WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93101 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Please help this PC!

Started by homer5ive , Feb 26 2006 09:01 PM

This topic is locked

55 replies to this topic

#1 homer5ive

Authentic Member

Authentic Member
69 posts

Posted 26 February 2006 - 09:01 PM

Logfile of HijackThis v1.99.1
Scan saved at 7:55:03 PM, on 2/26/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\AlfaCleaner\AlfaCleaner.exe
C:\Documents and Settings\Administrator\My Documents\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drs...esearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drs...esearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drs...esearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
F2 - REG:system.ini: Shell=Explorer.exe
O2 - BHO: Band Class - {00F1D395-4744-40f0-A611-980F61AE2C59} - C:\WINDOWS\dsr.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: BestOffers Shopping BHO - {F5DE8ADB-4A69-4e56-96AB-823171C8E9D8} - C:\Program Files\TBONAS\TBONlchr.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: BestOffers Shopping v1.20 - {7FD44536-9DF0-4034-939F-5BD4D98E3187} - C:\Program Files\TBONAS\TBONlchr.dll
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1125961603\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [links] links.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Dinst] C:\WINDOWS\dinst.exe
O4 - HKLM\..\Run: [intell321.exe] C:\WINDOWS\system32\intell321.exe
O4 - HKLM\..\Run: [xdxfum] C:\WINDOWS\system32\zwzvusg.exe r
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [AdwareAlert] C:\Program Files\AdwareAlert\AdwareAlert.Exe -boot
O4 - HKLM\..\Run: [AlfaCleaner] C:\Program Files\AlfaCleaner\AlfaCleaner.exe
O4 - HKLM\..\RunOnce: [Pest Cleaning] "C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\ppclean.exe" "clean" "silent" "abetterinternet.aurora" "2"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01111F00-3E00-11D2-8470-0060089874ED} (Support.com Installer) - http://supportsoft.a...ad/tgctlins.cab
O16 - DPF: {04CCFF26-7D52-4E42-BF6A-F8ECE0896EB7} - http://scripts.downl...ESS_1071_XP.cab
O16 - DPF: {0D1011B3-89C8-4F8E-8693-BB970E2E81E0} - http://scripts.downl...9_ASPIV4_XP.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} (CInstall Class) - http://www.spywarest...es2/Install.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg...v45/yacscom.cab
O16 - DPF: {3DAD912E-D2B9-4323-B7C9-7F2C5CC0C57B} - http://scripts.downl...ESS_1070_XP.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {78F584DF-BBF5-4296-839C-31DE60914DBC} - http://scripts.downl...1_ASPIV4_XP.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {95460ABD-946A-46FF-9F56-268718323EEE} - http://scripts.downl...ESS_1068_XP.cab
O16 - DPF: {B2B0AEDF-7CDF-4792-BB67-7654AD1E1B13} - http://scripts.downl...svc32_EN_XP.cab
O16 - DPF: {BA749BC1-143E-430D-B1DA-1D2AF67A3658} - http://scripts.downl...ESS_1069_XP.cab
O16 - DPF: {D27CDB6E-AE6A-11CF-96B8-444553540000} - http://hometown.aol....age/ProfR1G.exe
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AlfaCleanerService - AlfaCleaner.com - C:\Program Files\AlfaCleaner\ACServer.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (file missing)
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Advertisements

Register to Remove

#2 LDTate

Grand Poobah

Root Admin
57,211 posts

Posted 01 March 2006 - 06:21 PM

Hello homer5ive, Welcome to the forum.

This is what I suggest you do.

Please do not delete anything unless instructed to.

Double-click My Computer.
Click the Tools menu, and then click Folder Options.
Click the View tab.
Clear "Hide file extensions for known file types."
Under the "Hidden files" folder, select "Show hidden files and folders."
Clear "Hide protected operating system files."
Click Apply, and then click OK.

Even if you've already run these, make SURE they're up-to-date and run per instructions.

Make sure you have the up-to-date versions of Spybot V 1.4 and Ad-aware SE Build 1.06 . All are free and available below.

Download Spybot, install and update. Then download Ad-aware, install, and update.

Spybot:

Install the program and launch it.

Go to Start > Programs >Spybot > Search & Destroy and choose Spybot S&D

Close ALL windows except Spybot S&D
Click the button to "Search for Updates" and download and install the Updates.
Next click the button "Check for Problems"
When Spybot is complete, it will be showing "RED" (RED) entries "BLACK" entries and "GREEN" (GREEN) entries in the window
Put a check mark beside the RED (RED) entries ONLY.
Choose "Fix Selected Problems" and allow Spybot to fix the RED (RED) entries.

Ad-Aware FULL SCAN:

Install the program and launch it.

1. Launch Ad-Aware SE and run the WebUpdate feature. (Click on the Globe icon > Click connect > Click OK > Click Finish.)
2. Set up the Configurations as follows:
-- Click the Gear wheel at the top of the Ad-Aware window
-- Click General > Safety & Settings: Check (Green) all three.
-- Click Tweak > Cleaning Engine > UNcheck "Always try to unload modules before deletion".
3. Click "Proceed"
4. Click "Scan Now"
5. Deselect "Search for negligible risk entries" as negligible risk entries (MRU's) are not considered to be a threat.
6. Select "Search for low-risk threats"
7. Run the scanner using the Full Scan (Perform full system scan) mode.
8. When the scan has completed, select Next.
9. In the Scanning Results window, select the "Scan Summary" tab.
10. Check the box next to each "target family" you wish to remove.
11. Click next > Click OK.

Next:

Please download the trial version of ewido anti-malware 3.5 here:
http://www.ewido.net/en/download/
Install it, and update the definitions to the newest files. Do NOT run a scan yet.

Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.

Then please run Ewido, click on the Scanner run a full scan and let it clean everything it finds. Save the logfile from the scan.

Restart your computer in normal mode and please post a new HijackThis log, as well as the log from the Ewido scan.

Also please describe how your computer behaves at the moment.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

If you would like to for the help you received.

Proud graduate of TC/WTT Classroom

#3 homer5ive

Authentic Member

Authentic Member
69 posts

Posted 01 March 2006 - 08:55 PM

Im not sure if this matters bit I cant use internet explorer unless im in safe mode. Im currently trying to fix that. Ill report back after ive done everything youve saidf to do.

#4 LDTate

Grand Poobah

Root Admin
57,211 posts

Posted 01 March 2006 - 09:01 PM

Delete these files and see if you can now work in Normal Mode.
links.exe
C:\WINDOWS\dinst.exe
C:\WINDOWS\system32\intell321.exe
C:\WINDOWS\system32\zwzvusg.exe

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

If you would like to for the help you received.

Proud graduate of TC/WTT Classroom

#5 homer5ive

Authentic Member

Authentic Member
69 posts

Posted 01 March 2006 - 11:07 PM

Sorry I couldnt respond right away. The forum was down for about an hour or so. I removed dinst.exe, but when I searched for the others, they didnt exist. Please explain how I can remove those. Thanks alot for helping me too.

#6 homer5ive

Authentic Member

Authentic Member
69 posts

Posted 02 March 2006 - 12:13 AM

Heres the HJT log...and just so you know this is all from Safe mode.

Logfile of HijackThis v1.99.1
Scan saved at 11:02:43 PM, on 3/1/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\xzbilv.exe
C:\Documents and Settings\Administrator\My Documents\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: Band Class - {00F1D395-4744-40f0-A611-980F61AE2C59} - C:\WINDOWS\dsr.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: BestOffers Shopping BHO - {F5DE8ADB-4A69-4e56-96AB-823171C8E9D8} - C:\Program Files\TBONAS\TBONlchr.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: BestOffers Shopping v1.20 - {7FD44536-9DF0-4034-939F-5BD4D98E3187} - C:\Program Files\TBONAS\TBONlchr.dll
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1125961603\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [AdwareAlert] C:\Program Files\AdwareAlert\AdwareAlert.Exe -boot
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [Dinst] C:\WINDOWS\dinst.exe
O4 - HKLM\..\Run: [xfgopm] C:\WINDOWS\system32\xzbilv.exe r
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AOL Fast Start] "C:\PROGRA~1\AMERIC~1.0B\AOL.EXE" -b
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - blank (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - blank (file missing)
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01111F00-3E00-11D2-8470-0060089874ED} (Support.com Installer) - http://supportsoft.a...ad/tgctlins.cab
O16 - DPF: {04CCFF26-7D52-4E42-BF6A-F8ECE0896EB7} - http://scripts.downl...ESS_1071_XP.cab
O16 - DPF: {0D1011B3-89C8-4F8E-8693-BB970E2E81E0} - http://scripts.downl...9_ASPIV4_XP.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg...v45/yacscom.cab
O16 - DPF: {3DAD912E-D2B9-4323-B7C9-7F2C5CC0C57B} - http://scripts.downl...ESS_1070_XP.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1141082259640
O16 - DPF: {78F584DF-BBF5-4296-839C-31DE60914DBC} - http://scripts.downl...1_ASPIV4_XP.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {95460ABD-946A-46FF-9F56-268718323EEE} - http://scripts.downl...ESS_1068_XP.cab
O16 - DPF: {B2B0AEDF-7CDF-4792-BB67-7654AD1E1B13} - http://scripts.downl...svc32_EN_XP.cab
O16 - DPF: {BA749BC1-143E-430D-B1DA-1D2AF67A3658} - http://scripts.downl...ESS_1069_XP.cab
O16 - DPF: {D27CDB6E-AE6A-11CF-96B8-444553540000} - http://hometown.aol....age/ProfR1G.exe
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Heres the Ewido Log

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 10:51:02 PM, 3/1/2006
+ Report-Checksum: A1C7A3D8

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{00F1D395-4744-40f0-A611-980F61AE2C59} -> Adware.DrSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{7FD44536-9DF0-4034-939F-5BD4D98E3187} -> Adware.Generic : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{F5DE8ADB-4A69-4e56-96AB-823171C8E9D8} -> Adware.Generic : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Adware.WebRebates : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{7FD44536-9DF0-4034-939F-5BD4D98E3187} -> Adware.Generic : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00F1D395-4744-40f0-A611-980F61AE2C59} -> Adware.DrSearch : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F5DE8ADB-4A69-4e56-96AB-823171C8E9D8} -> Adware.Generic : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bsto-1 -> Adware.BetterInternet : Cleaned with backup
HKLM\SYSTEM\CurrentControlSet\Services\SvcProc -> Adware.BetterInternet : Cleaned with backup
HKLM\SYSTEM\CurrentControlSet\Services\SvcProc\Security -> Adware.BetterInternet : Cleaned with backup
HKLM\SYSTEM\CurrentControlSet\Services\SvcProc\Enum -> Adware.BetterInternet : Cleaned with backup
HKU\S-1-5-21-2615556472-216287293-1840762581-500\Software\aurora -> Adware.BetterInternet : Cleaned with backup
[1692] C:\WINDOWS\system32\qbgmkyi.exe -> Trojan.Agent.ay : Cleaned with backup
:mozilla.16:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dn8jqan9.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.18:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dn8jqan9.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.20:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dn8jqan9.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.29:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dn8jqan9.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.30:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dn8jqan9.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.31:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dn8jqan9.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.32:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dn8jqan9.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.33:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dn8jqan9.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.34:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dn8jqan9.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.35:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dn8jqan9.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.36:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dn8jqan9.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.37:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dn8jqan9.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.38:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dn8jqan9.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.40:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dn8jqan9.default\cookies.txt -> TrackingCookie.Clickbank : Cleaned with backup
:mozilla.46:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dn8jqan9.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.50:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dn8jqan9.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.54:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dn8jqan9.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.61:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dn8jqan9.default\cookies.txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@bestoffersnetworks[1].txt -> TrackingCookie.Bestoffersnetworks : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@cliks[2].txt -> TrackingCookie.Cliks : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@microsofteup.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\Quarantine\20060118173047.zip/WINDOWS/Nail.exe -> Adware.BetterInternet : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\Quarantine\20060120185702.zip/WINDOWS/Nail.exe -> Adware.BetterInternet : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\Quarantine\20060226143116.zip/WINDOWS/Nail.exe -> Adware.BetterInternet : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\Quarantine\20060226144401.zip/WINDOWS/Nail.exe -> Adware.BetterInternet : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\Quarantine\20060226145807.zip/WINDOWS/Nail.exe -> Adware.BetterInternet : Cleaned with backup
:mozilla.6:C:\Documents and Settings\Rachel Snow\Application Data\Mozilla\Firefox\Profiles\pgkydevs.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.10:C:\Documents and Settings\Rachel Snow\Application Data\Mozilla\Firefox\Profiles\pgkydevs.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.11:C:\Documents and Settings\Rachel Snow\Application Data\Mozilla\Firefox\Profiles\pgkydevs.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.12:C:\Documents and Settings\Rachel Snow\Application Data\Mozilla\Firefox\Profiles\pgkydevs.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.13:C:\Documents and Settings\Rachel Snow\Application Data\Mozilla\Firefox\Profiles\pgkydevs.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.14:C:\Documents and Settings\Rachel Snow\Application Data\Mozilla\Firefox\Profiles\pgkydevs.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.15:C:\Documents and Settings\Rachel Snow\Application Data\Mozilla\Firefox\Profiles\pgkydevs.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.16:C:\Documents and Settings\Rachel Snow\Application Data\Mozilla\Firefox\Profiles\pgkydevs.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.17:C:\Documents and Settings\Rachel Snow\Application Data\Mozilla\Firefox\Profiles\pgkydevs.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.19:C:\Documents and Settings\Rachel Snow\Application Data\Mozilla\Firefox\Profiles\pgkydevs.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.20:C:\Documents and Settings\Rachel Snow\Application Data\Mozilla\Firefox\Profiles\pgkydevs.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.23:C:\Documents and Settings\Rachel Snow\Application Data\Mozilla\Firefox\Profiles\pgkydevs.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.24:C:\Documents and Settings\Rachel Snow\Application Data\Mozilla\Firefox\Profiles\pgkydevs.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.33:C:\Documents and Settings\Rachel Snow\Application Data\Mozilla\Firefox\Profiles\pgkydevs.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.34:C:\Documents and Settings\Rachel Snow\Application Data\Mozilla\Firefox\Profiles\pgkydevs.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.40:C:\Documents and Settings\Rachel Snow\Application Data\Mozilla\Firefox\Profiles\pgkydevs.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.41:C:\Documents and Settings\Rachel Snow\Application Data\Mozilla\Firefox\Profiles\pgkydevs.default\cookies.txt -> TrackingCookie.Clickbank : Cleaned with backup
:mozilla.42:C:\Documents and Settings\Rachel Snow\Application Data\Mozilla\Firefox\Profiles\pgkydevs.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.45:C:\Documents and Settings\Rachel Snow\Application Data\Mozilla\Firefox\Profiles\pgkydevs.default\cookies.txt -> TrackingCookie.Linksynergy : Cleaned with backup
:mozilla.46:C:\Documents and Settings\Rachel Snow\Application Data\Mozilla\Firefox\Profiles\pgkydevs.default\cookies.txt -> TrackingCookie.Linksynergy : Cleaned with backup
:mozilla.47:C:\Documents and Settings\Rachel Snow\Application Data\Mozilla\Firefox\Profiles\pgkydevs.default\cookies.txt -> TrackingCookie.Linksynergy : Cleaned with backup
:mozilla.48:C:\Documents and Settings\Rachel Snow\Application Data\Mozilla\Firefox\Profiles\pgkydevs.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.53:C:\Documents and Settings\Rachel Snow\Application Data\Mozilla\Firefox\Profiles\pgkydevs.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.66:C:\Documents and Settings\Rachel Snow\Application Data\Mozilla\Firefox\Profiles\pgkydevs.default\cookies.txt -> TrackingCookie.Coremetrics : Cleaned with backup
:mozilla.76:C:\Documents and Settings\Rachel Snow\Application Data\Mozilla\Firefox\Profiles\pgkydevs.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.92:C:\Documents and Settings\Rachel Snow\Application Data\Mozilla\Firefox\Profiles\pgkydevs.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.93:C:\Documents and Settings\Rachel Snow\Application Data\Mozilla\Firefox\Profiles\pgkydevs.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.94:C:\Documents and Settings\Rachel Snow\Application Data\Mozilla\Firefox\Profiles\pgkydevs.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.95:C:\Documents and Settings\Rachel Snow\Application Data\Mozilla\Firefox\Profiles\pgkydevs.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.96:C:\Documents and Settings\Rachel Snow\Application Data\Mozilla\Firefox\Profiles\pgkydevs.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.97:C:\Documents and Settings\Rachel Snow\Application Data\Mozilla\Firefox\Profiles\pgkydevs.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.98:C:\Documents and Settings\Rachel Snow\Application Data\Mozilla\Firefox\Profiles\pgkydevs.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.99:C:\Documents and Settings\Rachel Snow\Application Data\Mozilla\Firefox\Profiles\pgkydevs.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.101:C:\Documents and Settings\Rachel Snow\Application Data\Mozilla\Firefox\Profiles\pgkydevs.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.102:C:\Documents and Settings\Rachel Snow\Application Data\Mozilla\Firefox\Profiles\pgkydevs.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.104:C:\Documents and Settings\Rachel Snow\Application Data\Mozilla\Firefox\Profiles\pgkydevs.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.106:C:\Documents and Settings\Rachel Snow\Application Data\Mozilla\Firefox\Profiles\pgkydevs.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.107:C:\Documents and Settings\Rachel Snow\Application Data\Mozilla\Firefox\Profiles\pgkydevs.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.108:C:\Documents and Settings\Rachel Snow\Application Data\Mozilla\Firefox\Profiles\pgkydevs.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.109:C:\Documents and Settings\Rachel Snow\Application Data\Mozilla\Firefox\Profiles\pgkydevs.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.114:C:\Documents and Settings\Rachel Snow\Application Data\Mozilla\Firefox\Profiles\pgkydevs.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.131:C:\Documents and Settings\Rachel Snow\Application Data\Mozilla\Firefox\Profiles\pgkydevs.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.133:C:\Documents and Settings\Rachel Snow\Application Data\Mozilla\Firefox\Profiles\pgkydevs.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.151:C:\Documents and Settings\Rachel Snow\Application Data\Mozilla\Firefox\Profiles\pgkydevs.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.153:C:\Documents and Settings\Rachel Snow\Application Data\Mozilla\Firefox\Profiles\pgkydevs.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.154:C:\Documents and Settings\Rachel Snow\Application Data\Mozilla\Firefox\Profiles\pgkydevs.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.155:C:\Documents and Settings\Rachel Snow\Application Data\Mozilla\Firefox\Profiles\pgkydevs.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.156:C:\Documents and Settings\Rachel Snow\Application Data\Mozilla\Firefox\Profiles\pgkydevs.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.157:C:\Documents and Settings\Rachel Snow\Application Data\Mozilla\Firefox\Profiles\pgkydevs.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.159:C:\Documents and Settings\Rachel Snow\Application Data\Mozilla\Firefox\Profiles\pgkydevs.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup
:mozilla.175:C:\Documents and Settings\Rachel Snow\Application Data\Mozilla\Firefox\Profiles\pgkydevs.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.176:C:\Documents and Settings\Rachel Snow\Application Data\Mozilla\Firefox\Profiles\pgkydevs.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.186:C:\Documents and Settings\Rachel Snow\Application Data\Mozilla\Firefox\Profiles\pgkydevs.default\cookies.txt -> TrackingCookie.Bfast : Cleaned with backup
:mozilla.187:C:\Documents and Settings\Rachel Snow\Application Data\Mozilla\Firefox\Profiles\pgkydevs.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup
:mozilla.188:C:\Documents and Settings\Rachel Snow\Application Data\Mozilla\Firefox\Profiles\pgkydevs.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup
:mozilla.195:C:\Documents and Settings\Rachel Snow\Application Data\Mozilla\Firefox\Profiles\pgkydevs.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.196:C:\Documents and Settings\Rachel Snow\Application Data\Mozilla\Firefox\Profiles\pgkydevs.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.200:C:\Documents and Settings\Rachel Snow\Application Data\Mozilla\Firefox\Profiles\pgkydevs.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.220:C:\Documents and Settings\Rachel Snow\Application Data\Mozilla\Firefox\Profiles\pgkydevs.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned with backup
:mozilla.221:C:\Documents and Settings\Rachel Snow\Application Data\Mozilla\Firefox\Profiles\pgkydevs.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned with backup
:mozilla.226:C:\Documents and Settings\Rachel Snow\Application Data\Mozilla\Firefox\Profiles\pgkydevs.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup
:mozilla.231:C:\Documents and Settings\Rachel Snow\Application Data\Mozilla\Firefox\Profiles\pgkydevs.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.235:C:\Documents and Settings\Rachel Snow\Application Data\Mozilla\Firefox\Profiles\pgkydevs.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.236:C:\Documents and Settings\Rachel Snow\Application Data\Mozilla\Firefox\Profiles\pgkydevs.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.238:C:\Documents and Settings\Rachel Snow\Application Data\Mozilla\Firefox\Profiles\pgkydevs.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.258:C:\Documents and Settings\Rachel Snow\Application Data\Mozilla\Firefox\Profiles\pgkydevs.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.260:C:\Documents and Settings\Rachel Snow\Application Data\Mozilla\Firefox\Profiles\pgkydevs.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.261:C:\Documents and Settings\Rachel Snow\Application Data\Mozilla\Firefox\Profiles\pgkydevs.default\cookies.txt -> TrackingCookie.Matchcraft : Cleaned with backup
:mozilla.262:C:\Documents and Settings\Rachel Snow\Application Data\Mozilla\Firefox\Profiles\pgkydevs.default\cookies.txt -> TrackingCookie.Matchcraft : Cleaned with backup
:mozilla.263:C:\Documents and Settings\Rachel Snow\Application Data\Mozilla\Firefox\Profiles\pgkydevs.default\cookies.txt -> TrackingCookie.Matchcraft : Cleaned with backup
C:\Documents and Settings\Rachel Snow\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\omfg.class-1540eca1-384394e2.class -> Downloader.OpenStream.y : Cleaned with backup
C:\Documents and Settings\Rachel Snow\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\omfg.class-486c9904-615c708d.class -> Downloader.OpenStream.y : Cleaned with backup
C:\Documents and Settings\Rachel Snow\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-13e2130d-6f769311.zip/Gagaga.class -> Dropper.Beyond.g : Cleaned with backup
C:\Documents and Settings\Rachel Snow\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-13e2130d-6f769311.zip/Vbagx.class -> Not-A-Virus.Exploit.Java.Bytverify : Cleaned with backup
C:\Documents and Settings\Rachel Snow\Cookies\rachel snow@abetterinternet[1].txt -> TrackingCookie.Abetterinternet : Cleaned with backup
C:\Documents and Settings\Rachel Snow\Cookies\rachel snow@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Rachel Snow\Cookies\rachel snow@adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned with backup
C:\Documents and Settings\Rachel Snow\Cookies\rachel snow@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : Cleaned with backup
C:\Documents and Settings\Rachel Snow\Cookies\rachel snow@adopt.specificclick[1].txt -> TrackingCookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Rachel Snow\Cookies\rachel snow@bestoffersnetworks[2].txt -> TrackingCookie.Bestoffersnetworks : Cleaned with backup
C:\Documents and Settings\Rachel Snow\Cookies\rachel snow@cliks[2].txt -> TrackingCookie.Cliks : Cleaned with backup
C:\Documents and Settings\Rachel Snow\Cookies\rachel snow@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Cleaned with backup
C:\Documents and Settings\Rachel Snow\Cookies\rachel snow@cz11.clickzs[1].txt -> TrackingCookie.Clickzs : Cleaned with backup
C:\Documents and Settings\Rachel Snow\Cookies\rachel snow@data4.perf.overture[2].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\Rachel Snow\Cookies\rachel snow@goldenpalace[2].txt -> TrackingCookie.Goldenpalace : Cleaned with backup
C:\Documents and Settings\Rachel Snow\Cookies\rachel snow@h.starware[1].txt -> TrackingCookie.Starware : Cleaned with backup
C:\Documents and Settings\Rachel Snow\Cookies\rachel snow@microsofteup.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Rachel Snow\Cookies\rachel snow@paypopup[1].txt -> TrackingCookie.Paypopup : Cleaned with backup
C:\Documents and Settings\Rachel Snow\Cookies\rachel snow@rotator.dex.adjuggler[2].txt -> TrackingCookie.Adjuggler : Cleaned with backup
C:\Documents and Settings\Rachel Snow\Cookies\rachel snow@shop.bestoffersnetworks[1].txt -> TrackingCookie.Bestoffersnetworks : Cleaned with backup
C:\Documents and Settings\Rachel Snow\Cookies\rachel snow@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Cleaned with backup
C:\Documents and Settings\Rachel Snow\Cookies\rachel snow@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup
C:\Documents and Settings\Rachel Snow\Cookies\rachel snow@thunderbolt.adjuggler[1].txt -> TrackingCookie.Adjuggler : Cleaned with backup
C:\Documents and Settings\Rachel Snow\Local Settings\Temp\ICD1.tmp\UWAS6_0001_N57M1312NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.b : Cleaned with backup
C:\Documents and Settings\Rachel Snow\Local Settings\Temporary Internet Files\Content.IE5\ST6J8TE3\EGDACCESS_1067_XP[1].cab/EGDACCESS_1067.dll -> Dialer.InstantAccess.f : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\AE33D2C8-915F-412C-80D9-7B3D23\6B522F40-E028-4FCF-BB9B-3221F8 -> Adware.Comet : Cleaned with backup
C:\Program Files\TBONAS\TBONlchr.dll -> Adware.ActivShopper : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP634\A0031447.dll -> Adware.NaviPromo : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP634\A0032447.dll -> Adware.NaviPromo : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP635\A0032532.dll -> Adware.NaviPromo : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP636\A0032560.dll -> Dialer.InstantAccess.f : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP636\A0032563.dll -> Dialer.InstantAccess.f : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP636\A0032598.dll -> Adware.NaviPromo : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP638\A0032676.dll -> Dialer.InstantAccess.f : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP641\A0032756.dll -> Adware.NaviPromo : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP643\A0032818.dll -> Dialer.InstantAccess.f : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP643\A0032819.dll -> Dialer.InstantAccess.f : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP645\A0033119.dll -> Adware.NaviPromo : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP647\A0033213.dll -> Dialer.InstantAccess.f : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP651\A0033367.dll -> Adware.NaviPromo : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP652\A0033439.dll -> Dialer.InstantAccess.f : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP653\A0033470.dll -> Dialer.InstantAccess.f : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP656\A0033531.dll -> Dialer.InstantAccess.f : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP656\A0033532.dll -> Dialer.InstantAccess.f : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP656\A0033533.dll -> Dialer.InstantAccess.f : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP665\A0033813.dll -> Adware.NaviPromo : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP666\A0033887.dll -> Adware.NaviPromo : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP670\A0034042.dll -> Adware.NaviPromo : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP673\A0034125.dll -> Adware.NaviPromo : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP676\A0034252.dll -> Adware.NaviPromo : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP677\A0034290.dll -> Dialer.InstantAccess.f : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP677\A0034291.dll -> Dialer.InstantAccess.f : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP705\A0035177.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP705\A0035181.dll -> Adware.NaviPromo : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP705\A0035213.dll -> Adware.NaviPromo : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP705\A0035352.dll -> Adware.NaviPromo : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP705\A0035429.dll -> Adware.NaviPromo : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP705\A0035451.exe -> Trojan.Stervis.e : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP705\A0035461.dll -> Adware.NaviPromo : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP705\A0035495.dll -> Adware.NaviPromo : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP705\A0035516.dll -> Adware.NaviPromo : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP706\A0035546.dll -> Adware.NaviPromo : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP706\A0035575.dll -> Adware.NaviPromo : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP706\A0035586.exe -> Trojan.Stervis.e : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP707\A0035598.exe -> Trojan.Stervis.e : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP707\A0035711.dll -> Adware.ActivShopper : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP707\A0035715.dll -> Adware.NaviPromo : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP707\A0035719.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP707\A0035723.dll -> Adware.NaviPromo : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP708\A0035756.dll -> Adware.NaviPromo : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP708\A0035779.exe -> Trojan.Stervis.e : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP708\A0035789.dll -> Adware.NaviPromo : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP708\A0035806.dll -> Adware.NaviPromo : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP708\A0035817.exe -> Trojan.Stervis.e : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP708\A0035836.dll -> Adware.NaviPromo : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP708\A0035852.dll -> Adware.NaviPromo : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP708\A0035863.exe -> Trojan.Stervis.e : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP709\A0035899.dll -> Adware.NaviPromo : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP709\A0035937.dll -> Adware.NaviPromo : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP709\A0035954.exe -> Trojan.Stervis.e : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP710\A0036014.dll -> Adware.NaviPromo : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP710\A0036029.exe -> Trojan.Stervis.e : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP710\A0036056.dll -> Adware.NaviPromo : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP713\A0036110.dll -> Adware.NaviPromo : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP713\A0036123.exe -> Trojan.Stervis.e : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP713\A0036135.dll -> Adware.NaviPromo : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP715\A0036188.dll -> Adware.NaviPromo : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP715\A0036199.exe -> Trojan.Stervis.e : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP715\A0036210.dll -> Adware.NaviPromo : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP716\A0036225.exe -> Trojan.Stervis.e : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP716\A0036245.dll -> Adware.NaviPromo : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP716\A0036254.exe -> Trojan.Stervis.e : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP716\A0036263.dll -> Adware.NaviPromo : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP717\A0036294.dll -> Adware.NaviPromo : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP717\A0036307.exe -> Trojan.Stervis.e : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP717\A0036320.dll -> Adware.NaviPromo : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP717\A0037318.dll -> Adware.NaviPromo : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP717\A0038318.dll -> Adware.NaviPromo : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP717\A0039319.dll -> Adware.NaviPromo : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP717\A0040319.dll -> Adware.NaviPromo : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP717\A0041319.dll -> Adware.NaviPromo : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP717\A0042324.dll -> Adware.NaviPromo : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP717\A0043323.dll -> Adware.NaviPromo : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP717\A0044325.dll -> Adware.NaviPromo : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP717\A0045324.dll -> Adware.NaviPromo : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP717\A0046325.dll -> Adware.NaviPromo : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP717\A0047324.dll -> Adware.NaviPromo : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP717\A0048324.dll -> Adware.NaviPromo : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP717\A0049328.dll -> Adware.NaviPromo : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP717\A0050329.dll -> Adware.NaviPromo : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP717\A0051334.dll -> Adware.NaviPromo : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP717\A0052333.dll -> Adware.NaviPromo : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP717\A0054334.dll -> Adware.NaviPromo : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP717\A0055331.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP717\A0055339.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP717\A0055345.dll -> Adware.NaviPromo : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP717\A0058424.dll -> Adware.NaviPromo : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP717\A0059423.dll -> Adware.NaviPromo : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP717\A0060426.dll -> Adware.NaviPromo : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP717\A0061651.dll -> Adware.NaviPromo : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP717\A0062682.dll -> Adware.NaviPromo : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP717\A0063735.dll -> Adware.NaviPromo : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP717\A0064733.dll -> Adware.NaviPromo : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP717\A0065741.dll -> Adware.NaviPromo : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP717\A0067214.exe -> Trojan.Small.ev : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP718\A0067446.dll -> Trojan.Small.ev : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP718\A0067501.exe -> Trojan.Stervis.e : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP718\A0067527.exe -> Trojan.Stervis.e : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP718\A0067550.exe -> Trojan.Stervis.e : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UWAS6_0001_N57M1312NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.b : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\UWAS6_0001_N57M1312NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.b : Cleaned with backup
C:\WINDOWS\dsr.dll -> Adware.BetterInternet : Cleaned with backup
C:\WINDOWS\dsr.exe -> Trojan.Imiserv.c : Cleaned with backup
C:\WINDOWS\Nail.exe -> Adware.BetterInternet : Cleaned with backup
C:\WINDOWS\svcproc.exe -> Adware.BetterInternet : Cleaned with backup
C:\WINDOWS\SYSTEM32\DrPMon.dll -> Adware.BetterInternet : Cleaned with backup
C:\WINDOWS\SYSTEM32\msclock32.dll -> Adware.NaviPromo : Cleaned with backup
C:\WINDOWS\SYSTEM32\msplock32.dll -> Adware.NaviPromo : Cleaned with backup
C:\WINDOWS\SYSTEM32\sysinetsvc32.dll -> Dialer.InstantAccess.e : Cleaned with backup
C:\WINDOWS\SYSTEM32\wixhbafeu.exe -> Adware.NaviPromo : Cleaned with backup

::Report End

#7 LDTate

Grand Poobah

Root Admin
57,211 posts

Posted 02 March 2006 - 04:08 PM

Can you work in Normal Mode now? If so, post a new HJT log in Normal Mode.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

If you would like to for the help you received.

Proud graduate of TC/WTT Classroom

#8 homer5ive

Authentic Member

Authentic Member
69 posts

Posted 02 March 2006 - 04:42 PM

No normal mode yet. Couldnt find these 3 that you told me to delete before. C:\WINDOWS\system32\intell321.exe C:\WINDOWS\system32\zwzvusg.exe Links.exe I found the other though. Please tell me how I can find these so I can work in normal mode. I used search to locate them before.

#9 LDTate

Grand Poobah

Root Admin
57,211 posts

Posted 02 March 2006 - 04:52 PM

Please download Nailfix from here:
http://www.noidea.us...050711214630636
Unzip it to the desktop.

Please double-click on Nailfix.cmd. Your desktop and icons will disappear and reappear, and a window should open and close very quickly --- this is normal.

Then please run another Ewido, click on the Scanner run a full scan and let it clean everything it finds. Save the logfile from the scan.

Next please run HijackThis, click Scan, and check:

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: Band Class - {00F1D395-4744-40f0-A611-980F61AE2C59} - C:\WINDOWS\dsr.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: BestOffers Shopping BHO - {F5DE8ADB-4A69-4e56-96AB-823171C8E9D8} - C:\Program Files\TBONAS\TBONlchr.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: BestOffers Shopping v1.20 - {7FD44536-9DF0-4034-939F-5BD4D98E3187} - C:\Program Files\TBONAS\TBONlchr.dll
O4 - HKLM\..\Run: [xfgopm] C:\WINDOWS\system32\xzbilv.exe r

Close all open windows except for HijackThis and click Fix Checked.

Delete these files if listed:
C:\WINDOWS\Nail.exe
C:\Program Files\TBONAS\TBONlchr.dll
C:\WINDOWS\system32\xzbilv.exe

Try to Restart your computer in normal mode and please post a new HijackThis log, as well as the log from the Ewido scan.

Edited by LDTate, 02 March 2006 - 04:52 PM.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

If you would like to for the help you received.

Proud graduate of TC/WTT Classroom

#10 homer5ive

Authentic Member

Authentic Member
69 posts

Posted 02 March 2006 - 06:01 PM

Ok. Good and bad news. Good= Im in normal mode Bad= The only way I started mozilla is I hit ctrl alt delete and then went into RUN and ran mozilla. So I guess I can scan or whatever in normal its just that IE still isnt cooperating. Heres is the error message I get when startying in normal mode....."application failed to initiate properly(0xc0000022) click ok to terminate. Here is myExido log...or whatever its called. --------------------------------------------------------- ewido anti-malware - Scan report --------------------------------------------------------- + Created on: 4:30:12 PM, 3/2/2006 + Report-Checksum: 47FE233A + Scan result: HKLM\SOFTWARE\Classes\CLSID\{00F1D395-4744-40f0-A611-980F61AE2C59} -> Adware.DrSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{3D782BB3-F2A5-11D3-BF4C-000000000000} -> Adware.ActivShopper : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{7FD44536-9DF0-4034-939F-5BD4D98E3187} -> Adware.Generic : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{F5DE8ADB-4A69-4e56-96AB-823171C8E9D8} -> Adware.Generic : Cleaned with backup HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{7FD44536-9DF0-4034-939F-5BD4D98E3187} -> Adware.Generic : Cleaned with backup HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00F1D395-4744-40f0-A611-980F61AE2C59} -> Adware.DrSearch : Cleaned with backup HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F5DE8ADB-4A69-4e56-96AB-823171C8E9D8} -> Adware.Generic : Cleaned with backup HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bsto-1 -> Adware.BetterInternet : Cleaned with backup HKU\S-1-5-21-2615556472-216287293-1840762581-500\Software\aurora -> Adware.BetterInternet : Cleaned with backup [1692] C:\WINDOWS\system32\ggdxrd.exe -> Trojan.Agent.ay : Cleaned with backup C:\Documents and Settings\Administrator\Cookies\administrator@bestoffersnetworks[1].txt -> TrackingCookie.Bestoffersnetworks : Cleaned with backup C:\Documents and Settings\Administrator\Cookies\administrator@cliks[1].txt -> TrackingCookie.Cliks : Cleaned with backup C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\Quarantine\20060127103833.zip/WINDOWS/Nail.exe -> Adware.BetterInternet : Cleaned with backup C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\Quarantine\20060129184815.zip/WINDOWS/Nail.exe -> Adware.BetterInternet : Cleaned with backup C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\Quarantine\20060129191147.zip/WINDOWS/Nail.exe -> Adware.BetterInternet : Cleaned with backup C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\Quarantine\20060130083240.zip/WINDOWS/Nail.exe -> Adware.BetterInternet : Cleaned with backup C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\Quarantine\20060130084343.zip/WINDOWS/Nail.exe -> Adware.BetterInternet : Cleaned with backup C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\Quarantine\20060130102958.zip/WINDOWS/Nail.exe -> Adware.BetterInternet : Cleaned with backup C:\Program Files\TBONAS\TBONlchr.dll -> Adware.ActivShopper : Cleaned with backup C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP707\A0035687.dll -> Dialer.InstantAccess.e : Cleaned with backup C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP713\A0036130.exe -> Adware.BetterInternet : Cleaned with backup C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP715\A0036222.exe -> Adware.BetterInternet : Cleaned with backup C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP716\A0036227.exe -> Adware.BetterInternet : Cleaned with backup C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP716\A0036241.exe -> Adware.BetterInternet : Cleaned with backup C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP716\A0036261.exe -> Adware.BetterInternet : Cleaned with backup C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP718\A0067571.dll -> Adware.ActivShopper : Cleaned with backup C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP718\A0067573.exe -> Trojan.Stervis.e : Cleaned with backup C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP718\A0067575.dll -> Adware.NaviPromo : Cleaned with backup C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP718\A0067576.dll -> Adware.NaviPromo : Cleaned with backup C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP718\A0067577.dll -> Dialer.InstantAccess.e : Cleaned with backup C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP718\A0067578.exe -> Adware.NaviPromo : Cleaned with backup C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP718\A0067610.exe -> Trojan.Stervis.e : Cleaned with backup C:\WINDOWS\dsr.dll -> Adware.BetterInternet : Cleaned with backup C:\WINDOWS\dsr.exe -> Trojan.Imiserv.c : Cleaned with backup C:\WINDOWS\Nail.exe -> Adware.BetterInternet : Cleaned with backup C:\WINDOWS\svcproc.exe -> Adware.BetterInternet : Cleaned with backup C:\WINDOWS\SYSTEM32\DrPMon.dll -> Adware.BetterInternet : Cleaned with backup C:\WINDOWS\SYSTEM32\hfebqlvc.exe -> Adware.NaviPromo : Cleaned with backup ::Report End Im gonna run a HJT log on normal mode....ill brb to post it.

Advertisements

Register to Remove

#11 homer5ive

Authentic Member

Authentic Member
69 posts

Posted 02 March 2006 - 06:04 PM

Ok heres the HJT log. Again, I have to Ctrl-Alt-Del then go to run tasks and then run things from there. I cant run IE at all.

Logfile of HijackThis v1.99.1
Scan saved at 4:58:29 PM, on 3/2/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Documents and Settings\Administrator\My Documents\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;<local>
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1125961603\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [AdwareAlert] C:\Program Files\AdwareAlert\AdwareAlert.Exe -boot
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [Dinst] C:\WINDOWS\dinst.exe
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MailSkinner] c:\program files\mailskinner\mailskinner.exe
O4 - HKCU\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - blank (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - blank (file missing)
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01111F00-3E00-11D2-8470-0060089874ED} (Support.com Installer) - http://supportsoft.a...ad/tgctlins.cab
O16 - DPF: {04CCFF26-7D52-4E42-BF6A-F8ECE0896EB7} - http://scripts.downl...ESS_1071_XP.cab
O16 - DPF: {0D1011B3-89C8-4F8E-8693-BB970E2E81E0} - http://scripts.downl...9_ASPIV4_XP.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg...v45/yacscom.cab
O16 - DPF: {3DAD912E-D2B9-4323-B7C9-7F2C5CC0C57B} - http://scripts.downl...ESS_1070_XP.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1141082259640
O16 - DPF: {78F584DF-BBF5-4296-839C-31DE60914DBC} - http://scripts.downl...1_ASPIV4_XP.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {95460ABD-946A-46FF-9F56-268718323EEE} - http://scripts.downl...ESS_1068_XP.cab
O16 - DPF: {B2B0AEDF-7CDF-4792-BB67-7654AD1E1B13} - http://scripts.downl...svc32_EN_XP.cab
O16 - DPF: {BA749BC1-143E-430D-B1DA-1D2AF67A3658} - http://scripts.downl...ESS_1069_XP.cab
O16 - DPF: {D27CDB6E-AE6A-11CF-96B8-444553540000} - http://hometown.aol....age/ProfR1G.exe
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

#12 homer5ive

Authentic Member

Authentic Member
69 posts

Posted 02 March 2006 - 06:07 PM

Also I just thought of this if this is any help. I can re scan everything you just told me to do in normal mode but ill hvae to do it the hard way, unless everything is fine so far.

#13 LDTate

Grand Poobah

Root Admin
57,211 posts

Posted 02 March 2006 - 06:13 PM

Close all windows and browsers.
Open HijackThis

Click on Open Misc Tools
Click on Delete a File On Reboot
Click once on the file below to select it:
C:\WINDOWS\Nail.exe

Click on the Back button to exit Process Manager

Repeat the above for this one also:
c:\program files\mailskinner\mailskinner.exe

Now, back at the main screen of HijackThis, proceed to Scan.
and put a check by these.

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O4 - HKCU\..\Run: [MailSkinner] c:\program files\mailskinner\mailskinner.exe

Close ALL windows and browsers except HijackThis and click "Fix checked"

Delete this folder:
c:\program files\mailskinner

Reboot and post a new HJT log.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

If you would like to for the help you received.

Proud graduate of TC/WTT Classroom

#14 homer5ive

Authentic Member

Authentic Member
69 posts

Posted 02 March 2006 - 06:33 PM

Ok did everything you told me to do and still no IE and got same error message

Logfile of HijackThis v1.99.1
Scan saved at 5:28:27 PM, on 3/2/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\87984ff3f5f258c3fb76f77aed6cd4ee\update\update.exe
C:\Documents and Settings\Administrator\My Documents\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;<local>
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1125961603\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [AdwareAlert] C:\Program Files\AdwareAlert\AdwareAlert.Exe -boot
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [Dinst] C:\WINDOWS\dinst.exe
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - blank (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - blank (file missing)
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01111F00-3E00-11D2-8470-0060089874ED} (Support.com Installer) - http://supportsoft.a...ad/tgctlins.cab
O16 - DPF: {04CCFF26-7D52-4E42-BF6A-F8ECE0896EB7} - http://scripts.downl...ESS_1071_XP.cab
O16 - DPF: {0D1011B3-89C8-4F8E-8693-BB970E2E81E0} - http://scripts.downl...9_ASPIV4_XP.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg...v45/yacscom.cab
O16 - DPF: {3DAD912E-D2B9-4323-B7C9-7F2C5CC0C57B} - http://scripts.downl...ESS_1070_XP.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1141082259640
O16 - DPF: {78F584DF-BBF5-4296-839C-31DE60914DBC} - http://scripts.downl...1_ASPIV4_XP.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {95460ABD-946A-46FF-9F56-268718323EEE} - http://scripts.downl...ESS_1068_XP.cab
O16 - DPF: {B2B0AEDF-7CDF-4792-BB67-7654AD1E1B13} - http://scripts.downl...svc32_EN_XP.cab
O16 - DPF: {BA749BC1-143E-430D-B1DA-1D2AF67A3658} - http://scripts.downl...ESS_1069_XP.cab
O16 - DPF: {D27CDB6E-AE6A-11CF-96B8-444553540000} - http://hometown.aol....age/ProfR1G.exe
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

#15 LDTate

Grand Poobah

Root Admin
57,211 posts

Posted 02 March 2006 - 06:44 PM

I suggest you do this:

Double-click My Computer.
Click the Tools menu, and then click Folder Options.
Click the View tab.
Clear "Hide file extensions for known file types."
Under the "Hidden files" folder, select "Show hidden files and folders."
Clear "Hide protected operating system files."
Click Apply, and then click OK.

Please do not delete anything unless instructed to.

Use Add/Remove Programs and remove: If listed.
MailSkinner
AdwareAlert

Run hijackthis. Hit None of the above, Click Do a System Scan Only. Put a Check in the box on the left side on these:

O4 - HKLM\..\Run: [AdwareAlert] C:\Program Files\AdwareAlert\AdwareAlert.Exe -boot

O4 - HKLM\..\Run: [Dinst] C:\WINDOWS\dinst.exe

O16 - DPF: {04CCFF26-7D52-4E42-BF6A-F8ECE0896EB7} - http://scripts.downl...ESS_1071_XP.cab

O16 - DPF: {0D1011B3-89C8-4F8E-8693-BB970E2E81E0} - http://scripts.downl...9_ASPIV4_XP.cab

O16 - DPF: {3DAD912E-D2B9-4323-B7C9-7F2C5CC0C57B} - http://scripts.downl...ESS_1070_XP.cab

O16 - DPF: {78F584DF-BBF5-4296-839C-31DE60914DBC} - http://scripts.downl...1_ASPIV4_XP.cab

O16 - DPF: {95460ABD-946A-46FF-9F56-268718323EEE} - http://scripts.downl...ESS_1068_XP.cab

O16 - DPF: {B2B0AEDF-7CDF-4792-BB67-7654AD1E1B13} - http://scripts.downl...svc32_EN_XP.cab

O16 - DPF: {BA749BC1-143E-430D-B1DA-1D2AF67A3658} - http://scripts.downl...ESS_1069_XP.cab

Close ALL windows and browsers except HijackThis and click "Fix checked"

Delete these Files if listed:
C:\WINDOWS\dinst.exe

Please download ATF Cleaner by Atribune.
Download - ATF Cleaner»
This program is for XP and Windows 2000 only
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

Reboot and "copy/paste" a new HijackThis log file into this thread.

Also please describe how your computer behaves at the moment.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

If you would like to for the help you received.

Proud graduate of TC/WTT Classroom

Body Background

skin color theme