28 replies to this topic

[little eagle]

Click start > control panel > user accounts > change the way users log on or off > uncheck fast user switching > restart you computor.

Download, unzip and run 'RootkitRevealer' from Sysinternals:
http://www.sysintern...itRevealer.html
Once the program has started, press Scan and let it run.
When the scan is done, use 'File > Save' to place the logfile in a convenient location (such as the desktop). The default filename will be 'RootkitReveal.txt'.

Save your Log File
Copy/Paste the contecnts of that logfile into your next reply

NOT touch the PC at ALL for Whatever reason/s until it has 100% completed its scan, or attempted scan in case of some error etc !

That way you should have a much simpler and clearer log file in which to peruse and evaluate.

[landau]

While RootkitReveal was running, it seems my Norton AntiVirus caught 3 viruses, from real-time protection when they were accessed, I am assuming. Let me know if I need to rescan with Norton turned off. C:\DBASEIII\ AUTOEXEC.BAT 5/1/1662 8:31 AM 46 bytes Visible in Windows API, but not in MFT or directory index. C:\DBASEIII\ BUMPPMT1.PRG 5/1/1662 8:31 AM 777 bytes Visible in Windows API, but not in MFT or directory index. C:\DBASEIII\ CASHPRT.PRG 5/1/1662 8:31 AM 1.20 KB Visible in Windows API, but not in MFT or directory index. C:\DBASEIII\ JEIN.PRG 5/1/1662 8:31 AM 3.38 KB Visible in Windows API, but not in MFT or directory index. C:\DBASEIII\ RCMENUA.PRG 5/1/1662 8:31 AM 6.37 KB Visible in Windows API, but not in MFT or directory index. C:\DBASEIII\ RCNEW2.DBF 5/1/1662 8:31 AM 798 bytes Visible in Windows API, but not in MFT or directory index. C:\DBASEIII\ RCNEWFL.DBF 5/1/1662 8:31 AM 168 bytes Visible in Windows API, but not in MFT or directory index. C:\DBASEIII\ RCYREPT.PRG 5/1/1662 8:31 AM 3.70 KB Visible in Windows API, but not in MFT or directory index. C:\DBASEIII\ SALEGEAG.PRG 5/1/1662 8:31 AM 3.85 KB Visible in Windows API, but not in MFT or directory index. C:\DBASEIII\ UPDTCOMP.PRG 5/1/1662 8:31 AM 777 bytes Visible in Windows API, but not in MFT or directory index. C:\DBASEIII\ UPDTPART.PRG 5/1/1662 8:31 AM 559 bytes Visible in Windows API, but not in MFT or directory index. C:\DBASEIII\AUTOEXEC.BAT 1/19/30030 6:45 AM 46 bytes Hidden from Windows API. C:\DBASEIII\BUMPPMT1.PRG 1/19/30030 6:45 AM 777 bytes Hidden from Windows API. C:\DBASEIII\CASHPRT.PRG 1/19/30030 6:45 AM 1.20 KB Hidden from Windows API. C:\DBASEIII\JEIN.PRG 1/19/30030 6:45 AM 3.38 KB Hidden from Windows API. C:\DBASEIII\RCMENUA.PRG 1/19/30030 6:45 AM 6.37 KB Hidden from Windows API. C:\DBASEIII\RCNEW2.DBF 1/19/30030 6:45 AM 798 bytes Hidden from Windows API. C:\DBASEIII\RCNEWFL.DBF 1/19/30030 6:45 AM 168 bytes Hidden from Windows API. C:\DBASEIII\RCYREPT.PRG 1/19/30030 6:45 AM 3.70 KB Hidden from Windows API. C:\DBASEIII\SALEGEAG.PRG 1/19/30030 6:45 AM 3.85 KB Hidden from Windows API. C:\DBASEIII\UPDTCOMP.PRG 1/19/30030 6:45 AM 777 bytes Hidden from Windows API. C:\DBASEIII\UPDTPART.PRG 1/19/30030 6:45 AM 559 bytes Hidden from Windows API. C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\06D80000.VBN 2/17/2006 7:07 PM 123.76 KB Hidden from Windows API. C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\06D80001.VBN 2/17/2006 7:07 PM 12.76 KB Hidden from Windows API. C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\06D80002.VBN 2/17/2006 7:13 PM 222.82 KB Hidden from Windows API. C:\Documents and Settings\Misha\My Documents\My Music\Alicia Keys\The Diary Of..\1.Harlem's Nocturne_Alicia Keys_The Diary Of....wma 12/26/2005 12:44 PM 832.13 KB Hidden from Windows API. C:\Documents and Settings\Misha\My Documents\My Music\Alicia Keys\The Diary Of..\10.So Simple_Alicia Keys_The Diary Of....wma 12/26/2005 12:46 PM 1.78 MB Hidden from Windows API. C:\Documents and Settings\Misha\My Documents\My Music\Alicia Keys\The Diary Of..\11.When You Really Love Someone_Alicia Keys_The Diary Of....wma 12/26/2005 12:46 PM 1.94 MB Hidden from Windows API. C:\Documents and Settings\Misha\My Documents\My Music\Alicia Keys\The Diary Of..\12.Feeling U, Feeling Me (Interlude)_Alicia Keys_The Diary Of....wma 12/26/2005 12:46 PM 1016.95 KB Hidden from Windows API. C:\Documents and Settings\Misha\My Documents\My Music\Alicia Keys\The Diary Of..\13.Slow Down_Alicia Keys_The Diary Of....wma 12/26/2005 12:46 PM 2.00 MB Hidden from Windows API. C:\Documents and Settings\Misha\My Documents\My Music\Alicia Keys\The Diary Of..\14.Samsonite Man_Alicia Keys_The Diary Of....wma 12/26/2005 12:46 PM 1.51 MB Hidden from Windows API. C:\Documents and Settings\Misha\My Documents\My Music\Alicia Keys\The Diary Of..\15.Nobody Not Really (Interlude)_Alicia Keys_The Diary Of....wma 12/26/2005 12:46 PM 1.82 MB Hidden from Windows API. C:\Documents and Settings\Misha\My Documents\My Music\Alicia Keys\The Diary Of..\2.Karma_Alicia Keys_The Diary Of....wma 12/26/2005 12:44 PM 1.99 MB Hidden from Windows API. C:\Documents and Settings\Misha\My Documents\My Music\Alicia Keys\The Diary Of..\3.Heartburn_Alicia Keys_The Diary Of....wma 12/26/2005 12:44 PM 1.61 MB Hidden from Windows API. C:\Documents and Settings\Misha\My Documents\My Music\Alicia Keys\The Diary Of..\4.If I Was Your Woman - Walk On By_Alicia Keys_The Diary Of....wma 12/26/2005 12:44 PM 1.45 MB Hidden from Windows API. C:\Documents and Settings\Misha\My Documents\My Music\Alicia Keys\The Diary Of..\5.You Don't Know My Name_Alicia Keys_The Diary Of....wma 12/26/2005 12:45 PM 2.84 MB Hidden from Windows API. C:\Documents and Settings\Misha\My Documents\My Music\Alicia Keys\The Diary Of..\6.If I Ain't Got You_Alicia Keys_The Diary Of....wma 12/26/2005 12:45 PM 1.78 MB Hidden from Windows API. C:\Documents and Settings\Misha\My Documents\My Music\Alicia Keys\The Diary Of..\7.Diary (feat. Tony! Toni! Tone!)_Alicia Keys_The Diary Of....wma 12/26/2005 12:45 PM 2.20 MB Hidden from Windows API. C:\Documents and Settings\Misha\My Documents\My Music\Alicia Keys\The Diary Of..\8.Dragon Days_Alicia Keys_The Diary Of....wma 12/26/2005 12:45 PM 2.14 MB Hidden from Windows API. C:\Documents and Settings\Misha\My Documents\My Music\Alicia Keys\The Diary Of..\9.Wake Up_Alicia Keys_The Diary Of....wma 12/26/2005 12:45 PM 2.07 MB Hidden from Windows API. C:\System Volume Information\_restore{4953BA42-E33A-4D45-B43C-17CBD5632C84}\RP102\A0023590.exe 5/1/2005 10:43 AM 120.17 KB Visible in Windows API, but not in MFT or directory index. C:\System Volume Information\_restore{4953BA42-E33A-4D45-B43C-17CBD5632C84}\RP102\A0023816.exe 11/23/2005 10:21 AM 9.17 KB Visible in Windows API, but not in MFT or directory index. C:\System Volume Information\_restore{4953BA42-E33A-4D45-B43C-17CBD5632C84}\RP66\A0010593.exe 8/4/2004 12:56 AM 219.23 KB Visible in Windows API, but not in MFT or directory index.

[little eagle]

Download AproposFix by Swandog46
Save it to your desktop or to another folder of its own, but do NOT run it yet!

Now reboot your computer in Safe Mode! (You must be in safe mode or this fix will not work.)

Once in Safe Mode, double-click aproposfix.exe which will give you a chice of where to unzip/install the program to). This is called the Destination folder in the window that popsup. So either install it to the Desktop or the folder where you downloaded the aproposfix.exe file to. It will create a new folder named aproposfix. Open the aproposfix folder and double click on RunThis.bat to run the fix. Follow the prompts.

When the tool is finished, reboot back into normal mode, and post a new HijackThis log, along with the entire contents of the log.txt file that has been created in the aproposfix folder.

[landau]

Logfile of HijackThis v1.99.1
Scan saved at 1:07:02 PM, on 2/18/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\cisvc.exe
C:\PROGRA~1\NETSUP~1\client32.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\DynDNS Updater\DynDNS.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://theweathernet...es/CAQC0363.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://theweathernet...es/CAQC0363.htm
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [EPSON Stylus Photo R200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE /P30 "EPSON Stylus Photo R200 Series" /O6 "USB001" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DynDNS Updater] "C:\Program Files\DynDNS Updater\DynDNS.exe"
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1138666896921
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab34246.cab
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Unknown owner - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe (file missing)
O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - Unknown owner - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe (file missing)
O23 - Service: Client32 - Productive Computer Insight Ltd - C:\PROGRA~1\NETSUP~1\client32.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe


Log of AproposFix v1.1

************

Running from directory:
C:\Documents and Settings\Misha\Desktop\aproposfix

************



Registry entries found:


************

No service found!

Removing hidden folder:
No folder found!

Deleting files:


Backing up files:
Done!

Removing registry entries:

REGEDIT4


Done!

Finished!

[little eagle]

Download Ewido Security Suite it is a trial version of the program.

• Install ewido security suite
• Launch ewido, there should be an icon on your desktop double-click it.
• The program will now go to the main screen

You will need to update ewido to the latest definition files.

• On the left hand side of the main screen click update
• Then click on Start Update

The update will start and a progress bar will show the updates being installed.
If you are having problems with the updater, you can use this link to manually update Ewido.
Ewido manual updates

Once the updates are installed do the following:

• Click on scanner
• Click on Complete System Scan and the scan will begin.
• During some scans with ewido it is finding cases of false positives.
• You will need to step through the process of cleaning files one-by-one.
• If ewido detects a file you KNOW to be legitimate, select none as the action.
• DO NOT select "Perform action on all infections"
• If you are unsure of any entry found select none for now.

Once the scan has completed, there will be a button located on the bottom of the screen named Save report
Click Save report.
Save the report .txt file to your desktop.
Now close ewido security suite and post the results here.
With a new hijackthis log.

[landau]

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 7:18:14 PM, 2/18/2006
+ Report-Checksum: 6EB90275

+ Scan result:

C:\Documents and Settings\Misha\Cookies\misha@247realmedia[1].txt -> TrackingCookie.247realmedia : Ignored
HKU\S-1-5-21-746137067-287218729-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{16875E09-927B-4494-82BD-158A1CD46BA0} -> Downloader.Delf.vt : Cleaned with backup
HKU\S-1-5-21-746137067-287218729-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1B68470C-2DEF-493B-8A4A-8E2D81BE4EA5} -> Downloader.Delf : Cleaned with backup
HKU\S-1-5-21-746137067-287218729-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{56F1D444-11BF-4879-A12B-79CF0177F038} -> Adware.180Solutions : Cleaned with backup
HKU\S-1-5-21-746137067-287218729-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7507739F-BC2E-4DC3-B233-816783C25DC9} -> Downloader.Delf : Cleaned with backup
HKU\S-1-5-21-746137067-287218729-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EA0D26BD-9029-431A-86E0-83152D67828A} -> Adware.180Solutions : Cleaned with backup
HKU\S-1-5-21-746137067-287218729-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE7178C-BBC3-4153-9DDE-CD0E9AB1B5B6} -> Trojan.CWSMeup.b : Cleaned with backup
C:\Documents and Settings\Misha\Cookies\misha@2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Misha\Cookies\misha@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned with backup
C:\Documents and Settings\Misha\Cookies\misha@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\Misha\Cookies\misha@com[1].txt -> TrackingCookie.Com : Cleaned with backup
C:\Documents and Settings\Misha\Cookies\misha@data4.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\Misha\Cookies\misha@overture[2].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\Misha\Cookies\misha@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\Misha\Cookies\misha@statcounter[1].txt -> TrackingCookie.Statcounter : Cleaned with backup
C:\Documents and Settings\Misha\Cookies\misha@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Cleaned with backup
C:\Documents and Settings\Misha\My Documents\Old computer\Documents and Settings\Saku\Cookies\saku@yadro[1].txt -> TrackingCookie.Yadro : Cleaned with backup
C:\Documents and Settings\Misha\My Documents\Old computer\Documents and Settings\Saku\Desktop\Fantasy_League_Manager_(FLM)_vD[1].19.zip/CORE2000.EXE -> Worm.Finaldo.a : Cleaned with backup
C:\Documents and Settings\Misha\My Documents\Old computer\Documents and Settings\Saku\Local Settings\Temporary Internet Files\Content.IE5\6YTX4KC1\Fantasy_League_Manager_(FLM)_vD[1].19.zip/CORE2000.EXE -> Worm.Finaldo.a : Cleaned with backup
C:\WINDOWS\adsldpbf.dll -> Downloader.Delf.aeo : Cleaned with backup


::Report End

Logfile of HijackThis v1.99.1
Scan saved at 7:19:08 PM, on 2/18/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\cisvc.exe
C:\PROGRA~1\NETSUP~1\client32.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\DynDNS Updater\DynDNS.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://theweathernet...es/CAQC0363.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://theweathernet...es/CAQC0363.htm
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [EPSON Stylus Photo R200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE /P30 "EPSON Stylus Photo R200 Series" /O6 "USB001" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DynDNS Updater] "C:\Program Files\DynDNS Updater\DynDNS.exe"
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1138666896921
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab34246.cab
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Unknown owner - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe (file missing)
O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - Unknown owner - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe (file missing)
O23 - Service: Client32 - Productive Computer Insight Ltd - C:\PROGRA~1\NETSUP~1\client32.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe

[little eagle]

Close all programs leaving only HijackThis running. Place a check against each of the following,
O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Unknown owner - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe (file missing)
O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - Unknown owner - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe (file missing)

Click on Fix Checked when finished and exit HijackThis.

Log looks clean how is the computer running?

[landau]

Everything is good, except I STILL get WInFixer pop-ups every day! I guess I have to live with it? Thx.

[little eagle]

Letus try this download WebRoot SpySweeper from HERE (It's a 2 week trial):
Click the Free Trial link under to "SpySweeper" to download the program.
Install it. Once the program is installed, it will open.
It will prompt you to update to the latest definitions, click Yes.
Once the definitions are installed, click Options on the left side.
Click the Sweep Options tab.
Under What to Sweep please put a check next to the following:
Sweep Memory
Sweep Registry
Sweep Cookies
Sweep All User Accounts
Enable Direct Disk Sweeping
Sweep Contents of Compressed Files
Sweep for Rootkits
Please UNCHECK Do not Sweep System Restore Folder.
Click Sweep Now on the left side.
Click the Start button.
When it's done scanning, click the Next button.
Make sure everything has a check next to it, then click the Next button.
It will remove all of the items found.
Click Session Log in the upper right corner, copy everything in that window.
Click the Summary tab and click Finish.
Paste the contents of the session log you copied into your next reply.

[landau]

******** 11:21 AM: | Start of Session, Monday, February 20, 2006 | 11:21 AM: Spy Sweeper started 11:21 AM: Sweep initiated using definitions version 617 11:21 AM: Starting Memory Sweep 11:24 AM: Memory Sweep Complete, Elapsed Time: 00:02:33 11:24 AM: Starting Registry Sweep 11:24 AM: Found Adware: ist istbar 11:24 AM: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\windows\downloaded program files\conflict.1\istactivex.dll (ID = 129171) 11:24 AM: Found Adware: ist yoursitebar 11:24 AM: HKCR\clsid\{42f2c9ba-614f-47c0-b3e3-ecfd34eed658}\ (8 subtraces) (ID = 147829) 11:24 AM: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\windows\downloaded program files\conflict.1\ysbactivex.dll (ID = 762453) 11:24 AM: Found Adware: 180search assistant/zango 11:24 AM: HKCR\clsid\{d676f999-4608-4dc5-a135-4f51f4212739}\ (1 subtraces) (ID = 792270) 11:24 AM: HKLM\software\classes\clsid\{d676f999-4608-4dc5-a135-4f51f4212739}\ (1 subtraces) (ID = 792320) 11:24 AM: Found Trojan Horse: trojan-downloader-2pursuit 11:24 AM: HKLM\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler\ || {1b68470c-2def-493b-8a4a-8e2d81be4ea5} (ID = 910513) 11:24 AM: HKLM\software\classes\clsid\{42f2c9ba-614f-47c0-b3e3-ecfd34eed658}\ (8 subtraces) (ID = 920458) 11:24 AM: Found Adware: easyerror 11:24 AM: HKLM\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler\ || {16875e09-927b-4494-82bd-158a1cd46ba0} (ID = 927668) 11:24 AM: Found Adware: winad 11:24 AM: HKCR\mediagateway.installer.1\ (3 subtraces) (ID = 1026542) 11:24 AM: HKCR\mediagateway.licenseinstaller\ (5 subtraces) (ID = 1026546) 11:24 AM: HKCR\mediagateway.licenseinstaller.1\ (3 subtraces) (ID = 1026552) 11:24 AM: HKCR\clsid\{144b9c7e-235a-4316-9eb3-5e393714c77a}\ (14 subtraces) (ID = 1026556) 11:24 AM: HKCR\typelib\{91e523db-2a1c-4231-bb06-9be27c28739a}\ (9 subtraces) (ID = 1026571) 11:24 AM: HKLM\software\classes\mediagateway.licenseinstaller\ (5 subtraces) (ID = 1026584) 11:24 AM: HKLM\software\classes\mediagateway.licenseinstaller.1\ (3 subtraces) (ID = 1026590) 11:24 AM: HKLM\software\classes\clsid\{144b9c7e-235a-4316-9eb3-5e393714c77a}\ (14 subtraces) (ID = 1026594) 11:24 AM: HKLM\software\classes\typelib\{91e523db-2a1c-4231-bb06-9be27c28739a}\ (9 subtraces) (ID = 1026609) 11:24 AM: HKLM\software\mediagateway\ (4 subtraces) (ID = 1026619) 11:24 AM: HKLM\software\classes\mediagateway.installer.1\ (3 subtraces) (ID = 1026624) 11:24 AM: HKCR\clsid\{0b5f7fdf-0717-45bf-b49d-695f3168c7fe}\ (3 subtraces) (ID = 1149518) 11:24 AM: HKLM\software\classes\clsid\{0b5f7fdf-0717-45bf-b49d-695f3168c7fe}\ (3 subtraces) (ID = 1149560) 11:24 AM: HKU\WRSS_Profile_S-1-5-21-746137067-287218729-839522115-500\software\microsoft\st3\ (5 subtraces) (ID = 910473) 11:24 AM: HKU\S-1-5-21-746137067-287218729-839522115-1003\software\microsoft\st3\ (11 subtraces) (ID = 910473) 11:24 AM: HKU\S-1-5-21-746137067-287218729-839522115-1003\software\microsoft\ppp\c\ (5 subtraces) (ID = 920182) 11:24 AM: Registry Sweep Complete, Elapsed Time:00:00:10 11:24 AM: Starting Cookie Sweep 11:24 AM: Found Spy Cookie: 247realmedia cookie 11:24 AM: misha@247realmedia[1].txt (ID = 1953) 11:24 AM: Found Spy Cookie: yieldmanager cookie 11:24 AM: misha@ad.yieldmanager[2].txt (ID = 3751) 11:24 AM: Found Spy Cookie: burstnet cookie 11:24 AM: misha@burstnet[2].txt (ID = 2336) 11:24 AM: Found Spy Cookie: go.com cookie 11:24 AM: misha@espn.go[2].txt (ID = 2729) 11:24 AM: misha@go[2].txt (ID = 2728) 11:24 AM: Found Spy Cookie: realmedia cookie 11:24 AM: misha@realmedia[2].txt (ID = 3235) 11:24 AM: misha@sports.espn.go[2].txt (ID = 2729) 11:24 AM: Found Spy Cookie: tacoda cookie 11:24 AM: misha@tacoda[1].txt (ID = 6444) 11:24 AM: Found Spy Cookie: tribalfusion cookie 11:24 AM: misha@tribalfusion[2].txt (ID = 3589) 11:24 AM: Found Spy Cookie: tripod cookie 11:24 AM: misha@tripod[1].txt (ID = 3591) 11:24 AM: Found Spy Cookie: burstbeacon cookie 11:24 AM: misha@www.burstbeacon[2].txt (ID = 2335) 11:24 AM: Found Spy Cookie: adserver cookie 11:24 AM: misha@z1.adserver[1].txt (ID = 2142) 11:24 AM: Cookie Sweep Complete, Elapsed Time: 00:00:02 11:24 AM: Starting File Sweep 11:25 AM: a0026367.dll (ID = 210205) 11:26 AM: Found Adware: security iguard 11:26 AM: chmhelp.chm (ID = 75238) 11:31 AM: Found Adware: cws_tiny0 11:31 AM: a0012287.exe (ID = 200) 11:32 AM: a0012273.exe (ID = 204) 11:34 AM: a0012230.exe (ID = 204) 11:34 AM: a0012313.exe (ID = 200) 11:34 AM: a0012286.exe (ID = 200) 11:34 AM: a0012236.exe (ID = 204) 11:34 AM: a0011941.pif:fvbtl (ID = 205) 11:34 AM: a0011941.pif:mhmfde (ID = 200) 11:34 AM: a0011941.pif:pofdh (ID = 200) 11:34 AM: a0011941.pif:touaj (ID = 205) 11:34 AM: a0011941.pif:wtezo (ID = 205) 11:35 AM: a0012306.exe (ID = 204) 11:35 AM: a0012131.exe (ID = 204) 11:35 AM: a0012257.exe (ID = 204) 11:35 AM: a0012279.exe (ID = 204) 11:35 AM: a0012278.exe (ID = 204) 11:35 AM: clock.avi:slgcow (ID = 204) 11:37 AM: a0021434.dll (ID = 210205) 11:38 AM: a0012258.exe (ID = 204) 11:38 AM: kb888302.log:sokdll (ID = 200) 11:38 AM: a0012094.pif:fvbtl (ID = 205) 11:38 AM: a0012094.pif:mhmfde (ID = 200) 11:38 AM: a0012094.pif:pofdh (ID = 200) 11:38 AM: a0012307.dll (ID = 205) 11:38 AM: a0012239.exe (ID = 204) 11:38 AM: a0012094.pif:pqiwa (ID = 200) 11:38 AM: a0012094.pif:touaj (ID = 205) 11:38 AM: a0012094.pif:touaju (ID = 204) 11:38 AM: a0012094.pif:wtezo (ID = 205) 11:38 AM: a0012155.pif:xnosl (ID = 205) 11:38 AM: a0012260.prx:yzobmr (ID = 200) 11:38 AM: a0012188.exe (ID = 204) 11:38 AM: a0012325.dll (ID = 205) 11:38 AM: a0012323.exe (ID = 204) 11:38 AM: a0012132.exe (ID = 200) 11:38 AM: a0012305.exe (ID = 204) 11:38 AM: Found Adware: cws-aboutblank 11:38 AM: a0012097.ini:rfdhve (ID = 54882) 11:38 AM: blue lace 16.bmp:wootpt (ID = 200) 11:38 AM: Found Adware: exact cashback/bargain buddy 11:38 AM: a0012339.exe (ID = 50884) 11:38 AM: svcpack.log:bphaff (ID = 200) 11:38 AM: a0012228.exe (ID = 204) 11:38 AM: kb873339.log:kezpqy (ID = 200) 11:38 AM: a0012282.ini:smhru (ID = 205) 11:38 AM: a0012282.ini:yfbue (ID = 200) 11:38 AM: a0012284.exe (ID = 204) 11:38 AM: a0012189.prx:smhruh (ID = 205) 11:38 AM: a0012271.reg:poyhr (ID = 200) 11:39 AM: a0026062.pif:envov (ID = 205) 11:41 AM: a0023880.dll (ID = 217550) 11:41 AM: a0021450.exe (ID = 208349) 11:41 AM: Found Adware: ist surf accuracy 11:41 AM: a0026058.exe (ID = 211823) 11:42 AM: a0026245.pif:vdqcho (ID = 54882) 11:42 AM: a0026244.pif:ohyosu (ID = 204) 11:42 AM: a0026248.ini:rfdhve (ID = 54882) 11:42 AM: a0026244.pif:timtfk (ID = 204) 11:42 AM: a0026244.pif:touaju (ID = 204) 11:42 AM: a0026244.pif:vdqcho (ID = 54882) 11:42 AM: a0026245.pif:ohyosu (ID = 204) 11:42 AM: a0026245.pif:timtfk (ID = 204) 11:42 AM: a0026245.pif:touaju (ID = 204) 11:43 AM: a0012321.exe (ID = 204) 11:43 AM: a0012319.exe (ID = 204) 11:43 AM: a0012318.exe (ID = 204) 11:44 AM: a0012269.exe (ID = 204) 11:44 AM: a0012310.exe (ID = 204) 11:44 AM: a0012309.exe (ID = 204) 11:44 AM: a0012303.exe (ID = 204) 11:44 AM: a0012316.exe (ID = 204) 11:44 AM: a0012248.exe (ID = 204) 11:44 AM: a0012314.exe (ID = 204) 11:46 AM: a0012281.exe (ID = 204) 11:48 AM: Found Adware: ist powerscan 11:48 AM: a0023408.exe (ID = 72675) 11:49 AM: a0012259.dll (ID = 205) 11:51 AM: a0012277.exe (ID = 204) 11:51 AM: a0012280.exe (ID = 204) 11:53 AM: a0012276.exe (ID = 204) 11:54 AM: a0012256.exe (ID = 204) 11:54 AM: Found Adware: clearsearch 11:54 AM: clrschieplugin.dll (ID = 52562) 11:54 AM: ie_clrsch.dll (ID = 52728) 11:55 AM: Found Adware: gain - common components 11:55 AM: sstreg.exe (ID = 61584) 11:56 AM: gator.log (ID = 61386) 11:56 AM: gatorres.dll (ID = 61405) 11:56 AM: gmt.exe.manifest (ID = 61434) 11:56 AM: guninstaller.exe (ID = 61468) 11:56 AM: fillin.wav (ID = 61352) 11:56 AM: Found Adware: hot as hell 11:56 AM: 0006_xxxvideos[1].bmp (ID = 62256) 11:56 AM: button_home[1].bmp (ID = 62259) 11:56 AM: Found Adware: teenxxx (tinybar) 11:56 AM: xml_adultbar[1].htm (ID = 78331) 11:56 AM: 0006_teens[1].bmp (ID = 62255) 11:56 AM: nav[1].bmp (ID = 62262) 11:56 AM: 0006_cumshots[1].bmp (ID = 62253) 11:56 AM: 0006_freexxxcontent[1].bmp (ID = 62254) 11:56 AM: a0012274.dll (ID = 205) 11:56 AM: a0012126.cfg (ID = 107475) 11:56 AM: a0012100.old:clbsw (ID = 200) 11:56 AM: a0012267.dll (ID = 205) 11:56 AM: a0012238.exe (ID = 204) 11:56 AM: a0012231.exe (ID = 204) 11:56 AM: a0012299.exe (ID = 200) 11:56 AM: a0012237.exe (ID = 204) 11:56 AM: a0012285.exe (ID = 200) 11:56 AM: ascd_tmp(2).ini:aqntxq (ID = 205) 11:56 AM: a0012311.exe (ID = 204) 11:56 AM: a0012158.dll (ID = 205) 11:56 AM: kb898461.log:fvbtls (ID = 200) 11:56 AM: a0012265.exe (ID = 204) 11:56 AM: a0012155.pif:envov (ID = 205) 11:56 AM: a0012157.exe (ID = 200) 11:56 AM: a0012275.exe (ID = 204) 11:56 AM: a0012262.dll (ID = 205) 11:56 AM: a0012261.exe (ID = 204) 11:56 AM: a0011941.pif:touaju (ID = 204) 11:57 AM: a0012235.exe (ID = 204) 11:57 AM: a0012114.prx:yzobmr (ID = 200) 11:57 AM: a0012320.dll (ID = 205) 11:57 AM: a0012226.dll (ID = 205) 11:57 AM: msmqinst.log:bnjups (ID = 200) 11:57 AM: a0012101.ini:aqntxq (ID = 205) 11:57 AM: a0012263.exe (ID = 204) 11:57 AM: comsetup.log:kezpqy (ID = 200) 11:57 AM: a0012156.exe (ID = 204) 11:57 AM: a0012312.exe (ID = 200) 11:57 AM: a0012227.ini:lgvtm (ID = 205) 11:57 AM: a0012302.ini:tnles (ID = 200) 11:57 AM: a0012272.exe (ID = 204) 11:57 AM: a0012268.exe (ID = 204) 11:57 AM: a0012094.pif:timtfk (ID = 204) 11:58 AM: a0012300.exe (ID = 204) 11:58 AM: a0012190.exe (ID = 204) 11:58 AM: a0012233.exe (ID = 204) 11:58 AM: a0026569.dll (ID = 239081) 11:58 AM: a0026244.pif:nktfez (ID = 200) 11:58 AM: a0026249.old:jqnlqt (ID = 204) 11:58 AM: a0026063.pif:envov (ID = 205) 11:58 AM: a0026062.pif:xnosl (ID = 205) 11:58 AM: a0026061.old:clbsw (ID = 200) 11:58 AM: a0026061.old:jqnlqt (ID = 204) 11:59 AM: a0026245.pif:nktfez (ID = 200) 11:59 AM: a0026063.pif:xnosl (ID = 205) 11:59 AM: a0026244.pif:pjorsr (ID = 200) 11:59 AM: a0026245.pif:pjorsr (ID = 200) 12:00 PM: mepcme.dat (ID = 61517) 12:01 PM: Found Adware: precisiontime 12:01 PM: precisiontimewebsite.url (ID = 61569) 12:01 PM: button_switch[1].bmp (ID = 62260) 12:01 PM: Found System Monitor: potentially rootkit-masked files 12:01 PM: 1.harlem's nocturne_alicia keys_the diary of....wma (ID = 0) 12:01 PM: 8.dragon days_alicia keys_the diary of....wma (ID = 0) 12:01 PM: 15.nobody not really (interlude)_alicia keys_the diary of....wma (ID = 0) 12:01 PM: 9.wake up_alicia keys_the diary of....wma (ID = 0) 12:01 PM: 5.you don't know my name_alicia keys_the diary of....wma (ID = 0) 12:01 PM: 6.if i ain't got you_alicia keys_the diary of....wma (ID = 0) 12:01 PM: 12.feeling u, feeling me (interlude)_alicia keys_the diary of....wma (ID = 0) 12:01 PM: 10.so simple_alicia keys_the diary of....wma (ID = 0) 12:01 PM: 3.heartburn_alicia keys_the diary of....wma (ID = 0) 12:02 PM: 14.samsonite man_alicia keys_the diary of....wma (ID = 0) 12:02 PM: 7.diary (feat. tony! toni! tone!)_alicia keys_the diary of....wma (ID = 0) 12:02 PM: 13.slow down_alicia keys_the diary of....wma (ID = 0) 12:02 PM: 11.when you really love someone_alicia keys_the diary of....wma (ID = 0) 12:02 PM: 4.if i was your woman - walk on by_alicia keys_the diary of....wma (ID = 0) 12:02 PM: 2.karma_alicia keys_the diary of....wma (ID = 0) 12:05 PM: File Sweep Complete, Elapsed Time: 00:41:09 12:05 PM: Full Sweep has completed. Elapsed time 00:43:57 12:05 PM: Traces Found: 314 12:12 PM: Removal process initiated 12:12 PM: Quarantining All Traces: 180search assistant/zango 12:12 PM: Quarantining All Traces: clearsearch 12:12 PM: Quarantining All Traces: cws-aboutblank 12:12 PM: Quarantining All Traces: ist istbar 12:12 PM: Quarantining All Traces: potentially rootkit-masked files 12:14 PM: potentially rootkit-masked files is in use. It will be removed on reboot. 12:14 PM: 1.harlem's nocturne_alicia keys_the diary of....wma is in use. It will be removed on reboot. 12:14 PM: 8.dragon days_alicia keys_the diary of....wma is in use. It will be removed on reboot. 12:14 PM: 15.nobody not really (interlude)_alicia keys_the diary of....wma is in use. It will be removed on reboot. 12:14 PM: 9.wake up_alicia keys_the diary of....wma is in use. It will be removed on reboot. 12:14 PM: 5.you don't know my name_alicia keys_the diary of....wma is in use. It will be removed on reboot. 12:14 PM: 6.if i ain't got you_alicia keys_the diary of....wma is in use. It will be removed on reboot. 12:14 PM: 12.feeling u, feeling me (interlude)_alicia keys_the diary of....wma is in use. It will be removed on reboot. 12:14 PM: 10.so simple_alicia keys_the diary of....wma is in use. It will be removed on reboot. 12:14 PM: 3.heartburn_alicia keys_the diary of....wma is in use. It will be removed on reboot. 12:14 PM: 14.samsonite man_alicia keys_the diary of....wma is in use. It will be removed on reboot. 12:14 PM: 7.diary (feat. tony! toni! tone!)_alicia keys_the diary of....wma is in use. It will be removed on reboot. 12:14 PM: 13.slow down_alicia keys_the diary of....wma is in use. It will be removed on reboot. 12:14 PM: 11.when you really love someone_alicia keys_the diary of....wma is in use. It will be removed on reboot. 12:14 PM: 4.if i was your woman - walk on by_alicia keys_the diary of....wma is in use. It will be removed on reboot. 12:14 PM: 2.karma_alicia keys_the diary of....wma is in use. It will be removed on reboot. 12:14 PM: Quarantining All Traces: cws_tiny0 12:14 PM: Quarantining All Traces: easyerror 12:14 PM: Quarantining All Traces: trojan-downloader-2pursuit 12:14 PM: Quarantining All Traces: winad 12:14 PM: Quarantining All Traces: exact cashback/bargain buddy 12:14 PM: Quarantining All Traces: hot as hell 12:14 PM: Quarantining All Traces: ist powerscan 12:14 PM: Quarantining All Traces: ist surf accuracy 12:14 PM: Quarantining All Traces: ist yoursitebar 12:14 PM: Quarantining All Traces: security iguard 12:14 PM: Quarantining All Traces: teenxxx (tinybar) 12:14 PM: Quarantining All Traces: 247realmedia cookie 12:14 PM: Quarantining All Traces: adserver cookie 12:14 PM: Quarantining All Traces: burstbeacon cookie 12:14 PM: Quarantining All Traces: burstnet cookie 12:14 PM: Quarantining All Traces: gain - common components 12:14 PM: Quarantining All Traces: go.com cookie 12:14 PM: Quarantining All Traces: precisiontime 12:14 PM: Quarantining All Traces: realmedia cookie 12:14 PM: Quarantining All Traces: tacoda cookie 12:14 PM: Quarantining All Traces: tribalfusion cookie 12:14 PM: Quarantining All Traces: tripod cookie 12:14 PM: Quarantining All Traces: yieldmanager cookie 12:15 PM: Removal process completed. Elapsed time 00:02:25 ******** 11:18 AM: | Start of Session, Monday, February 20, 2006 | 11:18 AM: Spy Sweeper started 11:19 AM: Your spyware definitions have been updated. 11:21 AM: | End of Session, Monday, February 20, 2006 |

[little eagle]

How is it running now any ads.

[landau]

It's been a few hours now I guess, and.... so far so good!! I'll guess I'll see for sure by tonight or tomorrow. Thx again!

[little eagle]

I'll keep this thread open for a few days let me know.

[little eagle]

Glad we could be of assistance. This topic is now closed. If you wish it reopened, please send us an email (Click for address) with a link to your thread.

Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
Make sure you use proper prevention to keep from having problems occur to your computer in the future.

Coyote's Installed programs for prevention:

http://forums.tomcoy...showtopic=31418

The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Visit the CoyoteStore http://TomCoyote.org/coyotestore.php