan@cliks[2].txt -> TrackingCookie.Cliks : Cleaned with backup

C:\Documents and Settings\Shawn Ryan\Cookies\shawn ryan@com[1].txt -> TrackingCookie.Com : Cleaned with backup

C:\Documents and Settings\Shawn Ryan\Cookies\shawn ryan@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Cleaned with backup

C:\Documents and Settings\Shawn Ryan\Cookies\shawn ryan@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup

C:\Documents and Settings\Shawn Ryan\Cookies\shawn [email protected][1].txt -> TrackingCookie.Hitbox : Cleaned with backup

C:\Documents and Settings\Shawn Ryan\Cookies\shawn [email protected][2].txt -> TrackingCookie.Aavalue : Cleaned with backup

C:\Documents and Settings\Shawn Ryan\Cookies\shawn [email protected][1].txt -> TrackingCookie.Aavalue : Cleaned with backup

C:\Documents and Settings\Shawn Ryan\Cookies\shawn [email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup

C:\Documents and Settings\Shawn Ryan\Cookies\shawn ryan@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup

C:\Documents and Settings\Shawn Ryan\Cookies\shawn [email protected][1].txt -> TrackingCookie.Directnetadvertising : Cleaned with backup

C:\Documents and Settings\Shawn Ryan\Cookies\shawn ryan@yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup

C:\Documents and Settings\Shawn Ryan\Desktop\ZangoMessenger.exe -> Adware.180Solutions : Cleaned with backup

C:\Documents and Settings\Shawn Ryan\Local Settings\Temp\asmfiles.cab/asm.exe -> Adware.Altnet : Cleaned with backup

C:\Documents and Settings\Shawn Ryan\Local Settings\Temp\asmfiles.cab/asmps.dll -> Adware.Altnet : Cleaned with backup

C:\Documents and Settings\Shawn Ryan\Local Settings\Temp\Cookies\shawn [email protected][2].txt -> TrackingCookie.Aavalue : Cleaned with backup

C:\Documents and Settings\Shawn Ryan\Local Settings\Temp\Cookies\shawn [email protected][2].txt -> TrackingCookie.Aavalue : Cleaned with backup

C:\Documents and Settings\Shawn Ryan\Local Settings\Temp\f2408203.exe -> Downloader.Qoologic.at : Cleaned with backup

C:\Documents and Settings\Shawn Ryan\Local Settings\Temp\ICD2.tmp\ezg-package.exe -> Adware.Sidesearch : Cleaned with backup

C:\Documents and Settings\Shawn Ryan\Local Settings\Temp\MGW_SH.exe -> Adware.WinAD : Cleaned with backup

C:\Documents and Settings\Shawn Ryan\Local Settings\Temp\SHNT288.exe -> Adware.NewDotNet : Cleaned with backup

C:\Documents and Settings\Shawn Ryan\Local Settings\Temp\tm26042.exe -> Downloader.Qoologic.ax : Cleaned with backup

C:\Documents and Settings\Shawn Ryan\Local Settings\Temp\tm3662.exe -> Downloader.Qoologic.ax : Cleaned with backup

C:\Documents and Settings\Shawn Ryan\Local Settings\Temp\wh.exe/whAgent.exe -> Adware.WebHancer : Cleaned with backup

C:\Documents and Settings\Shawn Ryan\Local Settings\Temp\__unin__.exe -> Adware.Altnet : Cleaned with backup

C:\Documents and Settings\Shawn Ryan\Local Settings\Temporary Internet Files\Content.IE5\G1URWDUR\rcverlib[1].exe -> Downloader.Qoologic.ax : Cleaned with backup

C:\Documents and Settings\Shawn Ryan\My Documents\My Music\Divx Bundle +XViD.exe -> Worm.SdDrop.e : Cleaned with backup

C:\Documents and Settings\Shawn Ryan\My Documents\My Music\DivX edit (new).exe -> Worm.SdDrop.d : Cleaned with backup

C:\Documents and Settings\Shawn Ryan\My Documents\My Pictures\myemoticons\Display Images\myemoticons\temperkid.zip/winkjap1123.exe -> Downloader.VB.oc : Cleaned with backup

C:\Program Files\filesubmit\dmpotc201.zip\NNWDAC638.EXE -> Adware.NewDotNet : Cleaned with backup

C:\Program Files\INSTAFINK -> Adware.404Search : Cleaned with backup

C:\Program Files\INSTAFINK\instafink.dll -> Adware.404Search : Cleaned with backup

C:\Program Files\MyEmoticons\VVSNI_S3_MYEM_Inst.exe -> Adware.SaveNow : Cleaned with backup

C:\Program Files\RXToolBar -> Adware.RXToolbar : Cleaned with backup

C:\Program Files\RXToolBar\Semantic Insight -> Adware.RXToolbar : Cleaned with backup

C:\Program Files\RXToolBar\Semantic Insight\bKPack01.01.dat -> Adware.RXToolbar : Error during cleaning

C:\Program Files\RXToolBar\Semantic Insight\bKPack01.01.dattmp -> Adware.RXToolbar : Error during cleaning

C:\Program Files\RXToolBar\Semantic Insight\bKPack01.01.sig -> Adware.RXToolbar : Error during cleaning

C:\Program Files\RXToolBar\Semantic Insight\bKPack01.01.sigtmp -> Adware.RXToolbar : Error during cleaning

C:\Program Files\RXToolBar\Semantic Insight\bKPack01.dat -> Adware.RXToolbar : Error during cleaning

C:\Program Files\RXToolBar\Semantic Insight\bKPack01.dattmp -> Adware.RXToolbar : Error during cleaning

C:\Program Files\RXToolBar\Semantic Insight\bKPack01.sig -> Adware.RXToolbar : Error during cleaning

C:\Program Files\RXToolBar\Semantic Insight\bKPack01.sigtmp -> Adware.RXToolbar : Error during cleaning

C:\Program Files\RXToolBar\Semantic Insight\bLabels01.dat -> Adware.RXToolbar : Error during cleaning

C:\Program Files\RXToolBar\Semantic Insight\bLabels01.dattmp -> Adware.RXToolbar : Error during cleaning

C:\Program Files\RXToolBar\Semantic Insight\bLabels01.sig -> Adware.RXToolbar : Error during cleaning

C:\Program Files\RXToolBar\Semantic Insight\bLabels01.sigtmp -> Adware.RXToolbar : Error during cleaning

C:\Program Files\RXToolBar\Semantic Insight\CustomerSecret.Key -> Adware.RXToolbar : Error during cleaning

C:\Program Files\RXToolBar\Semantic Insight\CustomerSecret.Keytmp -> Adware.RXToolbar : Error during cleaning

C:\Program Files\RXToolBar\Semantic Insight\CustomerSecret.sig -> Adware.RXToolbar : Error during cleaning

C:\Program Files\RXToolBar\Semantic Insight\CustomerSecret.sigtmp -> Adware.RXToolbar : Error during cleaning

C:\Program Files\RXToolBar\Semantic Insight\nLabels01.dat -> Adware.RXToolbar : Error during cleaning

C:\Program Files\RXToolBar\Semantic Insight\nLabels01.dattmp -> Adware.RXToolbar : Error during cleaning

C:\Program Files\RXToolBar\Semantic Insight\nLabels01.sig -> Adware.RXToolbar : Error during cleaning

C:\Program Files\RXToolBar\Semantic Insight\nLabels01.sigtmp -> Adware.RXToolbar : Error during cleaning

C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.dat -> Adware.RXToolbar : Cleaned with backup

C:\Program Files\TBONBin -> Adware.BetterInternet : Cleaned with backup

C:\Program Files\TBONBin\TBONWnd.EXE -> Adware.BetterInternet : Cleaned with backup

C:\Program Files\webHancer\Programs\whSurvey.exe -> Adware.WebHancer : Cleaned with backup

C:\Program Files\whInstall -> Adware.Webhancer : Cleaned with backup

C:\Program Files\whInstall\license.txt -> Adware.Webhancer : Cleaned with backup

C:\Program Files\whInstall\readme.txt -> Adware.Webhancer : Cleaned with backup

C:\Program Files\whInstall\Sporder.dll -> Adware.Webhancer : Cleaned with backup

C:\Program Files\whInstall\webhdll.dll -> Adware.Webhancer : Cleaned with backup

C:\Program Files\whInstall\whAgent.exe -> Adware.Webhancer : Cleaned with backup

C:\Program Files\whInstall\whAgent.inf -> Adware.Webhancer : Cleaned with backup

C:\Program Files\whInstall\whAgent.ini -> Adware.Webhancer : Cleaned with backup

C:\Program Files\whInstall\whiehlpr.dll -> Adware.Webhancer : Cleaned with backup

C:\Program Files\whInstall\whInstaller.exe -> Adware.Webhancer : Cleaned with backup

C:\Program Files\whInstall\whInstaller.ini -> Adware.Webhancer : Cleaned with backup

C:\Program Files\whInstall\whSurvey.exe -> Adware.Webhancer : Cleaned with backup

C:\WINDOWS\Downloaded Program Files\MediaGatewayX.dll -> Adware.WinAD : Cleaned with backup

C:\WINDOWS\Downloaded Program Files\supreme.dll -> Adware.MegaSearch : Cleaned with backup

C:\WINDOWS\NDNuninstall6_38.exe -> Adware.NewDotNet : Cleaned with backup

C:\WINDOWS\NDNuninstall7_22.exe -> Adware.NewDotNet : Cleaned with backup

C:\WINDOWS\system32\fkksddc.exe -> Trojan.Pakes : Cleaned with backup

C:\WINDOWS\system32\P2P Networking -> Adware.P2PNetworking : Cleaned with backup

C:\WINDOWS\system32\P2P Networking\MARSHAL.DLL -> Adware.P2PNetworking : Cleaned with backup

C:\WINDOWS\system32\P2P Networking\P2P Networking.eng -> Adware.P2PNetworking : Cleaned with backup

C:\WINDOWS\system32\pqqab.dat -> Downloader.Qoologic.at : Cleaned with backup

C:\WINDOWS\system32\vgactl.cpl -> Downloader.Qoologic.at : Cleaned with backup

C:\WINDOWS\system32\winks.exe -> Adware.WinAD : Cleaned with backup

C:\WINDOWS\system32\wyyirr.exe -> Downloader.Qoologic.at : Cleaned with backup

C:\WINDOWS\Temp\Altnet -> Adware.Altnet : Cleaned with backup

C:\WINDOWS\Temp\Altnet\adm.exe -> Adware.Altnet : Cleaned with backup

C:\WINDOWS\Temp\Altnet\adm25.dll -> Adware.Altnet : Cleaned with backup

C:\WINDOWS\Temp\Altnet\adm4.dll -> Adware.Altnet : Cleaned with backup

C:\WINDOWS\Temp\Altnet\admdata.dll -> Adware.Altnet : Cleaned with backup

C:\WINDOWS\Temp\Altnet\admdloader.dll -> Adware.Altnet : Cleaned with backup

C:\WINDOWS\Temp\Altnet\admfdi.dll -> Adware.Altnet : Cleaned with backup

C:\WINDOWS\Temp\Altnet\admprog.dll -> Adware.Altnet : Cleaned with backup

C:\WINDOWS\Temp\Altnet\Atl.dll -> Adware.Altnet : Cleaned with backup

C:\WINDOWS\Temp\Altnet\dmfiles.cab -> Adware.Altnet : Cleaned with backup

C:\WINDOWS\Temp\Altnet\DMinfo3.cab -> Adware.Altnet : Cleaned with backup

C:\WINDOWS\Temp\Altnet\dminstall7.cab -> Adware.Altnet : Cleaned with backup

C:\WINDOWS\Temp\Altnet\msvcirt.dll -> Adware.Altnet : Cleaned with backup

C:\WINDOWS\Temp\Altnet\mysearch.cab -> Adware.Altnet : Cleaned with backup

C:\WINDOWS\Temp\Altnet\pmexe.cab -> Adware.Altnet : Cleaned with backup

C:\WINDOWS\Temp\Altnet\pmfiles.cab -> Adware.Altnet : Cleaned with backup

C:\WINDOWS\Temp\Altnet\pminstall.cab -> Adware.Altnet : Cleaned with backup

C:\WINDOWS\Temp\Altnet\Setup.cab -> Adware.Altnet : Cleaned with backup

C:\WINDOWS\Temp\Altnet\Setup.exe -> Adware.Altnet : Cleaned with backup

C:\WINDOWS\unist2.exe -> Adware.ShopNav : Cleaned with backup

C:\WINDOWS\whInstaller.exe -> Adware.WebHancer : Cleaned with backup

::Report End

Welcome back! You've got quite a mess there, but we got rid of the most dangerous part first. To deal with the amount of infections you have, and how serious they are, we're going to run a scan.

Please print out these directionis for use in Safe Mode

Please download ewido anti-malware it is a free version of the program.

  1. Install ewido anti-malware
  2. When installing, under "Additional Options" uncheck..
    • Install background guard
    • Install scan via context menu

[*]Launch ewido, there should be an icon on your desktop, double-click it.

[*]The program will now open to the main screen.

[*]When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.

[*]You will need to update ewido to the latest definition files.

  • On the left hand side of the main screen click update.
  • Then click on Start Update.

[*]The update will start and a progress bar will show the updates being installed.

(the status bar at the bottom will display ("Update successful")

If you are having problems with the updater, you can use this link to manually update ewido.

ewido manual updates

Once the updates are installed do the following:

  • Click on scanner
  • Click on Complete System Scan and the scan will begin.
  • You will be prompted to clean the first infection.
  • Select "Perform action on all infections", then proceed.
  • Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report.
  • Save the report .txt file to your desktop or a location where you can find it easily.

Close ewido anti-malware.

Post back with the Ewido Report and a new HJT log.

Link to post
Share on other sites

here is my latest hijackthis log after ewido anti-malware scan :

Logfile of HijackThis v1.99.1

Scan saved at 11:10:39 AM, on 3/12/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\ewido anti-malware\ewidoctrl.exe

C:\Program Files\ewido anti-malware\ewidoguard.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe

C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe

C:\Program Files\HPQ\SHARED\HPQWMI.exe

C:\Program Files\Real\RealPlayer\RealPlay.exe

C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe

C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe

C:\PROGRA~1\MUSICM~1\MUSICM~2\MMDiag.exe

C:\Program Files\Kazaa Lite Revolution\kazaalite.kpp

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\QuickTime\qttask.exe

C:\WINDOWS\wdskctl.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\MSN Messenger\MsnMsgr.Exe

C:\PROGRA~1\SOFTWA~1\soproc.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...ilion&pf=laptop

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.supremetoolbar.com

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL

O2 - BHO: Supreme Toolbar - {4E7BD74F-2B8D-469E-D7F3-FA7EA480A97D} - C:\WINDOWS\DOWNLO~1\supreme.dll (file missing)

O2 - BHO: WhIeHelperObj Class - {c900b400-cdfe-11d3-976a-00e02913a9e0} - C:\Program Files\webHancer\programs\whiehlpr.dll (file missing)

O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL

O3 - Toolbar: Supreme Toolbar - {4E7BD74F-2B8D-469E-D7F3-FA7EA480A97D} - C:\WINDOWS\DOWNLO~1\supreme.dll (file missing)

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe

O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start

O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe

O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe

O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"

O4 - HKLM\..\Run: [semanticInsight] C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe

O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe

O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"

O4 - HKLM\..\Run: [KAZAA] "C:\Program Files\Kazaa Lite Revolution\kpp.exe" "C:\Program Files\Kazaa Lite Revolution\kazaalite.kpp" /SYSTRAY

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [VVSN] C:\Program Files\VVSN\VVSN.exe

O4 - HKLM\..\Run: [wdskctl] C:\WINDOWS\wdskctl.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [sOProc_SoRefRegSoAlertWxLiteNnAj] rundll32 shell32.dll,ShellExec_RunDLL C:\PROGRA~1\SOFTWA~1\soproc.exe -pack SoRefRegSoAlertWxLiteNnAj

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=laptop

O15 - Trusted Zone: http://ak.imgfarm.com

O15 - Trusted Zone: http://gallery.myfuncards.com

O15 - Trusted Zone: http://www.rselby.net

O15 - Trusted Zone: http://help.smileycentral.com

O15 - Trusted Zone: http://smiley.smileycentral.com

O15 - Trusted Zone: http://www.smiley.smileycentral.com

O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab

O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} (Hewlett-Packard Online Support Services) - http://h50203.www5.hp.com/HPISWeb/Customer...DataManager.CAB

O16 - DPF: {15589FA1-C456-11CE-BF01-00AA0055595A} - http://ax.web-nexus.net/download/ax/279/installer.exe

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab

O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540013} (CInstall Class) - http://adserver.sharewareonline.com/adserver/Install.cab

O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab

O16 - DPF: {4E7BD74F-2B8D-469E-DEFA-EB76B1D5FA7D} - http://ezgreets.aavalue.com/EZG/Toolbar/ezg-toolbar.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1139440267890

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} (MediaGatewayX) - http://static.zangocash.com/cab/Zango/ie/bridge-c356.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file)

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe

O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe

O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

ok .. I ran the Ewido anit-malware program as suggested. Here is the report :

---------------------------------------------------------

ewido anti-malware - Scan report

---------------------------------------------------------

+ Created on: 11:03:17 AM, 3/12/2006

+ Report-Checksum: 6ED95B0F

+ Scan result:

HKLM\SOFTWARE\Classes\ADM25.ADM25 -> Adware.Altnet : Cleaned with backup

HKLM\SOFTWARE\Classes\ADM25.ADM25\CurVer -> Adware.Altnet : Cleaned with backup

HKLM\SOFTWARE\Classes\ADM25.ADM25.1 -> Adware.Altnet : Cleaned with backup

HKLM\SOFTWARE\Classes\ADM4.ADM4 -> Adware.Altnet : Cleaned with backup

HKLM\SOFTWARE\Classes\ADM4.ADM4\CurVer -> Adware.Altnet : Cleaned with backup

HKLM\SOFTWARE\Classes\ADM4.ADM4.1 -> Adware.Altnet : Cleaned with backup

HKLM\SOFTWARE\Classes\AppID\adm.EXE -> Adware.Altnet : Cleaned with backup

HKLM\SOFTWARE\Classes\AppID\Altnet Signing Module.EXE -> Adware.Altnet : Cleaned with backup

HKLM\SOFTWARE\Classes\ClientAX.ClientInstaller -> Adware.180Solutions : Error during cleaning

HKLM\SOFTWARE\Classes\ClientAX.ClientInstaller.1 -> Adware.180Solutions : Error during cleaning

HKLM\SOFTWARE\Classes\ClientAX.RequiredComponent -> Adware.Zango : Error during cleaning

HKLM\SOFTWARE\Classes\ClientAX.RequiredComponent.1 -> Adware.Zango : Error during cleaning

HKLM\SOFTWARE\Classes\CLSID\{59879FA4-4790-461c-A1CC-4EC4DE4CA483} -> Adware.RXToolbar : Cleaned with backup

HKLM\SOFTWARE\Classes\TopSearch.TSLink -> Adware.Altnet : Cleaned with backup

HKLM\SOFTWARE\Classes\TopSearch.TSLink\CLSID -> Adware.Altnet : Cleaned with backup

HKLM\SOFTWARE\Classes\TopSearch.TSLink\CurVer -> Adware.Altnet : Cleaned with backup

HKLM\SOFTWARE\Classes\TopSearch.TSLink.1 -> Adware.Altnet : Cleaned with backup

HKLM\SOFTWARE\Classes\WhIeHelperObj.WhIeHelperObj -> Adware.WebHancer : Cleaned with backup

HKLM\SOFTWARE\Classes\WhIeHelperObj.WhIeHelperObj\CurVer -> Adware.WebHancer : Cleaned with backup

HKLM\SOFTWARE\Classes\WhIeHelperObj.WhIeHelperObj.1 -> Adware.WebHancer : Cleaned with backup

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59879FA4-4790-461c-A1CC-4EC4DE4CA483} -> Adware.RXToolbar : Cleaned with backup

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\webHancer Agent -> Adware.WebHancer : Cleaned with backup

HKLM\SOFTWARE\webHancer -> Adware.WebHancer : Cleaned with backup

HKLM\SOFTWARE\webHancer\CC -> Adware.WebHancer : Cleaned with backup

HKLM\SOFTWARE\webHancer\ESO -> Adware.WebHancer : Cleaned with backup

HKU\S-1-5-21-3124652315-718845266-150805356-1006\Software\dsktb -> Adware.IEPlugin : Cleaned with backup

HKU\S-1-5-21-3124652315-718845266-150805356-1006\Software\dsktb\DesktopToolbar -> Adware.IEPlugin : Cleaned with backup

HKU\S-1-5-21-3124652315-718845266-150805356-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2FE29DE6-B70C-498B-80BF-CFEB9540F747} -> Adware.EZ-Greets : Cleaned with backup

HKU\S-1-5-21-3124652315-718845266-150805356-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{56F1D444-11BF-4879-A12B-79CF0177F038} -> Adware.180Solutions : Cleaned with backup

HKU\S-1-5-21-3124652315-718845266-150805356-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{59879FA4-4790-461C-A1CC-4EC4DE4CA483} -> Adware.RXToolbar : Cleaned with backup

HKU\S-1-5-21-3124652315-718845266-150805356-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{78B99003-748F-4167-A5AD-634E4278AF6D} -> Adware.EZ-Greets : Cleaned with backup

HKU\S-1-5-21-3124652315-718845266-150805356-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EA0D26BD-9029-431A-86E0-83152D67828A} -> Adware.180Solutions : Cleaned with backup

C:\Documents and Settings\Evie\Cookies\evie@2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup

C:\Documents and Settings\Evie\Cookies\[email protected][2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup

C:\Documents and Settings\Evie\Cookies\evie@adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned with backup

C:\Documents and Settings\Evie\Cookies\[email protected][1].txt -> TrackingCookie.Specificclick : Cleaned with backup

C:\Documents and Settings\Evie\Cookies\evie@adrevolver[1].txt -> TrackingCookie.Adrevolver : Cleaned with backup

C:\Documents and Settings\Evie\Cookies\[email protected][2].txt -> TrackingCookie.Pointroll : Cleaned with backup

C:\Documents and Settings\Evie\Cookies\evie@advertising[2].txt -> TrackingCookie.Advertising : Cleaned with backup

C:\Documents and Settings\Evie\Cookies\[email protected][1].txt -> TrackingCookie.Falkag : Cleaned with backup

C:\Documents and Settings\Evie\Cookies\evie@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup

C:\Documents and Settings\Evie\Cookies\evie@bestoffersnetworks[2].txt -> TrackingCookie.Bestoffersnetworks : Cleaned with backup

C:\Documents and Settings\Evie\Cookies\evie@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned with backup

C:\Documents and Settings\Evie\Cookies\evie@cliks[2].txt -> TrackingCookie.Cliks : Cleaned with backup

C:\Documents and Settings\Evie\Cookies\evie@com[2].txt -> TrackingCookie.Com : Cleaned with backup

C:\Documents and Settings\Evie\Cookies\evie@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup

C:\Documents and Settings\Evie\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : Cleaned with backup

C:\Documents and Settings\Evie\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : Cleaned with backup

C:\Documents and Settings\Evie\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : Cleaned with backup

C:\Documents and Settings\Evie\Cookies\evie@fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned with backup

C:\Documents and Settings\Evie\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup

C:\Documents and Settings\Evie\Cookies\evie@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup

C:\Documents and Settings\Evie\Cookies\[email protected][2].txt -> TrackingCookie.Tracking101 : Cleaned with backup

C:\Documents and Settings\Evie\Cookies\evie@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned with backup

C:\Documents and Settings\Evie\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup

C:\Documents and Settings\Evie\Cookies\evie@need2find[1].txt -> TrackingCookie.Need2find : Cleaned with backup

C:\Documents and Settings\Evie\Cookies\evie@overture[2].txt -> TrackingCookie.Overture : Cleaned with backup

C:\Documents and Settings\Evie\Cookies\evie@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned with backup

C:\Documents and Settings\Evie\Cookies\[email protected][1].txt -> TrackingCookie.Falkag : Cleaned with backup

C:\Documents and Settings\Evie\Cookies\evie@starware[2].txt -> TrackingCookie.Starware : Cleaned with backup

C:\Documents and Settings\Evie\Cookies\[email protected][1].txt -> TrackingCookie.Webtrendslive : Cleaned with backup

C:\Documents and Settings\Evie\Cookies\evie@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Cleaned with backup

C:\Documents and Settings\Evie\Cookies\evie@trafficmp[1].txt -> TrackingCookie.Trafficmp : Cleaned with backup

C:\Documents and Settings\Evie\Cookies\evie@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned with backup

C:\Documents and Settings\Evie\Cookies\evie@valueclick[1].txt -> TrackingCookie.Valueclick : Cleaned with backup

C:\Documents and Settings\Evie\Cookies\[email protected][2].txt -> TrackingCookie.Burstbeacon : Cleaned with backup

C:\Documents and Settings\Evie\Cookies\[email protected][1].txt -> TrackingCookie.Adserver : Cleaned with backup

C:\Documents and Settings\Evie\Cookies\evie@zedo[2].txt -> TrackingCookie.Zedo : Cleaned with backup

C:\Documents and Settings\Evie\Local Settings\Temp\Del11A.tmp -> Adware.180Solutions : Cleaned with backup

C:\Documents and Settings\Isaac\Cookies\isaac@2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup

C:\Documents and Settings\Isaac\Cookies\isaac@7search[2].txt -> TrackingCookie.7search : Cleaned with backup

C:\Documents and Settings\Isaac\Cookies\[email protected][2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup

C:\Documents and Settings\Isaac\Cookies\[email protected][2].txt -> TrackingCookie.Euroclick : Cleaned with backup

C:\Documents and Settings\Isaac\Cookies\[email protected][2].txt -> TrackingCookie.Specificclick : Cleaned with backup

C:\Documents and Settings\Isaac\Cookies\isaac@adrevolver[3].txt -> TrackingCookie.Adrevolver : Cleaned with backup

C:\Documents and Settings\Isaac\Cookies\[email protected][2].txt -> TrackingCookie.Pointroll : Cleaned with backup

C:\Documents and Settings\Isaac\Cookies\isaac@advertising[2].txt -> TrackingCookie.Advertising : Cleaned with backup

C:\Documents and Settings\Isaac\Cookies\[email protected][2].txt -> TrackingCookie.Falkag : Cleaned with backup

C:\Documents and Settings\Isaac\Cookies\[email protected][2].txt -> TrackingCookie.Falkag : Cleaned with backup

C:\Documents and Settings\Isaac\Cookies\isaac@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup

C:\Documents and Settings\Isaac\Cookies\isaac@bestoffersnetworks[1].txt -> TrackingCookie.Bestoffersnetworks : Cleaned with backup

C:\Documents and Settings\Isaac\Cookies\isaac@bluestreak[2].txt -> TrackingCookie.Bluestreak : Cleaned with backup

C:\Documents and Settings\Isaac\Cookies\isaac@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned with backup

C:\Documents and Settings\Isaac\Cookies\isaac@cliks[1].txt -> TrackingCookie.Cliks : Cleaned with backup

C:\Documents and Settings\Isaac\Cookies\isaac@com[2].txt -> TrackingCookie.Com : Cleaned with backup

C:\Documents and Settings\Isaac\Cookies\[email protected][1].txt -> TrackingCookie.Sextracker : Cleaned with backup

C:\Documents and Settings\Isaac\Cookies\isaac@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Cleaned with backup

C:\Documents and Settings\Isaac\Cookies\isaac@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup

C:\Documents and Settings\Isaac\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup

C:\Documents and Settings\Isaac\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup

C:\Documents and Settings\Isaac\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup

C:\Documents and Settings\Isaac\Cookies\[email protected][2].txt -> TrackingCookie.Ru4 : Cleaned with backup

C:\Documents and Settings\Isaac\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : Cleaned with backup

C:\Documents and Settings\Isaac\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : Cleaned with backup

C:\Documents and Settings\Isaac\Cookies\[email protected][2].txt -> TrackingCookie.Aavalue : Cleaned with backup

C:\Documents and Settings\Isaac\Cookies\[email protected][2].txt -> TrackingCookie.Aavalue : Cleaned with backup

C:\Documents and Settings\Isaac\Cookies\isaac@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned with backup

C:\Documents and Settings\Isaac\Cookies\[email protected][1].txt -> TrackingCookie.Starware : Cleaned with backup

C:\Documents and Settings\Isaac\Cookies\[email protected][2].txt -> TrackingCookie.Tracking101 : Cleaned with backup

C:\Documents and Settings\Isaac\Cookies\isaac@need2find[1].txt -> TrackingCookie.Need2find : Cleaned with backup

C:\Documents and Settings\Isaac\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup

C:\Documents and Settings\Isaac\Cookies\[email protected][1].txt -> TrackingCookie.Overture : Cleaned with backup

C:\Documents and Settings\Isaac\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : Cleaned with backup

C:\Documents and Settings\Isaac\Cookies\[email protected][2].txt -> TrackingCookie.Liveperson : Cleaned with backup

C:\Documents and Settings\Isaac\Cookies\isaac@sextracker[2].txt -> TrackingCookie.Sextracker : Cleaned with backup

C:\Documents and Settings\Isaac\Cookies\isaac@starware[2].txt -> TrackingCookie.Starware : Cleaned with backup

C:\Documents and Settings\Isaac\Cookies\isaac@statcounter[1].txt -> TrackingCookie.Statcounter : Cleaned with backup

C:\Documents and Settings\Isaac\Cookies\[email protected][2].txt -> TrackingCookie.Webtrendslive : Cleaned with backup

C:\Documents and Settings\Isaac\Cookies\isaac@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup

C:\Documents and Settings\Isaac\Cookies\isaac@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Cleaned with backup

C:\Documents and Settings\Isaac\Cookies\isaac@trafficmp[2].txt -> TrackingCookie.Trafficmp : Cleaned with backup

C:\Documents and Settings\Isaac\Cookies\[email protected][1].txt -> TrackingCookie.Starware : Cleaned with backup

C:\Documents and Settings\Isaac\Cookies\isaac@yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup

C:\Documents and Settings\Isaac\Cookies\[email protected][1].txt -> TrackingCookie.Adserver : Cleaned with backup

:mozilla.9:C:\Documents and Settings\Nina\Application Data\Netscape\NSB\Profiles\73pgmxm1.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup

:mozilla.10:C:\Documents and Settings\Nina\Application Data\Netscape\NSB\Profiles\73pgmxm1.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup

:mozilla.11:C:\Documents and Settings\Nina\Application Data\Netscape\NSB\Profiles\73pgmxm1.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup

C:\Documents and Settings\Nina\Cookies\nina@2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup

C:\Documents and Settings\Nina\Cookies\[email protected][2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup

C:\Documents and Settings\Nina\Cookies\nina@adrevolver[3].txt -> TrackingCookie.Adrevolver : Cleaned with backup

C:\Documents and Settings\Nina\Cookies\[email protected][2].txt -> TrackingCookie.Addynamix : Cleaned with backup

C:\Documents and Settings\Nina\Cookies\nina@advertising[2].txt -> TrackingCookie.Advertising : Cleaned with backup

C:\Documents and Settings\Nina\Cookies\[email protected][1].txt -> TrackingCookie.Falkag : Cleaned with backup

C:\Documents and Settings\Nina\Cookies\nina@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup

C:\Documents and Settings\Nina\Cookies\[email protected][1].txt -> TrackingCookie.Zedo : Cleaned with backup

C:\Documents and Settings\Nina\Cookies\nina@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned with backup

C:\Documents and Settings\Nina\Cookies\nina@com[2].txt -> TrackingCookie.Com : Cleaned with backup

C:\Documents and Settings\Nina\Cookies\nina@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup

C:\Documents and Settings\Nina\Cookies\[email protected][1].txt -> TrackingCookie.Hitbox : Cleaned with backup

C:\Documents and Settings\Nina\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : Cleaned with backup

C:\Documents and Settings\Nina\Cookies\[email protected][1].txt -> TrackingCookie.Aavalue : Cleaned with backup

C:\Documents and Settings\Nina\Cookies\[email protected][2].txt -> TrackingCookie.Aavalue : Cleaned with backup

C:\Documents and Settings\Nina\Cookies\nina@fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned with backup

C:\Documents and Settings\Nina\Cookies\nina@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup

C:\Documents and Settings\Nina\Cookies\[email protected][2].txt -> TrackingCookie.Tracking101 : Cleaned with backup

C:\Documents and Settings\Nina\Cookies\nina@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned with backup

C:\Documents and Settings\Nina\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup

C:\Documents and Settings\Nina\Cookies\nina@overture[1].txt -> TrackingCookie.Overture : Cleaned with backup

C:\Documents and Settings\Nina\Cookies\nina@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned with backup

C:\Documents and Settings\Nina\Cookies\[email protected][1].txt -> TrackingCookie.Falkag : Cleaned with backup

C:\Documents and Settings\Nina\Cookies\nina@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup

C:\Documents and Settings\Nina\Cookies\nina@targetnet[2].txt -> TrackingCookie.Targetnet : Cleaned with backup

C:\Documents and Settings\Nina\Cookies\nina@trafficmp[1].txt -> TrackingCookie.Trafficmp : Cleaned with backup

C:\Documents and Settings\Nina\Cookies\nina@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned with backup

C:\Documents and Settings\Nina\Cookies\nina@yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup

C:\Documents and Settings\Nina\Cookies\[email protected][1].txt -> TrackingCookie.Adserver : Cleaned with backup

C:\Documents and Settings\Nina\Cookies\nina@zedo[2].txt -> TrackingCookie.Zedo : Cleaned with backup

:mozilla.19:C:\Documents and Settings\Shawn Ryan\Application Data\Netscape\NSB\Profiles\gk49q6j6\cookies.txt -> TrackingCookie.Overture : Cleaned with backup

:mozilla.20:C:\Documents and Settings\Shawn Ryan\Application Data\Netscape\NSB\Profiles\gk49q6j6\cookies.txt -> TrackingCookie.Overture : Cleaned with backup

:mozilla.30:C:\Documents and Settings\Shawn Ryan\Application Data\Netscape\NSB\Profiles\gk49q6j6\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup

:mozilla.31:C:\Documents and Settings\Shawn Ryan\Application Data\Netscape\NSB\Profiles\gk49q6j6\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup

:mozilla.32:C:\Documents and Settings\Shawn Ryan\Application Data\Netscape\NSB\Profiles\gk49q6j6\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup

:mozilla.33:C:\Documents and Settings\Shawn Ryan\Application Data\Netscape\NSB\Profiles\gk49q6j6\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup

:mozilla.36:C:\Documents and Settings\Shawn Ryan\Application Data\Netscape\NSB\Profiles\gk49q6j6\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup

C:\Documents and Settings\Shawn Ryan\Application Data\Netscape\NSB\Profiles\mgu26d6s.default\Cache\C8D542DDd01 -> Adware.180Solutions : Cleaned with backup

:mozilla.9:C:\Documents and Settings\Shawn Ryan\Application Data\Netscape\NSB\Profiles\mgu26d6s.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup

:mozilla.10:C:\Documents and Settings\Shawn Ryan\Application Data\Netscape\NSB\Profiles\mgu26d6s.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup

:mozilla.11:C:\Documents and Settings\Shawn Ryan\Application Data\Netscape\NSB\Profiles\mgu26d6s.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup

:mozilla.12:C:\Documents and Settings\Shawn Ryan\Application Data\Netscape\NSB\Profiles\mgu26d6s.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup

:mozilla.13:C:\Documents and Settings\Shawn Ryan\Application Data\Netscape\NSB\Profiles\mgu26d6s.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup

:mozilla.14:C:\Documents and Settings\Shawn Ryan\Application Data\Netscape\NSB\Profiles\mgu26d6s.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup

:mozilla.15:C:\Documents and Settings\Shawn Ryan\Application Data\Netscape\NSB\Profiles\mgu26d6s.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup

:mozilla.17:C:\Documents and Settings\Shawn Ryan\Application Data\Netscape\NSB\Profiles\mgu26d6s.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup

:mozilla.65:C:\Documents and Settings\Shawn Ryan\Application Data\Netscape\NSB\Profiles\mgu26d6s.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup

:mozilla.69:C:\Documents and Settings\Shawn Ryan\Application Data\Netscape\NSB\Profiles\mgu26d6s.default\cookies.txt -> TrackingCookie.Weborama : Cleaned with backup

:mozilla.70:C:\Documents and Settings\Shawn Ryan\Application Data\Netscape\NSB\Profiles\mgu26d6s.default\cookies.txt -> TrackingCookie.Weborama : Cleaned with backup

:mozilla.85:C:\Documents and Settings\Shawn Ryan\Application Data\Netscape\NSB\Profiles\mgu26d6s.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup

:mozilla.105:C:\Documents and Settings\Shawn Ryan\Application Data\Netscape\NSB\Profiles\mgu26d6s.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup

:mozilla.111:C:\Documents and Settings\Shawn Ryan\Application Data\Netscape\NSB\Profiles\mgu26d6s.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup

:mozilla.112:C:\Documents and Settings\Shawn Ryan\Application Data\Netscape\NSB\Profiles\mgu26d6s.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup

:mozilla.113:C:\Documents and Settings\Shawn Ryan\Application Data\Netscape\NSB\Profiles\mgu26d6s.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup

:mozilla.114:C:\Documents and Settings\Shawn Ryan\Application Data\Netscape\NSB\Profiles\mgu26d6s.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup

:mozilla.119:C:\Documents and Settings\Shawn Ryan\Application Data\Netscape\NSB\Profiles\mgu26d6s.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup

:mozilla.122:C:\Documents and Settings\Shawn Ryan\Application Data\Netscape\NSB\Profiles\mgu26d6s.default\cookies.txt -> TrackingCookie.Clickhype : Cleaned with backup

:mozilla.128:C:\Documents and Settings\Shawn Ryan\Application Data\Netscape\NSB\Profiles\mgu26d6s.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup

:mozilla.130:C:\Documents and Settings\Shawn Ryan\Application Data\Netscape\NSB\Profiles\mgu26d6s.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup

:mozilla.135:C:\Documents and Settings\Shawn Ryan\Application Data\Netscape\NSB\Profiles\mgu26d6s.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup

:mozilla.138:C:\Documents and Settings\Shawn Ryan\Application Data\Netscape\NSB\Profiles\mgu26d6s.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup

:mozilla.139:C:\Documents and Settings\Shawn Ryan\Application Data\Netscape\NSB\Profiles\mgu26d6s.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup

:mozilla.140:C:\Documents and Settings\Shawn Ryan\Application Data\Netscape\NSB\Profiles\mgu26d6s.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup

:mozilla.141:C:\Documents and Settings\Shawn Ryan\Application Data\Netscape\NSB\Profiles\mgu26d6s.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup

C:\Documents and Settings\Shawn Ryan\Cookies\shawn ryan@2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup

C:\Documents and Settings\Shawn Ryan\Cookies\shawn [email protected][1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup

C:\Documents and Settings\Shawn Ryan\Cookies\shawn [email protected][1].txt -> TrackingCookie.Clickhype : Cleaned with backup

C:\Documents and Settings\Shawn Ryan\Cookies\shawn [email protected][1].txt -> TrackingCookie.Realcastmedia : Cleaned with backup

C:\Documents and Settings\Shawn Ryan\Cookies\shawn ryan@bestoffersnetworks[2].txt -> TrackingCookie.Bestoffersnetworks : Cleaned with backup

C:\Documents and Settings\Shawn Ryan\Cookies\shawn ryan@clickbank[1].txt -> TrackingCookie.Clickbank : Cleaned with backup

C:\Documents and Settings\Shawn Ryan\Cookies\shawn ryan@cliks[2].txt -> TrackingCookie.Cliks : Cleaned with backup

C:\Documents and Settings\Shawn Ryan\Cookies\shawn ryan@com[1].txt -> TrackingCookie.Com : Cleaned with backup

C:\Documents and Settings\Shawn Ryan\Cookies\shawn ryan@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Cleaned with backup

C:\Documents and Settings\Shawn Ryan\Cookies\shawn ryan@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup

C:\Documents and Settings\Shawn Ryan\Cookies\shawn [email protected][1].txt -> TrackingCookie.Hitbox : Cleaned with backup

C:\Documents and Settings\Shawn Ryan\Cookies\shawn [email protected][2].txt -> TrackingCookie.Aavalue : Cleaned with backup

C:\Documents and Settings\Shawn Ryan\Cookies\shawn [email protected][1].txt -> TrackingCookie.Aavalue : Cleaned with backup

C:\Documents and Settings\Shawn Ryan\Cookies\shawn [email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup

C:\Documents and Settings\Shawn Ryan\Cookies\shawn ryan@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup

C:\Documents and Settings\Shawn Ryan\Cookies\shawn [email protected][1].txt -> TrackingCookie.Directnetadvertising : Cleaned with backup

C:\Documents and Settings\Shawn Ryan\Cookies\shawn ryan@yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup

C:\Documents and Settings\Shawn Ryan\Desktop\ZangoMessenger.exe -> Adware.180Solutions : Cleaned with backup

C:\Documents and Settings\Shawn Ryan\Local Settings\Temp\asmfiles.cab/asm.exe -> Adware.Altnet : Cleaned with backup

C:\Documents and Settings\Shawn Ryan\Local Settings\Temp\asmfiles.cab/asmps.dll -> Adware.Altnet : Cleaned with backup

C:\Documents and Settings\Shawn Ryan\Local Settings\Temp\Cookies\shawn [email protected][2].txt -> TrackingCookie.Aavalue : Cleaned with backup

C:\Documents and Settings\Shawn Ryan\Local Settings\Temp\Cookies\shawn [email protected][2].txt -> TrackingCookie.Aavalue : Cleaned with backup

C:\Documents and Settings\Shawn Ryan\Local Settings\Temp\f2408203.exe -> Downloader.Qoologic.at : Cleaned with backup

C:\Documents and Settings\Shawn Ryan\Local Settings\Temp\ICD2.tmp\ezg-package.exe -> Adware.Sidesearch : Cleaned with backup

C:\Documents and Settings\Shawn Ryan\Local Settings\Temp\MGW_SH.exe -> Adware.WinAD : Cleaned with backup

C:\Documents and Settings\Shawn Ryan\Local Settings\Temp\SHNT288.exe -> Adware.NewDotNet : Cleaned with backup

C:\Documents and Settings\Shawn Ryan\Local Settings\Temp\tm26042.exe -> Downloader.Qoologic.ax : Cleaned with backup

C:\Documents and Settings\Shawn Ryan\Local Settings\Temp\tm3662.exe -> Downloader.Qoologic.ax : Cleaned with backup

C:\Documents and Settings\Shawn Ryan\Local Settings\Temp\wh.exe/whAgent.exe -> Adware.WebHancer : Cleaned with backup

C:\Documents and Settings\Shawn Ryan\Local Settings\Temp\__unin__.exe -> Adware.Altnet : Cleaned with backup

C:\Documents and Settings\Shawn Ryan\Local Settings\Temporary Internet Files\Content.IE5\G1URWDUR\rcverlib[1].exe -> Downloader.Qoologic.ax : Cleaned with backup

C:\Documents and Settings\Shawn Ryan\My Documents\My Music\Divx Bundle +XViD.exe -> Worm.SdDrop.e : Cleaned with backup

C:\Documents and Settings\Shawn Ryan\My Documents\My Music\DivX edit (new).exe -> Worm.SdDrop.d : Cleaned with backup

C:\Documents and Settings\Shawn Ryan\My Documents\My Pictures\myemoticons\Display Images\myemoticons\temperkid.zip/winkjap1123.exe -> Downloader.VB.oc : Cleaned with backup

C:\Program Files\filesubmit\dmpotc201.zip\NNWDAC638.EXE -> Adware.NewDotNet : Cleaned with backup

C:\Program Files\INSTAFINK -> Adware.404Search : Cleaned with backup

C:\Program Files\INSTAFINK\instafink.dll -> Adware.404Search : Cleaned with backup

C:\Program Files\MyEmoticons\VVSNI_S3_MYEM_Inst.exe -> Adware.SaveNow : Cleaned with backup

C:\Program Files\RXToolBar -> Adware.RXToolbar : Cleaned with backup

C:\Program Files\RXToolBar\Semantic Insight -> Adware.RXToolbar : Cleaned with backup

C:\Program Files\RXToolBar\Semantic Insight\bKPack01.01.dat -> Adware.RXToolbar : Error during cleaning

C:\Program Files\RXToolBar\Semantic Insight\bKPack01.01.dattmp -> Adware.RXToolbar : Error during cleaning

C:\Program Files\RXToolBar\Semantic Insight\bKPack01.01.sig -> Adware.RXToolbar : Error during cleaning

C:\Program Files\RXToolBar\Semantic Insight\bKPack01.01.sigtmp -> Adware.RXToolbar : Error during cleaning

C:\Program Files\RXToolBar\Semantic Insight\bKPack01.dat -> Adware.RXToolbar : Error during cleaning

C:\Program Files\RXToolBar\Semantic Insight\bKPack01.dattmp -> Adware.RXToolbar : Error during cleaning

C:\Program Files\RXToolBar\Semantic Insight\bKPack01.sig -> Adware.RXToolbar : Error during cleaning

C:\Program Files\RXToolBar\Semantic Insight\bKPack01.sigtmp -> Adware.RXToolbar : Error during cleaning

C:\Program Files\RXToolBar\Semantic Insight\bLabels01.dat -> Adware.RXToolbar : Error during cleaning

C:\Program Files\RXToolBar\Semantic Insight\bLabels01.dattmp -> Adware.RXToolbar : Error during cleaning

C:\Program Files\RXToolBar\Semantic Insight\bLabels01.sig -> Adware.RXToolbar : Error during cleaning

C:\Program Files\RXToolBar\Semantic Insight\bLabels01.sigtmp -> Adware.RXToolbar : Error during cleaning

C:\Program Files\RXToolBar\Semantic Insight\CustomerSecret.Key -> Adware.RXToolbar : Error during cleaning

C:\Program Files\RXToolBar\Semantic Insight\CustomerSecret.Keytmp -> Adware.RXToolbar : Error during cleaning

C:\Program Files\RXToolBar\Semantic Insight\CustomerSecret.sig -> Adware.RXToolbar : Error during cleaning

C:\Program Files\RXToolBar\Semantic Insight\CustomerSecret.sigtmp -> Adware.RXToolbar : Error during cleaning

C:\Program Files\RXToolBar\Semantic Insight\nLabels01.dat -> Adware.RXToolbar : Error during cleaning

C:\Program Files\RXToolBar\Semantic Insight\nLabels01.dattmp -> Adware.RXToolbar : Error during cleaning

C:\Program Files\RXToolBar\Semantic Insight\nLabels01.sig -> Adware.RXToolbar : Error during cleaning

C:\Program Files\RXToolBar\Semantic Insight\nLabels01.sigtmp -> Adware.RXToolbar : Error during cleaning

C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.dat -> Adware.RXToolbar : Cleaned with backup

C:\Program Files\TBONBin -> Adware.BetterInternet : Cleaned with backup

C:\Program Files\TBONBin\TBONWnd.EXE -> Adware.BetterInternet : Cleaned with backup

C:\Program Files\webHancer\Programs\whSurvey.exe -> Adware.WebHancer : Cleaned with backup

C:\Program Files\whInstall -> Adware.Webhancer : Cleaned with backup

C:\Program Files\whInstall\license.txt -> Adware.Webhancer : Cleaned with backup

C:\Program Files\whInstall\readme.txt -> Adware.Webhancer : Cleaned with backup

C:\Program Files\whInstall\Sporder.dll -> Adware.Webhancer : Cleaned with backup

C:\Program Files\whInstall\webhdll.dll -> Adware.Webhancer : Cleaned with backup

C:\Program Files\whInstall\whAgent.exe -> Adware.Webhancer : Cleaned with backup

C:\Program Files\whInstall\whAgent.inf -> Adware.Webhancer : Cleaned with backup

C:\Program Files\whInstall\whAgent.ini -> Adware.Webhancer : Cleaned with backup

C:\Program Files\whInstall\whiehlpr.dll -> Adware.Webhancer : Cleaned with backup

C:\Program Files\whInstall\whInstaller.exe -> Adware.Webhancer : Cleaned with backup

C:\Program Files\whInstall\whInstaller.ini -> Adware.Webhancer : Cleaned with backup

C:\Program Files\whInstall\whSurvey.exe -> Adware.Webhancer : Cleaned with backup

C:\WINDOWS\Downloaded Program Files\MediaGatewayX.dll -> Adware.WinAD : Cleaned with backup

C:\WINDOWS\Downloaded Program Files\supreme.dll -> Adware.MegaSearch : Cleaned with backup

C:\WINDOWS\NDNuninstall6_38.exe -> Adware.NewDotNet : Cleaned with backup

C:\WINDOWS\NDNuninstall7_22.exe -> Adware.NewDotNet : Cleaned with backup

C:\WINDOWS\system32\fkksddc.exe -> Trojan.Pakes : Cleaned with backup

C:\WINDOWS\system32\P2P Networking -> Adware.P2PNetworking : Cleaned with backup

C:\WINDOWS\system32\P2P Networking\MARSHAL.DLL -> Adware.P2PNetworking : Cleaned with backup

C:\WINDOWS\system32\P2P Networking\P2P Networking.eng -> Adware.P2PNetworking : Cleaned with backup

C:\WINDOWS\system32\pqqab.dat -> Downloader.Qoologic.at : Cleaned with backup

C:\WINDOWS\system32\vgactl.cpl -> Downloader.Qoologic.at : Cleaned with backup

C:\WINDOWS\system32\winks.exe -> Adware.WinAD : Cleaned with backup

C:\WINDOWS\system32\wyyirr.exe -> Downloader.Qoologic.at : Cleaned with backup

C:\WINDOWS\Temp\Altnet -> Adware.Altnet : Cleaned with backup

C:\WINDOWS\Temp\Altnet\adm.exe -> Adware.Altnet : Cleaned with backup

C:\WINDOWS\Temp\Altnet\adm25.dll -> Adware.Altnet : Cleaned with backup

C:\WINDOWS\Temp\Altnet\adm4.dll -> Adware.Altnet : Cleaned with backup

C:\WINDOWS\Temp\Altnet\admdata.dll -> Adware.Altnet : Cleaned with backup

C:\WINDOWS\Temp\Altnet\admdloader.dll -> Adware.Altnet : Cleaned with backup

C:\WINDOWS\Temp\Altnet\admfdi.dll -> Adware.Altnet : Cleaned with backup

C:\WINDOWS\Temp\Altnet\admprog.dll -> Adware.Altnet : Cleaned with backup

C:\WINDOWS\Temp\Altnet\Atl.dll -> Adware.Altnet : Cleaned with backup

C:\WINDOWS\Temp\Altnet\dmfiles.cab -> Adware.Altnet : Cleaned with backup

C:\WINDOWS\Temp\Altnet\DMinfo3.cab -> Adware.Altnet : Cleaned with backup

C:\WINDOWS\Temp\Altnet\dminstall7.cab -> Adware.Altnet : Cleaned with backup

C:\WINDOWS\Temp\Altnet\msvcirt.dll -> Adware.Altnet : Cleaned with backup

C:\WINDOWS\Temp\Altnet\mysearch.cab -> Adware.Altnet : Cleaned with backup

C:\WINDOWS\Temp\Altnet\pmexe.cab -> Adware.Altnet : Cleaned with backup

C:\WINDOWS\Temp\Altnet\pmfiles.cab -> Adware.Altnet : Cleaned with backup

C:\WINDOWS\Temp\Altnet\pminstall.cab -> Adware.Altnet : Cleaned with backup

C:\WINDOWS\Temp\Altnet\Setup.cab -> Adware.Altnet : Cleaned with backup

C:\WINDOWS\Temp\Altnet\Setup.exe -> Adware.Altnet : Cleaned with backup

C:\WINDOWS\unist2.exe -> Adware.ShopNav : Cleaned with backup

C:\WINDOWS\whInstaller.exe -> Adware.WebHancer : Cleaned with backup

::Report End

Welcome back! You've got quite a mess there, but we got rid of the most dangerous part first. To deal with the amount of infections you have, and how serious they are, we're going to run a scan.

Please print out these directionis for use in Safe Mode

Please download ewido anti-malware it is a free version of the program.

  1. Install ewido anti-malware
  2. When installing, under "Additional Options" uncheck..
    • Install background guard
    • Install scan via context menu

[*]Launch ewido, there should be an icon on your desktop, double-click it.

[*]The program will now open to the main screen.

[*]When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.

[*]You will need to update ewido to the latest definition files.

  • On the left hand side of the main screen click update.
  • Then click on Start Update.

[*]The update will start and a progress bar will show the updates being installed.

(the status bar at the bottom will display ("Update successful")

If you are having problems with the updater, you can use this link to manually update ewido.

ewido manual updates

Once the updates are installed do the following:

  • Click on scanner
  • Click on Complete System Scan and the scan will begin.
  • You will be prompted to clean the first infection.
  • Select "Perform action on all infections", then proceed.
  • Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report.
  • Save the report .txt file to your desktop or a location where you can find it easily.

Close ewido anti-malware.

Post back with the Ewido Report and a new HJT log.

Link to post
Share on other sites

now what do i do after running both hijackthis and ewido anti-malware ? My IE problem still exist.

here is my latest hijackthis log after ewido anti-malware scan :

Logfile of HijackThis v1.99.1

Scan saved at 11:10:39 AM, on 3/12/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\ewido anti-malware\ewidoctrl.exe

C:\Program Files\ewido anti-malware\ewidoguard.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe

C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe

C:\Program Files\HPQ\SHARED\HPQWMI.exe

C:\Program Files\Real\RealPlayer\RealPlay.exe

C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe

C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe

C:\PROGRA~1\MUSICM~1\MUSICM~2\MMDiag.exe

C:\Program Files\Kazaa Lite Revolution\kazaalite.kpp

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\QuickTime\qttask.exe

C:\WINDOWS\wdskctl.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\MSN Messenger\MsnMsgr.Exe

C:\PROGRA~1\SOFTWA~1\soproc.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...ilion&pf=laptop

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.supremetoolbar.com

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL

O2 - BHO: Supreme Toolbar - {4E7BD74F-2B8D-469E-D7F3-FA7EA480A97D} - C:\WINDOWS\DOWNLO~1\supreme.dll (file missing)

O2 - BHO: WhIeHelperObj Class - {c900b400-cdfe-11d3-976a-00e02913a9e0} - C:\Program Files\webHancer\programs\whiehlpr.dll (file missing)

O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL

O3 - Toolbar: Supreme Toolbar - {4E7BD74F-2B8D-469E-D7F3-FA7EA480A97D} - C:\WINDOWS\DOWNLO~1\supreme.dll (file missing)

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe

O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start

O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe

O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe

O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"

O4 - HKLM\..\Run: [semanticInsight] C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe

O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe

O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"

O4 - HKLM\..\Run: [KAZAA] "C:\Program Files\Kazaa Lite Revolution\kpp.exe" "C:\Program Files\Kazaa Lite Revolution\kazaalite.kpp" /SYSTRAY

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [VVSN] C:\Program Files\VVSN\VVSN.exe

O4 - HKLM\..\Run: [wdskctl] C:\WINDOWS\wdskctl.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [sOProc_SoRefRegSoAlertWxLiteNnAj] rundll32 shell32.dll,ShellExec_RunDLL C:\PROGRA~1\SOFTWA~1\soproc.exe -pack SoRefRegSoAlertWxLiteNnAj

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=laptop

O15 - Trusted Zone: http://ak.imgfarm.com

O15 - Trusted Zone: http://gallery.myfuncards.com

O15 - Trusted Zone: http://www.rselby.net

O15 - Trusted Zone: http://help.smileycentral.com

O15 - Trusted Zone: http://smiley.smileycentral.com

O15 - Trusted Zone: http://www.smiley.smileycentral.com

O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab

O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} (Hewlett-Packard Online Support Services) - http://h50203.www5.hp.com/HPISWeb/Customer...DataManager.CAB

O16 - DPF: {15589FA1-C456-11CE-BF01-00AA0055595A} - http://ax.web-nexus.net/download/ax/279/installer.exe

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab

O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540013} (CInstall Class) - http://adserver.sharewareonline.com/adserver/Install.cab

O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab

O16 - DPF: {4E7BD74F-2B8D-469E-DEFA-EB76B1D5FA7D} - http://ezgreets.aavalue.com/EZG/Toolbar/ezg-toolbar.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1139440267890

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} (MediaGatewayX) - http://static.zangocash.com/cab/Zango/ie/bridge-c356.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file)

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe

O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe

O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

ok .. I ran the Ewido anit-malware program as suggested. Here is the report :

---------------------------------------------------------

ewido anti-malware - Scan report

---------------------------------------------------------

+ Created on: 11:03:17 AM, 3/12/2006

+ Report-Checksum: 6ED95B0F

+ Scan result:

HKLM\SOFTWARE\Classes\ADM25.ADM25 -> Adware.Altnet : Cleaned with backup

HKLM\SOFTWARE\Classes\ADM25.ADM25\CurVer -> Adware.Altnet : Cleaned with backup

HKLM\SOFTWARE\Classes\ADM25.ADM25.1 -> Adware.Altnet : Cleaned with backup

HKLM\SOFTWARE\Classes\ADM4.ADM4 -> Adware.Altnet : Cleaned with backup

HKLM\SOFTWARE\Classes\ADM4.ADM4\CurVer -> Adware.Altnet : Cleaned with backup

HKLM\SOFTWARE\Classes\ADM4.ADM4.1 -> Adware.Altnet : Cleaned with backup

HKLM\SOFTWARE\Classes\AppID\adm.EXE -> Adware.Altnet : Cleaned with backup

HKLM\SOFTWARE\Classes\AppID\Altnet Signing Module.EXE -> Adware.Altnet : Cleaned with backup

HKLM\SOFTWARE\Classes\ClientAX.ClientInstaller -> Adware.180Solutions : Error during cleaning

HKLM\SOFTWARE\Classes\ClientAX.ClientInstaller.1 -> Adware.180Solutions : Error during cleaning

HKLM\SOFTWARE\Classes\ClientAX.RequiredComponent -> Adware.Zango : Error during cleaning

HKLM\SOFTWARE\Classes\ClientAX.RequiredComponent.1 -> Adware.Zango : Error during cleaning

HKLM\SOFTWARE\Classes\CLSID\{59879FA4-4790-461c-A1CC-4EC4DE4CA483} -> Adware.RXToolbar : Cleaned with backup

HKLM\SOFTWARE\Classes\TopSearch.TSLink -> Adware.Altnet : Cleaned with backup

HKLM\SOFTWARE\Classes\TopSearch.TSLink\CLSID -> Adware.Altnet : Cleaned with backup

HKLM\SOFTWARE\Classes\TopSearch.TSLink\CurVer -> Adware.Altnet : Cleaned with backup

HKLM\SOFTWARE\Classes\TopSearch.TSLink.1 -> Adware.Altnet : Cleaned with backup

HKLM\SOFTWARE\Classes\WhIeHelperObj.WhIeHelperObj -> Adware.WebHancer : Cleaned with backup

HKLM\SOFTWARE\Classes\WhIeHelperObj.WhIeHelperObj\CurVer -> Adware.WebHancer : Cleaned with backup

HKLM\SOFTWARE\Classes\WhIeHelperObj.WhIeHelperObj.1 -> Adware.WebHancer : Cleaned with backup

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59879FA4-4790-461c-A1CC-4EC4DE4CA483} -> Adware.RXToolbar : Cleaned with backup

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\webHancer Agent -> Adware.WebHancer : Cleaned with backup

HKLM\SOFTWARE\webHancer -> Adware.WebHancer : Cleaned with backup

HKLM\SOFTWARE\webHancer\CC -> Adware.WebHancer : Cleaned with backup

HKLM\SOFTWARE\webHancer\ESO -> Adware.WebHancer : Cleaned with backup

HKU\S-1-5-21-3124652315-718845266-150805356-1006\Software\dsktb -> Adware.IEPlugin : Cleaned with backup

HKU\S-1-5-21-3124652315-718845266-150805356-1006\Software\dsktb\DesktopToolbar -> Adware.IEPlugin : Cleaned with backup

HKU\S-1-5-21-3124652315-718845266-150805356-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2FE29DE6-B70C-498B-80BF-CFEB9540F747} -> Adware.EZ-Greets : Cleaned with backup

HKU\S-1-5-21-3124652315-718845266-150805356-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{56F1D444-11BF-4879-A12B-79CF0177F038} -> Adware.180Solutions : Cleaned with backup

HKU\S-1-5-21-3124652315-718845266-150805356-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{59879FA4-4790-461C-A1CC-4EC4DE4CA483} -> Adware.RXToolbar : Cleaned with backup

HKU\S-1-5-21-3124652315-718845266-150805356-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{78B99003-748F-4167-A5AD-634E4278AF6D} -> Adware.EZ-Greets : Cleaned with backup

HKU\S-1-5-21-3124652315-718845266-150805356-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EA0D26BD-9029-431A-86E0-83152D67828A} -> Adware.180Solutions : Cleaned with backup

C:\Documents and Settings\Evie\Cookies\evie@2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup

C:\Documents and Settings\Evie\Cookies\[email protected][2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup

C:\Documents and Settings\Evie\Cookies\evie@adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned with backup

C:\Documents and Settings\Evie\Cookies\[email protected][1].txt -> TrackingCookie.Specificclick : Cleaned with backup

C:\Documents and Settings\Evie\Cookies\evie@adrevolver[1].txt -> TrackingCookie.Adrevolver : Cleaned with backup

C:\Documents and Settings\Evie\Cookies\[email protected][2].txt -> TrackingCookie.Pointroll : Cleaned with backup

C:\Documents and Settings\Evie\Cookies\evie@advertising[2].txt -> TrackingCookie.Advertising : Cleaned with backup

C:\Documents and Settings\Evie\Cookies\[email protected][1].txt -> TrackingCookie.Falkag : Cleaned with backup

C:\Documents and Settings\Evie\Cookies\evie@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup

C:\Documents and Settings\Evie\Cookies\evie@bestoffersnetworks[2].txt -> TrackingCookie.Bestoffersnetworks : Cleaned with backup

C:\Documents and Settings\Evie\Cookies\evie@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned with backup

C:\Documents and Settings\Evie\Cookies\evie@cliks[2].txt -> TrackingCookie.Cliks : Cleaned with backup

C:\Documents and Settings\Evie\Cookies\evie@com[2].txt -> TrackingCookie.Com : Cleaned with backup

C:\Documents and Settings\Evie\Cookies\evie@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup

C:\Documents and Settings\Evie\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : Cleaned with backup

C:\Documents and Settings\Evie\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : Cleaned with backup

C:\Documents and Settings\Evie\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : Cleaned with backup

C:\Documents and Settings\Evie\Cookies\evie@fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned with backup

C:\Documents and Settings\Evie\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup

C:\Documents and Settings\Evie\Cookies\evie@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup

C:\Documents and Settings\Evie\Cookies\[email protected][2].txt -> TrackingCookie.Tracking101 : Cleaned with backup

C:\Documents and Settings\Evie\Cookies\evie@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned with backup

C:\Documents and Settings\Evie\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup

C:\Documents and Settings\Evie\Cookies\evie@need2find[1].txt -> TrackingCookie.Need2find : Cleaned with backup

C:\Documents and Settings\Evie\Cookies\evie@overture[2].txt -> TrackingCookie.Overture : Cleaned with backup

C:\Documents and Settings\Evie\Cookies\evie@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned with backup

C:\Documents and Settings\Evie\Cookies\[email protected][1].txt -> TrackingCookie.Falkag : Cleaned with backup

C:\Documents and Settings\Evie\Cookies\evie@starware[2].txt -> TrackingCookie.Starware : Cleaned with backup

C:\Documents and Settings\Evie\Cookies\[email protected][1].txt -> TrackingCookie.Webtrendslive : Cleaned with backup

C:\Documents and Settings\Evie\Cookies\evie@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Cleaned with backup

C:\Documents and Settings\Evie\Cookies\evie@trafficmp[1].txt -> TrackingCookie.Trafficmp : Cleaned with backup

C:\Documents and Settings\Evie\Cookies\evie@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned with backup

C:\Documents and Settings\Evie\Cookies\evie@valueclick[1].txt -> TrackingCookie.Valueclick : Cleaned with backup

C:\Documents and Settings\Evie\Cookies\[email protected][2].txt -> TrackingCookie.Burstbeacon : Cleaned with backup

C:\Documents and Settings\Evie\Cookies\[email protected][1].txt -> TrackingCookie.Adserver : Cleaned with backup

C:\Documents and Settings\Evie\Cookies\evie@zedo[2].txt -> TrackingCookie.Zedo : Cleaned with backup

C:\Documents and Settings\Evie\Local Settings\Temp\Del11A.tmp -> Adware.180Solutions : Cleaned with backup

C:\Documents and Settings\Isaac\Cookies\isaac@2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup

C:\Documents and Settings\Isaac\Cookies\isaac@7search[2].txt -> TrackingCookie.7search : Cleaned with backup

C:\Documents and Settings\Isaac\Cookies\[email protected][2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup

C:\Documents and Settings\Isaac\Cookies\[email protected][2].txt -> TrackingCookie.Euroclick : Cleaned with backup

C:\Documents and Settings\Isaac\Cookies\[email protected][2].txt -> TrackingCookie.Specificclick : Cleaned with backup

C:\Documents and Settings\Isaac\Cookies\isaac@adrevolver[3].txt -> TrackingCookie.Adrevolver : Cleaned with backup

C:\Documents and Settings\Isaac\Cookies\[email protected][2].txt -> TrackingCookie.Pointroll : Cleaned with backup

C:\Documents and Settings\Isaac\Cookies\isaac@advertising[2].txt -> TrackingCookie.Advertising : Cleaned with backup

C:\Documents and Settings\Isaac\Cookies\[email protected][2].txt -> TrackingCookie.Falkag : Cleaned with backup

C:\Documents and Settings\Isaac\Cookies\[email protected][2].txt -> TrackingCookie.Falkag : Cleaned with backup

C:\Documents and Settings\Isaac\Cookies\isaac@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup

C:\Documents and Settings\Isaac\Cookies\isaac@bestoffersnetworks[1].txt -> TrackingCookie.Bestoffersnetworks : Cleaned with backup

C:\Documents and Settings\Isaac\Cookies\isaac@bluestreak[2].txt -> TrackingCookie.Bluestreak : Cleaned with backup

C:\Documents and Settings\Isaac\Cookies\isaac@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned with backup

C:\Documents and Settings\Isaac\Cookies\isaac@cliks[1].txt -> TrackingCookie.Cliks : Cleaned with backup

C:\Documents and Settings\Isaac\Cookies\isaac@com[2].txt -> TrackingCookie.Com : Cleaned with backup

C:\Documents and Settings\Isaac\Cookies\[email protected][1].txt -> TrackingCookie.Sextracker : Cleaned with backup

C:\Documents and Settings\Isaac\Cookies\isaac@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Cleaned with backup

C:\Documents and Settings\Isaac\Cookies\isaac@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup

C:\Documents and Settings\Isaac\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup

C:\Documents and Settings\Isaac\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup

C:\Documents and Settings\Isaac\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup

C:\Documents and Settings\Isaac\Cookies\[email protected][2].txt -> TrackingCookie.Ru4 : Cleaned with backup

C:\Documents and Settings\Isaac\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : Cleaned with backup

C:\Documents and Settings\Isaac\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : Cleaned with backup

C:\Documents and Settings\Isaac\Cookies\[email protected][2].txt -> TrackingCookie.Aavalue : Cleaned with backup

C:\Documents and Settings\Isaac\Cookies\[email protected][2].txt -> TrackingCookie.Aavalue : Cleaned with backup

C:\Documents and Settings\Isaac\Cookies\isaac@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned with backup

C:\Documents and Settings\Isaac\Cookies\[email protected][1].txt -> TrackingCookie.Starware : Cleaned with backup

C:\Documents and Settings\Isaac\Cookies\[email protected][2].txt -> TrackingCookie.Tracking101 : Cleaned with backup

C:\Documents and Settings\Isaac\Cookies\isaac@need2find[1].txt -> TrackingCookie.Need2find : Cleaned with backup

C:\Documents and Settings\Isaac\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup

C:\Documents and Settings\Isaac\Cookies\[email protected][1].txt -> TrackingCookie.Overture : Cleaned with backup

C:\Documents and Settings\Isaac\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : Cleaned with backup

C:\Documents and Settings\Isaac\Cookies\[email protected][2].txt -> TrackingCookie.Liveperson : Cleaned with backup

C:\Documents and Settings\Isaac\Cookies\isaac@sextracker[2].txt -> TrackingCookie.Sextracker : Cleaned with backup

C:\Documents and Settings\Isaac\Cookies\isaac@starware[2].txt -> TrackingCookie.Starware : Cleaned with backup

C:\Documents and Settings\Isaac\Cookies\isaac@statcounter[1].txt -> TrackingCookie.Statcounter : Cleaned with backup

C:\Documents and Settings\Isaac\Cookies\[email protected][2].txt -> TrackingCookie.Webtrendslive : Cleaned with backup

C:\Documents and Settings\Isaac\Cookies\isaac@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup

C:\Documents and Settings\Isaac\Cookies\isaac@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Cleaned with backup

C:\Documents and Settings\Isaac\Cookies\isaac@trafficmp[2].txt -> TrackingCookie.Trafficmp : Cleaned with backup

C:\Documents and Settings\Isaac\Cookies\[email protected][1].txt -> TrackingCookie.Starware : Cleaned with backup

C:\Documents and Settings\Isaac\Cookies\isaac@yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup

C:\Documents and Settings\Isaac\Cookies\[email protected][1].txt -> TrackingCookie.Adserver : Cleaned with backup

:mozilla.9:C:\Documents and Settings\Nina\Application Data\Netscape\NSB\Profiles\73pgmxm1.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup

:mozilla.10:C:\Documents and Settings\Nina\Application Data\Netscape\NSB\Profiles\73pgmxm1.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup

:mozilla.11:C:\Documents and Settings\Nina\Application Data\Netscape\NSB\Profiles\73pgmxm1.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup

C:\Documents and Settings\Nina\Cookies\nina@2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup

C:\Documents and Settings\Nina\Cookies\[email protected][2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup

C:\Documents and Settings\Nina\Cookies\nina@adrevolver[3].txt -> TrackingCookie.Adrevolver : Cleaned with backup

C:\Documents and Settings\Nina\Cookies\[email protected][2].txt -> TrackingCookie.Addynamix : Cleaned with backup

C:\Documents and Settings\Nina\Cookies\nina@advertising[2].txt -> TrackingCookie.Advertising : Cleaned with backup

C:\Documents and Settings\Nina\Cookies\[email protected][1].txt -> TrackingCookie.Falkag : Cleaned with backup

C:\Documents and Settings\Nina\Cookies\nina@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup

C:\Documents and Settings\Nina\Cookies\[email protected][1].txt -> TrackingCookie.Zedo : Cleaned with backup

C:\Documents and Settings\Nina\Cookies\nina@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned with backup

C:\Documents and Settings\Nina\Cookies\nina@com[2].txt -> TrackingCookie.Com : Cleaned with backup

C:\Documents and Settings\Nina\Cookies\nina@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup

C:\Documents and Settings\Nina\Cookies\[email protected][1].txt -> TrackingCookie.Hitbox : Cleaned with backup

C:\Documents and Settings\Nina\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : Cleaned with backup

C:\Documents and Settings\Nina\Cookies\[email protected][1].txt -> TrackingCookie.Aavalue : Cleaned with backup

C:\Documents and Settings\Nina\Cookies\[email protected][2].txt -> TrackingCookie.Aavalue : Cleaned with backup

C:\Documents and Settings\Nina\Cookies\nina@fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned with backup

C:\Documents and Settings\Nina\Cookies\nina@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup

C:\Documents and Settings\Nina\Cookies\[email protected][2].txt -> TrackingCookie.Tracking101 : Cleaned with backup

C:\Documents and Settings\Nina\Cookies\nina@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned with backup

C:\Documents and Settings\Nina\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup

C:\Documents and Settings\Nina\Cookies\nina@overture[1].txt -> TrackingCookie.Overture : Cleaned with backup

C:\Documents and Settings\Nina\Cookies\nina@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned with backup

C:\Documents and Settings\Nina\Cookies\[email protected][1].txt -> TrackingCookie.Falkag : Cleaned with backup

C:\Documents and Settings\Nina\Cookies\nina@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup

C:\Documents and Settings\Nina\Cookies\nina@targetnet[2].txt -> TrackingCookie.Targetnet : Cleaned with backup

C:\Documents and Settings\Nina\Cookies\nina@trafficmp[1].txt -> TrackingCookie.Trafficmp : Cleaned with backup

C:\Documents and Settings\Nina\Cookies\nina@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned with backup

C:\Documents and Settings\Nina\Cookies\nina@yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup

C:\Documents and Settings\Nina\Cookies\[email protected][1].txt -> TrackingCookie.Adserver : Cleaned with backup

C:\Documents and Settings\Nina\Cookies\nina@zedo[2].txt -> TrackingCookie.Zedo : Cleaned with backup

:mozilla.19:C:\Documents and Settings\Shawn Ryan\Application Data\Netscape\NSB\Profiles\gk49q6j6\cookies.txt -> TrackingCookie.Overture : Cleaned with backup

:mozilla.20:C:\Documents and Settings\Shawn Ryan\Application Data\Netscape\NSB\Profiles\gk49q6j6\cookies.txt -> TrackingCookie.Overture : Cleaned with backup

:mozilla.30:C:\Documents and Settings\Shawn Ryan\Application Data\Netscape\NSB\Profiles\gk49q6j6\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup

:mozilla.31:C:\Documents and Settings\Shawn Ryan\Application Data\Netscape\NSB\Profiles\gk49q6j6\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup

:mozilla.32:C:\Documents and Settings\Shawn Ryan\Application Data\Netscape\NSB\Profiles\gk49q6j6\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup

:mozilla.33:C:\Documents and Settings\Shawn Ryan\Application Data\Netscape\NSB\Profiles\gk49q6j6\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup

:mozilla.36:C:\Documents and Settings\Shawn Ryan\Application Data\Netscape\NSB\Profiles\gk49q6j6\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup

C:\Documents and Settings\Shawn Ryan\Application Data\Netscape\NSB\Profiles\mgu26d6s.default\Cache\C8D542DDd01 -> Adware.180Solutions : Cleaned with backup

:mozilla.9:C:\Documents and Settings\Shawn Ryan\Application Data\Netscape\NSB\Profiles\mgu26d6s.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup

:mozilla.10:C:\Documents and Settings\Shawn Ryan\Application Data\Netscape\NSB\Profiles\mgu26d6s.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup

:mozilla.11:C:\Documents and Settings\Shawn Ryan\Application Data\Netscape\NSB\Profiles\mgu26d6s.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup

:mozilla.12:C:\Documents and Settings\Shawn Ryan\Application Data\Netscape\NSB\Profiles\mgu26d6s.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup

:mozilla.13:C:\Documents and Settings\Shawn Ryan\Application Data\Netscape\NSB\Profiles\mgu26d6s.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup

:mozilla.14:C:\Documents and Settings\Shawn Ryan\Application Data\Netscape\NSB\Profiles\mgu26d6s.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup

:mozilla.15:C:\Documents and Settings\Shawn Ryan\Application Data\Netscape\NSB\Profiles\mgu26d6s.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup

:mozilla.17:C:\Documents and Settings\Shawn Ryan\Application Data\Netscape\NSB\Profiles\mgu26d6s.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup

:mozilla.65:C:\Documents and Settings\Shawn Ryan\Application Data\Netscape\NSB\Profiles\mgu26d6s.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup

:mozilla.69:C:\Documents and Settings\Shawn Ryan\Application Data\Netscape\NSB\Profiles\mgu26d6s.default\cookies.txt -> TrackingCookie.Weborama : Cleaned with backup

:mozilla.70:C:\Documents and Settings\Shawn Ryan\Application Data\Netscape\NSB\Profiles\mgu26d6s.default\cookies.txt -> TrackingCookie.Weborama : Cleaned with backup

:mozilla.85:C:\Documents and Settings\Shawn Ryan\Application Data\Netscape\NSB\Profiles\mgu26d6s.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup

:mozilla.105:C:\Documents and Settings\Shawn Ryan\Application Data\Netscape\NSB\Profiles\mgu26d6s.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup

:mozilla.111:C:\Documents and Settings\Shawn Ryan\Application Data\Netscape\NSB\Profiles\mgu26d6s.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup

:mozilla.112:C:\Documents and Settings\Shawn Ryan\Application Data\Netscape\NSB\Profiles\mgu26d6s.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup

:mozilla.113:C:\Documents and Settings\Shawn Ryan\Application Data\Netscape\NSB\Profiles\mgu26d6s.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup

:mozilla.114:C:\Documents and Settings\Shawn Ryan\Application Data\Netscape\NSB\Profiles\mgu26d6s.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup

:mozilla.119:C:\Documents and Settings\Shawn Ryan\Application Data\Netscape\NSB\Profiles\mgu26d6s.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup

:mozilla.122:C:\Documents and Settings\Shawn Ryan\Application Data\Netscape\NSB\Profiles\mgu26d6s.default\cookies.txt -> TrackingCookie.Clickhype : Cleaned with backup

:mozilla.128:C:\Documents and Settings\Shawn Ryan\Application Data\Netscape\NSB\Profiles\mgu26d6s.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup

:mozilla.130:C:\Documents and Settings\Shawn Ryan\Application Data\Netscape\NSB\Profiles\mgu26d6s.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup

:mozilla.135:C:\Documents and Settings\Shawn Ryan\Application Data\Netscape\NSB\Profiles\mgu26d6s.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup

:mozilla.138:C:\Documents and Settings\Shawn Ryan\Application Data\Netscape\NSB\Profiles\mgu26d6s.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup

:mozilla.139:C:\Documents and Settings\Shawn Ryan\Application Data\Netscape\NSB\Profiles\mgu26d6s.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup

:mozilla.140:C:\Documents and Settings\Shawn Ryan\Application Data\Netscape\NSB\Profiles\mgu26d6s.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup

:mozilla.141:C:\Documents and Settings\Shawn Ryan\Application Data\Netscape\NSB\Profiles\mgu26d6s.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup

C:\Documents and Settings\Shawn Ryan\Cookies\shawn ryan@2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup

C:\Documents and Settings\Shawn Ryan\Cookies\shawn [email protected][1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup

C:\Documents and Settings\Shawn Ryan\Cookies\shawn [email protected][1].txt -> TrackingCookie.Clickhype : Cleaned with backup

C:\Documents and Settings\Shawn Ryan\Cookies\shawn [email protected][1].txt -> TrackingCookie.Realcastmedia : Cleaned with backup

C:\Documents and Settings\Shawn Ryan\Cookies\shawn ryan@bestoffersnetworks[2].txt -> TrackingCookie.Bestoffersnetworks : Cleaned with backup

C:\Documents and Settings\Shawn Ryan\Cookies\shawn ryan@clickbank[1].txt -> TrackingCookie.Clickbank : Cleaned with backup

C:\Documents and Settings\Shawn Ryan\Cookies\shawn ryan@cliks[2].txt -> TrackingCookie.Cliks : Cleaned with backup

C:\Documents and Settings\Shawn Ryan\Cookies\shawn ryan@com[1].txt -> TrackingCookie.Com : Cleaned with backup

C:\Documents and Settings\Shawn Ryan\Cookies\shawn ryan@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Cleaned with backup

C:\Documents and Settings\Shawn Ryan\Cookies\shawn ryan@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup

C:\Documents and Settings\Shawn Ryan\Cookies\shawn [email protected][1].txt -> TrackingCookie.Hitbox : Cleaned with backup

C:\Documents and Settings\Shawn Ryan\Cookies\shawn [email protected][2].txt -> TrackingCookie.Aavalue : Cleaned with backup

C:\Documents and Settings\Shawn Ryan\Cookies\shawn [email protected][1].txt -> TrackingCookie.Aavalue : Cleaned with backup

C:\Documents and Settings\Shawn Ryan\Cookies\shawn [email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup

C:\Documents and Settings\Shawn Ryan\Cookies\shawn ryan@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup

C:\Documents and Settings\Shawn Ryan\Cookies\shawn [email protected][1].txt -> TrackingCookie.Directnetadvertising : Cleaned with backup

C:\Documents and Settings\Shawn Ryan\Cookies\shawn ryan@yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup

C:\Documents and Settings\Shawn Ryan\Desktop\ZangoMessenger.exe -> Adware.180Solutions : Cleaned with backup

C:\Documents and Settings\Shawn Ryan\Local Settings\Temp\asmfiles.cab/asm.exe -> Adware.Altnet : Cleaned with backup

C:\Documents and Settings\Shawn Ryan\Local Settings\Temp\asmfiles.cab/asmps.dll -> Adware.Altnet : Cleaned with backup

C:\Documents and Settings\Shawn Ryan\Local Settings\Temp\Cookies\shawn [email protected][2].txt -> TrackingCookie.Aavalue : Cleaned with backup

C:\Documents and Settings\Shawn Ryan\Local Settings\Temp\Cookies\shawn [email protected][2].txt -> TrackingCookie.Aavalue : Cleaned with backup

C:\Documents and Settings\Shawn Ryan\Local Settings\Temp\f2408203.exe -> Downloader.Qoologic.at : Cleaned with backup

C:\Documents and Settings\Shawn Ryan\Local Settings\Temp\ICD2.tmp\ezg-package.exe -> Adware.Sidesearch : Cleaned with backup

C:\Documents and Settings\Shawn Ryan\Local Settings\Temp\MGW_SH.exe -> Adware.WinAD : Cleaned with backup

C:\Documents and Settings\Shawn Ryan\Local Settings\Temp\SHNT288.exe -> Adware.NewDotNet : Cleaned with backup

C:\Documents and Settings\Shawn Ryan\Local Settings\Temp\tm26042.exe -> Downloader.Qoologic.ax : Cleaned with backup

C:\Documents and Settings\Shawn Ryan\Local Settings\Temp\tm3662.exe -> Downloader.Qoologic.ax : Cleaned with backup

C:\Documents and Settings\Shawn Ryan\Local Settings\Temp\wh.exe/whAgent.exe -> Adware.WebHancer : Cleaned with backup

C:\Documents and Settings\Shawn Ryan\Local Settings\Temp\__unin__.exe -> Adware.Altnet : Cleaned with backup

C:\Documents and Settings\Shawn Ryan\Local Settings\Temporary Internet Files\Content.IE5\G1URWDUR\rcverlib[1].exe -> Downloader.Qoologic.ax : Cleaned with backup

C:\Documents and Settings\Shawn Ryan\My Documents\My Music\Divx Bundle +XViD.exe -> Worm.SdDrop.e : Cleaned with backup

C:\Documents and Settings\Shawn Ryan\My Documents\My Music\DivX edit (new).exe -> Worm.SdDrop.d : Cleaned with backup

C:\Documents and Settings\Shawn Ryan\My Documents\My Pictures\myemoticons\Display Images\myemoticons\temperkid.zip/winkjap1123.exe -> Downloader.VB.oc : Cleaned with backup

C:\Program Files\filesubmit\dmpotc201.zip\NNWDAC638.EXE -> Adware.NewDotNet : Cleaned with backup

C:\Program Files\INSTAFINK -> Adware.404Search : Cleaned with backup

C:\Program Files\INSTAFINK\instafink.dll -> Adware.404Search : Cleaned with backup

C:\Program Files\MyEmoticons\VVSNI_S3_MYEM_Inst.exe -> Adware.SaveNow : Cleaned with backup

C:\Program Files\RXToolBar -> Adware.RXToolbar : Cleaned with backup

C:\Program Files\RXToolBar\Semantic Insight -> Adware.RXToolbar : Cleaned with backup

C:\Program Files\RXToolBar\Semantic Insight\bKPack01.01.dat -> Adware.RXToolbar : Error during cleaning

C:\Program Files\RXToolBar\Semantic Insight\bKPack01.01.dattmp -> Adware.RXToolbar : Error during cleaning

C:\Program Files\RXToolBar\Semantic Insight\bKPack01.01.sig -> Adware.RXToolbar : Error during cleaning

C:\Program Files\RXToolBar\Semantic Insight\bKPack01.01.sigtmp -> Adware.RXToolbar : Error during cleaning

C:\Program Files\RXToolBar\Semantic Insight\bKPack01.dat -> Adware.RXToolbar : Error during cleaning

C:\Program Files\RXToolBar\Semantic Insight\bKPack01.dattmp -> Adware.RXToolbar : Error during cleaning

C:\Program Files\RXToolBar\Semantic Insight\bKPack01.sig -> Adware.RXToolbar : Error during cleaning

C:\Program Files\RXToolBar\Semantic Insight\bKPack01.sigtmp -> Adware.RXToolbar : Error during cleaning

C:\Program Files\RXToolBar\Semantic Insight\bLabels01.dat -> Adware.RXToolbar : Error during cleaning

C:\Program Files\RXToolBar\Semantic Insight\bLabels01.dattmp -> Adware.RXToolbar : Error during cleaning

C:\Program Files\RXToolBar\Semantic Insight\bLabels01.sig -> Adware.RXToolbar : Error during cleaning

C:\Program Files\RXToolBar\Semantic Insight\bLabels01.sigtmp -> Adware.RXToolbar : Error during cleaning

C:\Program Files\RXToolBar\Semantic Insight\CustomerSecret.Key -> Adware.RXToolbar : Error during cleaning

C:\Program Files\RXToolBar\Semantic Insight\CustomerSecret.Keytmp -> Adware.RXToolbar : Error during cleaning

C:\Program Files\RXToolBar\Semantic Insight\CustomerSecret.sig -> Adware.RXToolbar : Error during cleaning

C:\Program Files\RXToolBar\Semantic Insight\CustomerSecret.sigtmp -> Adware.RXToolbar : Error during cleaning

C:\Program Files\RXToolBar\Semantic Insight\nLabels01.dat -> Adware.RXToolbar : Error during cleaning

C:\Program Files\RXToolBar\Semantic Insight\nLabels01.dattmp -> Adware.RXToolbar : Error during cleaning

C:\Program Files\RXToolBar\Semantic Insight\nLabels01.sig -> Adware.RXToolbar : Error during cleaning

C:\Program Files\RXToolBar\Semantic Insight\nLabels01.sigtmp -> Adware.RXToolbar : Error during cleaning

C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.dat -> Adware.RXToolbar : Cleaned with backup

C:\Program Files\TBONBin -> Adware.BetterInternet : Cleaned with backup

C:\Program Files\TBONBin\TBONWnd.EXE -> Adware.BetterInternet : Cleaned with backup

C:\Program Files\webHancer\Programs\whSurvey.exe -> Adware.WebHancer : Cleaned with backup

C:\Program Files\whInstall -> Adware.Webhancer : Cleaned with backup

C:\Program Files\whInstall\license.txt -> Adware.Webhancer : Cleaned with backup

C:\Program Files\whInstall\readme.txt -> Adware.Webhancer : Cleaned with backup

C:\Program Files\whInstall\Sporder.dll -> Adware.Webhancer : Cleaned with backup

C:\Program Files\whInstall\webhdll.dll -> Adware.Webhancer : Cleaned with backup

C:\Program Files\whInstall\whAgent.exe -> Adware.Webhancer : Cleaned with backup

C:\Program Files\whInstall\whAgent.inf -> Adware.Webhancer : Cleaned with backup

C:\Program Files\whInstall\whAgent.ini -> Adware.Webhancer : Cleaned with backup

C:\Program Files\whInstall\whiehlpr.dll -> Adware.Webhancer : Cleaned with backup

C:\Program Files\whInstall\whInstaller.exe -> Adware.Webhancer : Cleaned with backup

C:\Program Files\whInstall\whInstaller.ini -> Adware.Webhancer : Cleaned with backup

C:\Program Files\whInstall\whSurvey.exe -> Adware.Webhancer : Cleaned with backup

C:\WINDOWS\Downloaded Program Files\MediaGatewayX.dll -> Adware.WinAD : Cleaned with backup

C:\WINDOWS\Downloaded Program Files\supreme.dll -> Adware.MegaSearch : Cleaned with backup

C:\WINDOWS\NDNuninstall6_38.exe -> Adware.NewDotNet : Cleaned with backup

C:\WINDOWS\NDNuninstall7_22.exe -> Adware.NewDotNet : Cleaned with backup

C:\WINDOWS\system32\fkksddc.exe -> Trojan.Pakes : Cleaned with backup

C:\WINDOWS\system32\P2P Networking -> Adware.P2PNetworking : Cleaned with backup

C:\WINDOWS\system32\P2P Networking\MARSHAL.DLL -> Adware.P2PNetworking : Cleaned with backup

C:\WINDOWS\system32\P2P Networking\P2P Networking.eng -> Adware.P2PNetworking : Cleaned with backup

C:\WINDOWS\system32\pqqab.dat -> Downloader.Qoologic.at : Cleaned with backup

C:\WINDOWS\system32\vgactl.cpl -> Downloader.Qoologic.at : Cleaned with backup

C:\WINDOWS\system32\winks.exe -> Adware.WinAD : Cleaned with backup

C:\WINDOWS\system32\wyyirr.exe -> Downloader.Qoologic.at : Cleaned with backup

C:\WINDOWS\Temp\Altnet -> Adware.Altnet : Cleaned with backup

C:\WINDOWS\Temp\Altnet\adm.exe -> Adware.Altnet : Cleaned with backup

C:\WINDOWS\Temp\Altnet\adm25.dll -> Adware.Altnet : Cleaned with backup

C:\WINDOWS\Temp\Altnet\adm4.dll -> Adware.Altnet : Cleaned with backup

C:\WINDOWS\Temp\Altnet\admdata.dll -> Adware.Altnet : Cleaned with backup

C:\WINDOWS\Temp\Altnet\admdloader.dll -> Adware.Altnet : Cleaned with backup

C:\WINDOWS\Temp\Altnet\admfdi.dll -> Adware.Altnet : Cleaned with backup

C:\WINDOWS\Temp\Altnet\admprog.dll -> Adware.Altnet : Cleaned with backup

C:\WINDOWS\Temp\Altnet\Atl.dll -> Adware.Altnet : Cleaned with backup

C:\WINDOWS\Temp\Altnet\dmfiles.cab -> Adware.Altnet : Cleaned with backup

C:\WINDOWS\Temp\Altnet\DMinfo3.cab -> Adware.Altnet : Cleaned with backup

C:\WINDOWS\Temp\Altnet\dminstall7.cab -> Adware.Altnet : Cleaned with backup

C:\WINDOWS\Temp\Altnet\msvcirt.dll -> Adware.Altnet : Cleaned with backup

C:\WINDOWS\Temp\Altnet\mysearch.cab -> Adware.Altnet : Cleaned with backup

C:\WINDOWS\Temp\Altnet\pmexe.cab -> Adware.Altnet : Cleaned with backup

C:\WINDOWS\Temp\Altnet\pmfiles.cab -> Adware.Altnet : Cleaned with backup

C:\WINDOWS\Temp\Altnet\pminstall.cab -> Adware.Altnet : Cleaned with backup

C:\WINDOWS\Temp\Altnet\Setup.cab -> Adware.Altnet : Cleaned with backup

C:\WINDOWS\Temp\Altnet\Setup.exe -> Adware.Altnet : Cleaned with backup

C:\WINDOWS\unist2.exe -> Adware.ShopNav : Cleaned with backup

C:\WINDOWS\whInstaller.exe -> Adware.WebHancer : Cleaned with backup

::Report End

Welcome back! You've got quite a mess there, but we got rid of the most dangerous part first. To deal with the amount of infections you have, and how serious they are, we're going to run a scan.

Please print out these directionis for use in Safe Mode

Please download ewido anti-malware it is a free version of the program.

  1. Install ewido anti-malware
  2. When installing, under "Additional Options" uncheck..
    • Install background guard
    • Install scan via context menu

[*]Launch ewido, there should be an icon on your desktop, double-click it.

[*]The program will now open to the main screen.

[*]When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.

[*]You will need to update ewido to the latest definition files.

  • On the left hand side of the main screen click update.
  • Then click on Start Update.

[*]The update will start and a progress bar will show the updates being installed.

(the status bar at the bottom will display ("Update successful")

If you are having problems with the updater, you can use this link to manually update ewido.

ewido manual updates

Once the updates are installed do the following:

  • Click on scanner
  • Click on Complete System Scan and the scan will begin.
  • You will be prompted to clean the first infection.
  • Select "Perform action on all infections", then proceed.
  • Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report.
  • Save the report .txt file to your desktop or a location where you can find it easily.

Close ewido anti-malware.

Post back with the Ewido Report and a new HJT log.

Link to post
Share on other sites

Welcome back! That Ewido scan helped a lot!

Scan with HJT and place a check next to the following items:

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.supremetoolbar.com

O2 - BHO: Supreme Toolbar - {4E7BD74F-2B8D-469E-D7F3-FA7EA480A97D} - C:\WINDOWS\DOWNLO~1\supreme.dll (file missing)

O2 - BHO: WhIeHelperObj Class - {c900b400-cdfe-11d3-976a-00e02913a9e0} - C:\Program Files\webHancer\programs\whiehlpr.dll (file missing)

O3 - Toolbar: Supreme Toolbar - {4E7BD74F-2B8D-469E-D7F3-FA7EA480A97D} - C:\WINDOWS\DOWNLO~1\supreme.dll (file missing)

O4 - HKLM\..\Run: [semanticInsight] C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe

O4 - HKLM\..\Run: [VVSN] C:\Program Files\VVSN\VVSN.exe

O4 - HKLM\..\Run: [wdskctl] C:\WINDOWS\wdskctl.exe

O4 - HKCU\..\Run: [sOProc_SoRefRegSoAlertWxLiteNnAj] rundll32 shell32.dll,ShellExec_RunDLL C:\PROGRA~1\SOFTWA~1\soproc.exe -pack SoRefRegSoAlertWxLiteNnAj

O16 - DPF: {15589FA1-C456-11CE-BF01-00AA0055595A} - http://ax.web-nexus.net/download/ax/279/installer.exe

O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540013} (CInstall Class) - http://adserver.sharewareonline.com/adserver/Install.cab

O16 - DPF: {4E7BD74F-2B8D-469E-DEFA-EB76B1D5FA7D} - http://ezgreets.aavalue.com/EZG/Toolbar/ezg-toolbar.cab

O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} (MediaGatewayX) - http://static.zangocash.com/cab/Zango/ie/bridge-c356.cab

O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file)

Then, make sure all browser windows and other applications are closed, and click the Fix Checked button.

Boot into Safe Mode:

Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

Once in safe mode, find and delete the following files:

C:\WINDOWS\wdskctl.exe

C:\PROGRA~1\SOFTWA~1\soproc.exe

And delete the following folders:

C:\Program Files\RXToolBar\

C:\Program Files\VVSN\

Then, reboot your computer normally.

Right click Here and select Save As to download WinHelp2002's DelDomains.inf. Please save the file somewhere you can find it like on the desktop. To run the inf file, right click on it and select Install.

Next, Please download ATF Cleaner by Atribune.

This program is for XP and Windows 2000 only

  • Double-click ATF-Cleaner.exe to run the program.
    Under Main choose: Select All
    Click the Empty Selected button.

If you use Firefox browser

  • Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

  • Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

For Technical Support, double-click the e-mail address located at the bottom of each menu.

Then, Please go HERE to run Panda's ActiveScan

  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report and a new HJT log.

Link to post
Share on other sites

okay .. i downloaded everything and ran all the utilites . When I tried to erase this programs you mentioned I had problems with :

C:\PROGRA~1\SOFTWA~1\soproc.exe ( I couldn't locate . In safe mode I could do a search for it and I wasn't sure where to look. )

And delete the following folders:

C:\Program Files\RXToolBar\ ( This program even after I found I could not get rid of. )

C:\Program Files\VVSN\ ( this one was erased )

I still give the "shellconhiddenwindow" .. it's the very last program that shuts down when I turn off my laptop.

Also, now my laptop is running a little slower .

please advise.

thank you very much

Welcome back! That Ewido scan helped a lot!

Scan with HJT and place a check next to the following items:

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.supremetoolbar.com

O2 - BHO: Supreme Toolbar - {4E7BD74F-2B8D-469E-D7F3-FA7EA480A97D} - C:\WINDOWS\DOWNLO~1\supreme.dll (file missing)

O2 - BHO: WhIeHelperObj Class - {c900b400-cdfe-11d3-976a-00e02913a9e0} - C:\Program Files\webHancer\programs\whiehlpr.dll (file missing)

O3 - Toolbar: Supreme Toolbar - {4E7BD74F-2B8D-469E-D7F3-FA7EA480A97D} - C:\WINDOWS\DOWNLO~1\supreme.dll (file missing)

O4 - HKLM\..\Run: [semanticInsight] C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe

O4 - HKLM\..\Run: [VVSN] C:\Program Files\VVSN\VVSN.exe

O4 - HKLM\..\Run: [wdskctl] C:\WINDOWS\wdskctl.exe

O4 - HKCU\..\Run: [sOProc_SoRefRegSoAlertWxLiteNnAj] rundll32 shell32.dll,ShellExec_RunDLL C:\PROGRA~1\SOFTWA~1\soproc.exe -pack SoRefRegSoAlertWxLiteNnAj

O16 - DPF: {15589FA1-C456-11CE-BF01-00AA0055595A} - http://ax.web-nexus.net/download/ax/279/installer.exe

O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540013} (CInstall Class) - http://adserver.sharewareonline.com/adserver/Install.cab

O16 - DPF: {4E7BD74F-2B8D-469E-DEFA-EB76B1D5FA7D} - http://ezgreets.aavalue.com/EZG/Toolbar/ezg-toolbar.cab

O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} (MediaGatewayX) - http://static.zangocash.com/cab/Zango/ie/bridge-c356.cab

O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file)

Then, make sure all browser windows and other applications are closed, and click the Fix Checked button.

Boot into Safe Mode:

Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

Once in safe mode, find and delete the following files:

C:\WINDOWS\wdskctl.exe

C:\PROGRA~1\SOFTWA~1\soproc.exe

And delete the following folders:

C:\Program Files\RXToolBar\

C:\Program Files\VVSN\

Then, reboot your computer normally.

Right click Here and select Save As to download WinHelp2002's DelDomains.inf. Please save the file somewhere you can find it like on the desktop. To run the inf file, right click on it and select Install.

Next, Please download ATF Cleaner by Atribune.

This program is for XP and Windows 2000 only

  • Double-click ATF-Cleaner.exe to run the program.
    Under Main choose: Select All
    Click the Empty Selected button.

If you use Firefox browser

  • Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

  • Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

For Technical Support, double-click the e-mail address located at the bottom of each menu.

Then, Please go HERE to run Panda's ActiveScan

  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report and a new HJT log.

Link to post
Share on other sites

my latest HJY LOG :

Logfile of HijackThis v1.99.1

Scan saved at 6:38:30 PM, on 3/12/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\TPSrv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

c:\program files\panda software\panda titanium 2006 antivirus + antispyware\firewall\PNMSRV.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\ewido anti-malware\ewidoctrl.exe

C:\Program Files\ewido anti-malware\ewidoguard.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PavFnSvr.exe

C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe

C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\pavsrv51.exe

C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\AVENGINE.EXE

C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PsImSvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\HPQ\SHARED\HPQWMI.exe

C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe

C:\Program Files\Real\RealPlayer\RealPlay.exe

C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe

C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe

C:\Program Files\Kazaa Lite Revolution\kazaalite.kpp

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\APVXDWIN.EXE

C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Musicmatch\Musicmatch Jukebox\MMDiag.exe

C:\Program Files\MSN Messenger\MsnMsgr.Exe

C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\WebProxy.exe

C:\HJT\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...ilion&pf=laptop

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start

O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe

O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe

O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"

O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe

O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"

O4 - HKLM\..\Run: [KAZAA] "C:\Program Files\Kazaa Lite Revolution\kpp.exe" "C:\Program Files\Kazaa Lite Revolution\kazaalite.kpp" /SYSTRAY

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\APVXDWIN.EXE" /s

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML

O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html

O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html

O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html

O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html

O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=laptop

O15 - Trusted Zone: http://ak.imgfarm.com

O15 - Trusted Zone: http://gallery.myfuncards.com

O15 - Trusted Zone: http://www.rselby.net

O15 - Trusted Zone: http://help.smileycentral.com

O15 - Trusted Zone: http://smiley.smileycentral.com

O15 - Trusted Zone: http://www.smiley.smileycentral.com

O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab

O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} (Hewlett-Packard Online Support Services) - http://h50203.www5.hp.com/HPISWeb/Customer...DataManager.CAB

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab

O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1139440267890

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe

O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe

O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PavFnSvr.exe

O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe

O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\pavsrv51.exe

O23 - Service: Panda Network Manager (PNMSRV) - Panda Software - c:\program files\panda software\panda titanium 2006 antivirus + antispyware\firewall\PNMSRV.EXE

O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software Internacional - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PsImSvc.exe

O23 - Service: Panda TPSrv (TPSrv) - Panda Software - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\TPSrv.exe

illmatic rob, please post the active scan report and a new HJT log for me.
Link to post
Share on other sites

illmatic rob, did you run panda active scan from my previous directions?

Then, Please go HERE to run Panda's ActiveScan

* Once you are on the Panda site click the Scan your PC button

* A new window will open...click the Check Now button

* Enter your Country

* Enter your State/Province

* Enter your e-mail address and click send

* Select either Home User or Company

* Click the big Scan Now button

* If it wants to install an ActiveX component allow it

* It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)

* When download is complete, click on My Computer to start the scan

* When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report and a new HJT log.

If so, please post the report it genereated. If not, please do so as directed before.

Also, did you follow the steps for DelDomains?

Right click Here and select Save As to download WinHelp2002's DelDomains.inf. Please save the file somewhere you can find it like on the desktop. To run the inf file, right click on it and select Install.

If not, please do that also.

So, please post the Panda report and a new HJT log after all these steps have been taken.

Link to post
Share on other sites

here's the panda report from scan :

Panda Titanium 2006 Antivirus + Antispyware incident report

EVENT DATE RESULTS ADDITIONAL INFORMATION

----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Packets with incorrect SYN, ACK and FIN combinations 03/12/06 21:23:29 Blocked Source IP address: 219.95.216.196

Packets with incorrect SYN, ACK and FIN combinations 03/12/06 20:14:14 Blocked Source IP address: 219.95.216.196

Spyware detected: Cookie/Searchportal 03/12/06 18:13:26 Eliminated Location: C:\Documents and Settings\Nina\Cookies\[email protected][2].txt

Spyware detected: Cookie/RealMedia 03/12/06 18:13:26 Eliminated Location: C:\Documents and Settings\Nina\Cookies\nina@realmedia[2].txt

Spyware detected: Cookie/did-it 03/12/06 18:13:26 Eliminated Location: C:\Documents and Settings\Nina\Cookies\nina@did-it[1].txt

Spyware detected: Cookie/WebPower 03/12/06 18:13:26 Eliminated Location: C:\Documents and Settings\Nina\Cookies\nina@webpower[1].txt

Spyware detected: Cookie/Adrevolver 03/12/06 18:13:25 Eliminated Location: C:\Documents and Settings\Nina\Cookies\nina@adrevolver[1].txt

Spyware detected: Cookie/Banner 03/12/06 18:13:25 Eliminated Location: C:\Documents and Settings\Nina\Cookies\nina@banner[1].txt

Spyware detected: Cookie/Hbmediapro 03/12/06 18:13:25 Eliminated Location: C:\Documents and Settings\Nina\Cookies\[email protected][1].txt

Spyware detected: Cookie/Apmebf 03/12/06 18:13:25 Eliminated Location: C:\Documents and Settings\Nina\Cookies\nina@apmebf[2].txt

Spyware detected: Cookie/RealMedia 03/12/06 18:11:08 Eliminated Location: C:\Documents and Settings\Isaac\Cookies\isaac@realmedia[2].txt

Spyware detected: Cookie/OfferOptimizer 03/12/06 18:11:08 Eliminated Location: C:\Documents and Settings\Isaac\Cookies\isaac@offeroptimizer[1].txt

Spyware detected: Cookie/Kazaa Networks 03/12/06 18:11:07 Eliminated Location: C:\Documents and Settings\Isaac\Cookies\[email protected][1].txt

Spyware detected: Cookie/Screensavers 03/12/06 18:11:07 Eliminated Location: C:\Documents and Settings\Isaac\Cookies\[email protected][1].txt

Spyware detected: Cookie/Cgi-bin 03/12/06 18:11:06 Eliminated Location: C:\Documents and Settings\Isaac\Cookies\isaac@cgi-bin[1].txt

Spyware detected: Cookie/Btgrab 03/12/06 18:11:06 Eliminated Location: C:\Documents and Settings\Isaac\Cookies\[email protected][1].txt

Spyware detected: Cookie/Adrevolver 03/12/06 18:11:05 Eliminated Location: C:\Documents and Settings\Isaac\Cookies\isaac@adrevolver[2].txt

Spyware detected: Cookie/Azjmp 03/12/06 18:11:05 Eliminated Location: C:\Documents and Settings\Isaac\Cookies\isaac@azjmp[1].txt

Spyware detected: Cookie/Hbmediapro 03/12/06 18:11:05 Eliminated Location: C:\Documents and Settings\Isaac\Cookies\[email protected][2].txt

Unrequested ICMP Echo reply 03/12/06 18:08:55 Blocked Source IP address: 192.168.1.1

Spyware detected: Cookie/WebPower 03/12/06 18:07:50 Eliminated Location: C:\Documents and Settings\Evie\Cookies\evie@webpower[2].txt

Spyware detected: Cookie/RealMedia 03/12/06 18:07:49 Eliminated Location: C:\Documents and Settings\Evie\Cookies\evie@realmedia[1].txt

Spyware detected: Cookie/OfferOptimizer 03/12/06 18:07:48 Eliminated Location: C:\Documents and Settings\Evie\Cookies\evie@offeroptimizer[2].txt

Spyware detected: Cookie/Netster 03/12/06 18:07:47 Eliminated Location: C:\Documents and Settings\Evie\Cookies\[email protected][1].txt

Spyware detected: Cookie/Netster 03/12/06 18:07:47 Eliminated Location: C:\Documents and Settings\Evie\Cookies\[email protected][1].txt

Spyware detected: Cookie/Maxserving 03/12/06 18:07:47 Eliminated Location: C:\Documents and Settings\Evie\Cookies\evie@maxserving[1].txt

Spyware detected: Cookie/Belnk 03/12/06 18:07:46 Eliminated Location: C:\Documents and Settings\Evie\Cookies\[email protected][1].txt

Spyware detected: Cookie/Screensavers 03/12/06 18:07:46 Eliminated Location: C:\Documents and Settings\Evie\Cookies\[email protected][1].txt

Spyware detected: Cookie/Belnk 03/12/06 18:07:45 Eliminated Location: C:\Documents and Settings\Evie\Cookies\evie@belnk[1].txt

Spyware detected: Cookie/Btgrab 03/12/06 18:07:45 Eliminated Location: C:\Documents and Settings\Evie\Cookies\[email protected][2].txt

Spyware detected: Cookie/bravenetA 03/12/06 18:07:45 Eliminated Location: C:\Documents and Settings\Evie\Cookies\evie@bravenet[2].txt

Spyware detected: Cookie/Adrevolver 03/12/06 18:07:44 Eliminated Location: C:\Documents and Settings\Evie\Cookies\evie@adrevolver[2].txt

Spyware detected: Cookie/Belnk 03/12/06 18:07:44 Eliminated Location: C:\Documents and Settings\Evie\Cookies\[email protected][2].txt

Spyware detected: Cookie/Azjmp 03/12/06 18:07:44 Eliminated Location: C:\Documents and Settings\Evie\Cookies\evie@azjmp[2].txt

Spyware detected: Cookie/Banner 03/12/06 18:07:44 Eliminated Location: C:\Documents and Settings\Evie\Cookies\evie@banner[1].txt

Tracking program detected 03/12/06 18:05:56 Eliminated Location: HKEY_LOCAL_MACHINE\S...\FUN WEB PRODUCTS

Scan started 03/12/06 18:04:28 Scan: All My Computer

Packets with incorrect SYN, ACK and FIN combinations 03/12/06 17:55:20 Blocked Source IP address: 219.95.216.196

Connection attempt 03/12/06 17:43:01 Blocked Application: C:\WINDOWS\system32\svchost.exe

Adware detected: adware/ncase 03/12/06 14:42:09 Eliminated Location: HKEY_CLASSES_ROOT\Interface\{F1F1E775-1B21-454D-8D38-7C16519969E5}

Adware detected: adware/looksmart 03/12/06 14:41:55 Eliminated Location: HKEY_CLASSES_ROOT\TypeLib\{EDD3B3E9-3FFD-4836-A6DE-D4A9C473A971}

Adware detected: adware/upspiralbar 03/12/06 14:41:47 Eliminated Location: HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{4E7BD74F-2B8D-469E-D7F3-FA7EA480A97D}

Spyware detected: spyware/altnet 03/12/06 14:41:25 Eliminated Location: HKEY_CLASSES_ROOT\CLSID\{B7156514-A76C-4545-9D5B-A4E1D02C7AEC}

Adware detected: adware/clkoptimizer 03/12/06 14:41:24 Eliminated Location: HKEY_CLASSES_ROOT\CLSID\{6EC11407-5B2E-4E25-8BDF-77445B52AB37}

Tracking program detected 03/12/06 14:41:23 Notified Location: HKEY_LOCAL_MACHINE\SOFTWARE\FUN WEB PRODUCTS

Tracking program detected 03/12/06 14:41:15 Notified Location: HKEY_LOCAL_MACHINE\SOFTWARE\FOCUSINTERACTIVE

Adware detected: adware/wupd 03/12/06 14:40:39 Eliminated Location: HKEY_CLASSES_ROOT\MEDIAGATEWAY.INSTALLER

Spyware detected: spyware/rxtoolbar 03/12/06 14:40:35 Eliminated Location: C:\PROGRAM FILES\RXToolBar

Adware detected: adware/qoologic 03/12/06 14:40:35 Eliminated Location: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\WEBNEXUS

Tracking program detected 03/12/06 14:40:34 Eliminated Location: C:\PROGRAM FILES\Need2Find

Adware detected: adware/webhancer 03/12/06 14:40:12 Eliminated Location: C:\WINDOWS\whAgent.inf

Spyware detected: application/bestoffer 03/12/06 14:40:09 Eliminated Location: C:\WINDOWS\smdat32a.sys

Tracking program detected 03/12/06 14:40:08 Notified Location: C:\Documents and Settings\Shawn Ryan\Desktop\Registry Cleaner.lnk

Tracking program detected 03/12/06 14:40:01 Blocked Location: c:\windows\downloaded program files\clientax.dll

Tracking program detected 03/12/06 14:39:41 Notified Location: C:\WINDOWS\DOWNLOADED PROGRAM FILES\ClientAX.dll

Adware detected: adware/p2pnetworking 03/12/06 14:39:20 Eliminated Location: C:\Documents and Settings\Shawn Ryan\Local Settings\Temp\p2psetup.exe

Update 03/12/06 14:34:13 OK New virus signatures: 2419

Packets with incorrect SYN, ACK and FIN combinations 03/12/06 14:22:54 Blocked Source IP address: 219.95.216.196

illmatic rob, did you run panda active scan from my previous directions?

Then, Please go HERE to run Panda's ActiveScan

* Once you are on the Panda site click the Scan your PC button

* A new window will open...click the Check Now button

* Enter your Country

* Enter your State/Province

* Enter your e-mail address and click send

* Select either Home User or Company

* Click the big Scan Now button

* If it wants to install an ActiveX component allow it

* It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)

* When download is complete, click on My Computer to start the scan

* When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report and a new HJT log.

If so, please post the report it genereated. If not, please do so as directed before.

Also, did you follow the steps for DelDomains?

Right click Here and select Save As to download WinHelp2002's DelDomains.inf. Please save the file somewhere you can find it like on the desktop. To run the inf file, right click on it and select Install.

If not, please do that also.

So, please post the Panda report and a new HJT log after all these steps have been taken.

panda_report___1.txt

Link to post
Share on other sites

Did you by any chance download panda's anti-virus softwware, or did you run the online scan?

Please download the Killbox by Option^Explicit.

Note: In the event you already have Killbox, this is a new version that I need you to download.

  • Save it to your desktop.

  • Please double-click Killbox.exe to run it.
  • Select:
    • Delete on Reboot
    • then Click on the All Files button.

    [*]Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    C:\WINDOWS\whAgent.inf

    C:\WINDOWS\smdat32a.sys

    C:\Documents and Settings\Shawn Ryan\Desktop\Registry Cleaner.lnk

    c:\windows\downloaded program files\clientax.dll

    C:\WINDOWS\DOWNLOADED PROGRAM FILES\ClientAX.dll

    [*] Return to Killbox, go to the File menu, and choose Paste from Clipboard.

    [*]Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).

If your computer does not restart automatically, please restart it manually.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click here to download and run missingfilesetup.exe. Then try Killbox again.

Please download WebRoot SpySweeper from HERE (It's a 2 week trial):

  • Click Download Now to download the program.
  • Install it. Once the program is installed, it will open.
  • It will prompt you to update to the latest definitions, click Yes.
  • Once the definitions are installed, click Options on the left side.
  • Click the Sweep Options tab.
  • Under What to Sweep please put a check next to the following:

    • Sweep Memory
    • Sweep Registry
    • Sweep Cookies
    • Sweep All User Accounts
    • Enable Direct Disk Sweeping
    • Sweep Contents of Compressed Files
    • Sweep for Rootkits
    • Please UNCHECK Do not Sweep System Restore Folder.

    [*]Click Sweep Now on the left side.

    [*]Click the Start button.

    [*]When it's done scanning, click the Next button.

    [*]Make sure everything has a check next to it, then click the Next button.

    [*]It will remove all of the items found.

    [*]Click Session Log in the upper right corner, copy everything in that window.

    [*]Click the Summary tab and click Finish.

    [*]Paste the contents of the session log you copied, and a new HJT log into your next reply.

Link to post
Share on other sites

Sorry illmatic rob, I edited my post on where to download the application. and you can keep panda AV, but DO NOT have two Anti viruses running. If you keep panda, get rid of your current anti virus program. however, you do not have to keep panda

Link to post
Share on other sites

no problem .. then follow instructions you gave me right ? I'll do that and probably get back to you on the results tomorrow. It's getting late for me.

Thanks for all your help. I hope to resolve this mess soon :thumbsup:

refer to post 14. I added in where to download it form.

Sorry for the confusion.

Link to post
Share on other sites

hey, i'm back for a few before i turn in .. i ran the killbox.exe and copy and paste. now what ? Here's my latest HJT log after executing killbox.exe :

Logfile of HijackThis v1.99.1

Scan saved at 12:46:35 AM, on 3/13/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\TPSrv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

c:\program files\panda software\panda titanium 2006 antivirus + antispyware\firewall\PNMSRV.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\ewido anti-malware\ewidoctrl.exe

C:\Program Files\ewido anti-malware\ewidoguard.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PavFnSvr.exe

C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe

C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\pavsrv51.exe

C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\AVENGINE.EXE

C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PsImSvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe

C:\Program Files\HPQ\SHARED\HPQWMI.exe

C:\Program Files\Real\RealPlayer\RealPlay.exe

C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe

C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe

C:\Program Files\Kazaa Lite Revolution\kazaalite.kpp

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe

C:\Program Files\Musicmatch\Musicmatch Jukebox\MMDiag.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\MSN Messenger\MsnMsgr.Exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\HJT\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...ilion&pf=laptop

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start

O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe

O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe

O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"

O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe

O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"

O4 - HKLM\..\Run: [KAZAA] "C:\Program Files\Kazaa Lite Revolution\kpp.exe" "C:\Program Files\Kazaa Lite Revolution\kazaalite.kpp" /SYSTRAY

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\APVXDWIN.EXE" /s

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML

O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html

O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html

O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html

O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html

O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=laptop

O15 - Trusted Zone: http://ak.imgfarm.com

O15 - Trusted Zone: http://gallery.myfuncards.com

O15 - Trusted Zone: http://www.rselby.net

O15 - Trusted Zone: http://help.smileycentral.com

O15 - Trusted Zone: http://smiley.smileycentral.com

O15 - Trusted Zone: http://www.smiley.smileycentral.com

O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab

O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} (Hewlett-Packard Online Support Services) - http://h50203.www5.hp.com/HPISWeb/Customer...DataManager.CAB

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab

O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1139440267890

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe

O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe

O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PavFnSvr.exe

O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe

O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\pavsrv51.exe

O23 - Service: Panda Network Manager (PNMSRV) - Panda Software - c:\program files\panda software\panda titanium 2006 antivirus + antispyware\firewall\PNMSRV.EXE

O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software Internacional - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PsImSvc.exe

O23 - Service: Panda TPSrv (TPSrv) - Panda Software - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\TPSrv.exe

Yep, just follow everything in post 14. Good luck! :thumbsup:

Matt

hijackthis_file__5.txt

Link to post
Share on other sites

hey i didi .. i ran both and follow post #14 . I post both logs. See anything ?

ok .. i used the webroot spysweeper as requested. I'm submitting logs from webroot scan and HJT. See attachment

please advise.

thanks

Yep, just follow everything in post 14. Good luck! :thumbsup:

Matt

Link to post
Share on other sites

okay .. what now ? I'm still getting this :

The page cannot be displayed

The page you are looking for is currently unavailable. The Web site might be experiencing technical difficulties, or you may need to adjust your browser settings.

and shutting down shellconhiddenwindow is always the last thing to shut down before powering off .

I've done all that you mentioned in post #14 ..

hey i didi .. i ran both and follow post #14 . I post both logs. See anything ?

ok .. i used the webroot spysweeper as requested. I'm submitting logs from webroot scan and HJT. See attachment

please advise.

thanks

Yep, just follow everything in post 14. Good luck! :thumbsup:

Matt

Link to post
Share on other sites
Guest
This topic is now closed to further replies.