illmatic rob Posted March 11, 2006 Report Share Posted March 11, 2006 brief description of IE problem : I get a lot of "page not display" problems. It says to click on "detect netowrk setting" but it does absolutely nothing. Here's one site i go to that gives me problems. After trying to download from it's page it cancel and in the address window it has "http://smiley.smileycentral.com/download/verisign_cancelled.jhtml". Why is verisign cancelling or block a page that is marked as "trusted" ?also, upon shutting down, the last thing to end is "shellconhiddenwindow". What is that ? I can't even locate with a search command. Please help.this is what i got when i ran hijackthis.exe : Logfile of HijackThis v1.99.1Scan saved at 3:20:57 PM, on 3/11/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\LightScribe\LSSrvc.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\wscntfy.exeC:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exeC:\Program Files\Java\jre1.5.0_02\bin\jusched.exeC:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exeC:\Program Files\Synaptics\SynTP\SynTPLpr.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\Hp\HP Software Update\HPWuSchd2.exeC:\Program Files\HPQ\Quick Launch Buttons\EabServr.exeC:\Program Files\Real\RealPlayer\RealPlay.exeC:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exeC:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exeC:\WINDOWS\system32\rundll32.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Kazaa Lite Revolution\kazaalite.kppC:\Program Files\QuickTime\qttask.exeC:\Program Files\VVSN\VVSN.exeC:\Program Files\webHancer\Programs\whAgent.exeC:\WINDOWS\wdskctl.exeC:\Program Files\Messenger\msmsgs.exeC:\Program Files\MSN Messenger\MsnMsgr.ExeC:\Program Files\HPQ\SHARED\HPQWMI.exeC:\Program Files\iPod\bin\iPodService.exeC:\PROGRA~1\SOFTWA~1\soproc.exeC:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exeC:\Program Files\Musicmatch\Musicmatch Jukebox\MMDiag.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Documents and Settings\Shawn Ryan\Local Settings\Temporary Internet Files\Content.IE5\QM75UKZF\HijackThis[1].exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBRR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...ilion&pf=laptopR1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.supremetoolbar.comO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dllO2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet7_22.dllO2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLLO2 - BHO: Supreme Toolbar - {4E7BD74F-2B8D-469E-D7F3-FA7EA480A97D} - C:\WINDOWS\DOWNLO~1\supreme.dllO2 - BHO: RXResultTracker Class - {59879FA4-4790-461c-A1CC-4EC4DE4CA483} - (no file)O2 - BHO: WhIeHelperObj Class - {c900b400-cdfe-11d3-976a-00e02913a9e0} - C:\Program Files\webHancer\programs\whiehlpr.dllO3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLLO3 - Toolbar: Supreme Toolbar - {4E7BD74F-2B8D-469E-D7F3-FA7EA480A97D} - C:\WINDOWS\DOWNLO~1\supreme.dllO4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exeO4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exeO4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exeO4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exeO4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exeO4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exeO4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /StartO4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exeO4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exeO4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYERO4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"O4 - HKLM\..\Run: [semanticInsight] C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exeO4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -sO4 - HKLM\..\Run: [winsync] C:\WINDOWS\system32\wyyirr.exe reg_runO4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exeO4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"O4 - HKLM\..\Run: [KAZAA] "C:\Program Files\Kazaa Lite Revolution\kpp.exe" "C:\Program Files\Kazaa Lite Revolution\kazaalite.kpp" /SYSTRAYO4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [VVSN] C:\Program Files\VVSN\VVSN.exeO4 - HKLM\..\Run: [webHancer Agent] "C:\Program Files\webHancer\Programs\whAgent.exe"O4 - HKLM\..\Run: [wdskctl] C:\WINDOWS\wdskctl.exeO4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - HKCU\..\Run: [sOProc_SoRefRegSoAlertWxLiteNnAj] rundll32 shell32.dll,ShellExec_RunDLL C:\PROGRA~1\SOFTWA~1\soproc.exe -pack SoRefRegSoAlertWxLiteNnAjO4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /backgroundO8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTMLO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dllO9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dllO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO10 - Hijacked Internet access by New.NetO10 - Hijacked Internet access by WebHancerO10 - Hijacked Internet access by WebHancerO10 - Hijacked Internet access by WebHancerO10 - Hijacked Internet access by WebHancerO10 - Hijacked Internet access by New.NetO10 - Hijacked Internet access by New.NetO10 - Hijacked Internet access by New.NetO10 - Hijacked Internet access by New.NetO10 - Hijacked Internet access by WebHancerO14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=laptopO15 - Trusted Zone: http://ak.imgfarm.comO15 - Trusted Zone: http://gallery.myfuncards.comO15 - Trusted Zone: http://www.rselby.netO15 - Trusted Zone: http://help.smileycentral.comO15 - Trusted Zone: http://smiley.smileycentral.comO15 - Trusted Zone: http://www.smiley.smileycentral.comO16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cabO16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} (Hewlett-Packard Online Support Services) - http://h50203.www5.hp.com/HPISWeb/Customer...DataManager.CABO16 - DPF: {15589FA1-C456-11CE-BF01-00AA0055595A} - http://ax.web-nexus.net/download/ax/279/installer.exeO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cabO16 - DPF: {205FF73B-CA67-11D5-99DD-444553540013} (CInstall Class) - http://adserver.sharewareonline.com/adserver/Install.cabO16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cabO16 - DPF: {4E7BD74F-2B8D-469E-DEFA-EB76B1D5FA7D} - http://ezgreets.aavalue.com/EZG/Toolbar/ezg-toolbar.cabO16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cabO16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1139440267890O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cabO16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} (MediaGatewayX) - http://static.zangocash.com/cab/Zango/ie/bridge-c356.cabO16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cabO18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file)O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exeO23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe Link to post Share on other sites
Matt Posted March 11, 2006 Report Share Posted March 11, 2006 Hi illmatic rob! Welcome to Besttechie! I will be assiting you in cleaning p your computer! Please print out these directions and all directions I give you for use if/when you cannot access this page.One thing I need you to do first is to place HiJackThis into a permanent folder. The reason for this is so that when HJT makes backups, they will be stored in a safe place. *Go to Start > My Computer > and double click on C:.* Now right click an open area and click New > folder and change the folder name to HJT.* Extract HijackThis from the zipped file into this new folder.First, Download LSPFix.exe to a convenient location. Do NOT run this program. This is only to be used if you lose Internet Access after removing NewDotNet.To Get rid of NewDotNet, go to:Start > Control Panel > Add or Remove Programs and remove the following:New.Net Applications or New.Net Domains (anything that says New.Net)If it is not there, go here and follow Procedure 4: NewDotNet Removal Procedure 4.In the event that you lose Internet access after removing New.Net, please double-click LSPFix.exe that you downloaded earlier. You will see 2 panels. If there is any file listed in the "Remove" panel on the right-side, leave it as is and just click "Finish>>" then reboot your computer and you should now have access to the Internet. If nothing is listed under the "Remove Panel", do NOT do anything - just close the program. You will need to use another computer to come back here for further instructions on what to do.Once New.Net has been removed, post a new HJT log, and we will continue with the fix! Matt Link to post Share on other sites
illmatic rob Posted March 12, 2006 Author Report Share Posted March 12, 2006 Thanks Matt,I followed your steps and download the "LSPFix.exe" in to a folder. I found a new.net domain and removed it and then rebooted. I'm still having trouble with some pages that are blank, page not able to display and some don't finish loading. I'm pretty sure that when I shut down to reboot the "shellconhiddenwindow" was gone but IE is still a problem not loading some website pages.here is my latest hijackthis log : Logfile of HijackThis v1.99.1Scan saved at 11:25:44 PM, on 3/11/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\LightScribe\LSSrvc.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\wscntfy.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exeC:\Program Files\Java\jre1.5.0_02\bin\jusched.exeC:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exeC:\Program Files\Synaptics\SynTP\SynTPLpr.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\Hp\HP Software Update\HPWuSchd2.exeC:\Program Files\HPQ\Quick Launch Buttons\EabServr.exeC:\Program Files\Real\RealPlayer\RealPlay.exeC:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exeC:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\HPQ\SHARED\HPQWMI.exeC:\Program Files\QuickTime\qttask.exeC:\Program Files\Kazaa Lite Revolution\kazaalite.kppC:\Program Files\VVSN\VVSN.exeC:\Program Files\webHancer\Programs\whAgent.exeC:\WINDOWS\wdskctl.exeC:\PROGRA~1\MUSICM~1\MUSICM~2\MMDiag.exeC:\Program Files\Messenger\msmsgs.exeC:\Program Files\iPod\bin\iPodService.exeC:\Program Files\MSN Messenger\MsnMsgr.ExeC:\PROGRA~1\SOFTWA~1\soproc.exeC:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exeC:\HJT\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBRR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...ilion&pf=laptopR1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.supremetoolbar.comO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dllO2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLLO2 - BHO: Supreme Toolbar - {4E7BD74F-2B8D-469E-D7F3-FA7EA480A97D} - C:\WINDOWS\DOWNLO~1\supreme.dllO2 - BHO: RXResultTracker Class - {59879FA4-4790-461c-A1CC-4EC4DE4CA483} - (no file)O2 - BHO: WhIeHelperObj Class - {c900b400-cdfe-11d3-976a-00e02913a9e0} - C:\Program Files\webHancer\programs\whiehlpr.dllO3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLLO3 - Toolbar: Supreme Toolbar - {4E7BD74F-2B8D-469E-D7F3-FA7EA480A97D} - C:\WINDOWS\DOWNLO~1\supreme.dllO4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exeO4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exeO4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exeO4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exeO4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exeO4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exeO4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /StartO4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exeO4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exeO4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYERO4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"O4 - HKLM\..\Run: [semanticInsight] C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exeO4 - HKLM\..\Run: [winsync] C:\WINDOWS\system32\wyyirr.exe reg_runO4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exeO4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"O4 - HKLM\..\Run: [KAZAA] "C:\Program Files\Kazaa Lite Revolution\kpp.exe" "C:\Program Files\Kazaa Lite Revolution\kazaalite.kpp" /SYSTRAYO4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [VVSN] C:\Program Files\VVSN\VVSN.exeO4 - HKLM\..\Run: [webHancer Agent] "C:\Program Files\webHancer\Programs\whAgent.exe"O4 - HKLM\..\Run: [wdskctl] C:\WINDOWS\wdskctl.exeO4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - HKCU\..\Run: [sOProc_SoRefRegSoAlertWxLiteNnAj] rundll32 shell32.dll,ShellExec_RunDLL C:\PROGRA~1\SOFTWA~1\soproc.exe -pack SoRefRegSoAlertWxLiteNnAjO4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /backgroundO8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTMLO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dllO9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dllO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO10 - Hijacked Internet access by WebHancerO10 - Hijacked Internet access by WebHancerO10 - Hijacked Internet access by WebHancerO14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=laptopO15 - Trusted Zone: http://ak.imgfarm.comO15 - Trusted Zone: http://gallery.myfuncards.comO15 - Trusted Zone: http://www.rselby.netO15 - Trusted Zone: http://help.smileycentral.comO15 - Trusted Zone: http://smiley.smileycentral.comO15 - Trusted Zone: http://www.smiley.smileycentral.comO16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cabO16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} (Hewlett-Packard Online Support Services) - http://h50203.www5.hp.com/HPISWeb/Customer...DataManager.CABO16 - DPF: {15589FA1-C456-11CE-BF01-00AA0055595A} - http://ax.web-nexus.net/download/ax/279/installer.exeO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cabO16 - DPF: {205FF73B-CA67-11D5-99DD-444553540013} (CInstall Class) - http://adserver.sharewareonline.com/adserver/Install.cabO16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cabO16 - DPF: {4E7BD74F-2B8D-469E-DEFA-EB76B1D5FA7D} - http://ezgreets.aavalue.com/EZG/Toolbar/ezg-toolbar.cabO16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cabO16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1139440267890O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cabO16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} (MediaGatewayX) - http://static.zangocash.com/cab/Zango/ie/bridge-c356.cabO16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cabO18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file)O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exeO23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe__________________________________________________________________________________________________________________________________________________________________________________Hi illmatic rob! Welcome to Besttechie! I will be assiting you in cleaning p your computer! Please print out these directions and all directions I give you for use if/when you cannot access this page.One thing I need you to do first is to place HiJackThis into a permanent folder. The reason for this is so that when HJT makes backups, they will be stored in a safe place. *Go to Start > My Computer > and double click on C:.* Now right click an open area and click New > folder and change the folder name to HJT.* Extract HijackThis from the zipped file into this new folder.First, Download LSPFix.exe to a convenient location. Do NOT run this program. This is only to be used if you lose Internet Access after removing NewDotNet.To Get rid of NewDotNet, go to:Start > Control Panel > Add or Remove Programs and remove the following:New.Net Applications or New.Net Domains (anything that says New.Net)If it is not there, go here and follow Procedure 4: NewDotNet Removal Procedure 4.In the event that you lose Internet access after removing New.Net, please double-click LSPFix.exe that you downloaded earlier. You will see 2 panels. If there is any file listed in the "Remove" panel on the right-side, leave it as is and just click "Finish>>" then reboot your computer and you should now have access to the Internet. If nothing is listed under the "Remove Panel", do NOT do anything - just close the program. You will need to use another computer to come back here for further instructions on what to do.Once New.Net has been removed, post a new HJT log, and we will continue with the fix! Matt Link to post Share on other sites
Matt Posted March 12, 2006 Report Share Posted March 12, 2006 Welcome back! You've got quite a mess there, but we got rid of the most dangerous part first. To deal with the amount of infections you have, and how serious they are, we're going to run a scan.Please print out these directionis for use in Safe ModePlease download ewido anti-malware it is a free version of the program.Install ewido anti-malwareWhen installing, under "Additional Options" uncheck..Install background guardInstall scan via context menu[*]Launch ewido, there should be an icon on your desktop, double-click it.[*]The program will now open to the main screen.[*]When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.[*]You will need to update ewido to the latest definition files.On the left hand side of the main screen click update.Then click on Start Update.[*]The update will start and a progress bar will show the updates being installed.(the status bar at the bottom will display ("Update successful")If you are having problems with the updater, you can use this link to manually update ewido.ewido manual updatesOnce the updates are installed do the following:Click on scannerClick on Complete System Scan and the scan will begin.You will be prompted to clean the first infection.Select "Perform action on all infections", then proceed.Once the scan has completed, there will be a button located on the bottom of the screen named Save reportClick Save report.Save the report .txt file to your desktop or a location where you can find it easily.Close ewido anti-malware.Post back with the Ewido Report and a new HJT log. Link to post Share on other sites
illmatic rob Posted March 12, 2006 Author Report Share Posted March 12, 2006 ok .. I ran the Ewido anit-malware program as suggested. Here is the report :--------------------------------------------------------- ewido anti-malware - Scan report--------------------------------------------------------- + Created on: 11:03:17 AM, 3/12/2006 + Report-Checksum: 6ED95B0F + Scan result: HKLM\SOFTWARE\Classes\ADM25.ADM25 -> Adware.Altnet : Cleaned with backup HKLM\SOFTWARE\Classes\ADM25.ADM25\CurVer -> Adware.Altnet : Cleaned with backup HKLM\SOFTWARE\Classes\ADM25.ADM25.1 -> Adware.Altnet : Cleaned with backup HKLM\SOFTWARE\Classes\ADM4.ADM4 -> Adware.Altnet : Cleaned with backup HKLM\SOFTWARE\Classes\ADM4.ADM4\CurVer -> Adware.Altnet : Cleaned with backup HKLM\SOFTWARE\Classes\ADM4.ADM4.1 -> Adware.Altnet : Cleaned with backup HKLM\SOFTWARE\Classes\AppID\adm.EXE -> Adware.Altnet : Cleaned with backup HKLM\SOFTWARE\Classes\AppID\Altnet Signing Module.EXE -> Adware.Altnet : Cleaned with backup HKLM\SOFTWARE\Classes\ClientAX.ClientInstaller -> Adware.180Solutions : Error during cleaning HKLM\SOFTWARE\Classes\ClientAX.ClientInstaller.1 -> Adware.180Solutions : Error during cleaning HKLM\SOFTWARE\Classes\ClientAX.RequiredComponent -> Adware.Zango : Error during cleaning HKLM\SOFTWARE\Classes\ClientAX.RequiredComponent.1 -> Adware.Zango : Error during cleaning HKLM\SOFTWARE\Classes\CLSID\{59879FA4-4790-461c-A1CC-4EC4DE4CA483} -> Adware.RXToolbar : Cleaned with backup HKLM\SOFTWARE\Classes\TopSearch.TSLink -> Adware.Altnet : Cleaned with backup HKLM\SOFTWARE\Classes\TopSearch.TSLink\CLSID -> Adware.Altnet : Cleaned with backup HKLM\SOFTWARE\Classes\TopSearch.TSLink\CurVer -> Adware.Altnet : Cleaned with backup HKLM\SOFTWARE\Classes\TopSearch.TSLink.1 -> Adware.Altnet : Cleaned with backup HKLM\SOFTWARE\Classes\WhIeHelperObj.WhIeHelperObj -> Adware.WebHancer : Cleaned with backup HKLM\SOFTWARE\Classes\WhIeHelperObj.WhIeHelperObj\CurVer -> Adware.WebHancer : Cleaned with backup HKLM\SOFTWARE\Classes\WhIeHelperObj.WhIeHelperObj.1 -> Adware.WebHancer : Cleaned with backup HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59879FA4-4790-461c-A1CC-4EC4DE4CA483} -> Adware.RXToolbar : Cleaned with backup HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\webHancer Agent -> Adware.WebHancer : Cleaned with backup HKLM\SOFTWARE\webHancer -> Adware.WebHancer : Cleaned with backup HKLM\SOFTWARE\webHancer\CC -> Adware.WebHancer : Cleaned with backup HKLM\SOFTWARE\webHancer\ESO -> Adware.WebHancer : Cleaned with backup HKU\S-1-5-21-3124652315-718845266-150805356-1006\Software\dsktb -> Adware.IEPlugin : Cleaned with backup HKU\S-1-5-21-3124652315-718845266-150805356-1006\Software\dsktb\DesktopToolbar -> Adware.IEPlugin : Cleaned with backup HKU\S-1-5-21-3124652315-718845266-150805356-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2FE29DE6-B70C-498B-80BF-CFEB9540F747} -> Adware.EZ-Greets : Cleaned with backup HKU\S-1-5-21-3124652315-718845266-150805356-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{56F1D444-11BF-4879-A12B-79CF0177F038} -> Adware.180Solutions : Cleaned with backup HKU\S-1-5-21-3124652315-718845266-150805356-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{59879FA4-4790-461C-A1CC-4EC4DE4CA483} -> Adware.RXToolbar : Cleaned with backup HKU\S-1-5-21-3124652315-718845266-150805356-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{78B99003-748F-4167-A5AD-634E4278AF6D} -> Adware.EZ-Greets : Cleaned with backup HKU\S-1-5-21-3124652315-718845266-150805356-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EA0D26BD-9029-431A-86E0-83152D67828A} -> Adware.180Solutions : Cleaned with backup C:\Documents and Settings\Evie\Cookies\evie@2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup C:\Documents and Settings\Evie\Cookies\[email protected][2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup C:\Documents and Settings\Evie\Cookies\evie@adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned with backup C:\Documents and Settings\Evie\Cookies\[email protected][1].txt -> TrackingCookie.Specificclick : Cleaned with backup C:\Documents and Settings\Evie\Cookies\evie@adrevolver[1].txt -> TrackingCookie.Adrevolver : Cleaned with backup C:\Documents and Settings\Evie\Cookies\[email protected][2].txt -> TrackingCookie.Pointroll : Cleaned with backup C:\Documents and Settings\Evie\Cookies\evie@advertising[2].txt -> TrackingCookie.Advertising : Cleaned with backup C:\Documents and Settings\Evie\Cookies\[email protected][1].txt -> TrackingCookie.Falkag : Cleaned with backup C:\Documents and Settings\Evie\Cookies\evie@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup C:\Documents and Settings\Evie\Cookies\evie@bestoffersnetworks[2].txt -> TrackingCookie.Bestoffersnetworks : Cleaned with backup C:\Documents and Settings\Evie\Cookies\evie@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned with backup C:\Documents and Settings\Evie\Cookies\evie@cliks[2].txt -> TrackingCookie.Cliks : Cleaned with backup C:\Documents and Settings\Evie\Cookies\evie@com[2].txt -> TrackingCookie.Com : Cleaned with backup C:\Documents and Settings\Evie\Cookies\evie@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup C:\Documents and Settings\Evie\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : Cleaned with backup C:\Documents and Settings\Evie\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : Cleaned with backup C:\Documents and Settings\Evie\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : Cleaned with backup C:\Documents and Settings\Evie\Cookies\evie@fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned with backup C:\Documents and Settings\Evie\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup C:\Documents and Settings\Evie\Cookies\evie@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup C:\Documents and Settings\Evie\Cookies\[email protected][2].txt -> TrackingCookie.Tracking101 : Cleaned with backup C:\Documents and Settings\Evie\Cookies\evie@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned with backup C:\Documents and Settings\Evie\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup C:\Documents and Settings\Evie\Cookies\evie@need2find[1].txt -> TrackingCookie.Need2find : Cleaned with backup C:\Documents and Settings\Evie\Cookies\evie@overture[2].txt -> TrackingCookie.Overture : Cleaned with backup C:\Documents and Settings\Evie\Cookies\evie@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned with backup C:\Documents and Settings\Evie\Cookies\[email protected][1].txt -> TrackingCookie.Falkag : Cleaned with backup C:\Documents and Settings\Evie\Cookies\evie@starware[2].txt -> TrackingCookie.Starware : Cleaned with backup C:\Documents and Settings\Evie\Cookies\[email protected][1].txt -> TrackingCookie.Webtrendslive : Cleaned with backup C:\Documents and Settings\Evie\Cookies\evie@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Cleaned with backup C:\Documents and Settings\Evie\Cookies\evie@trafficmp[1].txt -> TrackingCookie.Trafficmp : Cleaned with backup C:\Documents and Settings\Evie\Cookies\evie@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned with backup C:\Documents and Settings\Evie\Cookies\evie@valueclick[1].txt -> TrackingCookie.Valueclick : Cleaned with backup C:\Documents and Settings\Evie\Cookies\[email protected][2].txt -> TrackingCookie.Burstbeacon : Cleaned with backup C:\Documents and Settings\Evie\Cookies\[email protected][1].txt -> TrackingCookie.Adserver : Cleaned with backup C:\Documents and Settings\Evie\Cookies\evie@zedo[2].txt -> TrackingCookie.Zedo : Cleaned with backup C:\Documents and Settings\Evie\Local Settings\Temp\Del11A.tmp -> Adware.180Solutions : Cleaned with backup C:\Documents and Settings\Isaac\Cookies\isaac@2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup C:\Documents and Settings\Isaac\Cookies\isaac@7search[2].txt -> TrackingCookie.7search : Cleaned with backup C:\Documents and Settings\Isaac\Cookies\[email protected][2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup C:\Documents and Settings\Isaac\Cookies\[email protected][2].txt -> TrackingCookie.Euroclick : Cleaned with backup C:\Documents and Settings\Isaac\Cookies\[email protected][2].txt -> TrackingCookie.Specificclick : Cleaned with backup C:\Documents and Settings\Isaac\Cookies\isaac@adrevolver[3].txt -> TrackingCookie.Adrevolver : Cleaned with backup C:\Documents and Settings\Isaac\Cookies\[email protected][2].txt -> TrackingCookie.Pointroll : Cleaned with backup C:\Documents and Settings\Isaac\Cookies\isaac@advertising[2].txt -> TrackingCookie.Advertising : Cleaned with backup C:\Documents and Settings\Isaac\Cookies\[email protected][2].txt -> TrackingCookie.Falkag : Cleaned with backup C:\Documents and Settings\Isaac\Cookies\[email protected][2].txt -> TrackingCookie.Falkag : Cleaned with backup C:\Documents and Settings\Isaac\Cookies\isaac@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup C:\Documents and Settings\Isaac\Cookies\isaac@bestoffersnetworks[1].txt -> TrackingCookie.Bestoffersnetworks : Cleaned with backup C:\Documents and Settings\Isaac\Cookies\isaac@bluestreak[2].txt -> TrackingCookie.Bluestreak : Cleaned with backup C:\Documents and Settings\Isaac\Cookies\isaac@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned with backup C:\Documents and Settings\Isaac\Cookies\isaac@cliks[1].txt -> TrackingCookie.Cliks : Cleaned with backup C:\Documents and Settings\Isaac\Cookies\isaac@com[2].txt -> TrackingCookie.Com : Cleaned with backup C:\Documents and Settings\Isaac\Cookies\[email protected][1].txt -> TrackingCookie.Sextracker : Cleaned with backup C:\Documents and Settings\Isaac\Cookies\isaac@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Cleaned with backup C:\Documents and Settings\Isaac\Cookies\isaac@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup C:\Documents and Settings\Isaac\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\Isaac\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\Isaac\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\Isaac\Cookies\[email protected][2].txt -> TrackingCookie.Ru4 : Cleaned with backup C:\Documents and Settings\Isaac\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : Cleaned with backup C:\Documents and Settings\Isaac\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : Cleaned with backup C:\Documents and Settings\Isaac\Cookies\[email protected][2].txt -> TrackingCookie.Aavalue : Cleaned with backup C:\Documents and Settings\Isaac\Cookies\[email protected][2].txt -> TrackingCookie.Aavalue : Cleaned with backup C:\Documents and Settings\Isaac\Cookies\isaac@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned with backup C:\Documents and Settings\Isaac\Cookies\[email protected][1].txt -> TrackingCookie.Starware : Cleaned with backup C:\Documents and Settings\Isaac\Cookies\[email protected][2].txt -> TrackingCookie.Tracking101 : Cleaned with backup C:\Documents and Settings\Isaac\Cookies\isaac@need2find[1].txt -> TrackingCookie.Need2find : Cleaned with backup C:\Documents and Settings\Isaac\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup C:\Documents and Settings\Isaac\Cookies\[email protected][1].txt -> TrackingCookie.Overture : Cleaned with backup C:\Documents and Settings\Isaac\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : Cleaned with backup C:\Documents and Settings\Isaac\Cookies\[email protected][2].txt -> TrackingCookie.Liveperson : Cleaned with backup C:\Documents and Settings\Isaac\Cookies\isaac@sextracker[2].txt -> TrackingCookie.Sextracker : Cleaned with backup C:\Documents and Settings\Isaac\Cookies\isaac@starware[2].txt -> TrackingCookie.Starware : Cleaned with backup C:\Documents and Settings\Isaac\Cookies\isaac@statcounter[1].txt -> TrackingCookie.Statcounter : Cleaned with backup C:\Documents and Settings\Isaac\Cookies\[email protected][2].txt -> TrackingCookie.Webtrendslive : Cleaned with backup C:\Documents and Settings\Isaac\Cookies\isaac@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup C:\Documents and Settings\Isaac\Cookies\isaac@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Cleaned with backup C:\Documents and Settings\Isaac\Cookies\isaac@trafficmp[2].txt -> TrackingCookie.Trafficmp : Cleaned with backup C:\Documents and Settings\Isaac\Cookies\[email protected][1].txt -> TrackingCookie.Starware : Cleaned with backup C:\Documents and Settings\Isaac\Cookies\isaac@yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup C:\Documents and Settings\Isaac\Cookies\[email protected][1].txt -> TrackingCookie.Adserver : Cleaned with backup :mozilla.9:C:\Documents and Settings\Nina\Application Data\Netscape\NSB\Profiles\73pgmxm1.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.10:C:\Documents and Settings\Nina\Application Data\Netscape\NSB\Profiles\73pgmxm1.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.11:C:\Documents and Settings\Nina\Application Data\Netscape\NSB\Profiles\73pgmxm1.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup C:\Documents and Settings\Nina\Cookies\nina@2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup C:\Documents and Settings\Nina\Cookies\[email protected][2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup C:\Documents and Settings\Nina\Cookies\nina@adrevolver[3].txt -> TrackingCookie.Adrevolver : Cleaned with backup C:\Documents and Settings\Nina\Cookies\[email protected][2].txt -> TrackingCookie.Addynamix : Cleaned with backup C:\Documents and Settings\Nina\Cookies\nina@advertising[2].txt -> TrackingCookie.Advertising : Cleaned with backup C:\Documents and Settings\Nina\Cookies\[email protected][1].txt -> TrackingCookie.Falkag : Cleaned with backup C:\Documents and Settings\Nina\Cookies\nina@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup C:\Documents and Settings\Nina\Cookies\[email protected][1].txt -> TrackingCookie.Zedo : Cleaned with backup C:\Documents and Settings\Nina\Cookies\nina@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned with backup C:\Documents and Settings\Nina\Cookies\nina@com[2].txt -> TrackingCookie.Com : Cleaned with backup C:\Documents and Settings\Nina\Cookies\nina@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup C:\Documents and Settings\Nina\Cookies\[email protected][1].txt -> TrackingCookie.Hitbox : Cleaned with backup C:\Documents and Settings\Nina\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : Cleaned with backup C:\Documents and Settings\Nina\Cookies\[email protected][1].txt -> TrackingCookie.Aavalue : Cleaned with backup C:\Documents and Settings\Nina\Cookies\[email protected][2].txt -> TrackingCookie.Aavalue : Cleaned with backup C:\Documents and Settings\Nina\Cookies\nina@fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned with backup C:\Documents and Settings\Nina\Cookies\nina@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup C:\Documents and Settings\Nina\Cookies\[email protected][2].txt -> TrackingCookie.Tracking101 : Cleaned with backup C:\Documents and Settings\Nina\Cookies\nina@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned with backup C:\Documents and Settings\Nina\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup C:\Documents and Settings\Nina\Cookies\nina@overture[1].txt -> TrackingCookie.Overture : Cleaned with backup C:\Documents and Settings\Nina\Cookies\nina@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned with backup C:\Documents and Settings\Nina\Cookies\[email protected][1].txt -> TrackingCookie.Falkag : Cleaned with backup C:\Documents and Settings\Nina\Cookies\nina@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup C:\Documents and Settings\Nina\Cookies\nina@targetnet[2].txt -> TrackingCookie.Targetnet : Cleaned with backup C:\Documents and Settings\Nina\Cookies\nina@trafficmp[1].txt -> TrackingCookie.Trafficmp : Cleaned with backup C:\Documents and Settings\Nina\Cookies\nina@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned with backup C:\Documents and Settings\Nina\Cookies\nina@yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup C:\Documents and Settings\Nina\Cookies\[email protected][1].txt -> TrackingCookie.Adserver : Cleaned with backup C:\Documents and Settings\Nina\Cookies\nina@zedo[2].txt -> TrackingCookie.Zedo : Cleaned with backup :mozilla.19:C:\Documents and Settings\Shawn Ryan\Application Data\Netscape\NSB\Profiles\gk49q6j6\cookies.txt -> TrackingCookie.Overture : Cleaned with backup :mozilla.20:C:\Documents and Settings\Shawn Ryan\Application Data\Netscape\NSB\Profiles\gk49q6j6\cookies.txt -> TrackingCookie.Overture : Cleaned with backup :mozilla.30:C:\Documents and Settings\Shawn Ryan\Application Data\Netscape\NSB\Profiles\gk49q6j6\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.31:C:\Documents and Settings\Shawn Ryan\Application Data\Netscape\NSB\Profiles\gk49q6j6\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.32:C:\Documents and Settings\Shawn Ryan\Application Data\Netscape\NSB\Profiles\gk49q6j6\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.33:C:\Documents and Settings\Shawn Ryan\Application Data\Netscape\NSB\Profiles\gk49q6j6\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.36:C:\Documents and Settings\Shawn Ryan\Application Data\Netscape\NSB\Profiles\gk49q6j6\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup C:\Documents and Settings\Shawn Ryan\Application Data\Netscape\NSB\Profiles\mgu26d6s.default\Cache\C8D542DDd01 -> Adware.180Solutions : Cleaned with backup :mozilla.9:C:\Documents and Settings\Shawn Ryan\Application Data\Netscape\NSB\Profiles\mgu26d6s.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.10:C:\Documents and Settings\Shawn Ryan\Application Data\Netscape\NSB\Profiles\mgu26d6s.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.11:C:\Documents and Settings\Shawn Ryan\Application Data\Netscape\NSB\Profiles\mgu26d6s.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.12:C:\Documents and Settings\Shawn Ryan\Application Data\Netscape\NSB\Profiles\mgu26d6s.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.13:C:\Documents and Settings\Shawn Ryan\Application Data\Netscape\NSB\Profiles\mgu26d6s.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.14:C:\Documents and Settings\Shawn Ryan\Application Data\Netscape\NSB\Profiles\mgu26d6s.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.15:C:\Documents and Settings\Shawn Ryan\Application Data\Netscape\NSB\Profiles\mgu26d6s.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.17:C:\Documents and Settings\Shawn Ryan\Application Data\Netscape\NSB\Profiles\mgu26d6s.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup :mozilla.65:C:\Documents and Settings\Shawn Ryan\Application Data\Netscape\NSB\Profiles\mgu26d6s.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup :mozilla.69:C:\Documents and Settings\Shawn Ryan\Application Data\Netscape\NSB\Profiles\mgu26d6s.default\cookies.txt -> TrackingCookie.Weborama : Cleaned with backup :mozilla.70:C:\Documents and Settings\Shawn Ryan\Application Data\Netscape\NSB\Profiles\mgu26d6s.default\cookies.txt -> TrackingCookie.Weborama : Cleaned with backup :mozilla.85:C:\Documents and Settings\Shawn Ryan\Application Data\Netscape\NSB\Profiles\mgu26d6s.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup :mozilla.105:C:\Documents and Settings\Shawn Ryan\Application Data\Netscape\NSB\Profiles\mgu26d6s.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup :mozilla.111:C:\Documents and Settings\Shawn Ryan\Application Data\Netscape\NSB\Profiles\mgu26d6s.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.112:C:\Documents and Settings\Shawn Ryan\Application Data\Netscape\NSB\Profiles\mgu26d6s.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup :mozilla.113:C:\Documents and Settings\Shawn Ryan\Application Data\Netscape\NSB\Profiles\mgu26d6s.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup :mozilla.114:C:\Documents and Settings\Shawn Ryan\Application Data\Netscape\NSB\Profiles\mgu26d6s.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup :mozilla.119:C:\Documents and Settings\Shawn Ryan\Application Data\Netscape\NSB\Profiles\mgu26d6s.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup :mozilla.122:C:\Documents and Settings\Shawn Ryan\Application Data\Netscape\NSB\Profiles\mgu26d6s.default\cookies.txt -> TrackingCookie.Clickhype : Cleaned with backup :mozilla.128:C:\Documents and Settings\Shawn Ryan\Application Data\Netscape\NSB\Profiles\mgu26d6s.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup :mozilla.130:C:\Documents and Settings\Shawn Ryan\Application Data\Netscape\NSB\Profiles\mgu26d6s.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup :mozilla.135:C:\Documents and Settings\Shawn Ryan\Application Data\Netscape\NSB\Profiles\mgu26d6s.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup :mozilla.138:C:\Documents and Settings\Shawn Ryan\Application Data\Netscape\NSB\Profiles\mgu26d6s.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup :mozilla.139:C:\Documents and Settings\Shawn Ryan\Application Data\Netscape\NSB\Profiles\mgu26d6s.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup :mozilla.140:C:\Documents and Settings\Shawn Ryan\Application Data\Netscape\NSB\Profiles\mgu26d6s.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup :mozilla.141:C:\Documents and Settings\Shawn Ryan\Application Data\Netscape\NSB\Profiles\mgu26d6s.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup C:\Documents and Settings\Shawn Ryan\Cookies\shawn ryan@2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup C:\Documents and Settings\Shawn Ryan\Cookies\shawn [email protected][1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup C:\Documents and Settings\Shawn Ryan\Cookies\shawn [email protected][1].txt -> TrackingCookie.Clickhype : Cleaned with backup C:\Documents and Settings\Shawn Ryan\Cookies\shawn [email protected][1].txt -> TrackingCookie.Realcastmedia : Cleaned with backup C:\Documents and Settings\Shawn Ryan\Cookies\shawn ryan@bestoffersnetworks[2].txt -> TrackingCookie.Bestoffersnetworks : Cleaned with backup C:\Documents and Settings\Shawn Ryan\Cookies\shawn ryan@clickbank[1].txt -> TrackingCookie.Clickbank : Cleaned with backup C:\Documents and Settings\Shawn Ryan\Cookies\shawn ryan@cliks[2].txt -> TrackingCookie.Cliks : Cleaned with backup C:\Documents and Settings\Shawn Ryan\Cookies\shawn ryan@com[1].txt -> TrackingCookie.Com : Cleaned with backup C:\Documents and Settings\Shawn Ryan\Cookies\shawn ryan@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Cleaned with backup C:\Documents and Settings\Shawn Ryan\Cookies\shawn ryan@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup C:\Documents and Settings\Shawn Ryan\Cookies\shawn [email protected][1].txt -> TrackingCookie.Hitbox : Cleaned with backup C:\Documents and Settings\Shawn Ryan\Cookies\shawn [email protected][2].txt -> TrackingCookie.Aavalue : Cleaned with backup C:\Documents and Settings\Shawn Ryan\Cookies\shawn [email protected][1].txt -> TrackingCookie.Aavalue : Cleaned with backup C:\Documents and Settings\Shawn Ryan\Cookies\shawn [email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup C:\Documents and Settings\Shawn Ryan\Cookies\shawn ryan@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup C:\Documents and Settings\Shawn Ryan\Cookies\shawn [email protected][1].txt -> TrackingCookie.Directnetadvertising : Cleaned with backup C:\Documents and Settings\Shawn Ryan\Cookies\shawn ryan@yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup C:\Documents and Settings\Shawn Ryan\Desktop\ZangoMessenger.exe -> Adware.180Solutions : Cleaned with backup C:\Documents and Settings\Shawn Ryan\Local Settings\Temp\asmfiles.cab/asm.exe -> Adware.Altnet : Cleaned with backup C:\Documents and Settings\Shawn Ryan\Local Settings\Temp\asmfiles.cab/asmps.dll -> Adware.Altnet : Cleaned with backup C:\Documents and Settings\Shawn Ryan\Local Settings\Temp\Cookies\shawn [email protected][2].txt -> TrackingCookie.Aavalue : Cleaned with backup C:\Documents and Settings\Shawn Ryan\Local Settings\Temp\Cookies\shawn [email protected][2].txt -> TrackingCookie.Aavalue : Cleaned with backup C:\Documents and Settings\Shawn Ryan\Local Settings\Temp\f2408203.exe -> Downloader.Qoologic.at : Cleaned with backup C:\Documents and Settings\Shawn Ryan\Local Settings\Temp\ICD2.tmp\ezg-package.exe -> Adware.Sidesearch : Cleaned with backup C:\Documents and Settings\Shawn Ryan\Local Settings\Temp\MGW_SH.exe -> Adware.WinAD : Cleaned with backup C:\Documents and Settings\Shawn Ryan\Local Settings\Temp\SHNT288.exe -> Adware.NewDotNet : Cleaned with backup C:\Documents and Settings\Shawn Ryan\Local Settings\Temp\tm26042.exe -> Downloader.Qoologic.ax : Cleaned with backup C:\Documents and Settings\Shawn Ryan\Local Settings\Temp\tm3662.exe -> Downloader.Qoologic.ax : Cleaned with backup C:\Documents and Settings\Shawn Ryan\Local Settings\Temp\wh.exe/whAgent.exe -> Adware.WebHancer : Cleaned with backup C:\Documents and Settings\Shawn Ryan\Local Settings\Temp\__unin__.exe -> Adware.Altnet : Cleaned with backup C:\Documents and Settings\Shawn Ryan\Local Settings\Temporary Internet Files\Content.IE5\G1URWDUR\rcverlib[1].exe -> Downloader.Qoologic.ax : Cleaned with backup C:\Documents and Settings\Shawn Ryan\My Documents\My Music\Divx Bundle +XViD.exe -> Worm.SdDrop.e : Cleaned with backup C:\Documents and Settings\Shawn Ryan\My Documents\My Music\DivX edit (new).exe -> Worm.SdDrop.d : Cleaned with backup C:\Documents and Settings\Shawn Ryan\My Documents\My Pictures\myemoticons\Display Images\myemoticons\temperkid.zip/winkjap1123.exe -> Downloader.VB.oc : Cleaned with backup C:\Program Files\filesubmit\dmpotc201.zip\NNWDAC638.EXE -> Adware.NewDotNet : Cleaned with backup C:\Program Files\INSTAFINK -> Adware.404Search : Cleaned with backup C:\Program Files\INSTAFINK\instafink.dll -> Adware.404Search : Cleaned with backup C:\Program Files\MyEmoticons\VVSNI_S3_MYEM_Inst.exe -> Adware.SaveNow : Cleaned with backup C:\Program Files\RXToolBar -> Adware.RXToolbar : Cleaned with backup C:\Program Files\RXToolBar\Semantic Insight -> Adware.RXToolbar : Cleaned with backup C:\Program Files\RXToolBar\Semantic Insight\bKPack01.01.dat -> Adware.RXToolbar : Error during cleaning C:\Program Files\RXToolBar\Semantic Insight\bKPack01.01.dattmp -> Adware.RXToolbar : Error during cleaning C:\Program Files\RXToolBar\Semantic Insight\bKPack01.01.sig -> Adware.RXToolbar : Error during cleaning C:\Program Files\RXToolBar\Semantic Insight\bKPack01.01.sigtmp -> Adware.RXToolbar : Error during cleaning C:\Program Files\RXToolBar\Semantic Insight\bKPack01.dat -> Adware.RXToolbar : Error during cleaning C:\Program Files\RXToolBar\Semantic Insight\bKPack01.dattmp -> Adware.RXToolbar : Error during cleaning C:\Program Files\RXToolBar\Semantic Insight\bKPack01.sig -> Adware.RXToolbar : Error during cleaning C:\Program Files\RXToolBar\Semantic Insight\bKPack01.sigtmp -> Adware.RXToolbar : Error during cleaning C:\Program Files\RXToolBar\Semantic Insight\bLabels01.dat -> Adware.RXToolbar : Error during cleaning C:\Program Files\RXToolBar\Semantic Insight\bLabels01.dattmp -> Adware.RXToolbar : Error during cleaning C:\Program Files\RXToolBar\Semantic Insight\bLabels01.sig -> Adware.RXToolbar : Error during cleaning C:\Program Files\RXToolBar\Semantic Insight\bLabels01.sigtmp -> Adware.RXToolbar : Error during cleaning C:\Program Files\RXToolBar\Semantic Insight\CustomerSecret.Key -> Adware.RXToolbar : Error during cleaning C:\Program Files\RXToolBar\Semantic Insight\CustomerSecret.Keytmp -> Adware.RXToolbar : Error during cleaning C:\Program Files\RXToolBar\Semantic Insight\CustomerSecret.sig -> Adware.RXToolbar : Error during cleaning C:\Program Files\RXToolBar\Semantic Insight\CustomerSecret.sigtmp -> Adware.RXToolbar : Error during cleaning C:\Program Files\RXToolBar\Semantic Insight\nLabels01.dat -> Adware.RXToolbar : Error during cleaning C:\Program Files\RXToolBar\Semantic Insight\nLabels01.dattmp -> Adware.RXToolbar : Error during cleaning C:\Program Files\RXToolBar\Semantic Insight\nLabels01.sig -> Adware.RXToolbar : Error during cleaning C:\Program Files\RXToolBar\Semantic Insight\nLabels01.sigtmp -> Adware.RXToolbar : Error during cleaning C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.dat -> Adware.RXToolbar : Cleaned with backup C:\Program Files\TBONBin -> Adware.BetterInternet : Cleaned with backup C:\Program Files\TBONBin\TBONWnd.EXE -> Adware.BetterInternet : Cleaned with backup C:\Program Files\webHancer\Programs\whSurvey.exe -> Adware.WebHancer : Cleaned with backup C:\Program Files\whInstall -> Adware.Webhancer : Cleaned with backup C:\Program Files\whInstall\license.txt -> Adware.Webhancer : Cleaned with backup C:\Program Files\whInstall\readme.txt -> Adware.Webhancer : Cleaned with backup C:\Program Files\whInstall\Sporder.dll -> Adware.Webhancer : Cleaned with backup C:\Program Files\whInstall\webhdll.dll -> Adware.Webhancer : Cleaned with backup C:\Program Files\whInstall\whAgent.exe -> Adware.Webhancer : Cleaned with backup C:\Program Files\whInstall\whAgent.inf -> Adware.Webhancer : Cleaned with backup C:\Program Files\whInstall\whAgent.ini -> Adware.Webhancer : Cleaned with backup C:\Program Files\whInstall\whiehlpr.dll -> Adware.Webhancer : Cleaned with backup C:\Program Files\whInstall\whInstaller.exe -> Adware.Webhancer : Cleaned with backup C:\Program Files\whInstall\whInstaller.ini -> Adware.Webhancer : Cleaned with backup C:\Program Files\whInstall\whSurvey.exe -> Adware.Webhancer : Cleaned with backup C:\WINDOWS\Downloaded Program Files\MediaGatewayX.dll -> Adware.WinAD : Cleaned with backup C:\WINDOWS\Downloaded Program Files\supreme.dll -> Adware.MegaSearch : Cleaned with backup C:\WINDOWS\NDNuninstall6_38.exe -> Adware.NewDotNet : Cleaned with backup C:\WINDOWS\NDNuninstall7_22.exe -> Adware.NewDotNet : Cleaned with backup C:\WINDOWS\system32\fkksddc.exe -> Trojan.Pakes : Cleaned with backup C:\WINDOWS\system32\P2P Networking -> Adware.P2PNetworking : Cleaned with backup C:\WINDOWS\system32\P2P Networking\MARSHAL.DLL -> Adware.P2PNetworking : Cleaned with backup C:\WINDOWS\system32\P2P Networking\P2P Networking.eng -> Adware.P2PNetworking : Cleaned with backup C:\WINDOWS\system32\pqqab.dat -> Downloader.Qoologic.at : Cleaned with backup C:\WINDOWS\system32\vgactl.cpl -> Downloader.Qoologic.at : Cleaned with backup C:\WINDOWS\system32\winks.exe -> Adware.WinAD : Cleaned with backup C:\WINDOWS\system32\wyyirr.exe -> Downloader.Qoologic.at : Cleaned with backup C:\WINDOWS\Temp\Altnet -> Adware.Altnet : Cleaned with backup C:\WINDOWS\Temp\Altnet\adm.exe -> Adware.Altnet : Cleaned with backup C:\WINDOWS\Temp\Altnet\adm25.dll -> Adware.Altnet : Cleaned with backup C:\WINDOWS\Temp\Altnet\adm4.dll -> Adware.Altnet : Cleaned with backup C:\WINDOWS\Temp\Altnet\admdata.dll -> Adware.Altnet : Cleaned with backup C:\WINDOWS\Temp\Altnet\admdloader.dll -> Adware.Altnet : Cleaned with backup C:\WINDOWS\Temp\Altnet\admfdi.dll -> Adware.Altnet : Cleaned with backup C:\WINDOWS\Temp\Altnet\admprog.dll -> Adware.Altnet : Cleaned with backup C:\WINDOWS\Temp\Altnet\Atl.dll -> Adware.Altnet : Cleaned with backup C:\WINDOWS\Temp\Altnet\dmfiles.cab -> Adware.Altnet : Cleaned with backup C:\WINDOWS\Temp\Altnet\DMinfo3.cab -> Adware.Altnet : Cleaned with backup C:\WINDOWS\Temp\Altnet\dminstall7.cab -> Adware.Altnet : Cleaned with backup C:\WINDOWS\Temp\Altnet\msvcirt.dll -> Adware.Altnet : Cleaned with backup C:\WINDOWS\Temp\Altnet\mysearch.cab -> Adware.Altnet : Cleaned with backup C:\WINDOWS\Temp\Altnet\pmexe.cab -> Adware.Altnet : Cleaned with backup C:\WINDOWS\Temp\Altnet\pmfiles.cab -> Adware.Altnet : Cleaned with backup C:\WINDOWS\Temp\Altnet\pminstall.cab -> Adware.Altnet : Cleaned with backup C:\WINDOWS\Temp\Altnet\Setup.cab -> Adware.Altnet : Cleaned with backup C:\WINDOWS\Temp\Altnet\Setup.exe -> Adware.Altnet : Cleaned with backup C:\WINDOWS\unist2.exe -> Adware.ShopNav : Cleaned with backup C:\WINDOWS\whInstaller.exe -> Adware.WebHancer : Cleaned with backup::Report EndWelcome back! You've got quite a mess there, but we got rid of the most dangerous part first. To deal with the amount of infections you have, and how serious they are, we're going to run a scan.Please print out these directionis for use in Safe ModePlease download ewido anti-malware it is a free version of the program.Install ewido anti-malwareWhen installing, under "Additional Options" uncheck..Install background guardInstall scan via context menu[*]Launch ewido, there should be an icon on your desktop, double-click it.[*]The program will now open to the main screen.[*]When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.[*]You will need to update ewido to the latest definition files.On the left hand side of the main screen click update.Then click on Start Update.[*]The update will start and a progress bar will show the updates being installed.(the status bar at the bottom will display ("Update successful")If you are having problems with the updater, you can use this link to manually update ewido.ewido manual updatesOnce the updates are installed do the following:Click on scannerClick on Complete System Scan and the scan will begin.You will be prompted to clean the first infection.Select "Perform action on all infections", then proceed.Once the scan has completed, there will be a button located on the bottom of the screen named Save reportClick Save report.Save the report .txt file to your desktop or a location where you can find it easily.Close ewido anti-malware.Post back with the Ewido Report and a new HJT log. Link to post Share on other sites
illmatic rob Posted March 12, 2006 Author Report Share Posted March 12, 2006 here is my latest hijackthis log after ewido anti-malware scan :Logfile of HijackThis v1.99.1Scan saved at 11:10:39 AM, on 3/12/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\ewido anti-malware\ewidoctrl.exeC:\Program Files\ewido anti-malware\ewidoguard.exeC:\Program Files\Common Files\LightScribe\LSSrvc.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\wscntfy.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exeC:\Program Files\Java\jre1.5.0_02\bin\jusched.exeC:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exeC:\Program Files\Synaptics\SynTP\SynTPLpr.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\Hp\HP Software Update\HPWuSchd2.exeC:\Program Files\HPQ\Quick Launch Buttons\EabServr.exeC:\Program Files\HPQ\SHARED\HPQWMI.exeC:\Program Files\Real\RealPlayer\RealPlay.exeC:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exeC:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exeC:\PROGRA~1\MUSICM~1\MUSICM~2\MMDiag.exeC:\Program Files\Kazaa Lite Revolution\kazaalite.kppC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exeC:\Program Files\iPod\bin\iPodService.exeC:\Program Files\QuickTime\qttask.exeC:\WINDOWS\wdskctl.exeC:\Program Files\Messenger\msmsgs.exeC:\Program Files\MSN Messenger\MsnMsgr.ExeC:\PROGRA~1\SOFTWA~1\soproc.exeC:\Program Files\Internet Explorer\iexplore.exeC:\HJT\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBRR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...ilion&pf=laptopR1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.supremetoolbar.comO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dllO2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLLO2 - BHO: Supreme Toolbar - {4E7BD74F-2B8D-469E-D7F3-FA7EA480A97D} - C:\WINDOWS\DOWNLO~1\supreme.dll (file missing)O2 - BHO: WhIeHelperObj Class - {c900b400-cdfe-11d3-976a-00e02913a9e0} - C:\Program Files\webHancer\programs\whiehlpr.dll (file missing)O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLLO3 - Toolbar: Supreme Toolbar - {4E7BD74F-2B8D-469E-D7F3-FA7EA480A97D} - C:\WINDOWS\DOWNLO~1\supreme.dll (file missing)O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exeO4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exeO4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exeO4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exeO4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exeO4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exeO4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /StartO4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exeO4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exeO4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYERO4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"O4 - HKLM\..\Run: [semanticInsight] C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exeO4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exeO4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"O4 - HKLM\..\Run: [KAZAA] "C:\Program Files\Kazaa Lite Revolution\kpp.exe" "C:\Program Files\Kazaa Lite Revolution\kazaalite.kpp" /SYSTRAYO4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [VVSN] C:\Program Files\VVSN\VVSN.exeO4 - HKLM\..\Run: [wdskctl] C:\WINDOWS\wdskctl.exeO4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - HKCU\..\Run: [sOProc_SoRefRegSoAlertWxLiteNnAj] rundll32 shell32.dll,ShellExec_RunDLL C:\PROGRA~1\SOFTWA~1\soproc.exe -pack SoRefRegSoAlertWxLiteNnAjO4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /backgroundO8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTMLO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dllO9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dllO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=laptopO15 - Trusted Zone: http://ak.imgfarm.comO15 - Trusted Zone: http://gallery.myfuncards.comO15 - Trusted Zone: http://www.rselby.netO15 - Trusted Zone: http://help.smileycentral.comO15 - Trusted Zone: http://smiley.smileycentral.comO15 - Trusted Zone: http://www.smiley.smileycentral.comO16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cabO16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} (Hewlett-Packard Online Support Services) - http://h50203.www5.hp.com/HPISWeb/Customer...DataManager.CABO16 - DPF: {15589FA1-C456-11CE-BF01-00AA0055595A} - http://ax.web-nexus.net/download/ax/279/installer.exeO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cabO16 - DPF: {205FF73B-CA67-11D5-99DD-444553540013} (CInstall Class) - http://adserver.sharewareonline.com/adserver/Install.cabO16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cabO16 - DPF: {4E7BD74F-2B8D-469E-DEFA-EB76B1D5FA7D} - http://ezgreets.aavalue.com/EZG/Toolbar/ezg-toolbar.cabO16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cabO16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1139440267890O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cabO16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} (MediaGatewayX) - http://static.zangocash.com/cab/Zango/ie/bridge-c356.cabO16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cabO18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file)O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exeO23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exeO23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exeO23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exeok .. I ran the Ewido anit-malware program as suggested. Here is the report :--------------------------------------------------------- ewido anti-malware - Scan report--------------------------------------------------------- + Created on: 11:03:17 AM, 3/12/2006 + Report-Checksum: 6ED95B0F + Scan result: HKLM\SOFTWARE\Classes\ADM25.ADM25 -> Adware.Altnet : Cleaned with backup HKLM\SOFTWARE\Classes\ADM25.ADM25\CurVer -> Adware.Altnet : Cleaned with backup HKLM\SOFTWARE\Classes\ADM25.ADM25.1 -> Adware.Altnet : Cleaned with backup HKLM\SOFTWARE\Classes\ADM4.ADM4 -> Adware.Altnet : Cleaned with backup HKLM\SOFTWARE\Classes\ADM4.ADM4\CurVer -> Adware.Altnet : Cleaned with backup HKLM\SOFTWARE\Classes\ADM4.ADM4.1 -> Adware.Altnet : Cleaned with backup HKLM\SOFTWARE\Classes\AppID\adm.EXE -> Adware.Altnet : Cleaned with backup HKLM\SOFTWARE\Classes\AppID\Altnet Signing Module.EXE -> Adware.Altnet : Cleaned with backup HKLM\SOFTWARE\Classes\ClientAX.ClientInstaller -> Adware.180Solutions : Error during cleaning HKLM\SOFTWARE\Classes\ClientAX.ClientInstaller.1 -> Adware.180Solutions : Error during cleaning HKLM\SOFTWARE\Classes\ClientAX.RequiredComponent -> Adware.Zango : Error during cleaning HKLM\SOFTWARE\Classes\ClientAX.RequiredComponent.1 -> Adware.Zango : Error during cleaning HKLM\SOFTWARE\Classes\CLSID\{59879FA4-4790-461c-A1CC-4EC4DE4CA483} -> Adware.RXToolbar : Cleaned with backup HKLM\SOFTWARE\Classes\TopSearch.TSLink -> Adware.Altnet : Cleaned with backup HKLM\SOFTWARE\Classes\TopSearch.TSLink\CLSID -> Adware.Altnet : Cleaned with backup HKLM\SOFTWARE\Classes\TopSearch.TSLink\CurVer -> Adware.Altnet : Cleaned with backup HKLM\SOFTWARE\Classes\TopSearch.TSLink.1 -> Adware.Altnet : Cleaned with backup HKLM\SOFTWARE\Classes\WhIeHelperObj.WhIeHelperObj -> Adware.WebHancer : Cleaned with backup HKLM\SOFTWARE\Classes\WhIeHelperObj.WhIeHelperObj\CurVer -> Adware.WebHancer : Cleaned with backup HKLM\SOFTWARE\Classes\WhIeHelperObj.WhIeHelperObj.1 -> Adware.WebHancer : Cleaned with backup HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59879FA4-4790-461c-A1CC-4EC4DE4CA483} -> Adware.RXToolbar : Cleaned with backup HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\webHancer Agent -> Adware.WebHancer : Cleaned with backup HKLM\SOFTWARE\webHancer -> Adware.WebHancer : Cleaned with backup HKLM\SOFTWARE\webHancer\CC -> Adware.WebHancer : Cleaned with backup HKLM\SOFTWARE\webHancer\ESO -> Adware.WebHancer : Cleaned with backup HKU\S-1-5-21-3124652315-718845266-150805356-1006\Software\dsktb -> Adware.IEPlugin : Cleaned with backup HKU\S-1-5-21-3124652315-718845266-150805356-1006\Software\dsktb\DesktopToolbar -> Adware.IEPlugin : Cleaned with backup HKU\S-1-5-21-3124652315-718845266-150805356-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2FE29DE6-B70C-498B-80BF-CFEB9540F747} -> Adware.EZ-Greets : Cleaned with backup HKU\S-1-5-21-3124652315-718845266-150805356-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{56F1D444-11BF-4879-A12B-79CF0177F038} -> Adware.180Solutions : Cleaned with backup HKU\S-1-5-21-3124652315-718845266-150805356-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{59879FA4-4790-461C-A1CC-4EC4DE4CA483} -> Adware.RXToolbar : Cleaned with backup HKU\S-1-5-21-3124652315-718845266-150805356-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{78B99003-748F-4167-A5AD-634E4278AF6D} -> Adware.EZ-Greets : Cleaned with backup HKU\S-1-5-21-3124652315-718845266-150805356-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EA0D26BD-9029-431A-86E0-83152D67828A} -> Adware.180Solutions : Cleaned with backup C:\Documents and Settings\Evie\Cookies\evie@2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup C:\Documents and Settings\Evie\Cookies\[email protected][2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup C:\Documents and Settings\Evie\Cookies\evie@adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned with backup C:\Documents and Settings\Evie\Cookies\[email protected][1].txt -> TrackingCookie.Specificclick : Cleaned with backup C:\Documents and Settings\Evie\Cookies\evie@adrevolver[1].txt -> TrackingCookie.Adrevolver : Cleaned with backup C:\Documents and Settings\Evie\Cookies\[email protected][2].txt -> TrackingCookie.Pointroll : Cleaned with backup C:\Documents and Settings\Evie\Cookies\evie@advertising[2].txt -> TrackingCookie.Advertising : Cleaned with backup C:\Documents and Settings\Evie\Cookies\[email protected][1].txt -> TrackingCookie.Falkag : Cleaned with backup C:\Documents and Settings\Evie\Cookies\evie@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup C:\Documents and Settings\Evie\Cookies\evie@bestoffersnetworks[2].txt -> TrackingCookie.Bestoffersnetworks : Cleaned with backup C:\Documents and Settings\Evie\Cookies\evie@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned with backup C:\Documents and Settings\Evie\Cookies\evie@cliks[2].txt -> TrackingCookie.Cliks : Cleaned with backup C:\Documents and Settings\Evie\Cookies\evie@com[2].txt -> TrackingCookie.Com : Cleaned with backup C:\Documents and Settings\Evie\Cookies\evie@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup C:\Documents and Settings\Evie\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : Cleaned with backup C:\Documents and Settings\Evie\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : Cleaned with backup C:\Documents and Settings\Evie\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : Cleaned with backup C:\Documents and Settings\Evie\Cookies\evie@fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned with backup C:\Documents and Settings\Evie\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup C:\Documents and Settings\Evie\Cookies\evie@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup C:\Documents and Settings\Evie\Cookies\[email protected][2].txt -> TrackingCookie.Tracking101 : Cleaned with backup C:\Documents and Settings\Evie\Cookies\evie@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned with backup C:\Documents and Settings\Evie\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup C:\Documents and Settings\Evie\Cookies\evie@need2find[1].txt -> TrackingCookie.Need2find : Cleaned with backup C:\Documents and Settings\Evie\Cookies\evie@overture[2].txt -> TrackingCookie.Overture : Cleaned with backup C:\Documents and Settings\Evie\Cookies\evie@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned with backup C:\Documents and Settings\Evie\Cookies\[email protected][1].txt -> TrackingCookie.Falkag : Cleaned with backup C:\Documents and Settings\Evie\Cookies\evie@starware[2].txt -> TrackingCookie.Starware : Cleaned with backup C:\Documents and Settings\Evie\Cookies\[email protected][1].txt -> TrackingCookie.Webtrendslive : Cleaned with backup C:\Documents and Settings\Evie\Cookies\evie@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Cleaned with backup C:\Documents and Settings\Evie\Cookies\evie@trafficmp[1].txt -> TrackingCookie.Trafficmp : Cleaned with backup C:\Documents and Settings\Evie\Cookies\evie@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned with backup C:\Documents and Settings\Evie\Cookies\evie@valueclick[1].txt -> TrackingCookie.Valueclick : Cleaned with backup C:\Documents and Settings\Evie\Cookies\[email protected][2].txt -> TrackingCookie.Burstbeacon : Cleaned with backup C:\Documents and Settings\Evie\Cookies\[email protected][1].txt -> TrackingCookie.Adserver : Cleaned with backup C:\Documents and Settings\Evie\Cookies\evie@zedo[2].txt -> TrackingCookie.Zedo : Cleaned with backup C:\Documents and Settings\Evie\Local Settings\Temp\Del11A.tmp -> Adware.180Solutions : Cleaned with backup C:\Documents and Settings\Isaac\Cookies\isaac@2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup C:\Documents and Settings\Isaac\Cookies\isaac@7search[2].txt -> TrackingCookie.7search : Cleaned with backup C:\Documents and Settings\Isaac\Cookies\[email protected][2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup C:\Documents and Settings\Isaac\Cookies\[email protected][2].txt -> TrackingCookie.Euroclick : Cleaned with backup C:\Documents and Settings\Isaac\Cookies\[email protected][2].txt -> TrackingCookie.Specificclick : Cleaned with backup C:\Documents and Settings\Isaac\Cookies\isaac@adrevolver[3].txt -> TrackingCookie.Adrevolver : Cleaned with backup C:\Documents and Settings\Isaac\Cookies\[email protected][2].txt -> TrackingCookie.Pointroll : Cleaned with backup C:\Documents and Settings\Isaac\Cookies\isaac@advertising[2].txt -> TrackingCookie.Advertising : Cleaned with backup C:\Documents and Settings\Isaac\Cookies\[email protected][2].txt -> TrackingCookie.Falkag : Cleaned with backup C:\Documents and Settings\Isaac\Cookies\[email protected][2].txt -> TrackingCookie.Falkag : Cleaned with backup C:\Documents and Settings\Isaac\Cookies\isaac@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup C:\Documents and Settings\Isaac\Cookies\isaac@bestoffersnetworks[1].txt -> TrackingCookie.Bestoffersnetworks : Cleaned with backup C:\Documents and Settings\Isaac\Cookies\isaac@bluestreak[2].txt -> TrackingCookie.Bluestreak : Cleaned with backup C:\Documents and Settings\Isaac\Cookies\isaac@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned with backup C:\Documents and Settings\Isaac\Cookies\isaac@cliks[1].txt -> TrackingCookie.Cliks : Cleaned with backup C:\Documents and Settings\Isaac\Cookies\isaac@com[2].txt -> TrackingCookie.Com : Cleaned with backup C:\Documents and Settings\Isaac\Cookies\[email protected][1].txt -> TrackingCookie.Sextracker : Cleaned with backup C:\Documents and Settings\Isaac\Cookies\isaac@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Cleaned with backup C:\Documents and Settings\Isaac\Cookies\isaac@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup C:\Documents and Settings\Isaac\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\Isaac\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\Isaac\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\Isaac\Cookies\[email protected][2].txt -> TrackingCookie.Ru4 : Cleaned with backup C:\Documents and Settings\Isaac\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : Cleaned with backup C:\Documents and Settings\Isaac\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : Cleaned with backup C:\Documents and Settings\Isaac\Cookies\[email protected][2].txt -> TrackingCookie.Aavalue : Cleaned with backup C:\Documents and Settings\Isaac\Cookies\[email protected][2].txt -> TrackingCookie.Aavalue : Cleaned with backup C:\Documents and Settings\Isaac\Cookies\isaac@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned with backup C:\Documents and Settings\Isaac\Cookies\[email protected][1].txt -> TrackingCookie.Starware : Cleaned with backup C:\Documents and Settings\Isaac\Cookies\[email protected][2].txt -> TrackingCookie.Tracking101 : Cleaned with backup C:\Documents and Settings\Isaac\Cookies\isaac@need2find[1].txt -> TrackingCookie.Need2find : Cleaned with backup C:\Documents and Settings\Isaac\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup C:\Documents and Settings\Isaac\Cookies\[email protected][1].txt -> TrackingCookie.Overture : Cleaned with backup C:\Documents and Settings\Isaac\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : Cleaned with backup C:\Documents and Settings\Isaac\Cookies\[email protected][2].txt -> TrackingCookie.Liveperson : Cleaned with backup C:\Documents and Settings\Isaac\Cookies\isaac@sextracker[2].txt -> TrackingCookie.Sextracker : Cleaned with backup C:\Documents and Settings\Isaac\Cookies\isaac@starware[2].txt -> TrackingCookie.Starware : Cleaned with backup C:\Documents and Settings\Isaac\Cookies\isaac@statcounter[1].txt -> TrackingCookie.Statcounter : Cleaned with backup C:\Documents and Settings\Isaac\Cookies\[email protected][2].txt -> TrackingCookie.Webtrendslive : Cleaned with backup C:\Documents and Settings\Isaac\Cookies\isaac@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup C:\Documents and Settings\Isaac\Cookies\isaac@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Cleaned with backup C:\Documents and Settings\Isaac\Cookies\isaac@trafficmp[2].txt -> TrackingCookie.Trafficmp : Cleaned with backup C:\Documents and Settings\Isaac\Cookies\[email protected][1].txt -> TrackingCookie.Starware : Cleaned with backup C:\Documents and Settings\Isaac\Cookies\isaac@yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup C:\Documents and Settings\Isaac\Cookies\[email protected][1].txt -> TrackingCookie.Adserver : Cleaned with backup :mozilla.9:C:\Documents and Settings\Nina\Application Data\Netscape\NSB\Profiles\73pgmxm1.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.10:C:\Documents and Settings\Nina\Application Data\Netscape\NSB\Profiles\73pgmxm1.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.11:C:\Documents and Settings\Nina\Application Data\Netscape\NSB\Profiles\73pgmxm1.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup C:\Documents and Settings\Nina\Cookies\nina@2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup C:\Documents and Settings\Nina\Cookies\[email protected][2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup C:\Documents and Settings\Nina\Cookies\nina@adrevolver[3].txt -> TrackingCookie.Adrevolver : Cleaned with backup C:\Documents and Settings\Nina\Cookies\[email protected][2].txt -> TrackingCookie.Addynamix : Cleaned with backup C:\Documents and Settings\Nina\Cookies\nina@advertising[2].txt -> TrackingCookie.Advertising : Cleaned with backup C:\Documents and Settings\Nina\Cookies\[email protected][1].txt -> TrackingCookie.Falkag : Cleaned with backup C:\Documents and Settings\Nina\Cookies\nina@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup C:\Documents and Settings\Nina\Cookies\[email protected][1].txt -> TrackingCookie.Zedo : Cleaned with backup C:\Documents and Settings\Nina\Cookies\nina@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned with backup C:\Documents and Settings\Nina\Cookies\nina@com[2].txt -> TrackingCookie.Com : Cleaned with backup C:\Documents and Settings\Nina\Cookies\nina@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup C:\Documents and Settings\Nina\Cookies\[email protected][1].txt -> TrackingCookie.Hitbox : Cleaned with backup C:\Documents and Settings\Nina\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : Cleaned with backup C:\Documents and Settings\Nina\Cookies\[email protected][1].txt -> TrackingCookie.Aavalue : Cleaned with backup C:\Documents and Settings\Nina\Cookies\[email protected][2].txt -> TrackingCookie.Aavalue : Cleaned with backup C:\Documents and Settings\Nina\Cookies\nina@fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned with backup C:\Documents and Settings\Nina\Cookies\nina@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup C:\Documents and Settings\Nina\Cookies\[email protected][2].txt -> TrackingCookie.Tracking101 : Cleaned with backup C:\Documents and Settings\Nina\Cookies\nina@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned with backup C:\Documents and Settings\Nina\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup C:\Documents and Settings\Nina\Cookies\nina@overture[1].txt -> TrackingCookie.Overture : Cleaned with backup C:\Documents and Settings\Nina\Cookies\nina@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned with backup C:\Documents and Settings\Nina\Cookies\[email protected][1].txt -> TrackingCookie.Falkag : Cleaned with backup C:\Documents and Settings\Nina\Cookies\nina@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup C:\Documents and Settings\Nina\Cookies\nina@targetnet[2].txt -> TrackingCookie.Targetnet : Cleaned with backup C:\Documents and Settings\Nina\Cookies\nina@trafficmp[1].txt -> TrackingCookie.Trafficmp : Cleaned with backup C:\Documents and Settings\Nina\Cookies\nina@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned with backup C:\Documents and Settings\Nina\Cookies\nina@yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup C:\Documents and Settings\Nina\Cookies\[email protected][1].txt -> TrackingCookie.Adserver : Cleaned with backup C:\Documents and Settings\Nina\Cookies\nina@zedo[2].txt -> TrackingCookie.Zedo : Cleaned with backup :mozilla.19:C:\Documents and Settings\Shawn Ryan\Application Data\Netscape\NSB\Profiles\gk49q6j6\cookies.txt -> TrackingCookie.Overture : Cleaned with backup :mozilla.20:C:\Documents and Settings\Shawn Ryan\Application Data\Netscape\NSB\Profiles\gk49q6j6\cookies.txt -> TrackingCookie.Overture : Cleaned with backup :mozilla.30:C:\Documents and Settings\Shawn Ryan\Application Data\Netscape\NSB\Profiles\gk49q6j6\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.31:C:\Documents and Settings\Shawn Ryan\Application Data\Netscape\NSB\Profiles\gk49q6j6\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.32:C:\Documents and Settings\Shawn Ryan\Application Data\Netscape\NSB\Profiles\gk49q6j6\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.33:C:\Documents and Settings\Shawn Ryan\Application Data\Netscape\NSB\Profiles\gk49q6j6\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.36:C:\Documents and Settings\Shawn Ryan\Application Data\Netscape\NSB\Profiles\gk49q6j6\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup C:\Documents and Settings\Shawn Ryan\Application Data\Netscape\NSB\Profiles\mgu26d6s.default\Cache\C8D542DDd01 -> Adware.180Solutions : Cleaned with backup :mozilla.9:C:\Documents and Settings\Shawn Ryan\Application Data\Netscape\NSB\Profiles\mgu26d6s.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.10:C:\Documents and Settings\Shawn Ryan\Application Data\Netscape\NSB\Profiles\mgu26d6s.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.11:C:\Documents and Settings\Shawn Ryan\Application Data\Netscape\NSB\Profiles\mgu26d6s.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.12:C:\Documents and Settings\Shawn Ryan\Application Data\Netscape\NSB\Profiles\mgu26d6s.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.13:C:\Documents and Settings\Shawn Ryan\Application Data\Netscape\NSB\Profiles\mgu26d6s.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.14:C:\Documents and Settings\Shawn Ryan\Application Data\Netscape\NSB\Profiles\mgu26d6s.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.15:C:\Documents and Settings\Shawn Ryan\Application Data\Netscape\NSB\Profiles\mgu26d6s.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.17:C:\Documents and Settings\Shawn Ryan\Application Data\Netscape\NSB\Profiles\mgu26d6s.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup :mozilla.65:C:\Documents and Settings\Shawn Ryan\Application Data\Netscape\NSB\Profiles\mgu26d6s.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup :mozilla.69:C:\Documents and Settings\Shawn Ryan\Application Data\Netscape\NSB\Profiles\mgu26d6s.default\cookies.txt -> TrackingCookie.Weborama : Cleaned with backup :mozilla.70:C:\Documents and Settings\Shawn Ryan\Application Data\Netscape\NSB\Profiles\mgu26d6s.default\cookies.txt -> TrackingCookie.Weborama : Cleaned with backup :mozilla.85:C:\Documents and Settings\Shawn Ryan\Application Data\Netscape\NSB\Profiles\mgu26d6s.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup :mozilla.105:C:\Documents and Settings\Shawn Ryan\Application Data\Netscape\NSB\Profiles\mgu26d6s.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup :mozilla.111:C:\Documents and Settings\Shawn Ryan\Application Data\Netscape\NSB\Profiles\mgu26d6s.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.112:C:\Documents and Settings\Shawn Ryan\Application Data\Netscape\NSB\Profiles\mgu26d6s.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup :mozilla.113:C:\Documents and Settings\Shawn Ryan\Application Data\Netscape\NSB\Profiles\mgu26d6s.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup :mozilla.114:C:\Documents and Settings\Shawn Ryan\Application Data\Netscape\NSB\Profiles\mgu26d6s.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup :mozilla.119:C:\Documents and Settings\Shawn Ryan\Application Data\Netscape\NSB\Profiles\mgu26d6s.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup :mozilla.122:C:\Documents and Settings\Shawn Ryan\Application Data\Netscape\NSB\Profiles\mgu26d6s.default\cookies.txt -> TrackingCookie.Clickhype : Cleaned with backup :mozilla.128:C:\Documents and Settings\Shawn Ryan\Application Data\Netscape\NSB\Profiles\mgu26d6s.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup :mozilla.130:C:\Documents and Settings\Shawn Ryan\Application Data\Netscape\NSB\Profiles\mgu26d6s.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup :mozilla.135:C:\Documents and Settings\Shawn Ryan\Application Data\Netscape\NSB\Profiles\mgu26d6s.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup :mozilla.138:C:\Documents and Settings\Shawn Ryan\Application Data\Netscape\NSB\Profiles\mgu26d6s.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup :mozilla.139:C:\Documents and Settings\Shawn Ryan\Application Data\Netscape\NSB\Profiles\mgu26d6s.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup :mozilla.140:C:\Documents and Settings\Shawn Ryan\Application Data\Netscape\NSB\Profiles\mgu26d6s.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup :mozilla.141:C:\Documents and Settings\Shawn Ryan\Application Data\Netscape\NSB\Profiles\mgu26d6s.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup C:\Documents and Settings\Shawn Ryan\Cookies\shawn ryan@2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup C:\Documents and Settings\Shawn Ryan\Cookies\shawn [email protected][1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup C:\Documents and Settings\Shawn Ryan\Cookies\shawn [email protected][1].txt -> TrackingCookie.Clickhype : Cleaned with backup C:\Documents and Settings\Shawn Ryan\Cookies\shawn [email protected][1].txt -> TrackingCookie.Realcastmedia : Cleaned with backup C:\Documents and Settings\Shawn Ryan\Cookies\shawn ryan@bestoffersnetworks[2].txt -> TrackingCookie.Bestoffersnetworks : Cleaned with backup C:\Documents and Settings\Shawn Ryan\Cookies\shawn ryan@clickbank[1].txt -> TrackingCookie.Clickbank : Cleaned with backup C:\Documents and Settings\Shawn Ryan\Cookies\shawn ryan@cliks[2].txt -> TrackingCookie.Cliks : Cleaned with backup C:\Documents and Settings\Shawn Ryan\Cookies\shawn ryan@com[1].txt -> TrackingCookie.Com : Cleaned with backup C:\Documents and Settings\Shawn Ryan\Cookies\shawn ryan@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Cleaned with backup C:\Documents and Settings\Shawn Ryan\Cookies\shawn ryan@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup C:\Documents and Settings\Shawn Ryan\Cookies\shawn [email protected][1].txt -> TrackingCookie.Hitbox : Cleaned with backup C:\Documents and Settings\Shawn Ryan\Cookies\shawn [email protected][2].txt -> TrackingCookie.Aavalue : Cleaned with backup C:\Documents and Settings\Shawn Ryan\Cookies\shawn [email protected][1].txt -> TrackingCookie.Aavalue : Cleaned with backup C:\Documents and Settings\Shawn Ryan\Cookies\shawn [email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup C:\Documents and Settings\Shawn Ryan\Cookies\shawn ryan@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup C:\Documents and Settings\Shawn Ryan\Cookies\shawn [email protected][1].txt -> TrackingCookie.Directnetadvertising : Cleaned with backup C:\Documents and Settings\Shawn Ryan\Cookies\shawn ryan@yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup C:\Documents and Settings\Shawn Ryan\Desktop\ZangoMessenger.exe -> Adware.180Solutions : Cleaned with backup C:\Documents and Settings\Shawn Ryan\Local Settings\Temp\asmfiles.cab/asm.exe -> Adware.Altnet : Cleaned with backup C:\Documents and Settings\Shawn Ryan\Local Settings\Temp\asmfiles.cab/asmps.dll -> Adware.Altnet : Cleaned with backup C:\Documents and Settings\Shawn Ryan\Local Settings\Temp\Cookies\shawn [email protected][2].txt -> TrackingCookie.Aavalue : Cleaned with backup C:\Documents and Settings\Shawn Ryan\Local Settings\Temp\Cookies\shawn [email protected][2].txt -> TrackingCookie.Aavalue : Cleaned with backup C:\Documents and Settings\Shawn Ryan\Local Settings\Temp\f2408203.exe -> Downloader.Qoologic.at : Cleaned with backup C:\Documents and Settings\Shawn Ryan\Local Settings\Temp\ICD2.tmp\ezg-package.exe -> Adware.Sidesearch : Cleaned with backup C:\Documents and Settings\Shawn Ryan\Local Settings\Temp\MGW_SH.exe -> Adware.WinAD : Cleaned with backup C:\Documents and Settings\Shawn Ryan\Local Settings\Temp\SHNT288.exe -> Adware.NewDotNet : Cleaned with backup C:\Documents and Settings\Shawn Ryan\Local Settings\Temp\tm26042.exe -> Downloader.Qoologic.ax : Cleaned with backup C:\Documents and Settings\Shawn Ryan\Local Settings\Temp\tm3662.exe -> Downloader.Qoologic.ax : Cleaned with backup C:\Documents and Settings\Shawn Ryan\Local Settings\Temp\wh.exe/whAgent.exe -> Adware.WebHancer : Cleaned with backup C:\Documents and Settings\Shawn Ryan\Local Settings\Temp\__unin__.exe -> Adware.Altnet : Cleaned with backup C:\Documents and Settings\Shawn Ryan\Local Settings\Temporary Internet Files\Content.IE5\G1URWDUR\rcverlib[1].exe -> Downloader.Qoologic.ax : Cleaned with backup C:\Documents and Settings\Shawn Ryan\My Documents\My Music\Divx Bundle +XViD.exe -> Worm.SdDrop.e : Cleaned with backup C:\Documents and Settings\Shawn Ryan\My Documents\My Music\DivX edit (new).exe -> Worm.SdDrop.d : Cleaned with backup C:\Documents and Settings\Shawn Ryan\My Documents\My Pictures\myemoticons\Display Images\myemoticons\temperkid.zip/winkjap1123.exe -> Downloader.VB.oc : Cleaned with backup C:\Program Files\filesubmit\dmpotc201.zip\NNWDAC638.EXE -> Adware.NewDotNet : Cleaned with backup C:\Program Files\INSTAFINK -> Adware.404Search : Cleaned with backup C:\Program Files\INSTAFINK\instafink.dll -> Adware.404Search : Cleaned with backup C:\Program Files\MyEmoticons\VVSNI_S3_MYEM_Inst.exe -> Adware.SaveNow : Cleaned with backup C:\Program Files\RXToolBar -> Adware.RXToolbar : Cleaned with backup C:\Program Files\RXToolBar\Semantic Insight -> Adware.RXToolbar : Cleaned with backup C:\Program Files\RXToolBar\Semantic Insight\bKPack01.01.dat -> Adware.RXToolbar : Error during cleaning C:\Program Files\RXToolBar\Semantic Insight\bKPack01.01.dattmp -> Adware.RXToolbar : Error during cleaning C:\Program Files\RXToolBar\Semantic Insight\bKPack01.01.sig -> Adware.RXToolbar : Error during cleaning C:\Program Files\RXToolBar\Semantic Insight\bKPack01.01.sigtmp -> Adware.RXToolbar : Error during cleaning C:\Program Files\RXToolBar\Semantic Insight\bKPack01.dat -> Adware.RXToolbar : Error during cleaning C:\Program Files\RXToolBar\Semantic Insight\bKPack01.dattmp -> Adware.RXToolbar : Error during cleaning C:\Program Files\RXToolBar\Semantic Insight\bKPack01.sig -> Adware.RXToolbar : Error during cleaning C:\Program Files\RXToolBar\Semantic Insight\bKPack01.sigtmp -> Adware.RXToolbar : Error during cleaning C:\Program Files\RXToolBar\Semantic Insight\bLabels01.dat -> Adware.RXToolbar : Error during cleaning C:\Program Files\RXToolBar\Semantic Insight\bLabels01.dattmp -> Adware.RXToolbar : Error during cleaning C:\Program Files\RXToolBar\Semantic Insight\bLabels01.sig -> Adware.RXToolbar : Error during cleaning C:\Program Files\RXToolBar\Semantic Insight\bLabels01.sigtmp -> Adware.RXToolbar : Error during cleaning C:\Program Files\RXToolBar\Semantic Insight\CustomerSecret.Key -> Adware.RXToolbar : Error during cleaning C:\Program Files\RXToolBar\Semantic Insight\CustomerSecret.Keytmp -> Adware.RXToolbar : Error during cleaning C:\Program Files\RXToolBar\Semantic Insight\CustomerSecret.sig -> Adware.RXToolbar : Error during cleaning C:\Program Files\RXToolBar\Semantic Insight\CustomerSecret.sigtmp -> Adware.RXToolbar : Error during cleaning C:\Program Files\RXToolBar\Semantic Insight\nLabels01.dat -> Adware.RXToolbar : Error during cleaning C:\Program Files\RXToolBar\Semantic Insight\nLabels01.dattmp -> Adware.RXToolbar : Error during cleaning C:\Program Files\RXToolBar\Semantic Insight\nLabels01.sig -> Adware.RXToolbar : Error during cleaning C:\Program Files\RXToolBar\Semantic Insight\nLabels01.sigtmp -> Adware.RXToolbar : Error during cleaning C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.dat -> Adware.RXToolbar : Cleaned with backup C:\Program Files\TBONBin -> Adware.BetterInternet : Cleaned with backup C:\Program Files\TBONBin\TBONWnd.EXE -> Adware.BetterInternet : Cleaned with backup C:\Program Files\webHancer\Programs\whSurvey.exe -> Adware.WebHancer : Cleaned with backup C:\Program Files\whInstall -> Adware.Webhancer : Cleaned with backup C:\Program Files\whInstall\license.txt -> Adware.Webhancer : Cleaned with backup C:\Program Files\whInstall\readme.txt -> Adware.Webhancer : Cleaned with backup C:\Program Files\whInstall\Sporder.dll -> Adware.Webhancer : Cleaned with backup C:\Program Files\whInstall\webhdll.dll -> Adware.Webhancer : Cleaned with backup C:\Program Files\whInstall\whAgent.exe -> Adware.Webhancer : Cleaned with backup C:\Program Files\whInstall\whAgent.inf -> Adware.Webhancer : Cleaned with backup C:\Program Files\whInstall\whAgent.ini -> Adware.Webhancer : Cleaned with backup C:\Program Files\whInstall\whiehlpr.dll -> Adware.Webhancer : Cleaned with backup C:\Program Files\whInstall\whInstaller.exe -> Adware.Webhancer : Cleaned with backup C:\Program Files\whInstall\whInstaller.ini -> Adware.Webhancer : Cleaned with backup C:\Program Files\whInstall\whSurvey.exe -> Adware.Webhancer : Cleaned with backup C:\WINDOWS\Downloaded Program Files\MediaGatewayX.dll -> Adware.WinAD : Cleaned with backup C:\WINDOWS\Downloaded Program Files\supreme.dll -> Adware.MegaSearch : Cleaned with backup C:\WINDOWS\NDNuninstall6_38.exe -> Adware.NewDotNet : Cleaned with backup C:\WINDOWS\NDNuninstall7_22.exe -> Adware.NewDotNet : Cleaned with backup C:\WINDOWS\system32\fkksddc.exe -> Trojan.Pakes : Cleaned with backup C:\WINDOWS\system32\P2P Networking -> Adware.P2PNetworking : Cleaned with backup C:\WINDOWS\system32\P2P Networking\MARSHAL.DLL -> Adware.P2PNetworking : Cleaned with backup C:\WINDOWS\system32\P2P Networking\P2P Networking.eng -> Adware.P2PNetworking : Cleaned with backup C:\WINDOWS\system32\pqqab.dat -> Downloader.Qoologic.at : Cleaned with backup C:\WINDOWS\system32\vgactl.cpl -> Downloader.Qoologic.at : Cleaned with backup C:\WINDOWS\system32\winks.exe -> Adware.WinAD : Cleaned with backup C:\WINDOWS\system32\wyyirr.exe -> Downloader.Qoologic.at : Cleaned with backup C:\WINDOWS\Temp\Altnet -> Adware.Altnet : Cleaned with backup C:\WINDOWS\Temp\Altnet\adm.exe -> Adware.Altnet : Cleaned with backup C:\WINDOWS\Temp\Altnet\adm25.dll -> Adware.Altnet : Cleaned with backup C:\WINDOWS\Temp\Altnet\adm4.dll -> Adware.Altnet : Cleaned with backup C:\WINDOWS\Temp\Altnet\admdata.dll -> Adware.Altnet : Cleaned with backup C:\WINDOWS\Temp\Altnet\admdloader.dll -> Adware.Altnet : Cleaned with backup C:\WINDOWS\Temp\Altnet\admfdi.dll -> Adware.Altnet : Cleaned with backup C:\WINDOWS\Temp\Altnet\admprog.dll -> Adware.Altnet : Cleaned with backup C:\WINDOWS\Temp\Altnet\Atl.dll -> Adware.Altnet : Cleaned with backup C:\WINDOWS\Temp\Altnet\dmfiles.cab -> Adware.Altnet : Cleaned with backup C:\WINDOWS\Temp\Altnet\DMinfo3.cab -> Adware.Altnet : Cleaned with backup C:\WINDOWS\Temp\Altnet\dminstall7.cab -> Adware.Altnet : Cleaned with backup C:\WINDOWS\Temp\Altnet\msvcirt.dll -> Adware.Altnet : Cleaned with backup C:\WINDOWS\Temp\Altnet\mysearch.cab -> Adware.Altnet : Cleaned with backup C:\WINDOWS\Temp\Altnet\pmexe.cab -> Adware.Altnet : Cleaned with backup C:\WINDOWS\Temp\Altnet\pmfiles.cab -> Adware.Altnet : Cleaned with backup C:\WINDOWS\Temp\Altnet\pminstall.cab -> Adware.Altnet : Cleaned with backup C:\WINDOWS\Temp\Altnet\Setup.cab -> Adware.Altnet : Cleaned with backup C:\WINDOWS\Temp\Altnet\Setup.exe -> Adware.Altnet : Cleaned with backup C:\WINDOWS\unist2.exe -> Adware.ShopNav : Cleaned with backup C:\WINDOWS\whInstaller.exe -> Adware.WebHancer : Cleaned with backup::Report EndWelcome back! You've got quite a mess there, but we got rid of the most dangerous part first. To deal with the amount of infections you have, and how serious they are, we're going to run a scan.Please print out these directionis for use in Safe ModePlease download ewido anti-malware it is a free version of the program.Install ewido anti-malwareWhen installing, under "Additional Options" uncheck..Install background guardInstall scan via context menu[*]Launch ewido, there should be an icon on your desktop, double-click it.[*]The program will now open to the main screen.[*]When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.[*]You will need to update ewido to the latest definition files.On the left hand side of the main screen click update.Then click on Start Update.[*]The update will start and a progress bar will show the updates being installed.(the status bar at the bottom will display ("Update successful")If you are having problems with the updater, you can use this link to manually update ewido.ewido manual updatesOnce the updates are installed do the following:Click on scannerClick on Complete System Scan and the scan will begin.You will be prompted to clean the first infection.Select "Perform action on all infections", then proceed.Once the scan has completed, there will be a button located on the bottom of the screen named Save reportClick Save report.Save the report .txt file to your desktop or a location where you can find it easily.Close ewido anti-malware.Post back with the Ewido Report and a new HJT log. Link to post Share on other sites
illmatic rob Posted March 12, 2006 Author Report Share Posted March 12, 2006 now what do i do after running both hijackthis and ewido anti-malware ? My IE problem still exist.here is my latest hijackthis log after ewido anti-malware scan :Logfile of HijackThis v1.99.1Scan saved at 11:10:39 AM, on 3/12/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\ewido anti-malware\ewidoctrl.exeC:\Program Files\ewido anti-malware\ewidoguard.exeC:\Program Files\Common Files\LightScribe\LSSrvc.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\wscntfy.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exeC:\Program Files\Java\jre1.5.0_02\bin\jusched.exeC:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exeC:\Program Files\Synaptics\SynTP\SynTPLpr.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\Hp\HP Software Update\HPWuSchd2.exeC:\Program Files\HPQ\Quick Launch Buttons\EabServr.exeC:\Program Files\HPQ\SHARED\HPQWMI.exeC:\Program Files\Real\RealPlayer\RealPlay.exeC:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exeC:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exeC:\PROGRA~1\MUSICM~1\MUSICM~2\MMDiag.exeC:\Program Files\Kazaa Lite Revolution\kazaalite.kppC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exeC:\Program Files\iPod\bin\iPodService.exeC:\Program Files\QuickTime\qttask.exeC:\WINDOWS\wdskctl.exeC:\Program Files\Messenger\msmsgs.exeC:\Program Files\MSN Messenger\MsnMsgr.ExeC:\PROGRA~1\SOFTWA~1\soproc.exeC:\Program Files\Internet Explorer\iexplore.exeC:\HJT\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBRR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...ilion&pf=laptopR1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.supremetoolbar.comO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dllO2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLLO2 - BHO: Supreme Toolbar - {4E7BD74F-2B8D-469E-D7F3-FA7EA480A97D} - C:\WINDOWS\DOWNLO~1\supreme.dll (file missing)O2 - BHO: WhIeHelperObj Class - {c900b400-cdfe-11d3-976a-00e02913a9e0} - C:\Program Files\webHancer\programs\whiehlpr.dll (file missing)O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLLO3 - Toolbar: Supreme Toolbar - {4E7BD74F-2B8D-469E-D7F3-FA7EA480A97D} - C:\WINDOWS\DOWNLO~1\supreme.dll (file missing)O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exeO4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exeO4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exeO4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exeO4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exeO4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exeO4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /StartO4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exeO4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exeO4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYERO4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"O4 - HKLM\..\Run: [semanticInsight] C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exeO4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exeO4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"O4 - HKLM\..\Run: [KAZAA] "C:\Program Files\Kazaa Lite Revolution\kpp.exe" "C:\Program Files\Kazaa Lite Revolution\kazaalite.kpp" /SYSTRAYO4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [VVSN] C:\Program Files\VVSN\VVSN.exeO4 - HKLM\..\Run: [wdskctl] C:\WINDOWS\wdskctl.exeO4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - HKCU\..\Run: [sOProc_SoRefRegSoAlertWxLiteNnAj] rundll32 shell32.dll,ShellExec_RunDLL C:\PROGRA~1\SOFTWA~1\soproc.exe -pack SoRefRegSoAlertWxLiteNnAjO4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /backgroundO8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTMLO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dllO9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dllO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=laptopO15 - Trusted Zone: http://ak.imgfarm.comO15 - Trusted Zone: http://gallery.myfuncards.comO15 - Trusted Zone: http://www.rselby.netO15 - Trusted Zone: http://help.smileycentral.comO15 - Trusted Zone: http://smiley.smileycentral.comO15 - Trusted Zone: http://www.smiley.smileycentral.comO16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cabO16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} (Hewlett-Packard Online Support Services) - http://h50203.www5.hp.com/HPISWeb/Customer...DataManager.CABO16 - DPF: {15589FA1-C456-11CE-BF01-00AA0055595A} - http://ax.web-nexus.net/download/ax/279/installer.exeO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cabO16 - DPF: {205FF73B-CA67-11D5-99DD-444553540013} (CInstall Class) - http://adserver.sharewareonline.com/adserver/Install.cabO16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cabO16 - DPF: {4E7BD74F-2B8D-469E-DEFA-EB76B1D5FA7D} - http://ezgreets.aavalue.com/EZG/Toolbar/ezg-toolbar.cabO16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cabO16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1139440267890O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cabO16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} (MediaGatewayX) - http://static.zangocash.com/cab/Zango/ie/bridge-c356.cabO16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cabO18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file)O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exeO23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exeO23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exeO23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exeok .. I ran the Ewido anit-malware program as suggested. Here is the report :--------------------------------------------------------- ewido anti-malware - Scan report--------------------------------------------------------- + Created on: 11:03:17 AM, 3/12/2006 + Report-Checksum: 6ED95B0F + Scan result: HKLM\SOFTWARE\Classes\ADM25.ADM25 -> Adware.Altnet : Cleaned with backup HKLM\SOFTWARE\Classes\ADM25.ADM25\CurVer -> Adware.Altnet : Cleaned with backup HKLM\SOFTWARE\Classes\ADM25.ADM25.1 -> Adware.Altnet : Cleaned with backup HKLM\SOFTWARE\Classes\ADM4.ADM4 -> Adware.Altnet : Cleaned with backup HKLM\SOFTWARE\Classes\ADM4.ADM4\CurVer -> Adware.Altnet : Cleaned with backup HKLM\SOFTWARE\Classes\ADM4.ADM4.1 -> Adware.Altnet : Cleaned with backup HKLM\SOFTWARE\Classes\AppID\adm.EXE -> Adware.Altnet : Cleaned with backup HKLM\SOFTWARE\Classes\AppID\Altnet Signing Module.EXE -> Adware.Altnet : Cleaned with backup HKLM\SOFTWARE\Classes\ClientAX.ClientInstaller -> Adware.180Solutions : Error during cleaning HKLM\SOFTWARE\Classes\ClientAX.ClientInstaller.1 -> Adware.180Solutions : Error during cleaning HKLM\SOFTWARE\Classes\ClientAX.RequiredComponent -> Adware.Zango : Error during cleaning HKLM\SOFTWARE\Classes\ClientAX.RequiredComponent.1 -> Adware.Zango : Error during cleaning HKLM\SOFTWARE\Classes\CLSID\{59879FA4-4790-461c-A1CC-4EC4DE4CA483} -> Adware.RXToolbar : Cleaned with backup HKLM\SOFTWARE\Classes\TopSearch.TSLink -> Adware.Altnet : Cleaned with backup HKLM\SOFTWARE\Classes\TopSearch.TSLink\CLSID -> Adware.Altnet : Cleaned with backup HKLM\SOFTWARE\Classes\TopSearch.TSLink\CurVer -> Adware.Altnet : Cleaned with backup HKLM\SOFTWARE\Classes\TopSearch.TSLink.1 -> Adware.Altnet : Cleaned with backup HKLM\SOFTWARE\Classes\WhIeHelperObj.WhIeHelperObj -> Adware.WebHancer : Cleaned with backup HKLM\SOFTWARE\Classes\WhIeHelperObj.WhIeHelperObj\CurVer -> Adware.WebHancer : Cleaned with backup HKLM\SOFTWARE\Classes\WhIeHelperObj.WhIeHelperObj.1 -> Adware.WebHancer : Cleaned with backup HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59879FA4-4790-461c-A1CC-4EC4DE4CA483} -> Adware.RXToolbar : Cleaned with backup HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\webHancer Agent -> Adware.WebHancer : Cleaned with backup HKLM\SOFTWARE\webHancer -> Adware.WebHancer : Cleaned with backup HKLM\SOFTWARE\webHancer\CC -> Adware.WebHancer : Cleaned with backup HKLM\SOFTWARE\webHancer\ESO -> Adware.WebHancer : Cleaned with backup HKU\S-1-5-21-3124652315-718845266-150805356-1006\Software\dsktb -> Adware.IEPlugin : Cleaned with backup HKU\S-1-5-21-3124652315-718845266-150805356-1006\Software\dsktb\DesktopToolbar -> Adware.IEPlugin : Cleaned with backup HKU\S-1-5-21-3124652315-718845266-150805356-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2FE29DE6-B70C-498B-80BF-CFEB9540F747} -> Adware.EZ-Greets : Cleaned with backup HKU\S-1-5-21-3124652315-718845266-150805356-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{56F1D444-11BF-4879-A12B-79CF0177F038} -> Adware.180Solutions : Cleaned with backup HKU\S-1-5-21-3124652315-718845266-150805356-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{59879FA4-4790-461C-A1CC-4EC4DE4CA483} -> Adware.RXToolbar : Cleaned with backup HKU\S-1-5-21-3124652315-718845266-150805356-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{78B99003-748F-4167-A5AD-634E4278AF6D} -> Adware.EZ-Greets : Cleaned with backup HKU\S-1-5-21-3124652315-718845266-150805356-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EA0D26BD-9029-431A-86E0-83152D67828A} -> Adware.180Solutions : Cleaned with backup C:\Documents and Settings\Evie\Cookies\evie@2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup C:\Documents and Settings\Evie\Cookies\[email protected][2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup C:\Documents and Settings\Evie\Cookies\evie@adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned with backup C:\Documents and Settings\Evie\Cookies\[email protected][1].txt -> TrackingCookie.Specificclick : Cleaned with backup C:\Documents and Settings\Evie\Cookies\evie@adrevolver[1].txt -> TrackingCookie.Adrevolver : Cleaned with backup C:\Documents and Settings\Evie\Cookies\[email protected][2].txt -> TrackingCookie.Pointroll : Cleaned with backup C:\Documents and Settings\Evie\Cookies\evie@advertising[2].txt -> TrackingCookie.Advertising : Cleaned with backup C:\Documents and Settings\Evie\Cookies\[email protected][1].txt -> TrackingCookie.Falkag : Cleaned with backup C:\Documents and Settings\Evie\Cookies\evie@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup C:\Documents and Settings\Evie\Cookies\evie@bestoffersnetworks[2].txt -> TrackingCookie.Bestoffersnetworks : Cleaned with backup C:\Documents and Settings\Evie\Cookies\evie@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned with backup C:\Documents and Settings\Evie\Cookies\evie@cliks[2].txt -> TrackingCookie.Cliks : Cleaned with backup C:\Documents and Settings\Evie\Cookies\evie@com[2].txt -> TrackingCookie.Com : Cleaned with backup C:\Documents and Settings\Evie\Cookies\evie@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup C:\Documents and Settings\Evie\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : Cleaned with backup C:\Documents and Settings\Evie\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : Cleaned with backup C:\Documents and Settings\Evie\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : Cleaned with backup C:\Documents and Settings\Evie\Cookies\evie@fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned with backup C:\Documents and Settings\Evie\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup C:\Documents and Settings\Evie\Cookies\evie@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup C:\Documents and Settings\Evie\Cookies\[email protected][2].txt -> TrackingCookie.Tracking101 : Cleaned with backup C:\Documents and Settings\Evie\Cookies\evie@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned with backup C:\Documents and Settings\Evie\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup C:\Documents and Settings\Evie\Cookies\evie@need2find[1].txt -> TrackingCookie.Need2find : Cleaned with backup C:\Documents and Settings\Evie\Cookies\evie@overture[2].txt -> TrackingCookie.Overture : Cleaned with backup C:\Documents and Settings\Evie\Cookies\evie@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned with backup C:\Documents and Settings\Evie\Cookies\[email protected][1].txt -> TrackingCookie.Falkag : Cleaned with backup C:\Documents and Settings\Evie\Cookies\evie@starware[2].txt -> TrackingCookie.Starware : Cleaned with backup C:\Documents and Settings\Evie\Cookies\[email protected][1].txt -> TrackingCookie.Webtrendslive : Cleaned with backup C:\Documents and Settings\Evie\Cookies\evie@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Cleaned with backup C:\Documents and Settings\Evie\Cookies\evie@trafficmp[1].txt -> TrackingCookie.Trafficmp : Cleaned with backup C:\Documents and Settings\Evie\Cookies\evie@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned with backup C:\Documents and Settings\Evie\Cookies\evie@valueclick[1].txt -> TrackingCookie.Valueclick : Cleaned with backup C:\Documents and Settings\Evie\Cookies\[email protected][2].txt -> TrackingCookie.Burstbeacon : Cleaned with backup C:\Documents and Settings\Evie\Cookies\[email protected][1].txt -> TrackingCookie.Adserver : Cleaned with backup C:\Documents and Settings\Evie\Cookies\evie@zedo[2].txt -> TrackingCookie.Zedo : Cleaned with backup C:\Documents and Settings\Evie\Local Settings\Temp\Del11A.tmp -> Adware.180Solutions : Cleaned with backup C:\Documents and Settings\Isaac\Cookies\isaac@2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup C:\Documents and Settings\Isaac\Cookies\isaac@7search[2].txt -> TrackingCookie.7search : Cleaned with backup C:\Documents and Settings\Isaac\Cookies\[email protected][2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup C:\Documents and Settings\Isaac\Cookies\[email protected][2].txt -> TrackingCookie.Euroclick : Cleaned with backup C:\Documents and Settings\Isaac\Cookies\[email protected][2].txt -> TrackingCookie.Specificclick : Cleaned with backup C:\Documents and Settings\Isaac\Cookies\isaac@adrevolver[3].txt -> TrackingCookie.Adrevolver : Cleaned with backup C:\Documents and Settings\Isaac\Cookies\[email protected][2].txt -> TrackingCookie.Pointroll : Cleaned with backup C:\Documents and Settings\Isaac\Cookies\isaac@advertising[2].txt -> TrackingCookie.Advertising : Cleaned with backup C:\Documents and Settings\Isaac\Cookies\[email protected][2].txt -> TrackingCookie.Falkag : Cleaned with backup C:\Documents and Settings\Isaac\Cookies\[email protected][2].txt -> TrackingCookie.Falkag : Cleaned with backup C:\Documents and Settings\Isaac\Cookies\isaac@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup C:\Documents and Settings\Isaac\Cookies\isaac@bestoffersnetworks[1].txt -> TrackingCookie.Bestoffersnetworks : Cleaned with backup C:\Documents and Settings\Isaac\Cookies\isaac@bluestreak[2].txt -> TrackingCookie.Bluestreak : Cleaned with backup C:\Documents and Settings\Isaac\Cookies\isaac@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned with backup C:\Documents and Settings\Isaac\Cookies\isaac@cliks[1].txt -> TrackingCookie.Cliks : Cleaned with backup C:\Documents and Settings\Isaac\Cookies\isaac@com[2].txt -> TrackingCookie.Com : Cleaned with backup C:\Documents and Settings\Isaac\Cookies\[email protected][1].txt -> TrackingCookie.Sextracker : Cleaned with backup C:\Documents and Settings\Isaac\Cookies\isaac@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Cleaned with backup C:\Documents and Settings\Isaac\Cookies\isaac@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup C:\Documents and Settings\Isaac\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\Isaac\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\Isaac\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\Isaac\Cookies\[email protected][2].txt -> TrackingCookie.Ru4 : Cleaned with backup C:\Documents and Settings\Isaac\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : Cleaned with backup C:\Documents and Settings\Isaac\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : Cleaned with backup C:\Documents and Settings\Isaac\Cookies\[email protected][2].txt -> TrackingCookie.Aavalue : Cleaned with backup C:\Documents and Settings\Isaac\Cookies\[email protected][2].txt -> TrackingCookie.Aavalue : Cleaned with backup C:\Documents and Settings\Isaac\Cookies\isaac@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned with backup C:\Documents and Settings\Isaac\Cookies\[email protected][1].txt -> TrackingCookie.Starware : Cleaned with backup C:\Documents and Settings\Isaac\Cookies\[email protected][2].txt -> TrackingCookie.Tracking101 : Cleaned with backup C:\Documents and Settings\Isaac\Cookies\isaac@need2find[1].txt -> TrackingCookie.Need2find : Cleaned with backup C:\Documents and Settings\Isaac\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup C:\Documents and Settings\Isaac\Cookies\[email protected][1].txt -> TrackingCookie.Overture : Cleaned with backup C:\Documents and Settings\Isaac\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : Cleaned with backup C:\Documents and Settings\Isaac\Cookies\[email protected][2].txt -> TrackingCookie.Liveperson : Cleaned with backup C:\Documents and Settings\Isaac\Cookies\isaac@sextracker[2].txt -> TrackingCookie.Sextracker : Cleaned with backup C:\Documents and Settings\Isaac\Cookies\isaac@starware[2].txt -> TrackingCookie.Starware : Cleaned with backup C:\Documents and Settings\Isaac\Cookies\isaac@statcounter[1].txt -> TrackingCookie.Statcounter : Cleaned with backup C:\Documents and Settings\Isaac\Cookies\[email protected][2].txt -> TrackingCookie.Webtrendslive : Cleaned with backup C:\Documents and Settings\Isaac\Cookies\isaac@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup C:\Documents and Settings\Isaac\Cookies\isaac@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Cleaned with backup C:\Documents and Settings\Isaac\Cookies\isaac@trafficmp[2].txt -> TrackingCookie.Trafficmp : Cleaned with backup C:\Documents and Settings\Isaac\Cookies\[email protected][1].txt -> TrackingCookie.Starware : Cleaned with backup C:\Documents and Settings\Isaac\Cookies\isaac@yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup C:\Documents and Settings\Isaac\Cookies\[email protected][1].txt -> TrackingCookie.Adserver : Cleaned with backup :mozilla.9:C:\Documents and Settings\Nina\Application Data\Netscape\NSB\Profiles\73pgmxm1.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.10:C:\Documents and Settings\Nina\Application Data\Netscape\NSB\Profiles\73pgmxm1.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.11:C:\Documents and Settings\Nina\Application Data\Netscape\NSB\Profiles\73pgmxm1.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup C:\Documents and Settings\Nina\Cookies\nina@2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup C:\Documents and Settings\Nina\Cookies\[email protected][2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup C:\Documents and Settings\Nina\Cookies\nina@adrevolver[3].txt -> TrackingCookie.Adrevolver : Cleaned with backup C:\Documents and Settings\Nina\Cookies\[email protected][2].txt -> TrackingCookie.Addynamix : Cleaned with backup C:\Documents and Settings\Nina\Cookies\nina@advertising[2].txt -> TrackingCookie.Advertising : Cleaned with backup C:\Documents and Settings\Nina\Cookies\[email protected][1].txt -> TrackingCookie.Falkag : Cleaned with backup C:\Documents and Settings\Nina\Cookies\nina@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup C:\Documents and Settings\Nina\Cookies\[email protected][1].txt -> TrackingCookie.Zedo : Cleaned with backup C:\Documents and Settings\Nina\Cookies\nina@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned with backup C:\Documents and Settings\Nina\Cookies\nina@com[2].txt -> TrackingCookie.Com : Cleaned with backup C:\Documents and Settings\Nina\Cookies\nina@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup C:\Documents and Settings\Nina\Cookies\[email protected][1].txt -> TrackingCookie.Hitbox : Cleaned with backup C:\Documents and Settings\Nina\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : Cleaned with backup C:\Documents and Settings\Nina\Cookies\[email protected][1].txt -> TrackingCookie.Aavalue : Cleaned with backup C:\Documents and Settings\Nina\Cookies\[email protected][2].txt -> TrackingCookie.Aavalue : Cleaned with backup C:\Documents and Settings\Nina\Cookies\nina@fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned with backup C:\Documents and Settings\Nina\Cookies\nina@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup C:\Documents and Settings\Nina\Cookies\[email protected][2].txt -> TrackingCookie.Tracking101 : Cleaned with backup C:\Documents and Settings\Nina\Cookies\nina@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned with backup C:\Documents and Settings\Nina\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup C:\Documents and Settings\Nina\Cookies\nina@overture[1].txt -> TrackingCookie.Overture : Cleaned with backup C:\Documents and Settings\Nina\Cookies\nina@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned with backup C:\Documents and Settings\Nina\Cookies\[email protected][1].txt -> TrackingCookie.Falkag : Cleaned with backup C:\Documents and Settings\Nina\Cookies\nina@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup C:\Documents and Settings\Nina\Cookies\nina@targetnet[2].txt -> TrackingCookie.Targetnet : Cleaned with backup C:\Documents and Settings\Nina\Cookies\nina@trafficmp[1].txt -> TrackingCookie.Trafficmp : Cleaned with backup C:\Documents and Settings\Nina\Cookies\nina@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned with backup C:\Documents and Settings\Nina\Cookies\nina@yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup C:\Documents and Settings\Nina\Cookies\[email protected][1].txt -> TrackingCookie.Adserver : Cleaned with backup C:\Documents and Settings\Nina\Cookies\nina@zedo[2].txt -> TrackingCookie.Zedo : Cleaned with backup :mozilla.19:C:\Documents and Settings\Shawn Ryan\Application Data\Netscape\NSB\Profiles\gk49q6j6\cookies.txt -> TrackingCookie.Overture : Cleaned with backup :mozilla.20:C:\Documents and Settings\Shawn Ryan\Application Data\Netscape\NSB\Profiles\gk49q6j6\cookies.txt -> TrackingCookie.Overture : Cleaned with backup :mozilla.30:C:\Documents and Settings\Shawn Ryan\Application Data\Netscape\NSB\Profiles\gk49q6j6\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.31:C:\Documents and Settings\Shawn Ryan\Application Data\Netscape\NSB\Profiles\gk49q6j6\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.32:C:\Documents and Settings\Shawn Ryan\Application Data\Netscape\NSB\Profiles\gk49q6j6\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.33:C:\Documents and Settings\Shawn Ryan\Application Data\Netscape\NSB\Profiles\gk49q6j6\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.36:C:\Documents and Settings\Shawn Ryan\Application Data\Netscape\NSB\Profiles\gk49q6j6\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup C:\Documents and Settings\Shawn Ryan\Application Data\Netscape\NSB\Profiles\mgu26d6s.default\Cache\C8D542DDd01 -> Adware.180Solutions : Cleaned with backup :mozilla.9:C:\Documents and Settings\Shawn Ryan\Application Data\Netscape\NSB\Profiles\mgu26d6s.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.10:C:\Documents and Settings\Shawn Ryan\Application Data\Netscape\NSB\Profiles\mgu26d6s.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.11:C:\Documents and Settings\Shawn Ryan\Application Data\Netscape\NSB\Profiles\mgu26d6s.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.12:C:\Documents and Settings\Shawn Ryan\Application Data\Netscape\NSB\Profiles\mgu26d6s.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.13:C:\Documents and Settings\Shawn Ryan\Application Data\Netscape\NSB\Profiles\mgu26d6s.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.14:C:\Documents and Settings\Shawn Ryan\Application Data\Netscape\NSB\Profiles\mgu26d6s.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.15:C:\Documents and Settings\Shawn Ryan\Application Data\Netscape\NSB\Profiles\mgu26d6s.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.17:C:\Documents and Settings\Shawn Ryan\Application Data\Netscape\NSB\Profiles\mgu26d6s.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup :mozilla.65:C:\Documents and Settings\Shawn Ryan\Application Data\Netscape\NSB\Profiles\mgu26d6s.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup :mozilla.69:C:\Documents and Settings\Shawn Ryan\Application Data\Netscape\NSB\Profiles\mgu26d6s.default\cookies.txt -> TrackingCookie.Weborama : Cleaned with backup :mozilla.70:C:\Documents and Settings\Shawn Ryan\Application Data\Netscape\NSB\Profiles\mgu26d6s.default\cookies.txt -> TrackingCookie.Weborama : Cleaned with backup :mozilla.85:C:\Documents and Settings\Shawn Ryan\Application Data\Netscape\NSB\Profiles\mgu26d6s.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup :mozilla.105:C:\Documents and Settings\Shawn Ryan\Application Data\Netscape\NSB\Profiles\mgu26d6s.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup :mozilla.111:C:\Documents and Settings\Shawn Ryan\Application Data\Netscape\NSB\Profiles\mgu26d6s.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.112:C:\Documents and Settings\Shawn Ryan\Application Data\Netscape\NSB\Profiles\mgu26d6s.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup :mozilla.113:C:\Documents and Settings\Shawn Ryan\Application Data\Netscape\NSB\Profiles\mgu26d6s.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup :mozilla.114:C:\Documents and Settings\Shawn Ryan\Application Data\Netscape\NSB\Profiles\mgu26d6s.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup :mozilla.119:C:\Documents and Settings\Shawn Ryan\Application Data\Netscape\NSB\Profiles\mgu26d6s.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup :mozilla.122:C:\Documents and Settings\Shawn Ryan\Application Data\Netscape\NSB\Profiles\mgu26d6s.default\cookies.txt -> TrackingCookie.Clickhype : Cleaned with backup :mozilla.128:C:\Documents and Settings\Shawn Ryan\Application Data\Netscape\NSB\Profiles\mgu26d6s.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup :mozilla.130:C:\Documents and Settings\Shawn Ryan\Application Data\Netscape\NSB\Profiles\mgu26d6s.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup :mozilla.135:C:\Documents and Settings\Shawn Ryan\Application Data\Netscape\NSB\Profiles\mgu26d6s.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup :mozilla.138:C:\Documents and Settings\Shawn Ryan\Application Data\Netscape\NSB\Profiles\mgu26d6s.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup :mozilla.139:C:\Documents and Settings\Shawn Ryan\Application Data\Netscape\NSB\Profiles\mgu26d6s.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup :mozilla.140:C:\Documents and Settings\Shawn Ryan\Application Data\Netscape\NSB\Profiles\mgu26d6s.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup :mozilla.141:C:\Documents and Settings\Shawn Ryan\Application Data\Netscape\NSB\Profiles\mgu26d6s.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup C:\Documents and Settings\Shawn Ryan\Cookies\shawn ryan@2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup C:\Documents and Settings\Shawn Ryan\Cookies\shawn [email protected][1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup C:\Documents and Settings\Shawn Ryan\Cookies\shawn [email protected][1].txt -> TrackingCookie.Clickhype : Cleaned with backup C:\Documents and Settings\Shawn Ryan\Cookies\shawn [email protected][1].txt -> TrackingCookie.Realcastmedia : Cleaned with backup C:\Documents and Settings\Shawn Ryan\Cookies\shawn ryan@bestoffersnetworks[2].txt -> TrackingCookie.Bestoffersnetworks : Cleaned with backup C:\Documents and Settings\Shawn Ryan\Cookies\shawn ryan@clickbank[1].txt -> TrackingCookie.Clickbank : Cleaned with backup C:\Documents and Settings\Shawn Ryan\Cookies\shawn ryan@cliks[2].txt -> TrackingCookie.Cliks : Cleaned with backup C:\Documents and Settings\Shawn Ryan\Cookies\shawn ryan@com[1].txt -> TrackingCookie.Com : Cleaned with backup C:\Documents and Settings\Shawn Ryan\Cookies\shawn ryan@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Cleaned with backup C:\Documents and Settings\Shawn Ryan\Cookies\shawn ryan@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup C:\Documents and Settings\Shawn Ryan\Cookies\shawn [email protected][1].txt -> TrackingCookie.Hitbox : Cleaned with backup C:\Documents and Settings\Shawn Ryan\Cookies\shawn [email protected][2].txt -> TrackingCookie.Aavalue : Cleaned with backup C:\Documents and Settings\Shawn Ryan\Cookies\shawn [email protected][1].txt -> TrackingCookie.Aavalue : Cleaned with backup C:\Documents and Settings\Shawn Ryan\Cookies\shawn [email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup C:\Documents and Settings\Shawn Ryan\Cookies\shawn ryan@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup C:\Documents and Settings\Shawn Ryan\Cookies\shawn [email protected][1].txt -> TrackingCookie.Directnetadvertising : Cleaned with backup C:\Documents and Settings\Shawn Ryan\Cookies\shawn ryan@yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup C:\Documents and Settings\Shawn Ryan\Desktop\ZangoMessenger.exe -> Adware.180Solutions : Cleaned with backup C:\Documents and Settings\Shawn Ryan\Local Settings\Temp\asmfiles.cab/asm.exe -> Adware.Altnet : Cleaned with backup C:\Documents and Settings\Shawn Ryan\Local Settings\Temp\asmfiles.cab/asmps.dll -> Adware.Altnet : Cleaned with backup C:\Documents and Settings\Shawn Ryan\Local Settings\Temp\Cookies\shawn [email protected][2].txt -> TrackingCookie.Aavalue : Cleaned with backup C:\Documents and Settings\Shawn Ryan\Local Settings\Temp\Cookies\shawn [email protected][2].txt -> TrackingCookie.Aavalue : Cleaned with backup C:\Documents and Settings\Shawn Ryan\Local Settings\Temp\f2408203.exe -> Downloader.Qoologic.at : Cleaned with backup C:\Documents and Settings\Shawn Ryan\Local Settings\Temp\ICD2.tmp\ezg-package.exe -> Adware.Sidesearch : Cleaned with backup C:\Documents and Settings\Shawn Ryan\Local Settings\Temp\MGW_SH.exe -> Adware.WinAD : Cleaned with backup C:\Documents and Settings\Shawn Ryan\Local Settings\Temp\SHNT288.exe -> Adware.NewDotNet : Cleaned with backup C:\Documents and Settings\Shawn Ryan\Local Settings\Temp\tm26042.exe -> Downloader.Qoologic.ax : Cleaned with backup C:\Documents and Settings\Shawn Ryan\Local Settings\Temp\tm3662.exe -> Downloader.Qoologic.ax : Cleaned with backup C:\Documents and Settings\Shawn Ryan\Local Settings\Temp\wh.exe/whAgent.exe -> Adware.WebHancer : Cleaned with backup C:\Documents and Settings\Shawn Ryan\Local Settings\Temp\__unin__.exe -> Adware.Altnet : Cleaned with backup C:\Documents and Settings\Shawn Ryan\Local Settings\Temporary Internet Files\Content.IE5\G1URWDUR\rcverlib[1].exe -> Downloader.Qoologic.ax : Cleaned with backup C:\Documents and Settings\Shawn Ryan\My Documents\My Music\Divx Bundle +XViD.exe -> Worm.SdDrop.e : Cleaned with backup C:\Documents and Settings\Shawn Ryan\My Documents\My Music\DivX edit (new).exe -> Worm.SdDrop.d : Cleaned with backup C:\Documents and Settings\Shawn Ryan\My Documents\My Pictures\myemoticons\Display Images\myemoticons\temperkid.zip/winkjap1123.exe -> Downloader.VB.oc : Cleaned with backup C:\Program Files\filesubmit\dmpotc201.zip\NNWDAC638.EXE -> Adware.NewDotNet : Cleaned with backup C:\Program Files\INSTAFINK -> Adware.404Search : Cleaned with backup C:\Program Files\INSTAFINK\instafink.dll -> Adware.404Search : Cleaned with backup C:\Program Files\MyEmoticons\VVSNI_S3_MYEM_Inst.exe -> Adware.SaveNow : Cleaned with backup C:\Program Files\RXToolBar -> Adware.RXToolbar : Cleaned with backup C:\Program Files\RXToolBar\Semantic Insight -> Adware.RXToolbar : Cleaned with backup C:\Program Files\RXToolBar\Semantic Insight\bKPack01.01.dat -> Adware.RXToolbar : Error during cleaning C:\Program Files\RXToolBar\Semantic Insight\bKPack01.01.dattmp -> Adware.RXToolbar : Error during cleaning C:\Program Files\RXToolBar\Semantic Insight\bKPack01.01.sig -> Adware.RXToolbar : Error during cleaning C:\Program Files\RXToolBar\Semantic Insight\bKPack01.01.sigtmp -> Adware.RXToolbar : Error during cleaning C:\Program Files\RXToolBar\Semantic Insight\bKPack01.dat -> Adware.RXToolbar : Error during cleaning C:\Program Files\RXToolBar\Semantic Insight\bKPack01.dattmp -> Adware.RXToolbar : Error during cleaning C:\Program Files\RXToolBar\Semantic Insight\bKPack01.sig -> Adware.RXToolbar : Error during cleaning C:\Program Files\RXToolBar\Semantic Insight\bKPack01.sigtmp -> Adware.RXToolbar : Error during cleaning C:\Program Files\RXToolBar\Semantic Insight\bLabels01.dat -> Adware.RXToolbar : Error during cleaning C:\Program Files\RXToolBar\Semantic Insight\bLabels01.dattmp -> Adware.RXToolbar : Error during cleaning C:\Program Files\RXToolBar\Semantic Insight\bLabels01.sig -> Adware.RXToolbar : Error during cleaning C:\Program Files\RXToolBar\Semantic Insight\bLabels01.sigtmp -> Adware.RXToolbar : Error during cleaning C:\Program Files\RXToolBar\Semantic Insight\CustomerSecret.Key -> Adware.RXToolbar : Error during cleaning C:\Program Files\RXToolBar\Semantic Insight\CustomerSecret.Keytmp -> Adware.RXToolbar : Error during cleaning C:\Program Files\RXToolBar\Semantic Insight\CustomerSecret.sig -> Adware.RXToolbar : Error during cleaning C:\Program Files\RXToolBar\Semantic Insight\CustomerSecret.sigtmp -> Adware.RXToolbar : Error during cleaning C:\Program Files\RXToolBar\Semantic Insight\nLabels01.dat -> Adware.RXToolbar : Error during cleaning C:\Program Files\RXToolBar\Semantic Insight\nLabels01.dattmp -> Adware.RXToolbar : Error during cleaning C:\Program Files\RXToolBar\Semantic Insight\nLabels01.sig -> Adware.RXToolbar : Error during cleaning C:\Program Files\RXToolBar\Semantic Insight\nLabels01.sigtmp -> Adware.RXToolbar : Error during cleaning C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.dat -> Adware.RXToolbar : Cleaned with backup C:\Program Files\TBONBin -> Adware.BetterInternet : Cleaned with backup C:\Program Files\TBONBin\TBONWnd.EXE -> Adware.BetterInternet : Cleaned with backup C:\Program Files\webHancer\Programs\whSurvey.exe -> Adware.WebHancer : Cleaned with backup C:\Program Files\whInstall -> Adware.Webhancer : Cleaned with backup C:\Program Files\whInstall\license.txt -> Adware.Webhancer : Cleaned with backup C:\Program Files\whInstall\readme.txt -> Adware.Webhancer : Cleaned with backup C:\Program Files\whInstall\Sporder.dll -> Adware.Webhancer : Cleaned with backup C:\Program Files\whInstall\webhdll.dll -> Adware.Webhancer : Cleaned with backup C:\Program Files\whInstall\whAgent.exe -> Adware.Webhancer : Cleaned with backup C:\Program Files\whInstall\whAgent.inf -> Adware.Webhancer : Cleaned with backup C:\Program Files\whInstall\whAgent.ini -> Adware.Webhancer : Cleaned with backup C:\Program Files\whInstall\whiehlpr.dll -> Adware.Webhancer : Cleaned with backup C:\Program Files\whInstall\whInstaller.exe -> Adware.Webhancer : Cleaned with backup C:\Program Files\whInstall\whInstaller.ini -> Adware.Webhancer : Cleaned with backup C:\Program Files\whInstall\whSurvey.exe -> Adware.Webhancer : Cleaned with backup C:\WINDOWS\Downloaded Program Files\MediaGatewayX.dll -> Adware.WinAD : Cleaned with backup C:\WINDOWS\Downloaded Program Files\supreme.dll -> Adware.MegaSearch : Cleaned with backup C:\WINDOWS\NDNuninstall6_38.exe -> Adware.NewDotNet : Cleaned with backup C:\WINDOWS\NDNuninstall7_22.exe -> Adware.NewDotNet : Cleaned with backup C:\WINDOWS\system32\fkksddc.exe -> Trojan.Pakes : Cleaned with backup C:\WINDOWS\system32\P2P Networking -> Adware.P2PNetworking : Cleaned with backup C:\WINDOWS\system32\P2P Networking\MARSHAL.DLL -> Adware.P2PNetworking : Cleaned with backup C:\WINDOWS\system32\P2P Networking\P2P Networking.eng -> Adware.P2PNetworking : Cleaned with backup C:\WINDOWS\system32\pqqab.dat -> Downloader.Qoologic.at : Cleaned with backup C:\WINDOWS\system32\vgactl.cpl -> Downloader.Qoologic.at : Cleaned with backup C:\WINDOWS\system32\winks.exe -> Adware.WinAD : Cleaned with backup C:\WINDOWS\system32\wyyirr.exe -> Downloader.Qoologic.at : Cleaned with backup C:\WINDOWS\Temp\Altnet -> Adware.Altnet : Cleaned with backup C:\WINDOWS\Temp\Altnet\adm.exe -> Adware.Altnet : Cleaned with backup C:\WINDOWS\Temp\Altnet\adm25.dll -> Adware.Altnet : Cleaned with backup C:\WINDOWS\Temp\Altnet\adm4.dll -> Adware.Altnet : Cleaned with backup C:\WINDOWS\Temp\Altnet\admdata.dll -> Adware.Altnet : Cleaned with backup C:\WINDOWS\Temp\Altnet\admdloader.dll -> Adware.Altnet : Cleaned with backup C:\WINDOWS\Temp\Altnet\admfdi.dll -> Adware.Altnet : Cleaned with backup C:\WINDOWS\Temp\Altnet\admprog.dll -> Adware.Altnet : Cleaned with backup C:\WINDOWS\Temp\Altnet\Atl.dll -> Adware.Altnet : Cleaned with backup C:\WINDOWS\Temp\Altnet\dmfiles.cab -> Adware.Altnet : Cleaned with backup C:\WINDOWS\Temp\Altnet\DMinfo3.cab -> Adware.Altnet : Cleaned with backup C:\WINDOWS\Temp\Altnet\dminstall7.cab -> Adware.Altnet : Cleaned with backup C:\WINDOWS\Temp\Altnet\msvcirt.dll -> Adware.Altnet : Cleaned with backup C:\WINDOWS\Temp\Altnet\mysearch.cab -> Adware.Altnet : Cleaned with backup C:\WINDOWS\Temp\Altnet\pmexe.cab -> Adware.Altnet : Cleaned with backup C:\WINDOWS\Temp\Altnet\pmfiles.cab -> Adware.Altnet : Cleaned with backup C:\WINDOWS\Temp\Altnet\pminstall.cab -> Adware.Altnet : Cleaned with backup C:\WINDOWS\Temp\Altnet\Setup.cab -> Adware.Altnet : Cleaned with backup C:\WINDOWS\Temp\Altnet\Setup.exe -> Adware.Altnet : Cleaned with backup C:\WINDOWS\unist2.exe -> Adware.ShopNav : Cleaned with backup C:\WINDOWS\whInstaller.exe -> Adware.WebHancer : Cleaned with backup::Report EndWelcome back! You've got quite a mess there, but we got rid of the most dangerous part first. To deal with the amount of infections you have, and how serious they are, we're going to run a scan.Please print out these directionis for use in Safe ModePlease download ewido anti-malware it is a free version of the program.Install ewido anti-malwareWhen installing, under "Additional Options" uncheck..Install background guardInstall scan via context menu[*]Launch ewido, there should be an icon on your desktop, double-click it.[*]The program will now open to the main screen.[*]When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.[*]You will need to update ewido to the latest definition files.On the left hand side of the main screen click update.Then click on Start Update.[*]The update will start and a progress bar will show the updates being installed.(the status bar at the bottom will display ("Update successful")If you are having problems with the updater, you can use this link to manually update ewido.ewido manual updatesOnce the updates are installed do the following:Click on scannerClick on Complete System Scan and the scan will begin.You will be prompted to clean the first infection.Select "Perform action on all infections", then proceed.Once the scan has completed, there will be a button located on the bottom of the screen named Save reportClick Save report.Save the report .txt file to your desktop or a location where you can find it easily.Close ewido anti-malware.Post back with the Ewido Report and a new HJT log. Link to post Share on other sites
Matt Posted March 12, 2006 Report Share Posted March 12, 2006 Welcome back! That Ewido scan helped a lot!Scan with HJT and place a check next to the following items:R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.supremetoolbar.comO2 - BHO: Supreme Toolbar - {4E7BD74F-2B8D-469E-D7F3-FA7EA480A97D} - C:\WINDOWS\DOWNLO~1\supreme.dll (file missing)O2 - BHO: WhIeHelperObj Class - {c900b400-cdfe-11d3-976a-00e02913a9e0} - C:\Program Files\webHancer\programs\whiehlpr.dll (file missing)O3 - Toolbar: Supreme Toolbar - {4E7BD74F-2B8D-469E-D7F3-FA7EA480A97D} - C:\WINDOWS\DOWNLO~1\supreme.dll (file missing)O4 - HKLM\..\Run: [semanticInsight] C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exeO4 - HKLM\..\Run: [VVSN] C:\Program Files\VVSN\VVSN.exeO4 - HKLM\..\Run: [wdskctl] C:\WINDOWS\wdskctl.exeO4 - HKCU\..\Run: [sOProc_SoRefRegSoAlertWxLiteNnAj] rundll32 shell32.dll,ShellExec_RunDLL C:\PROGRA~1\SOFTWA~1\soproc.exe -pack SoRefRegSoAlertWxLiteNnAjO16 - DPF: {15589FA1-C456-11CE-BF01-00AA0055595A} - http://ax.web-nexus.net/download/ax/279/installer.exeO16 - DPF: {205FF73B-CA67-11D5-99DD-444553540013} (CInstall Class) - http://adserver.sharewareonline.com/adserver/Install.cabO16 - DPF: {4E7BD74F-2B8D-469E-DEFA-EB76B1D5FA7D} - http://ezgreets.aavalue.com/EZG/Toolbar/ezg-toolbar.cabO16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} (MediaGatewayX) - http://static.zangocash.com/cab/Zango/ie/bridge-c356.cabO18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file)Then, make sure all browser windows and other applications are closed, and click the Fix Checked button.Boot into Safe Mode:Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.Once in safe mode, find and delete the following files:C:\WINDOWS\wdskctl.exeC:\PROGRA~1\SOFTWA~1\soproc.exeAnd delete the following folders:C:\Program Files\RXToolBar\C:\Program Files\VVSN\Then, reboot your computer normally.Right click Here and select Save As to download WinHelp2002's DelDomains.inf. Please save the file somewhere you can find it like on the desktop. To run the inf file, right click on it and select Install.Next, Please download ATF Cleaner by Atribune.This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.Under Main choose: Select AllClick the Empty Selected button.If you use Firefox browserClick Firefox at the top and choose: Select AllClick the Empty Selected button.NOTE: If you would like to keep your saved passwords, please click No at the prompt.If you use Opera browserClick Opera at the top and choose: Select AllClick the Empty Selected button.NOTE: If you would like to keep your saved passwords, please click No at the prompt.Click Exit on the Main menu to close the program.For Technical Support, double-click the e-mail address located at the bottom of each menu.Then, Please go HERE to run Panda's ActiveScanOnce you are on the Panda site click the Scan your PC buttonA new window will open...click the Check Now buttonEnter your CountryEnter your State/ProvinceEnter your e-mail address and click sendSelect either Home User or CompanyClick the big Scan Now buttonIf it wants to install an ActiveX component allow itIt will start downloading the files it requires for the scan (Note: It may take a couple of minutes)When download is complete, click on My Computer to start the scanWhen the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report and a new HJT log. Link to post Share on other sites
illmatic rob Posted March 13, 2006 Author Report Share Posted March 13, 2006 okay .. i downloaded everything and ran all the utilites . When I tried to erase this programs you mentioned I had problems with :C:\PROGRA~1\SOFTWA~1\soproc.exe ( I couldn't locate . In safe mode I could do a search for it and I wasn't sure where to look. )And delete the following folders:C:\Program Files\RXToolBar\ ( This program even after I found I could not get rid of. )C:\Program Files\VVSN\ ( this one was erased )I still give the "shellconhiddenwindow" .. it's the very last program that shuts down when I turn off my laptop.Also, now my laptop is running a little slower .please advise.thank you very much Welcome back! That Ewido scan helped a lot!Scan with HJT and place a check next to the following items:R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.supremetoolbar.comO2 - BHO: Supreme Toolbar - {4E7BD74F-2B8D-469E-D7F3-FA7EA480A97D} - C:\WINDOWS\DOWNLO~1\supreme.dll (file missing)O2 - BHO: WhIeHelperObj Class - {c900b400-cdfe-11d3-976a-00e02913a9e0} - C:\Program Files\webHancer\programs\whiehlpr.dll (file missing)O3 - Toolbar: Supreme Toolbar - {4E7BD74F-2B8D-469E-D7F3-FA7EA480A97D} - C:\WINDOWS\DOWNLO~1\supreme.dll (file missing)O4 - HKLM\..\Run: [semanticInsight] C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exeO4 - HKLM\..\Run: [VVSN] C:\Program Files\VVSN\VVSN.exeO4 - HKLM\..\Run: [wdskctl] C:\WINDOWS\wdskctl.exeO4 - HKCU\..\Run: [sOProc_SoRefRegSoAlertWxLiteNnAj] rundll32 shell32.dll,ShellExec_RunDLL C:\PROGRA~1\SOFTWA~1\soproc.exe -pack SoRefRegSoAlertWxLiteNnAjO16 - DPF: {15589FA1-C456-11CE-BF01-00AA0055595A} - http://ax.web-nexus.net/download/ax/279/installer.exeO16 - DPF: {205FF73B-CA67-11D5-99DD-444553540013} (CInstall Class) - http://adserver.sharewareonline.com/adserver/Install.cabO16 - DPF: {4E7BD74F-2B8D-469E-DEFA-EB76B1D5FA7D} - http://ezgreets.aavalue.com/EZG/Toolbar/ezg-toolbar.cabO16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} (MediaGatewayX) - http://static.zangocash.com/cab/Zango/ie/bridge-c356.cabO18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file)Then, make sure all browser windows and other applications are closed, and click the Fix Checked button.Boot into Safe Mode:Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.Once in safe mode, find and delete the following files:C:\WINDOWS\wdskctl.exeC:\PROGRA~1\SOFTWA~1\soproc.exeAnd delete the following folders:C:\Program Files\RXToolBar\C:\Program Files\VVSN\Then, reboot your computer normally.Right click Here and select Save As to download WinHelp2002's DelDomains.inf. Please save the file somewhere you can find it like on the desktop. To run the inf file, right click on it and select Install.Next, Please download ATF Cleaner by Atribune.This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.Under Main choose: Select AllClick the Empty Selected button.If you use Firefox browserClick Firefox at the top and choose: Select AllClick the Empty Selected button.NOTE: If you would like to keep your saved passwords, please click No at the prompt.If you use Opera browserClick Opera at the top and choose: Select AllClick the Empty Selected button.NOTE: If you would like to keep your saved passwords, please click No at the prompt.Click Exit on the Main menu to close the program.For Technical Support, double-click the e-mail address located at the bottom of each menu.Then, Please go HERE to run Panda's ActiveScanOnce you are on the Panda site click the Scan your PC buttonA new window will open...click the Check Now buttonEnter your CountryEnter your State/ProvinceEnter your e-mail address and click sendSelect either Home User or CompanyClick the big Scan Now buttonIf it wants to install an ActiveX component allow itIt will start downloading the files it requires for the scan (Note: It may take a couple of minutes)When download is complete, click on My Computer to start the scanWhen the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report and a new HJT log. Link to post Share on other sites
Matt Posted March 13, 2006 Report Share Posted March 13, 2006 illmatic rob, please post the active scan report and a new HJT log for me. Link to post Share on other sites
illmatic rob Posted March 13, 2006 Author Report Share Posted March 13, 2006 my latest HJY LOG :Logfile of HijackThis v1.99.1Scan saved at 6:38:30 PM, on 3/12/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\TPSrv.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exec:\program files\panda software\panda titanium 2006 antivirus + antispyware\firewall\PNMSRV.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\ewido anti-malware\ewidoctrl.exeC:\Program Files\ewido anti-malware\ewidoguard.exeC:\Program Files\Common Files\LightScribe\LSSrvc.exeC:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PavFnSvr.exeC:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exeC:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\pavsrv51.exeC:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\AVENGINE.EXEC:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PsImSvc.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\wdfmgr.exeC:\WINDOWS\System32\alg.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\wbem\wmiprvse.exeC:\WINDOWS\Explorer.EXEC:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exeC:\Program Files\Java\jre1.5.0_06\bin\jusched.exeC:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exeC:\Program Files\Synaptics\SynTP\SynTPLpr.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\HPQ\SHARED\HPQWMI.exeC:\Program Files\Hp\HP Software Update\HPWuSchd2.exeC:\Program Files\HPQ\Quick Launch Buttons\EabServr.exeC:\Program Files\Real\RealPlayer\RealPlay.exeC:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exeC:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exeC:\Program Files\Kazaa Lite Revolution\kazaalite.kppC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\QuickTime\qttask.exeC:\Program Files\iPod\bin\iPodService.exeC:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\APVXDWIN.EXEC:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exeC:\Program Files\Messenger\msmsgs.exeC:\Program Files\Musicmatch\Musicmatch Jukebox\MMDiag.exeC:\Program Files\MSN Messenger\MsnMsgr.ExeC:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\WebProxy.exeC:\HJT\HijackThis.exeR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...ilion&pf=laptopO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dllO2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLLO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dllO3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLLO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dllO4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exeO4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exeO4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exeO4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exeO4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exeO4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exeO4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /StartO4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exeO4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exeO4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYERO4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exeO4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"O4 - HKLM\..\Run: [KAZAA] "C:\Program Files\Kazaa Lite Revolution\kpp.exe" "C:\Program Files\Kazaa Lite Revolution\kazaalite.kpp" /SYSTRAYO4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\APVXDWIN.EXE" /sO4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /backgroundO8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTMLO8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.htmlO8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.htmlO8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.htmlO8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.htmlO8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.htmlO8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.htmlO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dllO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=laptopO15 - Trusted Zone: http://ak.imgfarm.comO15 - Trusted Zone: http://gallery.myfuncards.comO15 - Trusted Zone: http://www.rselby.netO15 - Trusted Zone: http://help.smileycentral.comO15 - Trusted Zone: http://smiley.smileycentral.comO15 - Trusted Zone: http://www.smiley.smileycentral.comO16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cabO16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} (Hewlett-Packard Online Support Services) - http://h50203.www5.hp.com/HPISWeb/Customer...DataManager.CABO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cabO16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cabO16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cabO16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1139440267890O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cabO16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cabO16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cabO18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dllO23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exeO23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exeO23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exeO23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exeO23 - Service: Panda Function Service (PAVFNSVR) - Panda Software - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PavFnSvr.exeO23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exeO23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\pavsrv51.exeO23 - Service: Panda Network Manager (PNMSRV) - Panda Software - c:\program files\panda software\panda titanium 2006 antivirus + antispyware\firewall\PNMSRV.EXEO23 - Service: Panda IManager Service (PSIMSVC) - Panda Software Internacional - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PsImSvc.exeO23 - Service: Panda TPSrv (TPSrv) - Panda Software - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\TPSrv.exeillmatic rob, please post the active scan report and a new HJT log for me. Link to post Share on other sites
Matt Posted March 13, 2006 Report Share Posted March 13, 2006 illmatic rob, did you run panda active scan from my previous directions? Then, Please go HERE to run Panda's ActiveScan * Once you are on the Panda site click the Scan your PC button * A new window will open...click the Check Now button * Enter your Country * Enter your State/Province * Enter your e-mail address and click send * Select either Home User or Company * Click the big Scan Now button * If it wants to install an ActiveX component allow it * It will start downloading the files it requires for the scan (Note: It may take a couple of minutes) * When download is complete, click on My Computer to start the scan * When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report and a new HJT log.If so, please post the report it genereated. If not, please do so as directed before. Also, did you follow the steps for DelDomains? Right click Here and select Save As to download WinHelp2002's DelDomains.inf. Please save the file somewhere you can find it like on the desktop. To run the inf file, right click on it and select Install.If not, please do that also.So, please post the Panda report and a new HJT log after all these steps have been taken. Link to post Share on other sites
illmatic rob Posted March 13, 2006 Author Report Share Posted March 13, 2006 here's the panda report from scan :Panda Titanium 2006 Antivirus + Antispyware incident reportEVENT DATE RESULTS ADDITIONAL INFORMATION ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------Packets with incorrect SYN, ACK and FIN combinations 03/12/06 21:23:29 Blocked Source IP address: 219.95.216.196 Packets with incorrect SYN, ACK and FIN combinations 03/12/06 20:14:14 Blocked Source IP address: 219.95.216.196 Spyware detected: Cookie/Searchportal 03/12/06 18:13:26 Eliminated Location: C:\Documents and Settings\Nina\Cookies\[email protected][2].txt Spyware detected: Cookie/RealMedia 03/12/06 18:13:26 Eliminated Location: C:\Documents and Settings\Nina\Cookies\nina@realmedia[2].txt Spyware detected: Cookie/did-it 03/12/06 18:13:26 Eliminated Location: C:\Documents and Settings\Nina\Cookies\nina@did-it[1].txt Spyware detected: Cookie/WebPower 03/12/06 18:13:26 Eliminated Location: C:\Documents and Settings\Nina\Cookies\nina@webpower[1].txt Spyware detected: Cookie/Adrevolver 03/12/06 18:13:25 Eliminated Location: C:\Documents and Settings\Nina\Cookies\nina@adrevolver[1].txt Spyware detected: Cookie/Banner 03/12/06 18:13:25 Eliminated Location: C:\Documents and Settings\Nina\Cookies\nina@banner[1].txt Spyware detected: Cookie/Hbmediapro 03/12/06 18:13:25 Eliminated Location: C:\Documents and Settings\Nina\Cookies\[email protected][1].txt Spyware detected: Cookie/Apmebf 03/12/06 18:13:25 Eliminated Location: C:\Documents and Settings\Nina\Cookies\nina@apmebf[2].txt Spyware detected: Cookie/RealMedia 03/12/06 18:11:08 Eliminated Location: C:\Documents and Settings\Isaac\Cookies\isaac@realmedia[2].txt Spyware detected: Cookie/OfferOptimizer 03/12/06 18:11:08 Eliminated Location: C:\Documents and Settings\Isaac\Cookies\isaac@offeroptimizer[1].txt Spyware detected: Cookie/Kazaa Networks 03/12/06 18:11:07 Eliminated Location: C:\Documents and Settings\Isaac\Cookies\[email protected][1].txt Spyware detected: Cookie/Screensavers 03/12/06 18:11:07 Eliminated Location: C:\Documents and Settings\Isaac\Cookies\[email protected][1].txt Spyware detected: Cookie/Cgi-bin 03/12/06 18:11:06 Eliminated Location: C:\Documents and Settings\Isaac\Cookies\isaac@cgi-bin[1].txt Spyware detected: Cookie/Btgrab 03/12/06 18:11:06 Eliminated Location: C:\Documents and Settings\Isaac\Cookies\[email protected][1].txt Spyware detected: Cookie/Adrevolver 03/12/06 18:11:05 Eliminated Location: C:\Documents and Settings\Isaac\Cookies\isaac@adrevolver[2].txt Spyware detected: Cookie/Azjmp 03/12/06 18:11:05 Eliminated Location: C:\Documents and Settings\Isaac\Cookies\isaac@azjmp[1].txt Spyware detected: Cookie/Hbmediapro 03/12/06 18:11:05 Eliminated Location: C:\Documents and Settings\Isaac\Cookies\[email protected][2].txt Unrequested ICMP Echo reply 03/12/06 18:08:55 Blocked Source IP address: 192.168.1.1 Spyware detected: Cookie/WebPower 03/12/06 18:07:50 Eliminated Location: C:\Documents and Settings\Evie\Cookies\evie@webpower[2].txt Spyware detected: Cookie/RealMedia 03/12/06 18:07:49 Eliminated Location: C:\Documents and Settings\Evie\Cookies\evie@realmedia[1].txt Spyware detected: Cookie/OfferOptimizer 03/12/06 18:07:48 Eliminated Location: C:\Documents and Settings\Evie\Cookies\evie@offeroptimizer[2].txt Spyware detected: Cookie/Netster 03/12/06 18:07:47 Eliminated Location: C:\Documents and Settings\Evie\Cookies\[email protected][1].txt Spyware detected: Cookie/Netster 03/12/06 18:07:47 Eliminated Location: C:\Documents and Settings\Evie\Cookies\[email protected][1].txt Spyware detected: Cookie/Maxserving 03/12/06 18:07:47 Eliminated Location: C:\Documents and Settings\Evie\Cookies\evie@maxserving[1].txt Spyware detected: Cookie/Belnk 03/12/06 18:07:46 Eliminated Location: C:\Documents and Settings\Evie\Cookies\[email protected][1].txt Spyware detected: Cookie/Screensavers 03/12/06 18:07:46 Eliminated Location: C:\Documents and Settings\Evie\Cookies\[email protected][1].txt Spyware detected: Cookie/Belnk 03/12/06 18:07:45 Eliminated Location: C:\Documents and Settings\Evie\Cookies\evie@belnk[1].txt Spyware detected: Cookie/Btgrab 03/12/06 18:07:45 Eliminated Location: C:\Documents and Settings\Evie\Cookies\[email protected][2].txt Spyware detected: Cookie/bravenetA 03/12/06 18:07:45 Eliminated Location: C:\Documents and Settings\Evie\Cookies\evie@bravenet[2].txt Spyware detected: Cookie/Adrevolver 03/12/06 18:07:44 Eliminated Location: C:\Documents and Settings\Evie\Cookies\evie@adrevolver[2].txt Spyware detected: Cookie/Belnk 03/12/06 18:07:44 Eliminated Location: C:\Documents and Settings\Evie\Cookies\[email protected][2].txt Spyware detected: Cookie/Azjmp 03/12/06 18:07:44 Eliminated Location: C:\Documents and Settings\Evie\Cookies\evie@azjmp[2].txt Spyware detected: Cookie/Banner 03/12/06 18:07:44 Eliminated Location: C:\Documents and Settings\Evie\Cookies\evie@banner[1].txt Tracking program detected 03/12/06 18:05:56 Eliminated Location: HKEY_LOCAL_MACHINE\S...\FUN WEB PRODUCTS Scan started 03/12/06 18:04:28 Scan: All My Computer Packets with incorrect SYN, ACK and FIN combinations 03/12/06 17:55:20 Blocked Source IP address: 219.95.216.196 Connection attempt 03/12/06 17:43:01 Blocked Application: C:\WINDOWS\system32\svchost.exe Adware detected: adware/ncase 03/12/06 14:42:09 Eliminated Location: HKEY_CLASSES_ROOT\Interface\{F1F1E775-1B21-454D-8D38-7C16519969E5} Adware detected: adware/looksmart 03/12/06 14:41:55 Eliminated Location: HKEY_CLASSES_ROOT\TypeLib\{EDD3B3E9-3FFD-4836-A6DE-D4A9C473A971} Adware detected: adware/upspiralbar 03/12/06 14:41:47 Eliminated Location: HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{4E7BD74F-2B8D-469E-D7F3-FA7EA480A97D} Spyware detected: spyware/altnet 03/12/06 14:41:25 Eliminated Location: HKEY_CLASSES_ROOT\CLSID\{B7156514-A76C-4545-9D5B-A4E1D02C7AEC} Adware detected: adware/clkoptimizer 03/12/06 14:41:24 Eliminated Location: HKEY_CLASSES_ROOT\CLSID\{6EC11407-5B2E-4E25-8BDF-77445B52AB37} Tracking program detected 03/12/06 14:41:23 Notified Location: HKEY_LOCAL_MACHINE\SOFTWARE\FUN WEB PRODUCTS Tracking program detected 03/12/06 14:41:15 Notified Location: HKEY_LOCAL_MACHINE\SOFTWARE\FOCUSINTERACTIVE Adware detected: adware/wupd 03/12/06 14:40:39 Eliminated Location: HKEY_CLASSES_ROOT\MEDIAGATEWAY.INSTALLER Spyware detected: spyware/rxtoolbar 03/12/06 14:40:35 Eliminated Location: C:\PROGRAM FILES\RXToolBar Adware detected: adware/qoologic 03/12/06 14:40:35 Eliminated Location: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\WEBNEXUS Tracking program detected 03/12/06 14:40:34 Eliminated Location: C:\PROGRAM FILES\Need2Find Adware detected: adware/webhancer 03/12/06 14:40:12 Eliminated Location: C:\WINDOWS\whAgent.inf Spyware detected: application/bestoffer 03/12/06 14:40:09 Eliminated Location: C:\WINDOWS\smdat32a.sys Tracking program detected 03/12/06 14:40:08 Notified Location: C:\Documents and Settings\Shawn Ryan\Desktop\Registry Cleaner.lnk Tracking program detected 03/12/06 14:40:01 Blocked Location: c:\windows\downloaded program files\clientax.dll Tracking program detected 03/12/06 14:39:41 Notified Location: C:\WINDOWS\DOWNLOADED PROGRAM FILES\ClientAX.dll Adware detected: adware/p2pnetworking 03/12/06 14:39:20 Eliminated Location: C:\Documents and Settings\Shawn Ryan\Local Settings\Temp\p2psetup.exe Update 03/12/06 14:34:13 OK New virus signatures: 2419 Packets with incorrect SYN, ACK and FIN combinations 03/12/06 14:22:54 Blocked Source IP address: 219.95.216.196 illmatic rob, did you run panda active scan from my previous directions? Then, Please go HERE to run Panda's ActiveScan * Once you are on the Panda site click the Scan your PC button * A new window will open...click the Check Now button * Enter your Country * Enter your State/Province * Enter your e-mail address and click send * Select either Home User or Company * Click the big Scan Now button * If it wants to install an ActiveX component allow it * It will start downloading the files it requires for the scan (Note: It may take a couple of minutes) * When download is complete, click on My Computer to start the scan * When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report and a new HJT log.If so, please post the report it genereated. If not, please do so as directed before. Also, did you follow the steps for DelDomains? Right click Here and select Save As to download WinHelp2002's DelDomains.inf. Please save the file somewhere you can find it like on the desktop. To run the inf file, right click on it and select Install.If not, please do that also.So, please post the Panda report and a new HJT log after all these steps have been taken.panda_report___1.txt Link to post Share on other sites
Matt Posted March 13, 2006 Report Share Posted March 13, 2006 Did you by any chance download panda's anti-virus softwware, or did you run the online scan?Please download the Killbox by Option^Explicit.Note: In the event you already have Killbox, this is a new version that I need you to download. Save it to your desktop. Please double-click Killbox.exe to run it. Select: Delete on Reboot then Click on the All Files button.[*]Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):C:\WINDOWS\whAgent.infC:\WINDOWS\smdat32a.sysC:\Documents and Settings\Shawn Ryan\Desktop\Registry Cleaner.lnkc:\windows\downloaded program files\clientax.dllC:\WINDOWS\DOWNLOADED PROGRAM FILES\ClientAX.dll[*] Return to Killbox, go to the File menu, and choose Paste from Clipboard.[*]Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).If your computer does not restart automatically, please restart it manually.If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click here to download and run missingfilesetup.exe. Then try Killbox again.Please download WebRoot SpySweeper from HERE (It's a 2 week trial):Click Download Now to download the program.Install it. Once the program is installed, it will open.It will prompt you to update to the latest definitions, click Yes.Once the definitions are installed, click Options on the left side.Click the Sweep Options tab.Under What to Sweep please put a check next to the following:Sweep MemorySweep RegistrySweep CookiesSweep All User AccountsEnable Direct Disk SweepingSweep Contents of Compressed FilesSweep for RootkitsPlease UNCHECK Do not Sweep System Restore Folder.[*]Click Sweep Now on the left side.[*]Click the Start button.[*]When it's done scanning, click the Next button.[*]Make sure everything has a check next to it, then click the Next button.[*]It will remove all of the items found.[*]Click Session Log in the upper right corner, copy everything in that window.[*]Click the Summary tab and click Finish.[*]Paste the contents of the session log you copied, and a new HJT log into your next reply. Link to post Share on other sites
illmatic rob Posted March 13, 2006 Author Report Share Posted March 13, 2006 where do i get killbox.exe from ? And yes, I ran panda online scan and ended up downloading the panda anti-virus. Should I get rid of it ? Link to post Share on other sites
Matt Posted March 13, 2006 Report Share Posted March 13, 2006 Sorry illmatic rob, I edited my post on where to download the application. and you can keep panda AV, but DO NOT have two Anti viruses running. If you keep panda, get rid of your current anti virus program. however, you do not have to keep panda Link to post Share on other sites
illmatic rob Posted March 13, 2006 Author Report Share Posted March 13, 2006 ok .. where do i find killbox.exe ? Link to post Share on other sites
Matt Posted March 13, 2006 Report Share Posted March 13, 2006 refer to post 14. I added in where to download it form.Sorry for the confusion. Link to post Share on other sites
illmatic rob Posted March 13, 2006 Author Report Share Posted March 13, 2006 no problem .. then follow instructions you gave me right ? I'll do that and probably get back to you on the results tomorrow. It's getting late for me. Thanks for all your help. I hope to resolve this mess soon refer to post 14. I added in where to download it form.Sorry for the confusion. Link to post Share on other sites
Matt Posted March 13, 2006 Report Share Posted March 13, 2006 Yep, just follow everything in post 14. Good luck! Matt Link to post Share on other sites
illmatic rob Posted March 13, 2006 Author Report Share Posted March 13, 2006 hey, i'm back for a few before i turn in .. i ran the killbox.exe and copy and paste. now what ? Here's my latest HJT log after executing killbox.exe :Logfile of HijackThis v1.99.1Scan saved at 12:46:35 AM, on 3/13/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\TPSrv.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exec:\program files\panda software\panda titanium 2006 antivirus + antispyware\firewall\PNMSRV.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\ewido anti-malware\ewidoctrl.exeC:\Program Files\ewido anti-malware\ewidoguard.exeC:\Program Files\Common Files\LightScribe\LSSrvc.exeC:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PavFnSvr.exeC:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exeC:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\pavsrv51.exeC:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\AVENGINE.EXEC:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PsImSvc.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\wdfmgr.exeC:\WINDOWS\System32\alg.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\wbem\wmiprvse.exeC:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exeC:\Program Files\Java\jre1.5.0_06\bin\jusched.exeC:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exeC:\Program Files\Synaptics\SynTP\SynTPLpr.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\Hp\HP Software Update\HPWuSchd2.exeC:\Program Files\HPQ\Quick Launch Buttons\EabServr.exeC:\Program Files\HPQ\SHARED\HPQWMI.exeC:\Program Files\Real\RealPlayer\RealPlay.exeC:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exeC:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exeC:\Program Files\Kazaa Lite Revolution\kazaalite.kppC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exeC:\Program Files\Musicmatch\Musicmatch Jukebox\MMDiag.exeC:\Program Files\QuickTime\qttask.exeC:\Program Files\iPod\bin\iPodService.exeC:\Program Files\MSN Messenger\MsnMsgr.ExeC:\WINDOWS\system32\wscntfy.exeC:\Program Files\Internet Explorer\iexplore.exeC:\HJT\HijackThis.exeR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...ilion&pf=laptopO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dllO2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLLO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dllO3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLLO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dllO4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exeO4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exeO4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exeO4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exeO4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exeO4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exeO4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /StartO4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exeO4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exeO4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYERO4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exeO4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"O4 - HKLM\..\Run: [KAZAA] "C:\Program Files\Kazaa Lite Revolution\kpp.exe" "C:\Program Files\Kazaa Lite Revolution\kazaalite.kpp" /SYSTRAYO4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\APVXDWIN.EXE" /sO4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /backgroundO8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTMLO8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.htmlO8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.htmlO8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.htmlO8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.htmlO8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.htmlO8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.htmlO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dllO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=laptopO15 - Trusted Zone: http://ak.imgfarm.comO15 - Trusted Zone: http://gallery.myfuncards.comO15 - Trusted Zone: http://www.rselby.netO15 - Trusted Zone: http://help.smileycentral.comO15 - Trusted Zone: http://smiley.smileycentral.comO15 - Trusted Zone: http://www.smiley.smileycentral.comO16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cabO16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} (Hewlett-Packard Online Support Services) - http://h50203.www5.hp.com/HPISWeb/Customer...DataManager.CABO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cabO16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cabO16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cabO16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1139440267890O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cabO16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cabO16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cabO18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dllO23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exeO23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exeO23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exeO23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exeO23 - Service: Panda Function Service (PAVFNSVR) - Panda Software - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PavFnSvr.exeO23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exeO23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\pavsrv51.exeO23 - Service: Panda Network Manager (PNMSRV) - Panda Software - c:\program files\panda software\panda titanium 2006 antivirus + antispyware\firewall\PNMSRV.EXEO23 - Service: Panda IManager Service (PSIMSVC) - Panda Software Internacional - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PsImSvc.exeO23 - Service: Panda TPSrv (TPSrv) - Panda Software - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\TPSrv.exeYep, just follow everything in post 14. Good luck! Matthijackthis_file__5.txt Link to post Share on other sites
Matt Posted March 13, 2006 Report Share Posted March 13, 2006 Now, continue with the direction in post 14 about using spysweeper Link to post Share on other sites
illmatic rob Posted March 14, 2006 Author Report Share Posted March 14, 2006 ok .. i used the webroot spysweeper as requested. I'm submitting logs from webroot scan and HJT. See attachmentplease advise.thanks Yep, just follow everything in post 14. Good luck! Matthijackthis_file__6.txt Link to post Share on other sites
illmatic rob Posted March 14, 2006 Author Report Share Posted March 14, 2006 hey i didi .. i ran both and follow post #14 . I post both logs. See anything ?ok .. i used the webroot spysweeper as requested. I'm submitting logs from webroot scan and HJT. See attachmentplease advise.thanks Yep, just follow everything in post 14. Good luck! Matt Link to post Share on other sites
illmatic rob Posted March 14, 2006 Author Report Share Posted March 14, 2006 okay .. what now ? I'm still getting this :The page cannot be displayed The page you are looking for is currently unavailable. The Web site might be experiencing technical difficulties, or you may need to adjust your browser settings. and shutting down shellconhiddenwindow is always the last thing to shut down before powering off .I've done all that you mentioned in post #14 .. hey i didi .. i ran both and follow post #14 . I post both logs. See anything ?ok .. i used the webroot spysweeper as requested. I'm submitting logs from webroot scan and HJT. See attachmentplease advise.thanks Yep, just follow everything in post 14. Good luck! Matt Link to post Share on other sites
Recommended Posts