Hijackthis Log To Rid Me Of Sweepstakes.com Forever


Recommended Posts

umm...yeah Im stuck with this sweepstakes.com thing..I did the HijackThis. here's the scan

please let me know what to do. simple directions would be appreciated..thanks

Logfile of HijackThis v1.99.1

Scan saved at 7:45:15 PM, on 6/7/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\system32\cisvc.exe

c:\program files\mcafee.com\agent\mcdetect.exe

c:\PROGRA~1\mcafee.com\agent\mctskshd.exe

C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\cidaemon.exe

C:\WINDOWS\system32\cidaemon.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe

C:\WINDOWS\BCMSMMSG.exe

C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

C:\Program Files\support.com\bin\tgcmd.exe

C:\program files\common files\system\ms2src.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Logitech\MouseWare\system\em_exec.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Java\j2re1.4.2_04\bin\jucheck.exe

C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\Stephanie\Local Settings\Temporary Internet Files\Content.IE5\17NPJL7K\HijackThis[1].exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.iquicksearch.net/search.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/home.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer presented by Comcast

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0

R3 - Default URLSearchHook is missing

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\PROGRA~1\mcafee.com\mps\mcbrhlpr.dll

O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe

O4 - HKLM\..\Run: [bCMSMMSG] BCMSMMSG.exe

O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

O4 - HKLM\..\Run: [cveqxhxy] C:\WINDOWS\System32\scjsxc.exe

O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe

O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe

O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\support.com\bin\tgcmd.exe" /server

O4 - HKLM\..\Run: [ms2src] c:\program files\common files\system\ms2src.exe /install

O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [Qbtokf] C:\WINDOWS\System32\xoljxnef.exe

O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet

O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML

O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: LimeShop Preferences - file://C:\Program Files\LimeShop\System\Temp\limeshop_script0.htm

O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll

O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)

O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)

O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll

O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Program Files\IrfanView\Ebay\Ebay.htm (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab

O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/supergerball/miniclipGameLoader.dll

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...84/mcinsctl.cab

O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,21/mcgdmgr.cab

O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://real.gamehouse.com/real/games/SproutLauncher.cab

O16 - DPF: {DA8484DE-52DB-4860-A986-61A8682E298A} (LiveX_v7.0.2.0) - https://www.childrenview.net/rooms/intercoa...hecker_6110.cab

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe

O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe

O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe

O23 - Service: McAfee.com Personal Firewall Service (MpfService) - McAfee.com Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe

O23 - Service: IntelĀ® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

Link to post
Share on other sites

Hello magnolia25 :)

STEP 1:

Please follow the instructions provided, you may want to print out these instructions and use them as a reference.

Please download ewido anti-malware it is a free version of the program.

  1. Install ewido anti-malware
  2. When installing, under "Additional Options" uncheck..
    • Install background guard
    • Install scan via context menu

[*]Launch ewido, there should be an icon on your desktop, double-click it.

[*]The program will now open to the main screen.

[*]When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.

[*]You will need to update ewido to the latest definition files.

  • On the left hand side of the main screen click update.
  • Then click on Start Update.

[*]The update will start and a progress bar will show the updates being installed.

(the status bar at the bottom will display ("Update successful")

If you are having problems with the updater, you can use this link to manually update ewido.

ewido manual updates

Once the updates are installed do the following:

  • Click on scanner
  • Click on Complete System Scan and the scan will begin.
  • You will be prompted to clean the first infection.
  • Select "Perform action on all infections", then proceed.
  • Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report.
  • Save the report .txt file to your desktop or a location where you can find it easily.

Close ewido anti-malware.

STEP 2:

You are currently using HijackThis from a temporary directory, this can cause problems.

HijackThis creates backups, these are needed in case of any recovery issues.

Please create a directory on your C:\ drive called C:\HJT, download and unzip HijackThis into that directory. Run the program from that directory from now on.

STEPS For Creating Folder


  1. 1. Please go to My Computer, open your C:\ drive, Select: New >> Folder and name the folder HJT.
    2. Download HijackThis to the new folder:
    3. Double Click on 'HijackThis.zip' to extract and install HijackThis.exe to the new folder.
    4. Close ALL windows except HJT
    5. SCAN with HJT and SAVE LOG. (a notepad window will open with the log in it when you click Save Log) (Ctrl-A to'select all', Ctrl-C to 'copy')
    6. POST the log in this thread along with the Ewido log using 'Add Reply' (Ctrl-V to 'paste')

Please make sure you post the entire log including the top portion:

DO NOT MAKE ANY CHANGES OR CLICK "FIX CHECKED" UNTIL WE CHECK THE LOG, AS SOME OF THE FILES ARE LEGIT AND VITAL TO THE FUNCTION OF YOUR COMPUTER

Link to post
Share on other sites

allrighty, here they are--

Logfile of HijackThis v1.99.1

Scan saved at 1:04:46 PM, on 6/8/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\Explorer.EXE

C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe

C:\WINDOWS\BCMSMMSG.exe

C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

C:\Program Files\Java\j2re1.4.2_04\bin\jucheck.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

C:\Program Files\support.com\bin\tgcmd.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\system32\cisvc.exe

C:\Program Files\Logitech\MouseWare\system\em_exec.exe

c:\program files\mcafee.com\agent\mcdetect.exe

c:\PROGRA~1\mcafee.com\agent\mctskshd.exe

C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe

C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\cidaemon.exe

C:\WINDOWS\system32\cidaemon.exe

C:\Program Files\ewido anti-malware\ewidoctrl.exe

C:\program files\common files\system\ms2src.exe

C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.iquicksearch.net/search.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/home.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer presented by Comcast

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0

R3 - Default URLSearchHook is missing

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\PROGRA~1\mcafee.com\mps\mcbrhlpr.dll

O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe

O4 - HKLM\..\Run: [bCMSMMSG] BCMSMMSG.exe

O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

O4 - HKLM\..\Run: [cveqxhxy] C:\WINDOWS\System32\scjsxc.exe

O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe

O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe

O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\support.com\bin\tgcmd.exe" /server

O4 - HKLM\..\Run: [ms2src] c:\program files\common files\system\ms2src.exe /install

O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [Qbtokf] C:\WINDOWS\System32\xoljxnef.exe

O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet

O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML

O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: LimeShop Preferences - file://C:\Program Files\LimeShop\System\Temp\limeshop_script0.htm

O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll

O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)

O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)

O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll

O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Program Files\IrfanView\Ebay\Ebay.htm (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab

O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/supergerball/miniclipGameLoader.dll

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...84/mcinsctl.cab

O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,21/mcgdmgr.cab

O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://real.gamehouse.com/real/games/SproutLauncher.cab

O16 - DPF: {DA8484DE-52DB-4860-A986-61A8682E298A} (LiveX_v7.0.2.0) - https://www.childrenview.net/rooms/intercoa...hecker_6110.cab

O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe

O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe

O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe

O23 - Service: McAfee.com Personal Firewall Service (MpfService) - McAfee.com Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe

O23 - Service: IntelĀ® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

---------------------------------------------------------

ewido anti-malware - Scan report

---------------------------------------------------------

+ Created on: 12:57:34 PM, 6/8/2006

+ Report-Checksum: 470DFD15

+ Scan result:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\AUI -> Adware.WebSearch : Cleaned with backup

HKLM\SOFTWARE\Pinfo -> Dialer.Generic : Cleaned with backup

HKLM\SOFTWARE\Pinfo\Dialers -> Dialer.Generic : Cleaned with backup

HKU\S-1-5-21-1592618247-1208119211-3294204590-1006\Software\Pinfo -> Dialer.Generic : Cleaned with backup

HKU\S-1-5-21-1592618247-1208119211-3294204590-1006\Software\Pinfo\Dialers -> Dialer.Generic : Cleaned with backup

HKU\S-1-5-21-1592618247-1208119211-3294204590-1006\Software\Pinfo\Dialers\HotBlondes -> Dialer.Generic : Cleaned with backup

HKU\S-1-5-21-1592618247-1208119211-3294204590-1006\Software\Pinfo\Dialers\Lisa -> Dialer.Generic : Cleaned with backup

C:\Documents and Settings\Cameron\Cookies\[email protected][2].txt -> TrackingCookie.Aavalue : Cleaned with backup

C:\Documents and Settings\Cameron\Cookies\cameron@247realmedia[1].txt -> TrackingCookie.247realmedia : Cleaned with backup

C:\Documents and Settings\Cameron\Cookies\cameron@2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup

C:\Documents and Settings\Cameron\Cookies\cameron@aavalue[1].txt -> TrackingCookie.Aavalue : Cleaned with backup

C:\Documents and Settings\Cameron\Cookies\[email protected][1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup

C:\Documents and Settings\Cameron\Cookies\[email protected][2].txt -> TrackingCookie.Euroclick : Cleaned with backup

C:\Documents and Settings\Cameron\Cookies\[email protected][1].txt -> TrackingCookie.Specificclick : Cleaned with backup

C:\Documents and Settings\Cameron\Cookies\cameron@adrevolver[2].txt -> TrackingCookie.Adrevolver : Cleaned with backup

C:\Documents and Settings\Cameron\Cookies\[email protected][1].txt -> TrackingCookie.Addynamix : Cleaned with backup

C:\Documents and Settings\Cameron\Cookies\[email protected][2].txt -> TrackingCookie.Pointroll : Cleaned with backup

C:\Documents and Settings\Cameron\Cookies\cameron@advertising[1].txt -> TrackingCookie.Advertising : Cleaned with backup

C:\Documents and Settings\Cameron\Cookies\[email protected][2].txt -> TrackingCookie.Tacoda : Cleaned with backup

C:\Documents and Settings\Cameron\Cookies\[email protected][1].txt -> TrackingCookie.Falkag : Cleaned with backup

C:\Documents and Settings\Cameron\Cookies\[email protected][2].txt -> TrackingCookie.Falkag : Cleaned with backup

C:\Documents and Settings\Cameron\Cookies\[email protected][2].txt -> TrackingCookie.Casalemedia : Cleaned with backup

C:\Documents and Settings\Cameron\Cookies\[email protected][1].txt -> TrackingCookie.Falkag : Cleaned with backup

C:\Documents and Settings\Cameron\Cookies\cameron@atdmt[1].txt -> TrackingCookie.Atdmt : Cleaned with backup

C:\Documents and Settings\Cameron\Cookies\[email protected][2].txt -> TrackingCookie.Casinolasvegas : Cleaned with backup

C:\Documents and Settings\Cameron\Cookies\cameron@bluestreak[2].txt -> TrackingCookie.Bluestreak : Cleaned with backup

C:\Documents and Settings\Cameron\Cookies\cameron@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned with backup

C:\Documents and Settings\Cameron\Cookies\cameron@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned with backup

C:\Documents and Settings\Cameron\Cookies\cameron@casinolasvegas[1].txt -> TrackingCookie.Casinolasvegas : Cleaned with backup

C:\Documents and Settings\Cameron\Cookies\[email protected][1].txt -> TrackingCookie.Bridgetrack : Cleaned with backup

C:\Documents and Settings\Cameron\Cookies\[email protected][2].txt -> TrackingCookie.Hitslink : Cleaned with backup

C:\Documents and Settings\Cameron\Cookies\[email protected][1].txt -> TrackingCookie.Aavalue : Cleaned with backup

C:\Documents and Settings\Cameron\Cookies\cameron@dbbsrv[1].txt -> TrackingCookie.Dbbsrv : Cleaned with backup

C:\Documents and Settings\Cameron\Cookies\cameron@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup

C:\Documents and Settings\Cameron\Cookies\[email protected][1].txt -> TrackingCookie.Ru4 : Cleaned with backup

C:\Documents and Settings\Cameron\Cookies\[email protected][1].txt -> TrackingCookie.Hitbox : Cleaned with backup

C:\Documents and Settings\Cameron\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : Cleaned with backup

C:\Documents and Settings\Cameron\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : Cleaned with backup

C:\Documents and Settings\Cameron\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup

C:\Documents and Settings\Cameron\Cookies\[email protected][1].txt -> TrackingCookie.Aavalue : Cleaned with backup

C:\Documents and Settings\Cameron\Cookies\cameron@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned with backup

C:\Documents and Settings\Cameron\Cookies\[email protected][1].txt -> TrackingCookie.Starware : Cleaned with backup

C:\Documents and Settings\Cameron\Cookies\cameron@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup

C:\Documents and Settings\Cameron\Cookies\[email protected][1].txt -> TrackingCookie.Itrack : Cleaned with backup

C:\Documents and Settings\Cameron\Cookies\[email protected][1].txt -> TrackingCookie.Masterstats : Cleaned with backup

C:\Documents and Settings\Cameron\Cookies\cameron@linksynergy[2].txt -> TrackingCookie.Linksynergy : Cleaned with backup

C:\Documents and Settings\Cameron\Cookies\[email protected][2].txt -> TrackingCookie.Tracking101 : Cleaned with backup

C:\Documents and Settings\Cameron\Cookies\[email protected][1].txt -> TrackingCookie.Aavalue : Cleaned with backup

C:\Documents and Settings\Cameron\Cookies\[email protected][2].txt -> TrackingCookie.Fastclick : Cleaned with backup

C:\Documents and Settings\Cameron\Cookies\cameron@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned with backup

C:\Documents and Settings\Cameron\Cookies\[email protected][1].txt -> TrackingCookie.Aavalue : Cleaned with backup

C:\Documents and Settings\Cameron\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup

C:\Documents and Settings\Cameron\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup

C:\Documents and Settings\Cameron\Cookies\cameron@overture[1].txt -> TrackingCookie.Overture : Cleaned with backup

C:\Documents and Settings\Cameron\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup

C:\Documents and Settings\Cameron\Cookies\[email protected][1].txt -> TrackingCookie.Overture : Cleaned with backup

C:\Documents and Settings\Cameron\Cookies\[email protected][1].txt -> TrackingCookie.Hitbox : Cleaned with backup

C:\Documents and Settings\Cameron\Cookies\[email protected][2].txt -> TrackingCookie.Aavalue : Cleaned with backup

C:\Documents and Settings\Cameron\Cookies\[email protected][1].txt -> TrackingCookie.Aavalue : Cleaned with backup

C:\Documents and Settings\Cameron\Cookies\cameron@qksrv[2].txt -> TrackingCookie.Qksrv : Cleaned with backup

C:\Documents and Settings\Cameron\Cookies\cameron@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned with backup

C:\Documents and Settings\Cameron\Cookies\[email protected][2].txt -> TrackingCookie.Liveperson : Cleaned with backup

C:\Documents and Settings\Cameron\Cookies\cameron@serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned with backup

C:\Documents and Settings\Cameron\Cookies\[email protected][2].txt -> TrackingCookie.Onestat : Cleaned with backup

C:\Documents and Settings\Cameron\Cookies\cameron@statcounter[2].txt -> TrackingCookie.Statcounter : Cleaned with backup

C:\Documents and Settings\Cameron\Cookies\[email protected][1].txt -> TrackingCookie.Webtrendslive : Cleaned with backup

C:\Documents and Settings\Cameron\Cookies\cameron@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup

C:\Documents and Settings\Cameron\Cookies\cameron@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Cleaned with backup

C:\Documents and Settings\Cameron\Cookies\cameron@trafficmp[2].txt -> TrackingCookie.Trafficmp : Cleaned with backup

C:\Documents and Settings\Cameron\Cookies\cameron@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned with backup

C:\Documents and Settings\Cameron\Cookies\[email protected][1].txt -> TrackingCookie.Starware : Cleaned with backup

C:\Documents and Settings\Cameron\Cookies\[email protected][1].txt -> TrackingCookie.Coremetrics : Cleaned with backup

C:\Documents and Settings\Cameron\Cookies\cameron@valueclick[2].txt -> TrackingCookie.Valueclick : Cleaned with backup

C:\Documents and Settings\Cameron\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup

C:\Documents and Settings\Cameron\Cookies\[email protected][1].txt -> TrackingCookie.Burstbeacon : Cleaned with backup

C:\Documents and Settings\Cameron\Cookies\[email protected][1].txt -> TrackingCookie.Starware : Cleaned with backup

C:\Documents and Settings\Cameron\Cookies\[email protected][1].txt -> TrackingCookie.Adserver : Cleaned with backup

C:\Documents and Settings\Cameron\Local Settings\Temp\lf_10C.tmp -> Downloader.Dluca.ci : Cleaned with backup

C:\Documents and Settings\Cameron\Local Settings\Temp\lf_13C.tmp -> Downloader.Agent.wp : Cleaned with backup

C:\Documents and Settings\Cameron\Local Settings\Temp\lf_148.tmp -> Downloader.Dluca.ci : Cleaned with backup

C:\Documents and Settings\Cameron\Local Settings\Temp\lf_190.tmp -> Downloader.Agent.wp : Cleaned with backup

C:\Documents and Settings\Cameron\Local Settings\Temp\lf_1E4.tmp -> Downloader.Dluca.ci : Cleaned with backup

C:\Documents and Settings\Cameron\Local Settings\Temp\lf_1F4.tmp -> Downloader.Dluca.ci : Cleaned with backup

C:\Documents and Settings\Cameron\Local Settings\Temp\lf_220.tmp -> Downloader.Dluca.ci : Cleaned with backup

C:\Documents and Settings\Cameron\Local Settings\Temp\lf_238.tmp -> Downloader.Agent.wp : Cleaned with backup

C:\Documents and Settings\Cameron\Local Settings\Temp\lf_258.tmp -> Downloader.Dluca.ci : Cleaned with backup

C:\Documents and Settings\Cameron\Local Settings\Temp\lf_3A4.tmp -> Downloader.Agent.wp : Cleaned with backup

C:\Documents and Settings\Cameron\Local Settings\Temp\lf_498.tmp -> Downloader.Agent.wp : Cleaned with backup

C:\Documents and Settings\Cameron\Local Settings\Temp\lf_534.tmp -> Downloader.Agent.wp : Cleaned with backup

C:\Documents and Settings\Cameron\Local Settings\Temp\lf_570.tmp -> Downloader.Dluca.ci : Cleaned with backup

C:\Documents and Settings\Cameron\Local Settings\Temp\lf_578.tmp -> Downloader.Agent.wp : Cleaned with backup

C:\Documents and Settings\Cameron\Local Settings\Temp\lf_698.tmp -> Downloader.Dluca.ci : Cleaned with backup

C:\Documents and Settings\Cameron\Local Settings\Temp\lf_6FC.tmp -> Downloader.Agent.wp : Cleaned with backup

C:\Documents and Settings\Cameron\Local Settings\Temp\lf_74C.tmp -> Downloader.Agent.wp : Cleaned with backup

C:\Documents and Settings\Cameron\Local Settings\Temp\lf_774.tmp -> Downloader.Agent.wp : Cleaned with backup

C:\Documents and Settings\Cameron\Local Settings\Temp\lf_7E8.tmp -> Downloader.Agent.wp : Cleaned with backup

C:\Documents and Settings\Cameron\Local Settings\Temp\lf_7F8.tmp -> Downloader.Agent.wp : Cleaned with backup

C:\Documents and Settings\Cameron\Local Settings\Temp\lf_838.tmp -> Downloader.Agent.wp : Cleaned with backup

C:\Documents and Settings\Cameron\Local Settings\Temp\lf_84.tmp -> Downloader.Agent.wp : Cleaned with backup

C:\Documents and Settings\Cameron\Local Settings\Temp\lf_840.tmp -> Downloader.Dluca.ci : Cleaned with backup

C:\Documents and Settings\Cameron\Local Settings\Temp\lf_878.tmp -> Downloader.Dluca.ci : Cleaned with backup

C:\Documents and Settings\Cameron\Local Settings\Temp\lf_884.tmp -> Downloader.Dluca.ci : Cleaned with backup

C:\Documents and Settings\Cameron\Local Settings\Temp\lf_88C.tmp -> Downloader.Agent.wp : Cleaned with backup

C:\Documents and Settings\Cameron\Local Settings\Temp\lf_8B4.tmp -> Downloader.Agent.wp : Cleaned with backup

C:\Documents and Settings\Cameron\Local Settings\Temp\lf_8BC.tmp -> Downloader.Dluca.ci : Cleaned with backup

C:\Documents and Settings\Cameron\Local Settings\Temp\lf_8C8.tmp -> Downloader.Dluca.ci : Cleaned with backup

C:\Documents and Settings\Cameron\Local Settings\Temp\lf_958.tmp -> Downloader.Agent.wp : Cleaned with backup

C:\Documents and Settings\Cameron\Local Settings\Temp\lf_960.tmp -> Downloader.Dluca.ci : Cleaned with backup

C:\Documents and Settings\Cameron\Local Settings\Temp\lf_98.tmp -> Downloader.Agent.wp : Cleaned with backup

C:\Documents and Settings\Cameron\Local Settings\Temp\lf_984.tmp -> Downloader.Agent.wp : Cleaned with backup

C:\Documents and Settings\Cameron\Local Settings\Temp\lf_A0.tmp -> Downloader.Dluca.ci : Cleaned with backup

C:\Documents and Settings\Cameron\Local Settings\Temp\lf_A4.tmp -> Downloader.Agent.wp : Cleaned with backup

C:\Documents and Settings\Cameron\Local Settings\Temp\lf_A84.tmp -> Downloader.Agent.wp : Cleaned with backup

C:\Documents and Settings\Cameron\Local Settings\Temp\lf_AA4.tmp -> Downloader.Agent.wp : Cleaned with backup

C:\Documents and Settings\Cameron\Local Settings\Temp\lf_AB4.tmp -> Downloader.Dluca.ci : Cleaned with backup

C:\Documents and Settings\Cameron\Local Settings\Temp\lf_AC.tmp -> Downloader.Agent.wp : Cleaned with backup

C:\Documents and Settings\Cameron\Local Settings\Temp\lf_B0.tmp -> Downloader.Agent.wp : Cleaned with backup

C:\Documents and Settings\Cameron\Local Settings\Temp\lf_B74.tmp -> Downloader.Agent.wp : Cleaned with backup

C:\Documents and Settings\Cameron\Local Settings\Temp\lf_B8C.tmp -> Downloader.Agent.wp : Cleaned with backup

C:\Documents and Settings\Cameron\Local Settings\Temp\lf_BD0.tmp -> Downloader.Agent.wp : Cleaned with backup

C:\Documents and Settings\Cameron\Local Settings\Temp\lf_C4.tmp -> Downloader.Agent.wp : Cleaned with backup

C:\Documents and Settings\Cameron\Local Settings\Temp\lf_C8.tmp -> Downloader.Dluca.ci : Cleaned with backup

C:\Documents and Settings\Cameron\Local Settings\Temp\lf_D4.tmp -> Downloader.Dluca.ci : Cleaned with backup

C:\Documents and Settings\Cameron\Local Settings\Temp\lf_D50.tmp -> Downloader.Dluca.ci : Cleaned with backup

C:\Documents and Settings\Cameron\Local Settings\Temp\lf_E0C.tmp -> Downloader.Dluca.ci : Cleaned with backup

C:\Documents and Settings\Cameron\Local Settings\Temp\lf_F1C.tmp -> Downloader.Agent.wp : Cleaned with backup

C:\Documents and Settings\Cameron\Local Settings\Temp\lf_F34.tmp -> Downloader.Dluca.ci : Cleaned with backup

C:\Documents and Settings\Cameron\Local Settings\Temp\lf_F88.tmp -> Downloader.Dluca.ci : Cleaned with backup

C:\Documents and Settings\Cameron\Local Settings\Temp\lf_F94.tmp -> Downloader.Agent.wp : Cleaned with backup

C:\Documents and Settings\Patricia\Cookies\patricia@247realmedia[2].txt -> TrackingCookie.247realmedia : Cleaned with backup

C:\Documents and Settings\Patricia\Cookies\patricia@2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup

C:\Documents and Settings\Patricia\Cookies\patricia@aavalue[2].txt -> TrackingCookie.Aavalue : Cleaned with backup

C:\Documents and Settings\Patricia\Cookies\[email protected][1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup

C:\Documents and Settings\Patricia\Cookies\[email protected][2].txt -> TrackingCookie.Specificclick : Cleaned with backup

C:\Documents and Settings\Patricia\Cookies\patricia@adrevolver[1].txt -> TrackingCookie.Adrevolver : Cleaned with backup

C:\Documents and Settings\Patricia\Cookies\[email protected][2].txt -> TrackingCookie.Addynamix : Cleaned with backup

C:\Documents and Settings\Patricia\Cookies\[email protected][1].txt -> TrackingCookie.Pointroll : Cleaned with backup

C:\Documents and Settings\Patricia\Cookies\patricia@advertising[2].txt -> TrackingCookie.Advertising : Cleaned with backup

C:\Documents and Settings\Patricia\Cookies\[email protected][2].txt -> TrackingCookie.Tacoda : Cleaned with backup

C:\Documents and Settings\Patricia\Cookies\[email protected][1].txt -> TrackingCookie.Falkag : Cleaned with backup

C:\Documents and Settings\Patricia\Cookies\[email protected][1].txt -> TrackingCookie.Casalemedia : Cleaned with backup

C:\Documents and Settings\Patricia\Cookies\patricia@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup

C:\Documents and Settings\Patricia\Cookies\patricia@bluestreak[2].txt -> TrackingCookie.Bluestreak : Cleaned with backup

C:\Documents and Settings\Patricia\Cookies\patricia@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned with backup

C:\Documents and Settings\Patricia\Cookies\patricia@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned with backup

C:\Documents and Settings\Patricia\Cookies\patricia@clickbank[1].txt -> TrackingCookie.Clickbank : Cleaned with backup

C:\Documents and Settings\Patricia\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup

C:\Documents and Settings\Patricia\Cookies\[email protected][2].txt -> TrackingCookie.Hitslink : Cleaned with backup

C:\Documents and Settings\Patricia\Cookies\[email protected][1].txt -> TrackingCookie.Coremetrics : Cleaned with backup

C:\Documents and Settings\Patricia\Cookies\[email protected][1].txt -> TrackingCookie.Overture : Cleaned with backup

C:\Documents and Settings\Patricia\Cookies\[email protected][2].txt -> TrackingCookie.Overture : Cleaned with backup

C:\Documents and Settings\Patricia\Cookies\patricia@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup

C:\Documents and Settings\Patricia\Cookies\[email protected][1].txt -> TrackingCookie.Ru4 : Cleaned with backup

C:\Documents and Settings\Patricia\Cookies\[email protected][1].txt -> TrackingCookie.Hitbox : Cleaned with backup

C:\Documents and Settings\Patricia\Cookies\[email protected][1].txt -> TrackingCookie.Hitbox : Cleaned with backup

C:\Documents and Settings\Patricia\Cookies\[email protected][1].txt -> TrackingCookie.Hitbox : Cleaned with backup

C:\Documents and Settings\Patricia\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : Cleaned with backup

C:\Documents and Settings\Patricia\Cookies\[email protected][1].txt -> TrackingCookie.Hitbox : Cleaned with backup

C:\Documents and Settings\Patricia\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : Cleaned with backup

C:\Documents and Settings\Patricia\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : Cleaned with backup

C:\Documents and Settings\Patricia\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : Cleaned with backup

C:\Documents and Settings\Patricia\Cookies\[email protected][1].txt -> TrackingCookie.Hitbox : Cleaned with backup

C:\Documents and Settings\Patricia\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : Cleaned with backup

C:\Documents and Settings\Patricia\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : Cleaned with backup

C:\Documents and Settings\Patricia\Cookies\patricia@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned with backup

C:\Documents and Settings\Patricia\Cookies\patricia@hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup

C:\Documents and Settings\Patricia\Cookies\[email protected][1].txt -> TrackingCookie.Masterstats : Cleaned with backup

C:\Documents and Settings\Patricia\Cookies\[email protected][2].txt -> TrackingCookie.Tracking101 : Cleaned with backup

C:\Documents and Settings\Patricia\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup

C:\Documents and Settings\Patricia\Cookies\patricia@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned with backup

C:\Documents and Settings\Patricia\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup

C:\Documents and Settings\Patricia\Cookies\patricia@paycounter[1].txt -> TrackingCookie.Paycounter : Cleaned with backup

C:\Documents and Settings\Patricia\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup

C:\Documents and Settings\Patricia\Cookies\[email protected][1].txt -> TrackingCookie.Overture : Cleaned with backup

C:\Documents and Settings\Patricia\Cookies\[email protected][1].txt -> TrackingCookie.Hitbox : Cleaned with backup

C:\Documents and Settings\Patricia\Cookies\[email protected][1].txt -> TrackingCookie.Aavalue : Cleaned with backup

C:\Documents and Settings\Patricia\Cookies\patricia@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned with backup

C:\Documents and Settings\Patricia\Cookies\[email protected][1].txt -> TrackingCookie.Aavalue : Cleaned with backup

C:\Documents and Settings\Patricia\Cookies\[email protected][2].txt -> TrackingCookie.Liveperson : Cleaned with backup

C:\Documents and Settings\Patricia\Cookies\[email protected][2].txt -> TrackingCookie.Liveperson : Cleaned with backup

C:\Documents and Settings\Patricia\Cookies\patricia@serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned with backup

C:\Documents and Settings\Patricia\Cookies\[email protected][2].txt -> TrackingCookie.Onestat : Cleaned with backup

C:\Documents and Settings\Patricia\Cookies\patricia@statcounter[1].txt -> TrackingCookie.Statcounter : Cleaned with backup

C:\Documents and Settings\Patricia\Cookies\[email protected][1].txt -> TrackingCookie.Webtrendslive : Cleaned with backup

C:\Documents and Settings\Patricia\Cookies\patricia@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup

C:\Documents and Settings\Patricia\Cookies\patricia@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Cleaned with backup

C:\Documents and Settings\Patricia\Cookies\patricia@trafficmp[2].txt -> TrackingCookie.Trafficmp : Cleaned with backup

C:\Documents and Settings\Patricia\Cookies\patricia@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned with backup

C:\Documents and Settings\Patricia\Cookies\patricia@web-stat[2].txt -> TrackingCookie.Web-stat : Cleaned with backup

C:\Documents and Settings\Patricia\Cookies\[email protected][2].txt -> TrackingCookie.Burstbeacon : Cleaned with backup

C:\Documents and Settings\Patricia\Cookies\[email protected][1].txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup

C:\Documents and Settings\Patricia\Cookies\patricia@zedo[1].txt -> TrackingCookie.Zedo : Cleaned with backup

C:\Documents and Settings\Patricia\Local Settings\Temp\lf_108.tmp -> Downloader.Dluca.ci : Cleaned with backup

C:\Documents and Settings\Patricia\Local Settings\Temp\lf_12C.tmp -> Downloader.Agent.wp : Cleaned with backup

C:\Documents and Settings\Patricia\Local Settings\Temp\lf_144.tmp -> Downloader.Agent.wp : Cleaned with backup

C:\Documents and Settings\Patricia\Local Settings\Temp\lf_14C.tmp -> Downloader.Dluca.ci : Cleaned with backup

C:\Documents and Settings\Patricia\Local Settings\Temp\lf_2F4.tmp -> Downloader.Dluca.ci : Cleaned with backup

C:\Documents and Settings\Patricia\Local Settings\Temp\lf_340.tmp -> Downloader.Agent.wp : Cleaned with backup

C:\Documents and Settings\Patricia\Local Settings\Temp\lf_388.tmp -> Downloader.Agent.wp : Cleaned with backup

C:\Documents and Settings\Patricia\Local Settings\Temp\lf_410.tmp -> Downloader.Agent.wp : Cleaned with backup

C:\Documents and Settings\Patricia\Local Settings\Temp\lf_414.tmp -> Downloader.Dluca.ci : Cleaned with backup

C:\Documents and Settings\Patricia\Local Settings\Temp\lf_520.tmp -> Downloader.Agent.wp : Cleaned with backup

C:\Documents and Settings\Patricia\Local Settings\Temp\lf_538.tmp -> Downloader.Agent.wp : Cleaned with backup

C:\Documents and Settings\Patricia\Local Settings\Temp\lf_53C.tmp -> Downloader.Dluca.ci : Cleaned with backup

C:\Documents and Settings\Patricia\Local Settings\Temp\lf_660.tmp -> Downloader.Agent.wp : Cleaned with backup

C:\Documents and Settings\Patricia\Local Settings\Temp\lf_678.tmp -> Downloader.Dluca.ci : Cleaned with backup

C:\Documents and Settings\Patricia\Local Settings\Temp\lf_6A0.tmp -> Downloader.Dluca.ci : Cleaned with backup

C:\Documents and Settings\Patricia\Local Settings\Temp\lf_6C.tmp -> Downloader.Agent.wp : Cleaned with backup

C:\Documents and Settings\Patricia\Local Settings\Temp\lf_708.tmp -> Downloader.Dluca.ci : Cleaned with backup

C:\Documents and Settings\Patricia\Local Settings\Temp\lf_748.tmp -> Downloader.Agent.wp : Cleaned with backup

C:\Documents and Settings\Patricia\Local Settings\Temp\lf_754.tmp -> Downloader.Agent.wp : Cleaned with backup

C:\Documents and Settings\Patricia\Local Settings\Temp\lf_770.tmp -> Downloader.Dluca.ci : Cleaned with backup

C:\Documents and Settings\Patricia\Local Settings\Temp\lf_7D8.tmp -> Downloader.Agent.wp : Cleaned with backup

C:\Documents and Settings\Patricia\Local Settings\Temp\lf_7F0.tmp -> Downloader.Agent.wp : Cleaned with backup

C:\Documents and Settings\Patricia\Local Settings\Temp\lf_84.tmp -> Downloader.Agent.wp : Cleaned with backup

C:\Documents and Settings\Patricia\Local Settings\Temp\lf_858.tmp -> Downloader.Agent.wp : Cleaned with backup

C:\Documents and Settings\Patricia\Local Settings\Temp\lf_864.tmp -> Downloader.Agent.wp : Cleaned with backup

C:\Documents and Settings\Patricia\Local Settings\Temp\lf_86C.tmp -> Downloader.Dluca.ci : Cleaned with backup

C:\Documents and Settings\Patricia\Local Settings\Temp\lf_880.tmp -> Downloader.Agent.wp : Cleaned with backup

C:\Documents and Settings\Patricia\Local Settings\Temp\lf_8B4.tmp -> Downloader.Dluca.ci : Cleaned with backup

C:\Documents and Settings\Patricia\Local Settings\Temp\lf_8C.tmp -> Downloader.Agent.wp : Cleaned with backup

C:\Documents and Settings\Patricia\Local Settings\Temp\lf_8C0.tmp -> Downloader.Dluca.ci : Cleaned with backup

C:\Documents and Settings\Patricia\Local Settings\Temp\lf_944.tmp -> Downloader.Agent.wp : Cleaned with backup

C:\Documents and Settings\Patricia\Local Settings\Temp\lf_95C.tmp -> Downloader.Dluca.ci : Cleaned with backup

C:\Documents and Settings\Patricia\Local Settings\Temp\lf_98.tmp -> Downloader.Dluca.ci : Cleaned with backup

C:\Documents and Settings\Patricia\Local Settings\Temp\lf_9C.tmp -> Downloader.Agent.wp : Cleaned with backup

C:\Documents and Settings\Patricia\Local Settings\Temp\lf_9CC.tmp -> Downloader.Agent.wp : Cleaned with backup

C:\Documents and Settings\Patricia\Local Settings\Temp\lf_A0.tmp -> Downloader.Agent.wp : Cleaned with backup

C:\Documents and Settings\Patricia\Local Settings\Temp\lf_A6C.tmp -> Downloader.Dluca.ci : Cleaned with backup

C:\Documents and Settings\Patricia\Local Settings\Temp\lf_A8.tmp -> Downloader.Agent.wp : Cleaned with backup

C:\Documents and Settings\Patricia\Local Settings\Temp\lf_AC.tmp -> Downloader.Dluca.ci : Cleaned with backup

C:\Documents and Settings\Patricia\Local Settings\Temp\lf_B0.tmp -> Downloader.Dluca.ci : Cleaned with backup

C:\Documents and Settings\Patricia\Local Settings\Temp\lf_B4.tmp -> Downloader.Dluca.ci : Cleaned with backup

C:\Documents and Settings\Patricia\Local Settings\Temp\lf_B8.tmp -> Downloader.Agent.wp : Cleaned with backup

C:\Documents and Settings\Patricia\Local Settings\Temp\lf_BC.tmp -> Downloader.Agent.wp : Cleaned with backup

C:\Documents and Settings\Patricia\Local Settings\Temp\lf_D0.tmp -> Downloader.Agent.wp : Cleaned with backup

C:\Documents and Settings\Patricia\Local Settings\Temp\lf_DC8.tmp -> Downloader.Agent.wp : Cleaned with backup

C:\Documents and Settings\Patricia\Local Settings\Temp\lf_EA0.tmp -> Downloader.Dluca.ci : Cleaned with backup

C:\Documents and Settings\Patricia\Local Settings\Temp\lf_FC.tmp -> Downloader.Dluca.ci : Cleaned with backup

C:\Documents and Settings\Patricia\Local Settings\Temp\lf_FFC.tmp -> Downloader.Agent.wp : Cleaned with backup

C:\Documents and Settings\Stephanie\Cookies\[email protected][1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup

C:\Documents and Settings\Stephanie\Cookies\[email protected][2].txt -> TrackingCookie.Addynamix : Cleaned with backup

C:\Documents and Settings\Stephanie\Cookies\stephanie@com[1].txt -> TrackingCookie.Com : Cleaned with backup

C:\Documents and Settings\Stephanie\Cookies\[email protected][1].txt -> TrackingCookie.Adrevolver : Cleaned with backup

C:\Documents and Settings\Stephanie\Cookies\stephanie@trafficmp[1].txt -> TrackingCookie.Trafficmp : Cleaned with backup

C:\Documents and Settings\Stephanie\Cookies\stephanie@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned with backup

C:\Documents and Settings\Stephanie\Local Settings\Temp\lf_134.tmp -> Downloader.Dluca.ci : Cleaned with backup

C:\Documents and Settings\Stephanie\Local Settings\Temp\lf_138.tmp -> Downloader.Agent.wp : Cleaned with backup

C:\Documents and Settings\Stephanie\Local Settings\Temp\lf_148.tmp -> Downloader.Dluca.ci : Cleaned with backup

C:\Documents and Settings\Stephanie\Local Settings\Temp\lf_150.tmp -> Downloader.Dluca.ci : Cleaned with backup

C:\Documents and Settings\Stephanie\Local Settings\Temp\lf_154.tmp -> Downloader.Agent.wp : Cleaned with backup

C:\Documents and Settings\Stephanie\Local Settings\Temp\lf_164.tmp -> Downloader.Dluca.ci : Cleaned with backup

C:\Documents and Settings\Stephanie\Local Settings\Temp\lf_190.tmp -> Downloader.Dluca.ci : Cleaned with backup

C:\Documents and Settings\Stephanie\Local Settings\Temp\lf_208.tmp -> Downloader.Agent.wp : Cleaned with backup

C:\Documents and Settings\Stephanie\Local Settings\Temp\lf_214.tmp -> Downloader.Agent.wp : Cleaned with backup

C:\Documents and Settings\Stephanie\Local Settings\Temp\lf_21C.tmp -> Downloader.Dluca.ci : Cleaned with backup

C:\Documents and Settings\Stephanie\Local Settings\Temp\lf_220.tmp -> Downloader.Agent.wp : Cleaned with backup

C:\Documents and Settings\Stephanie\Local Settings\Temp\lf_238.tmp -> Downloader.Dluca.ci : Cleaned with backup

C:\Documents and Settings\Stephanie\Local Settings\Temp\lf_254.tmp -> Downloader.Dluca.ci : Cleaned with backup

C:\Documents and Settings\Stephanie\Local Settings\Temp\lf_260.tmp -> Downloader.Agent.wp : Cleaned with backup

C:\Documents and Settings\Stephanie\Local Settings\Temp\lf_274.tmp -> Downloader.Dluca.ci : Cleaned with backup

C:\Documents and Settings\Stephanie\Local Settings\Temp\lf_2D4.tmp -> Downloader.Dluca.ci : Cleaned with backup

C:\Documents and Settings\Stephanie\Local Settings\Temp\lf_338.tmp -> Downloader.Agent.wp : Cleaned with backup

C:\Documents and Settings\Stephanie\Local Settings\Temp\lf_350.tmp -> Downloader.Dluca.ci : Cleaned with backup

C:\Documents and Settings\Stephanie\Local Settings\Temp\lf_384.tmp -> Downloader.Dluca.ci : Cleaned with backup

C:\Documents and Settings\Stephanie\Local Settings\Temp\lf_494.tmp -> Downloader.Dluca.ci : Cleaned with backup

C:\Documents and Settings\Stephanie\Local Settings\Temp\lf_530.tmp -> Downloader.Agent.wp : Cleaned with backup

C:\Documents and Settings\Stephanie\Local Settings\Temp\lf_540.tmp -> Downloader.Agent.wp : Cleaned with backup

C:\Documents and Settings\Stephanie\Local Settings\Temp\lf_568.tmp -> Downloader.Dluca.ci : Cleaned with backup

C:\Documents and Settings\Stephanie\Local Settings\Temp\lf_5F8.tmp -> Downloader.Agent.wp : Cleaned with backup

C:\Documents and Settings\Stephanie\Local Settings\Temp\lf_6C0.tmp -> Downloader.Agent.wp : Cleaned with backup

C:\Documents and Settings\Stephanie\Local Settings\Temp\lf_6EC.tmp -> Downloader.Agent.wp : Cleaned with backup

C:\Documents and Settings\Stephanie\Local Settings\Temp\lf_728.tmp -> Downloader.Dluca.ci : Cleaned with backup

C:\Documents and Settings\Stephanie\Local Settings\Temp\lf_744.tmp -> Downloader.Agent.wp : Cleaned with backup

C:\Documents and Settings\Stephanie\Local Settings\Temp\lf_780.tmp -> Downloader.Dluca.ci : Cleaned with backup

C:\Documents and Settings\Stephanie\Local Settings\Temp\lf_7B0.tmp -> Downloader.Agent.wp : Cleaned with backup

C:\Documents and Settings\Stephanie\Local Settings\Temp\lf_7B4.tmp -> Downloader.Agent.wp : Cleaned with backup

C:\Documents and Settings\Stephanie\Local Settings\Temp\lf_7C0.tmp -> Downloader.Agent.wp : Cleaned with backup

C:\Documents and Settings\Stephanie\Local Settings\Temp\lf_7C8.tmp -> Downloader.Agent.wp : Cleaned with backup

C:\Documents and Settings\Stephanie\Local Settings\Temp\lf_7CC.tmp -> Downloader.Agent.wp : Cleaned with backup

C:\Documents and Settings\Stephanie\Local Settings\Temp\lf_7D0.tmp -> Downloader.Agent.wp : Cleaned with backup

C:\Documents and Settings\Stephanie\Local Settings\Temp\lf_7D4.tmp -> Downloader.Agent.wp : Cleaned with backup

C:\Documents and Settings\Stephanie\Local Settings\Temp\lf_7D8.tmp -> Downloader.Agent.wp : Cleaned with backup

C:\Documents and Settings\Stephanie\Local Settings\Temp\lf_7DC.tmp -> Downloader.Agent.wp : Cleaned with backup

C:\Documents and Settings\Stephanie\Local Settings\Temp\lf_7E0.tmp -> Downloader.Agent.wp : Cleaned with backup

C:\Documents and Settings\Stephanie\Local Settings\Temp\lf_7E4.tmp -> Downloader.Agent.wp : Cleaned with backup

C:\Documents and Settings\Stephanie\Local Settings\Temp\lf_7E8.tmp -> Downloader.Agent.wp : Cleaned with backup

C:\Documents and Settings\Stephanie\Local Settings\Temp\lf_7EC.tmp -> Downloader.Agent.wp : Cleaned with backup

C:\Documents and Settings\Stephanie\Local Settings\Temp\lf_7F0.tmp -> Downloader.Agent.wp : Cleaned with backup

C:\Documents and Settings\Stephanie\Local Settings\Temp\lf_7F4.tmp -> Downloader.Agent.wp : Cleaned with backup

C:\Documents and Settings\Stephanie\Local Settings\Temp\lf_7FC.tmp -> Downloader.Agent.wp : Cleaned with backup

C:\Documents and Settings\Stephanie\Local Settings\Temp\lf_834.tmp -> Downloader.Agent.wp : Cleaned with backup

C:\Documents and Settings\Stephanie\Local Settings\Temp\lf_84.tmp -> Downloader.Agent.wp : Cleaned with backup

C:\Documents and Settings\Stephanie\Local Settings\Temp\lf_84C.tmp -> Downloader.Dluca.ci : Cleaned with backup

C:\Documents and Settings\Stephanie\Local Settings\Temp\lf_85C.tmp -> Downloader.Agent.wp : Cleaned with backup

C:\Documents and Settings\Stephanie\Local Settings\Temp\lf_88.tmp -> Downloader.Agent.wp : Cleaned with backup

C:\Documents and Settings\Stephanie\Local Settings\Temp\lf_8B4.tmp -> Downloader.Dluca.ci : Cleaned with backup

C:\Documents and Settings\Stephanie\Local Settings\Temp\lf_8C.tmp -> Downloader.Agent.wp : Cleaned with backup

C:\Documents and Settings\Stephanie\Local Settings\Temp\lf_8D4.tmp -> Downloader.Agent.wp : Cleaned with backup

C:\Documents and Settings\Stephanie\Local Settings\Temp\lf_8DC.tmp -> Downloader.Dluca.ci : Cleaned with backup

C:\Documents and Settings\Stephanie\Local Settings\Temp\lf_A0.tmp -> Downloader.Agent.wp : Cleaned with backup

C:\Documents and Settings\Stephanie\Local Settings\Temp\lf_A4.tmp -> Downloader.Agent.wp : Cleaned with backup

C:\Documents and Settings\Stephanie\Local Settings\Temp\lf_A40.tmp -> Downloader.Agent.wp : Cleaned with backup

C:\Documents and Settings\Stephanie\Local Settings\Temp\lf_A8.tmp -> Downloader.Agent.wp : Cleaned with backup

C:\Documents and Settings\Stephanie\Local Settings\Temp\lf_AC.tmp -> Downloader.Dluca.ci : Cleaned with backup

C:\Documents and Settings\Stephanie\Local Settings\Temp\lf_B0.tmp -> Downloader.Agent.wp : Cleaned with backup

C:\Documents and Settings\Stephanie\Local Settings\Temp\lf_B4.tmp -> Downloader.Agent.wp : Cleaned with backup

C:\Documents and Settings\Stephanie\Local Settings\Temp\lf_B70.tmp -> Downloader.Agent.wp : Cleaned with backup

C:\Documents and Settings\Stephanie\Local Settings\Temp\lf_B8.tmp -> Downloader.Agent.wp : Cleaned with backup

C:\Documents and Settings\Stephanie\Local Settings\Temp\lf_BC.tmp -> Downloader.Agent.wp : Cleaned with backup

C:\Documents and Settings\Stephanie\Local Settings\Temp\lf_C0.tmp -> Downloader.Agent.wp : Cleaned with backup

C:\Documents and Settings\Stephanie\Local Settings\Temp\lf_C4.tmp -> Downloader.Agent.wp : Cleaned with backup

C:\Documents and Settings\Stephanie\Local Settings\Temp\lf_CC.tmp -> Downloader.Agent.wp : Cleaned with backup

C:\Documents and Settings\Stephanie\Local Settings\Temp\lf_D0.tmp -> Downloader.Agent.wp : Cleaned with backup

C:\Documents and Settings\Stephanie\Local Settings\Temp\lf_D4.tmp -> Downloader.Agent.wp : Cleaned with backup

C:\Documents and Settings\Stephanie\Local Settings\Temp\lf_D8.tmp -> Downloader.Agent.wp : Cleaned with backup

C:\Documents and Settings\Stephanie\Local Settings\Temp\lf_DC.tmp -> Downloader.Dluca.ci : Cleaned with backup

C:\Documents and Settings\Stephanie\Local Settings\Temp\lf_E0.tmp -> Downloader.Agent.wp : Cleaned with backup

C:\Documents and Settings\Stephanie\Local Settings\Temp\lf_E08.tmp -> Downloader.Dluca.ci : Cleaned with backup

C:\Documents and Settings\Stephanie\Local Settings\Temp\lf_E4.tmp -> Downloader.Dluca.ci : Cleaned with backup

C:\Documents and Settings\Stephanie\Local Settings\Temp\lf_E8.tmp -> Downloader.Agent.wp : Cleaned with backup

C:\Documents and Settings\Stephanie\Local Settings\Temp\lf_EC.tmp -> Downloader.Agent.wp : Cleaned with backup

C:\Documents and Settings\Stephanie\Local Settings\Temp\lf_F0.tmp -> Downloader.Agent.wp : Cleaned with backup

C:\Documents and Settings\Stephanie\Local Settings\Temp\lf_F4.tmp -> Downloader.Agent.wp : Cleaned with backup

C:\Documents and Settings\Stephanie\Local Settings\Temp\lf_F78.tmp -> Downloader.Agent.wp : Cleaned with backup

C:\Documents and Settings\Stephanie\Local Settings\Temp\lf_F8.tmp -> Downloader.Agent.wp : Cleaned with backup

C:\Documents and Settings\Stephanie\Local Settings\Temp\lf_F80.tmp -> Downloader.Dluca.ci : Cleaned with backup

C:\Documents and Settings\Stephanie\Local Settings\Temp\lf_FD4.tmp -> Downloader.Agent.wp : Cleaned with backup

C:\Documents and Settings\Stephanie\Local Settings\Temp\uninstall.exe -> Adware.VMN : Cleaned with backup

C:\Documents and Settings\Stephanie\Local Settings\Temp\~200813.tmp -> Adware.Wintol : Cleaned with backup

C:\Documents and Settings\Stephanie\Local Settings\Temp\~201134.tmp -> Adware.Wintol : Cleaned with backup

C:\Documents and Settings\Stephanie\Local Settings\Temp\~224408.tmp -> Adware.Wintol : Cleaned with backup

C:\Documents and Settings\Stephanie\Local Settings\Temp\~228852.tmp -> Adware.Wintol : Cleaned with backup

C:\Documents and Settings\Stephanie\Local Settings\Temp\~24624.tmp -> Adware.Wintol : Cleaned with backup

C:\Documents and Settings\Stephanie\Local Settings\Temp\~25015.tmp -> Adware.Wintol : Cleaned with backup

C:\Documents and Settings\Stephanie\Local Settings\Temp\~271015.tmp -> Adware.Wintol : Cleaned with backup

C:\Documents and Settings\Stephanie\Local Settings\Temp\~273211.tmp -> Adware.Wintol : Cleaned with backup

C:\Documents and Settings\Stephanie\Local Settings\Temp\~273593.tmp -> Adware.Wintol : Cleaned with backup

C:\Documents and Settings\Stephanie\Local Settings\Temp\~273986.tmp -> Downloader.Wintool.d : Cleaned with backup

C:\Documents and Settings\Stephanie\Local Settings\Temp\~280804.tmp -> Adware.Wintol : Cleaned with backup

C:\Documents and Settings\Stephanie\Local Settings\Temp\~314539.tmp -> Adware.Wintol : Cleaned with backup

C:\Documents and Settings\Stephanie\Local Settings\Temp\~315504.tmp -> Adware.Wintol : Cleaned with backup

C:\Documents and Settings\Stephanie\Local Settings\Temp\~327193.tmp -> Downloader.Wintool.d : Cleaned with backup

C:\Documents and Settings\Stephanie\Local Settings\Temp\~333655.tmp -> Adware.Wintol : Cleaned with backup

C:\Documents and Settings\Stephanie\Local Settings\Temp\~334338.tmp -> Adware.Wintol : Cleaned with backup

C:\Documents and Settings\Stephanie\Local Settings\Temp\~337391.tmp -> Adware.Wintol : Cleaned with backup

C:\Documents and Settings\Stephanie\Local Settings\Temp\~339046.tmp -> Adware.Wintol : Cleaned with backup

C:\Documents and Settings\Stephanie\Local Settings\Temp\~339654.tmp -> Adware.Wintol : Cleaned with backup

C:\Documents and Settings\Stephanie\Local Settings\Temp\~341473.tmp -> Adware.Wintol : Cleaned with backup

C:\Documents and Settings\Stephanie\Local Settings\Temp\~343759.tmp -> Adware.Wintol : Cleaned with backup

C:\Documents and Settings\Stephanie\Local Settings\Temp\~344552.tmp -> Adware.Wintol : Cleaned with backup

C:\Documents and Settings\Stephanie\Local Settings\Temp\~345407.tmp -> Adware.Wintol : Cleaned with backup

C:\Documents and Settings\Stephanie\Local Settings\Temp\~352096.tmp -> Downloader.Wintool.d : Cleaned with backup

C:\Documents and Settings\Stephanie\Local Settings\Temp\~352367.tmp -> Adware.Wintol : Cleaned with backup

C:\Documents and Settings\Stephanie\Local Settings\Temp\~367597.tmp -> Adware.Wintol : Cleaned with backup

C:\Documents and Settings\Stephanie\Local Settings\Temp\~373936.tmp -> Adware.Wintol : Cleaned with backup

C:\Documents and Settings\Stephanie\Local Settings\Temp\~374158.tmp -> Adware.Wintol : Cleaned with backup

C:\Documents and Settings\Stephanie\Local Settings\Temp\~392595.tmp -> Adware.Wintol : Cleaned with backup

C:\Documents and Settings\

Link to post
Share on other sites

ewido cont.

C:\Documents and Settings\Stephanie\Local Settings\Temp\~394559.tmp -> Adware.Wintol : Cleaned with backup

C:\Documents and Settings\Stephanie\Local Settings\Temp\~394856.tmp -> Adware.Wintol : Cleaned with backup

C:\Documents and Settings\Stephanie\Local Settings\Temp\~424224.tmp -> Adware.Wintol : Cleaned with backup

C:\Documents and Settings\Stephanie\Local Settings\Temp\~426199.tmp -> Adware.Wintol : Cleaned with backup

C:\Documents and Settings\Stephanie\Local Settings\Temp\~439552.tmp -> Adware.Wintol : Cleaned with backup

C:\Documents and Settings\Stephanie\Local Settings\Temp\~443319.tmp -> Adware.Wintol : Cleaned with backup

C:\Documents and Settings\Stephanie\Local Settings\Temp\~44779.tmp -> Adware.Wintol : Cleaned with backup

C:\Documents and Settings\Stephanie\Local Settings\Temp\~479459.tmp -> Adware.Wintol : Cleaned with backup

C:\Documents and Settings\Stephanie\Local Settings\Temp\~487338.tmp -> Downloader.Wintool.d : Cleaned with backup

C:\Documents and Settings\Stephanie\Local Settings\Temp\~488655.tmp -> Adware.Wintol : Cleaned with backup

C:\Documents and Settings\Stephanie\Local Settings\Temp\~493727.tmp -> Adware.Wintol : Cleaned with backup

C:\Documents and Settings\Stephanie\Local Settings\Temp\~50094.tmp -> Adware.Wintol : Cleaned with backup

C:\Documents and Settings\Stephanie\Local Settings\Temp\~507955.tmp -> Adware.Wintol : Cleaned with backup

C:\Documents and Settings\Stephanie\Local Settings\Temp\~512028.tmp -> Adware.Wintol : Cleaned with backup

C:\Documents and Settings\Stephanie\Local Settings\Temp\~512462.tmp -> Adware.Wintol : Cleaned with backup

C:\Documents and Settings\Stephanie\Local Settings\Temp\~515368.tmp -> Adware.Wintol : Cleaned with backup

C:\Documents and Settings\Stephanie\Local Settings\Temp\~523298.tmp -> Adware.Wintol : Cleaned with backup

C:\Documents and Settings\Stephanie\Local Settings\Temp\~523579.tmp -> Adware.Wintol : Cleaned with backup

C:\Documents and Settings\Stephanie\Local Settings\Temp\~523820.tmp -> Adware.Wintol : Cleaned with backup

C:\Documents and Settings\Stephanie\Local Settings\Temp\~531018.tmp -> Adware.Wintol : Cleaned with backup

C:\Documents and Settings\Stephanie\Local Settings\Temp\~535676.tmp -> Adware.Wintol : Cleaned with backup

C:\Documents and Settings\Stephanie\Local Settings\Temp\~545725.tmp -> Adware.Wintol : Cleaned with backup

C:\Documents and Settings\Stephanie\Local Settings\Temp\~548289.tmp -> Adware.Wintol : Cleaned with backup

C:\Documents and Settings\Stephanie\Local Settings\Temp\~548609.tmp -> Adware.Wintol : Cleaned with backup

C:\Documents and Settings\Stephanie\Local Settings\Temp\~574010.tmp -> Downloader.Wintool.d : Cleaned with backup

C:\Documents and Settings\Stephanie\Local Settings\Temp\~578.tmp -> Adware.Wintol : Cleaned with backup

C:\Documents and Settings\Stephanie\Local Settings\Temp\~581293.tmp -> Adware.Wintol : Cleaned with backup

C:\Documents and Settings\Stephanie\Local Settings\Temp\~6138.tmp -> Adware.Wintol : Cleaned with backup

C:\Documents and Settings\Stephanie\Local Settings\Temp\~623581.tmp -> Adware.Wintol : Cleaned with backup

C:\Documents and Settings\Stephanie\Local Settings\Temp\~627210.tmp -> Adware.Wintol : Cleaned with backup

C:\Documents and Settings\Stephanie\Local Settings\Temp\~635934.tmp -> Adware.Wintol : Cleaned with backup

C:\Documents and Settings\Stephanie\Local Settings\Temp\~637897.tmp -> Adware.Wintol : Cleaned with backup

C:\Documents and Settings\Stephanie\Local Settings\Temp\~709363.tmp -> Adware.Wintol : Cleaned with backup

C:\Documents and Settings\Stephanie\Local Settings\Temp\~719084.tmp -> Adware.Wintol : Cleaned with backup

C:\Documents and Settings\Stephanie\Local Settings\Temp\~724209.tmp -> Adware.Wintol : Cleaned with backup

C:\Documents and Settings\Stephanie\Local Settings\Temp\~727275.tmp -> Adware.Wintol : Cleaned with backup

C:\Documents and Settings\Stephanie\Local Settings\Temp\~734139.tmp -> Adware.Wintol : Cleaned with backup

C:\Documents and Settings\Stephanie\Local Settings\Temp\~746555.tmp -> Adware.Wintol : Cleaned with backup

C:\Documents and Settings\Stephanie\Local Settings\Temp\~747101.tmp -> Adware.Wintol : Cleaned with backup

C:\Documents and Settings\Stephanie\Local Settings\Temp\~760931.tmp -> Adware.Wintol : Cleaned with backup

C:\Documents and Settings\Stephanie\Local Settings\Temp\~765631.tmp -> Adware.Wintol : Cleaned with backup

C:\Documents and Settings\Stephanie\Local Settings\Temp\~77654.tmp -> Adware.Wintol : Cleaned with backup

C:\Documents and Settings\Stephanie\Local Settings\Temp\~777564.tmp -> Adware.Wintol : Cleaned with backup

C:\Documents and Settings\Stephanie\Local Settings\Temp\~780401.tmp -> Adware.Wintol : Cleaned with backup

C:\Documents and Settings\Stephanie\Local Settings\Temp\~785583.tmp -> Adware.Wintol : Cleaned with backup

C:\Documents and Settings\Stephanie\Local Settings\Temp\~791435.tmp -> Adware.Wintol : Cleaned with backup

C:\Documents and Settings\Stephanie\Local Settings\Temp\~802211.tmp -> Adware.Wintol : Cleaned with backup

C:\Documents and Settings\Stephanie\Local Settings\Temp\~802697.tmp -> Adware.Wintol : Cleaned with backup

C:\Documents and Settings\Stephanie\Local Settings\Temp\~805716.tmp -> Adware.Wintol : Cleaned with backup

C:\Documents and Settings\Stephanie\Local Settings\Temp\~816030.tmp -> Adware.Wintol : Cleaned with backup

C:\Documents and Settings\Stephanie\Local Settings\Temp\~824947.tmp -> Adware.Wintol : Cleaned with backup

C:\Documents and Settings\Stephanie\Local Settings\Temp\~830061.tmp -> Adware.Wintol : Cleaned with backup

C:\Documents and Settings\Stephanie\Local Settings\Temp\~854605.tmp -> Adware.Wintol : Cleaned with backup

C:\Documents and Settings\Stephanie\Local Settings\Temp\~855233.tmp -> Downloader.Wintool.d : Cleaned with backup

C:\Documents and Settings\Stephanie\Local Settings\Temp\~861200.tmp -> Adware.Wintol : Cleaned with backup

C:\Documents and Settings\Stephanie\Local Settings\Temp\~863352.tmp -> Adware.Wintol : Cleaned with backup

C:\Documents and Settings\Stephanie\Local Settings\Temp\~863729.tmp -> Adware.Wintol : Cleaned with backup

C:\Documents and Settings\Stephanie\Local Settings\Temp\~864718.tmp -> Adware.Wintol : Cleaned with backup

C:\Documents and Settings\Stephanie\Local Settings\Temp\~872430.tmp -> Adware.Wintol : Cleaned with backup

C:\Documents and Settings\Stephanie\Local Settings\Temp\~906714.tmp -> Downloader.Wintool.d : Cleaned with backup

C:\Documents and Settings\Stephanie\Local Settings\Temp\~907035.tmp -> Downloader.Wintool.d : Cleaned with backup

C:\Documents and Settings\Stephanie\Local Settings\Temp\~908759.tmp -> Adware.Wintol : Cleaned with backup

C:\Documents and Settings\Stephanie\Local Settings\Temp\~909095.tmp -> Adware.Wintol : Cleaned with backup

C:\Documents and Settings\Stephanie\Local Settings\Temp\~911458.tmp -> Adware.Wintol : Cleaned with backup

C:\Documents and Settings\Stephanie\Local Settings\Temp\~914657.tmp -> Adware.Wintol : Cleaned with backup

C:\Documents and Settings\Stephanie\Local Settings\Temp\~914963.tmp -> Adware.Wintol : Cleaned with backup

C:\Documents and Settings\Stephanie\Local Settings\Temp\~919433.tmp -> Adware.Wintol : Cleaned with backup

C:\Documents and Settings\Stephanie\Local Settings\Temp\~923874.tmp -> Adware.Wintol : Cleaned with backup

C:\Documents and Settings\Stephanie\Local Settings\Temp\~924177.tmp -> Adware.Wintol : Cleaned with backup

C:\Documents and Settings\Stephanie\Local Settings\Temp\~930262.tmp -> Adware.Wintol : Cleaned with backup

C:\Documents and Settings\Stephanie\Local Settings\Temp\~951114.tmp -> Adware.Wintol : Cleaned with backup

C:\Documents and Settings\Stephanie\Local Settings\Temp\~954954.tmp -> Downloader.Wintool.d : Cleaned with backup

C:\Documents and Settings\Stephanie\Local Settings\Temp\~955011.tmp -> Adware.Wintol : Cleaned with backup

C:\Documents and Settings\Stephanie\Local Settings\Temp\~970727.tmp -> Downloader.Wintool.d : Cleaned with backup

C:\Documents and Settings\Stephanie\Local Settings\Temp\~971807.tmp -> Adware.Wintol : Cleaned with backup

C:\Downloads\TonkaConst2-dm[1].exe -> Adware.Trymedia : Cleaned with backup

C:\Downloads\TonkaMonsterTrucks-dm[1].exe -> Adware.Trymedia : Cleaned with backup

C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll -> Adware.Aws : Cleaned with backup

C:\Program Files\ComcastToolbar\comcasttoolbar.dll_0_ -> Adware.BHO : Cleaned with backup

C:\Program Files\Common Files\System\mplay64.exe -> Downloader.Agent.wp : Cleaned with backup

C:\Program Files\Common Files\System\ms2src.exe -> Downloader.Dluca.ci : Cleaned with backup

C:\Program Files\Microsoft AntiSpyware\Quarantine\106D6BE6-E8A3-44AE-A97F-1FA756\37B32F5F-F52D-4848-923A-7F6010 -> Adware.BargainBuddy : Cleaned with backup

C:\Program Files\Microsoft AntiSpyware\Quarantine\106D6BE6-E8A3-44AE-A97F-1FA756\81D7579D-C0F4-48BA-BB5A-10C6C8 -> Adware.BargainBuddy : Cleaned with backup

C:\Program Files\Microsoft AntiSpyware\Quarantine\106D6BE6-E8A3-44AE-A97F-1FA756\94C8EBC3-B3BE-44AE-98E4-C7B67B -> Adware.BargainBuddy : Cleaned with backup

C:\Program Files\Microsoft AntiSpyware\Quarantine\58F82BEE-C19D-4539-AC1B-E4E955\76A52839-620F-4D30-9CA6-DAC962 -> Downloader.Dyfuca : Cleaned with backup

C:\Program Files\Microsoft AntiSpyware\Quarantine\5B8D3A72-8669-40F8-8B01-1FB490\0306AE16-E061-4FF9-88E7-408328 -> Adware.Sahat : Cleaned with backup

C:\Program Files\Microsoft AntiSpyware\Quarantine\ABF2AC78-66AC-4A90-A377-562B58\A03EB352-90EC-492B-B1B7-785C56 -> Adware.Apropos : Cleaned with backup

C:\Program Files\Microsoft AntiSpyware\Quarantine\ADD394FB-B5F2-4173-825E-BCC992\B08D6416-13A1-4FF3-B821-E01CF6 -> Adware.SideFind : Cleaned with backup

C:\Program Files\Microsoft AntiSpyware\Quarantine\ADD394FB-B5F2-4173-825E-BCC992\DF8B2C6F-8C2F-49B6-ABE1-4277D7 -> Adware.SideFind : Cleaned with backup

C:\Program Files\Microsoft AntiSpyware\Quarantine\F190399F-B0E7-4AE8-8302-051A45\472EA997-95FD-40C8-B9A4-C89976 -> Adware.SideFind : Cleaned with backup

C:\Program Files\Microsoft AntiSpyware\Quarantine\F190399F-B0E7-4AE8-8302-051A45\72EE742D-C026-42BF-8E0F-3E5398 -> Adware.SideFind : Cleaned with backup

C:\Program Files\Seekmo\seekmo.exe -> Adware.180Solutions : Cleaned with backup

C:\Program Files\Seekmo\seekmohook.dll -> Adware.Zango : Cleaned with backup

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP605\A0068167.exe -> Downloader.Dluca.ci : Cleaned with backup

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP610\A0068252.dll -> Adware.BHO : Cleaned with backup

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP610\A0068282.dll -> Adware.BHO : Cleaned with backup

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP616\A0068503.exe -> Adware.VMN : Cleaned with backup

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP618\A0068730.exe -> Downloader.Dluca.ci : Cleaned with backup

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP620\A0069754.exe -> Downloader.Agent.wp : Cleaned with backup

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP622\A0069842.exe -> Downloader.Agent.wp : Cleaned with backup

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP627\A0069914.exe -> Downloader.Agent.wp : Cleaned with backup

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP635\A0070113.exe -> Downloader.Agent.wp : Cleaned with backup

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP635\A0070433.exe -> Downloader.Dluca.ci : Cleaned with backup

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP635\A0070457.dll -> Adware.BHO : Cleaned with backup

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP635\A0070484.dll -> Adware.BHO : Cleaned with backup

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP635\A0070886.dll -> Adware.Comet : Cleaned with backup

C:\WINDOWS\Downloaded Program Files\CONFLICT.1\miniclipGameLoader.dll -> Downloader.Small : Cleaned with backup

C:\WINDOWS\Downloaded Program Files\miniclipGameLoader.dll -> Downloader.Small : Cleaned with backup

::Report End

Link to post
Share on other sites

Hello magnolia25, sorry for the dealy.

Let's get right to it then, you may want to print this out.

STEP 1:

Please open HJT and place a check next to the following:

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.iquicksearch.net/search.htm

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm

R3 - Default URLSearchHook is missing

O4 - HKLM\..\Run: [cveqxhxy] C:\WINDOWS\System32\scjsxc.exe

O4 - HKLM\..\Run: [ms2src] c:\program files\common files\system\ms2src.exe /install

O4 - HKCU\..\Run: [Qbtokf] C:\WINDOWS\System32\xoljxnef.exe

Close all open browsers and click on "Fix Checked"

STEP 2:

Please download the Killbox by Option^Explicit.

Note: In the event you already have Killbox, this is a new version that I need you to download.

  • Save it to your desktop.
  • Please double-click Killbox.exe to run it.
  • Select:
    • Delete on Reboot
    • then Click on the All Files button.

    [*]Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    C:\WINDOWS\System32\scjsxc.exe

    c:\program files\common files\system\ms2src.exe

    C:\WINDOWS\System32\xoljxnef.exe

    [*] Return to Killbox, go to the File menu, and choose Paste from Clipboard.

    [*]Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).

If your computer does not restart automatically, please restart it manually.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click here to download and run missingfilesetup.exe. Then try Killbox again.

STEP 3:

I'd like to see an uninstall list.

Open HijackThis, click Config, click Misc Tools

Click "Open Uninstall Manager"

Click "Save List" (generates uninstall_list.txt)

Click Save, copy and paste the results in your next post.

STEP 4:

Please go HERE to run Panda's ActiveScan

  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report

Now please post a new HJT log along with the Panda Activescan log and the uninstall list

Link to post
Share on other sites

I cant delete these 3 files on Killbox-

C:\WINDOWS\System32\scjsxc.exe

c:\program files\common files\system\ms2src.exe

C:\WINDOWS\System32\xoljxnef.exe

msg comes up "PendingFileRenameOperations Registry Data has been Removed by External Process!"

Does this mean I can't finish the fix? :huh:

Oh yeah..and I never saw any "PendingFileRenameOperations prompt" except for this angry one up here and I also downloaded missingfilesetup and no change-

Link to post
Share on other sites
:( I was afraid of that. Please finish the fix without the Killbox part. I'd like to see that Panda log, the uninstall list, and a new HJT log please. Edited by Steamhead
Link to post
Share on other sites

Here's the biz ;)

Logfile of HijackThis v1.99.1

Scan saved at 2:35:42 PM, on 6/14/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\Explorer.EXE

C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe

C:\WINDOWS\BCMSMMSG.exe

C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Java\j2re1.4.2_04\bin\jucheck.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

C:\Program Files\support.com\bin\tgcmd.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Logitech\MouseWare\system\em_exec.exe

C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe

C:\WINDOWS\system32\cisvc.exe

C:\Program Files\ewido anti-malware\ewidoctrl.exe

c:\program files\mcafee.com\agent\mcdetect.exe

c:\PROGRA~1\mcafee.com\agent\mctskshd.exe

C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe

C:\WINDOWS\system32\cidaemon.exe

C:\WINDOWS\system32\cidaemon.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/home.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer presented by Comcast

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\PROGRA~1\mcafee.com\mps\mcbrhlpr.dll

O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe

O4 - HKLM\..\Run: [bCMSMMSG] BCMSMMSG.exe

O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe

O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe

O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\support.com\bin\tgcmd.exe" /server

O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll

O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)

O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)

O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll

O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Program Files\IrfanView\Ebay\Ebay.htm (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab

O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/supergerball/miniclipGameLoader.dll

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://real.gamehouse.com/real/games/SproutLauncher.cab

O16 - DPF: {DA8484DE-52DB-4860-A986-61A8682E298A} (LiveX_v7.0.2.0) - https://www.childrenview.net/rooms/intercoa...hecker_6110.cab

O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe

O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe

O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe

O23 - Service: McAfee.com Personal Firewall Service (MpfService) - McAfee.com Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe

O23 - Service: IntelĀ® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

activescan--

Incident Status Location

Potentially unwanted tool:application/seekmo Not disinfected c:\program files\Seekmo

Adware:adware/cws Not disinfected C:\Documents and Settings\Stephanie\Favorites\Fun & Games

Adware:adware/sidesearch Not disinfected C:\Documents and Settings\Stephanie\Application Data\Lycos

Adware:adware/dyfuca Not disinfected c:\windows\STWSI

Adware:adware/limeshop Not disinfected Windows Registry

Spyware:spyware/dluca Not disinfected Windows Registry

Adware:adware/safesearch Not disinfected Windows Registry

Adware:adware/ncase Not disinfected Windows Registry

Adware:adware/navhelper Not disinfected Windows Registry

Spyware:spyware/apropos Not disinfected Windows Registry

Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Cameron\Cookies\cameron@adrevolver[3].txt

Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Cameron\Cookies\cameron@advertising[1].txt

Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Cameron\Cookies\cameron@apmebf[2].txt

Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Cameron\Cookies\cameron@atdmt[2].txt

Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Cameron\Cookies\cameron@atwola[1].txt

Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\Cameron\Cookies\cameron@azjmp[1].txt

Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Cameron\Cookies\cameron@belnk[1].txt

Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Cameron\Cookies\cameron@bluestreak[1].txt

Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Cameron\Cookies\cameron@casalemedia[2].txt

Spyware:Cookie/Cassava Not disinfected C:\Documents and Settings\Cameron\Cookies\cameron@cassava[1].txt

Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Cameron\Cookies\cameron@cgi-bin[2].txt

Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Cameron\Cookies\[email protected][2].txt

Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Cameron\Cookies\cameron@doubleclick[1].txt

Spyware:Cookie/Entrepreneur Not disinfected C:\Documents and Settings\Cameron\Cookies\cameron@entrepreneur[1].txt

Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Cameron\Cookies\cameron@fastclick[2].txt

Spyware:Cookie/Humanclick Not disinfected C:\Documents and Settings\Cameron\Cookies\[email protected][1].txt

Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Cameron\Cookies\[email protected][2].txt

Spyware:Cookie/AspinallsOnlineCasino Not disinfected C:\Documents and Settings\Cameron\Cookies\cameron@pacificpoker[2].txt

Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Cameron\Cookies\cameron@questionmarket[1].txt

Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Cameron\Cookies\cameron@realmedia[2].txt

Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Cameron\Cookies\cameron@serving-sys[2].txt

Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Cameron\Cookies\cameron@xiti[1].txt

Spyware:Spyware/Dluca Not disinfected C:\Documents and Settings\Cameron\Local Settings\Temp\lf_6C.tmp

Spyware:Spyware/Dluca Not disinfected C:\Documents and Settings\Cameron\Local Settings\Temp\lf_7F0.tmp

Spyware:Spyware/Dluca Not disinfected C:\Documents and Settings\Cameron\Local Settings\Temp\lf_EE8.tmp

Spyware:Spyware/Dluca Not disinfected C:\Documents and Settings\Cameron\Local Settings\Temp\lf_F44.tmp

Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Patricia\Cookies\patricia@adrevolver[2].txt

Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Patricia\Cookies\patricia@atwola[1].txt

Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\Patricia\Cookies\patricia@azjmp[2].txt

Spyware:Cookie/360i Not disinfected C:\Documents and Settings\Patricia\Cookies\[email protected][2].txt

Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Patricia\Cookies\patricia@go[2].txt

Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Patricia\Cookies\patricia@realmedia[1].txt

Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Patricia\Cookies\patricia@target[1].txt

Spyware:Spyware/Dluca Not disinfected C:\Documents and Settings\Patricia\Local Settings\Temp\lf_54C.tmp

Spyware:Spyware/Dluca Not disinfected C:\Documents and Settings\Patricia\Local Settings\Temp\lf_68C.tmp

Spyware:Spyware/Dluca Not disinfected C:\Documents and Settings\Patricia\Local Settings\Temp\lf_7F8.tmp

Uninstall list--

Abacast Client

ABBYY FineReader 5.0 Sprint

Adobe Download Manager 1.2 (Remove Only)

Adobe Photoshop Album 2.0 Starter Edition

Adobe Reader 6.0

AIPTEK PenCam VR Manager

Ares 1.8.1

AT&T WorldNet Setup

BCM V.92 56K Modem

Blaze MediaConvert

Blue's Treasure Hunt

cd1

Coding Workshop Ringtone Converter

ComcastSUPPORT

DAO

Dell AIO Printer A940

Dell Picture Studio - Dell Image Expert

Dell Solution Center

Dell Support

Disney's Winnie the Pooh Toddler

DVDSentry

Easy CD Creator 5 Basic

ewido anti-malware

EZ-ROM Presentation Pro Demo

F.A. Davis's Calculating Drug Dosages

Finding Nemo

Google Toolbar for Internet Explorer

HijackThis 1.99.1

Hot WheelsƂĀ® Stunt Track Driver 2 - GET'N DIRTY

IntelĀ® PRO Ethernet Adapter and Software

IntelĀ® PROSet II

IrfanView (remove only)

Jasc Paint Shop Pro 9

Java 2 Runtime Environment Standard Edition v1.3.1_04

Java 2 Runtime Environment, SE v1.4.2_04

JumpStart PreSchool v1.4

JumpStart Scrapbook

JumpStart Toddlers 2001

Kaplan Question Trainer

Learn2 Player (Uninstall Only)

LimeShop

Logitech Desktop Messenger

Logitech MouseWare 9.79

Logitech Resource Center

Macromedia Flash Player 8

McAfee SecurityCenter

McAfee.com Personal Firewall Plus

McAfee.com Privacy Service

Mickey Mouse Preschool

Microsoft .NET Framework (English)

Microsoft .NET Framework (English) v1.0.3705

Microsoft .NET Framework 1.0 Hotfix (KB886906)

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Hotfix (KB886903)

Microsoft Data Access Components KB870669

Microsoft Encarta Encyclopedia Standard 2003

Microsoft Money 2003

Microsoft Money 2003 System Pack

Microsoft Office PowerPoint Viewer 2003

Microsoft Picture It! Photo 7.0

Microsoft Streets and Trips 2002

Microsoft Windows Journal Viewer

Microsoft Word 2002

Microsoft Works 2003 Setup Launcher

Microsoft Works 7.0

Microsoft Works Suite Add-in for Microsoft Word

Modem Helper

MPlay64

ms2src

MSSoapRuntime

MUSICMATCHƂĀ® Jukebox

NVIDIA Display Driver

NVIDIA Windows 2000/XP Display Drivers

Paint Shop Pro 7

Palace Uninstall

Panda ActiveScan

PCFriendly

Phonics 4 Kids

PowerDVD

QuickTime

Reader Rabbit Preschool

RealArcade

RealPlayer

Registry Mechanic

Sandlot Games Client Services

Security Update for Step By Step Interactive Training (KB898458)

Security Update for Windows Media Player (KB911564)

Security Update for Windows Media Player 10 (KB911565)

Security Update for Windows XP (KB890046)

Security Update for Windows XP (KB893756)

Security Update for Windows XP (KB896358)

Security Update for Windows XP (KB896422)

Security Update for Windows XP (KB896423)

Security Update for Windows XP (KB896424)

Security Update for Windows XP (KB896428)

Security Update for Windows XP (KB899587)

Security Update for Windows XP (KB899591)

Security Update for Windows XP (KB900725)

Security Update for Windows XP (KB901017)

Security Update for Windows XP (KB901214)

Security Update for Windows XP (KB902400)

Security Update for Windows XP (KB904706)

Security Update for Windows XP (KB905414)

Security Update for Windows XP (KB905749)

Security Update for Windows XP (KB905915)

Security Update for Windows XP (KB908519)

Security Update for Windows XP (KB911562)

Security Update for Windows XP (KB911567)

Security Update for Windows XP (KB911927)

Security Update for Windows XP (KB912812)

Security Update for Windows XP (KB912919)

Security Update for Windows XP (KB913446)

Security Update for Windows XP (KB913580)

Seekmo Search Assistant

Shockwave

Sky Racer

Spybot - Search & Destroy 1.4

Stanley Wild for Sharks

Stunt Track Driver

Stylus Studio XML Professional Edition

Tonka Construction 2

TONKA Monster Trucks

TONKA Search & Rescue 2

Update for Windows XP (KB894391)

Update for Windows XP (KB898461)

Update for Windows XP (KB900485)

Update for Windows XP (KB908531)

Update for Windows XP (KB910437)

Viewpoint Media Player

WebSearch Tools

Windows Defender

Windows Defender Signatures

Windows Genuine Advantage v1.3.0254.0

Windows Installer 3.1 (KB893803)

Windows Installer 3.1 (KB893803)

Windows Media Format Runtime

Windows XP Hotfix - KB834707

Windows XP Hotfix - KB867282

Windows XP Hotfix - KB873333

Windows XP Hotfix - KB873339

Windows XP Hotfix - KB885250

Windows XP Hotfix - KB885835

Windows XP Hotfix - KB885836

Windows XP Hotfix - KB885884

Windows XP Hotfix - KB886185

Windows XP Hotfix - KB887472

Windows XP Hotfix - KB887742

Windows XP Hotfix - KB888113

Windows XP Hotfix - KB888302

Windows XP Hotfix - KB890047

Windows XP Hotfix - KB890175

Windows XP Hotfix - KB890859

Windows XP Hotfix - KB890923

Windows XP Hotfix - KB891781

Windows XP Hotfix - KB893066

Windows XP Hotfix - KB893086

Windows XP Service Pack 2

Winnie the Pooh Preschool

Yahoo! Internet Mail

Yahoo! Messenger

Yahoo! Messenger Explorer Bar

Link to post
Share on other sites

Hello magnolia25 :)

Let's get down and dirty shall we? :P

Once again you will want to print this out so you will have it with you at all times.

STEP 1:

Download and install CleanUp!

NOTE: Do NOT run this program if you have XP Professional 64 bit edition. If you're unsure please do not run it!

Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).

Set the program up as follows:

Click "Options..."

Move the arrow down to "Custom CleanUp!"

Put a check next to the following (Make sure nothing else is checked!):

  • Empty Recycle Bins
  • Delete Cookies
  • Delete Prefetch files (if present)
  • Cleanup! All Users

Click OK

Press the CleanUp! button to start the program.

It may ask you to log-off/reboot at the end, if it does please do so.

STEP 2:

It seems that you have or once had Limewire. This comes bundled with malware, and if you still have it is probably how you became infected in the first place. If you still have it I advise you to remove it. Please go to Start > Control Panel > Add/Remove Programs and find LimeShop. Highlight it and click on Change/Remove. Also remove "Seekmo Search Assistant". This is malware.

STEP 3:

We will need to remove some files manually in Safe Mode. Please reboot your computer and continually tap F8 as it is starting up. Select Safe Mode with the arrow keys and press Enter.

We need to view you hidden files and folders. In WIndows Explorer (to get there right-click your Start button and go to "Explore"), click on Tools > Folder Options > click on the View tab > click on "show hidden files and folders". Click apply.

Using Windows Explorer please delete these files (if present):

C:\Documents and Settings\Stephanie\Favorites\Fun & Games

C:\Documents and Settings\Stephanie\Application Data\Lycos

c:\windows\STWSI

C:\WINDOWS\System32\scjsxc.exe

c:\program files\common files\system\ms2src.exe

C:\WINDOWS\System32\xoljxnef.exe

and folders

c:\program files\Seekmo

After that, Reboot.

STEP 4:

Please run a new Panda Activescan and a new Ewido scan. Post those logs and a new HJT log. How's your computer running?

Link to post
Share on other sites

here's my homework-Steamhead :D

Logfile of HijackThis v1.99.1

Scan saved at 5:39:56 PM, on 6/24/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\system32\cisvc.exe

C:\Program Files\ewido anti-malware\ewidoctrl.exe

c:\program files\mcafee.com\agent\mcdetect.exe

c:\PROGRA~1\mcafee.com\agent\mctskshd.exe

C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

C:\WINDOWS\BCMSMMSG.exe

C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Logitech\MouseWare\system\em_exec.exe

C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe

C:\WINDOWS\system32\wuauclt.exe

C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/home.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer presented by Comcast

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\PROGRA~1\mcafee.com\mps\mcbrhlpr.dll

O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [bCMSMMSG] BCMSMMSG.exe

O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe

O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe

O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)

O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)

O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll

O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Program Files\IrfanView\Ebay\Ebay.htm (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab

O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/supergerball/miniclipGameLoader.dll

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://real.gamehouse.com/real/games/SproutLauncher.cab

O16 - DPF: {DA8484DE-52DB-4860-A986-61A8682E298A} (LiveX_v7.0.2.0) - https://www.childrenview.net/rooms/intercoa...hecker_6110.cab

O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe

O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe

O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe

O23 - Service: McAfee.com Personal Firewall Service (MpfService) - McAfee.com Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe

O23 - Service: IntelĀ® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

---------------------------------------------------------

ewido anti-malware - Scan report

---------------------------------------------------------

+ Created on: 11:20:54 PM, 6/23/2006

+ Report-Checksum: 374AF8A6

+ Scan result:

C:\Documents and Settings\Cameron\Cookies\cameron@advertising[1].txt -> TrackingCookie.Advertising : Cleaned with backup

C:\Documents and Settings\Cameron\Cookies\[email protected][2].txt -> TrackingCookie.Casalemedia : Cleaned with backup

C:\Documents and Settings\Cameron\Cookies\cameron@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup

C:\Documents and Settings\Cameron\Cookies\cameron@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned with backup

C:\Documents and Settings\Cameron\Cookies\cameron@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup

C:\Documents and Settings\Cameron\Cookies\cameron@fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned with backup

C:\Documents and Settings\Cameron\Cookies\[email protected][2].txt -> TrackingCookie.Fastclick : Cleaned with backup

C:\Documents and Settings\Cameron\Cookies\cameron@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned with backup

C:\Documents and Settings\Cameron\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup

C:\Documents and Settings\Cameron\Cookies\cameron@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned with backup

C:\Documents and Settings\Patricia\Cookies\patricia@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup

C:\Documents and Settings\Stephanie\Cookies\stephanie@247realmedia[1].txt -> TrackingCookie.247realmedia : Cleaned with backup

C:\Documents and Settings\Stephanie\Cookies\stephanie@2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup

C:\Documents and Settings\Stephanie\Cookies\[email protected][2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup

C:\Documents and Settings\Stephanie\Cookies\[email protected][1].txt -> TrackingCookie.Addynamix : Cleaned with backup

C:\Documents and Settings\Stephanie\Cookies\[email protected][2].txt -> TrackingCookie.Pointroll : Cleaned with backup

C:\Documents and Settings\Stephanie\Cookies\[email protected][1].txt -> TrackingCookie.Falkag : Cleaned with backup

C:\Documents and Settings\Stephanie\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup

C:\Documents and Settings\Stephanie\Cookies\stephanie@overture[1].txt -> TrackingCookie.Overture : Cleaned with backup

C:\Documents and Settings\Stephanie\Cookies\[email protected][1].txt -> TrackingCookie.Overture : Cleaned with backup

C:\Documents and Settings\Stephanie\Cookies\stephanie@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned with backup

C:\Documents and Settings\Stephanie\Cookies\stephanie@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned with backup

C:\Documents and Settings\Stephanie\Cookies\stephanie@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup

C:\Documents and Settings\Stephanie\Cookies\stephanie@trafficmp[2].txt -> TrackingCookie.Trafficmp : Cleaned with backup

C:\Documents and Settings\Stephanie\Cookies\stephanie@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned with backup

C:\Documents and Settings\Stephanie\Cookies\[email protected][1].txt -> TrackingCookie.Realtracker : Cleaned with backup

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP689\A0074061.exe -> Adware.Trymedia : Cleaned with backup

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP689\A0074062.exe -> Adware.Trymedia : Cleaned with backup

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP689\A0074063.dll -> Adware.Aws : Cleaned with backup

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP689\A0074064.exe -> Downloader.Agent.wp : Cleaned with backup

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP689\A0074065.exe -> Adware.180Solutions : Cleaned with backup

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP689\A0074066.dll -> Adware.Zango : Cleaned with backup

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP689\A0074113.exe -> Downloader.Dluca.ci : Cleaned with backup

::Report End

Incident Status Location

Adware:adware/cws Not disinfected C:\Documents and Settings\Stephanie\Favorites\Going Places

Adware:adware/limeshop Not disinfected Windows Registry

Spyware:spyware/dluca Not disinfected Windows Registry

Potentially unwanted tool:application/seekmo Not disinfected hkey_current_user\software\seekmo

Adware:adware/safesearch Not disinfected Windows Registry

Adware:adware/ncase Not disinfected Windows Registry

Adware:adware/navhelper Not disinfected Windows Registry

Spyware:spyware/apropos Not disinfected Windows Registry

Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Cameron\Cookies\cameron@advertising[1].txt

Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Cameron\Cookies\cameron@atdmt[2].txt

Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Cameron\Cookies\cameron@belnk[1].txt

Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Cameron\Cookies\cameron@casalemedia[1].txt

Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Cameron\Cookies\cameron@cgi-bin[1].txt

Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Cameron\Cookies\[email protected][2].txt

Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Cameron\Cookies\cameron@doubleclick[1].txt

Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Cameron\Cookies\cameron@fastclick[1].txt

Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Cameron\Cookies\[email protected][2].txt

Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Cameron\Cookies\cameron@mediaplex[1].txt

Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Cameron\Cookies\cameron@serving-sys[2].txt

Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Patricia\Cookies\patricia@doubleclick[1].txt

Adware:Adware/CWS Not disinfected C:\Documents and Settings\Stephanie\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\SecurityClassLoader.class-7c728-1c6288ef.class

Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Stephanie\Cookies\stephanie@247realmedia[1].txt

Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Stephanie\Cookies\stephanie@2o7[1].txt

Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Stephanie\Cookies\[email protected][2].txt

Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Stephanie\Cookies\[email protected][2].txt

Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Stephanie\Cookies\stephanie@apmebf[1].txt

Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Stephanie\Cookies\[email protected][1].txt

Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Stephanie\Cookies\stephanie@go[2].txt

Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Stephanie\Cookies\stephanie@overture[1].txt

Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Stephanie\Cookies\[email protected][1].txt

Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Stephanie\Cookies\stephanie@questionmarket[2].txt

Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Stephanie\Cookies\stephanie@realmedia[1].txt

Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Stephanie\Cookies\stephanie@serving-sys[2].txt

Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Stephanie\Cookies\stephanie@trafficmp[2].txt

Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Stephanie\Cookies\stephanie@tribalfusion[2].txt

Adware:Adware/Exact.BargainBuddy Not disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\106D6BE6-E8A3-44AE-A97F-1FA756\24B86B79-F0FE-4ECF-A5E0-CFF667

Adware:Adware/Exact.BargainBuddy Not disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\106D6BE6-E8A3-44AE-A97F-1FA756\BFCDFE5A-D81D-4927-A27C-6511C5

Spyware:Spyware/Apropos Not disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\ABF2AC78-66AC-4A90-A377-562B58\06654036-9F76-47F8-9B3D-85A507

Spyware:Spyware/Apropos Not disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\ABF2AC78-66AC-4A90-A377-562B58\9D5AE127-F8C9-4B9B-8D17-F7160F

Adware:Adware/SAHAgent Not disinfected C:\WINDOWS\prlltpvg.exe

Spyware:Spyware/Dluca Not disinfected C:\WINDOWS\SYSTEM32\cd1.exe

Link to post
Share on other sites

Please download ATF Cleaner by Atribune.

This program is for XP and Windows 2000 only

  • Double-click ATF-Cleaner.exe to run the program.
    Under Main choose: Select All
    Click the Empty Selected button.

If you use Firefox browser

  • Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

  • Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

For Technical Support, double-click the e-mail address located at the bottom of each menu.

Now let's see one more Ewido log and one more Panda log. This should be the last ones! :thumbsup:

Thank you.

Link to post
Share on other sites
  • 2 weeks later...
  • 3 weeks later...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...