WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93085 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Still getting popups

Started by drjatalb , Nov 10 2005 09:21 PM

This topic is locked

15 replies to this topic

#1 drjatalb

New Member

New Member
7 posts

Posted 10 November 2005 - 09:21 PM

I have tried to get my system clean. I have run Adaware, Spybot, CleanUp, as well as looking at each entry in Autoruns and Process Explorer. I have compared processes running in safe mode vs normal mode. I am still getting unwanted popups with IE. I have deleted, disabled, and cleaned everything I can think of. It is driving me crazy. Here is my HJT log file. I would appreciate any help.

Logfile of HijackThis v1.99.1
Scan saved at 9:36:33 PM, on 11/10/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
c:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\DirectX Extensions\DXDebugService.exe
C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Sysinternals.com\Autoruns\autoruns.exe
C:\Program Files\Sysinternals.com\ProcessExplorer\procexp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us10.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.lds.org/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us10.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us10.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - AutorunsDisabled - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [AutoTKit] C:\hp\bin\AUTOTKIT.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [certmgr] C:\WINDOWS\System32\certmgr.exe
O4 - Startup: AutoTBar.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar3.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar3.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar3.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar3.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar3.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar3.dll/cmtrans.html
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} - http://www.miniclip....ro64_loader.dll
O16 - DPF: {7C559105-9ECF-42B8-B3F7-832E75EDD959} - http://www.tbcode.co...006_regular.cab
O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} - http://static.zangoc.../bridge-c24.cab
O16 - DPF: {FE5B9F54-7764-4C01-89F0-4862601EE954} (DigWebHelper Class) - http://photos.msn.co....cab?10,0,910,0
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - c:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe

Advertisements

Register to Remove

#2 pskelley

R.I.P Always in our hearts

Authentic Member
3,879 posts

Interests:Computers, fishing, biking, basketball, travel

Posted 14 November 2005 - 06:24 PM

Hello and welcome to TomCoyote forum. You still have some nasty stuff, and I usually start with Ad-aware and Spybot and wind up with CCleaner. Since you have the first two, use this link: http://tomcoyote.org/aawsb.php to make sure they are updated and configured as in the link. You also have a lot of HP clutter and I suggest you remove it. It is not making your browser run faster...lol. You can still set your homepage to anything you wish. Let's do this:

Look in your Add Remove programs, if SurfAccuracy is there, uninstall it.
http://www.symantec....rfaccuracy.html

Open HijackThis and choose "Do a system scan only" then check the box in front of these line items:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us10.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us10.hpwis.com/
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - AutorunsDisabled - (no file)
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe
(remove the following two restrictions if you don't want them)
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O16 - DPF: {7C559105-9ECF-42B8-B3F7-832E75EDD959} - http://www.tbcode.co...006_regular.cab
Trojan-Downloader.Win32.IstBar.hg
O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} - http://static.zangoc.../bridge-c24.cab

Close all programs but HJT and all browser windows, then click on "Fix Checked"

Run your cleaner, clean in all areas, then restart the computer and post a new HJT log along with your comments, tell me how it's running.

Thanks...pskelley
TomCoyote forum
Expert Member

MS-MVP Windows Security 2007-8-9 Proud Member ASAP UNITE Member 2006

#3 drjatalb

New Member

New Member
7 posts

Posted 14 November 2005 - 11:28 PM

Thank you for your help. I have done what you asked. Here is a quick summary:

1. Went to the link you gave and followed the instructions for updating and configuring Spybot S&D 1.4. I ran it 4 times (once in safe mode) and deleted all the red items it found. It removed all but HKEY_LOCAL_MACHINE\SOFTWare\ISTbar.

2. Used the same link to update and configure AdAware SE Personal. I ran it once and removed all critical items it identified.

3. SurfAccuracy is no longer in the Add/Remove Programs list -- even though it keeps reappearing.

4. I ran HJT and checked (or unchecked) all the items you listed.

5. I ran CleanUp! 4.0 to clean up extra files.

6. I reran HJT and did a scan and save log. The log is posted below.

7. One question: you said that there is lots of HP clutter that I could remove. I would *love* to do that but don't know which things are extra and which things are required -- my system is an HP. Tell me what and how to remove it and I will!

8. I am still getting popups. Aaargghhh!! Even as I type this update message there are popups. I hate those things.

Here is the HJT scan log file

Logfile of HijackThis v1.99.1
Scan saved at 12:14:40 AM, on 11/15/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
c:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\DirectX Extensions\DXDebugService.exe
C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.lds.org/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [AutoTKit] C:\hp\bin\AUTOTKIT.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [certmgr] C:\WINDOWS\System32\certmgr.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar3.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar3.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar3.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar3.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar3.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar3.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} - http://www.miniclip....ro64_loader.dll
O16 - DPF: {FE5B9F54-7764-4C01-89F0-4862601EE954} (DigWebHelper Class) - http://photos.msn.co....cab?10,0,910,0
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - c:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe

#4 pskelley

R.I.P Always in our hearts

Authentic Member
3,879 posts

Interests:Computers, fishing, biking, basketball, travel

Posted 15 November 2005 - 07:58 AM

You are welcome sir, to save time if I agree with your numbered comment, I will not respond.

7) The clutter was the R1/R0 items and you have already removed them. They are put there in the hopes you will use them and be able to see HP advertising. If you feel an overwhelming urge to see HP ads just go here: http://www.hp.com/

8) Please describe these popups telling me where they are directing you to. I need to know how often they are occuring. I would also like to know since you have the Google toolbar, do you have its popup blocker turned on? You can check that in IE > Options > Browsing > Popup Blocker.

I see nothing in the log, so whatever is causing the popups, unless you did not have the Google blocker activated, is hidden from us. The only item I see in the log that may be the culprint is this one:
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} - http://www.miniclip....ro64_loader.dll would you use HJT to remove that line. You will prompted to download the item again the next time you visit the site, once we have ruled it out as the source of the problem.

Let's allow ewido a look, it is best that you close all programs and windows while ewido is running. Make sure you save the scan report, it is very important I see that first log, then restart the computer and post the ewido scan report and a new HJT log.

Please download Ewido Security Suite it is a trial version of the program.

Install ewido security suite
Launch ewido, there should be an icon on your desktop double-click it.
The program will now go to the main screen

You will need to update ewido to the latest definition files.

On the left hand side of the main screen click update
Then click on Start Update

The update will start and a progress bar will show the updates being installed.
If you are having problems with the updater, you can use this link to manually update Ewido.
Ewido manual updates

Once the updates are installed do the following:

Click on scanner
Click on Complete System Scan and the scan will begin.
NOTE: During some scans with ewido it is finding cases of false positives.**
- You will need to step through the process of cleaning files one-by-one.
- If ewido detects a file you KNOW to be legitimate, select none as the action.
- DO NOT select "Perform action on all infections"
- If you are unsure of any entry found select none for now.
Once the scan has completed, there will be a button located on the bottom of the screen named Save report
Click Save report.
Save the report .txt file to your desktop.

Now close ewido security suite.
**(Ewido for example has been flagging parts of AVG Anti-Virus, pcAnywhere and the game "Risk")

Thanks...Phil

Edited by pskelley, 15 November 2005 - 07:59 AM.

MS-MVP Windows Security 2007-8-9 Proud Member ASAP UNITE Member 2006

#5 drjatalb

New Member

New Member
7 posts

Posted 16 November 2005 - 06:56 AM

8) With regards to popups... I typically run Firefox and not IE. I have "Block popups" set in the Tools->Options panel. At the moment (while I am typing this message) there are 5 popup panels displayed. All I did was launch FireFox, go to my home page: www.myway.com; then go to TomCoyote.org and login -- I got 5 popups while doing just that. They are all advertisements usually running macromedia flashplayer. Here is a list of what they are (in the order that they poped up). And BTW, I didn't acknowledge or try to close the popups in any way -- I just ignored them and let them come up one after another.

A) Advertisement for Travelocity

Search Inqwire -something to do with music
C) Venus123 - can't tell if Search Inqwire brought this up or not. Looks mostly like dating stuff
D) The World's No. 1 Online Casino & Online Poker Room - 888.com
E) http://adchannel.con...N_US_Oct05.html -- an IQ test

9) I used HJT to remove the miniclip...BestFriends... item as you requested

10) I downloaded, installed, and ran the ewido security suite (I ignored everything it found for now). Here is the log:

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 7:12:27 AM, 11/16/2005
+ Report-Checksum: 467A322D

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -> Spyware.MiniBug : Ignored
HKLM\SOFTWARE\Classes\MiniBugTransporter.MiniBugTransporterX\CLSID\\ -> Spyware.MiniBug : Ignored
HKLM\SOFTWARE\Classes\MiniBugTransporter.MiniBugTransporterX.1\CLSID\\ -> Spyware.MiniBug : Ignored
HKLM\SOFTWARE\ISTbar -> Spyware.ISTBar : Ignored
HKLM\SOFTWARE\ISTbar\Historyfiles -> Spyware.ISTBar : Ignored
HKLM\SOFTWARE\ISTbar\Historystring -> Spyware.ISTBar : Ignored
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/HDPlugin1015.dll\\.Owner -> Spyware.Gator : Ignored
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/HDPlugin1015.dll\\{DBAE7000-01EC-4162-8FEB-8A27AC937CA0} -> Spyware.Gator : Ignored
HKU\S-1-5-21-2830983197-1402316693-1564819534-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000010-6F7D-442C-93E3-4A4827C2E4C8} -> Spyware.InternetOptimizer : Ignored
HKU\S-1-5-21-2830983197-1402316693-1564819534-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10E42047-DEB9-4535-A118-B3F6EC39B807} -> Spyware.SideFind : Ignored
HKU\S-1-5-21-2830983197-1402316693-1564819534-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FAA356E4-D317-42A6-AB41-A3021C6E7D52} -> Spyware.ISTBar : Ignored
:mozilla.9:C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\bdtsfdps.default\cookies.txt -> Spyware.Cookie.Fastclick : Ignored
:mozilla.10:C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\bdtsfdps.default\cookies.txt -> Spyware.Cookie.Fastclick : Ignored
:mozilla.11:C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\bdtsfdps.default\cookies.txt -> Spyware.Cookie.Doubleclick : Ignored
:mozilla.12:C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\bdtsfdps.default\cookies.txt -> Spyware.Cookie.Casalemedia : Ignored
:mozilla.13:C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\bdtsfdps.default\cookies.txt -> Spyware.Cookie.Casalemedia : Ignored
:mozilla.19:C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\bdtsfdps.default\cookies.txt -> Spyware.Cookie.Atdmt : Ignored
:mozilla.22:C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\bdtsfdps.default\cookies.txt -> Spyware.Cookie.Googleadservices : Ignored
:mozilla.28:C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\bdtsfdps.default\cookies.txt -> Spyware.Cookie.Adserver : Ignored
:mozilla.29:C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\bdtsfdps.default\cookies.txt -> Spyware.Cookie.Burstnet : Ignored
:mozilla.30:C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\bdtsfdps.default\cookies.txt -> Spyware.Cookie.Burstnet : Ignored
:mozilla.31:C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\bdtsfdps.default\cookies.txt -> Spyware.Cookie.Adserver : Ignored
:mozilla.32:C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\bdtsfdps.default\cookies.txt -> Spyware.Cookie.Burstnet : Ignored
:mozilla.33:C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\bdtsfdps.default\cookies.txt -> Spyware.Cookie.Burstbeacon : Ignored
:mozilla.36:C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\bdtsfdps.default\cookies.txt -> Spyware.Cookie.Questionmarket : Ignored
:mozilla.37:C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\bdtsfdps.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Ignored
:mozilla.39:C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\bdtsfdps.default\cookies.txt -> Spyware.Cookie.Revenue : Ignored
:mozilla.45:C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\bdtsfdps.default\cookies.txt -> Spyware.Cookie.Advertising : Ignored
:mozilla.46:C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\bdtsfdps.default\cookies.txt -> Spyware.Cookie.Advertising : Ignored
:mozilla.53:C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\bdtsfdps.default\cookies.txt -> Spyware.Cookie.Coremetrics : Ignored
:mozilla.54:C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\bdtsfdps.default\cookies.txt -> Spyware.Cookie.Overture : Ignored
:mozilla.55:C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\bdtsfdps.default\cookies.txt -> Spyware.Cookie.Overture : Ignored
:mozilla.56:C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\bdtsfdps.default\cookies.txt -> Spyware.Cookie.Hitbox : Ignored
:mozilla.57:C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\bdtsfdps.default\cookies.txt -> Spyware.Cookie.Hitbox : Ignored
:mozilla.61:C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\bdtsfdps.default\cookies.txt -> Spyware.Cookie.2o7 : Ignored
:mozilla.63:C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\bdtsfdps.default\cookies.txt -> Spyware.Cookie.2o7 : Ignored
:mozilla.66:C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\bdtsfdps.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Ignored
:mozilla.13:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\si2m8h2r.default\cookies.txt -> Spyware.Cookie.2o7 : Ignored
:mozilla.14:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\si2m8h2r.default\cookies.txt -> Spyware.Cookie.2o7 : Ignored
:mozilla.15:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\si2m8h2r.default\cookies.txt -> Spyware.Cookie.2o7 : Ignored
:mozilla.16:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\si2m8h2r.default\cookies.txt -> Spyware.Cookie.2o7 : Ignored
:mozilla.17:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\si2m8h2r.default\cookies.txt -> Spyware.Cookie.2o7 : Ignored
:mozilla.18:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\si2m8h2r.default\cookies.txt -> Spyware.Cookie.2o7 : Ignored
:mozilla.19:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\si2m8h2r.default\cookies.txt -> Spyware.Cookie.2o7 : Ignored
:mozilla.20:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\si2m8h2r.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Ignored
:mozilla.21:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\si2m8h2r.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Ignored
:mozilla.22:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\si2m8h2r.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Ignored
:mozilla.23:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\si2m8h2r.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Ignored
:mozilla.24:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\si2m8h2r.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Ignored
:mozilla.25:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\si2m8h2r.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Ignored
:mozilla.26:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\si2m8h2r.default\cookies.txt -> Spyware.Cookie.Doubleclick : Ignored
:mozilla.45:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\si2m8h2r.default\cookies.txt -> Spyware.Cookie.Burstnet : Ignored
:mozilla.46:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\si2m8h2r.default\cookies.txt -> Spyware.Cookie.Burstnet : Ignored
:mozilla.47:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\si2m8h2r.default\cookies.txt -> Spyware.Cookie.Advertising : Ignored
:mozilla.48:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\si2m8h2r.default\cookies.txt -> Spyware.Cookie.Advertising : Ignored
:mozilla.49:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\si2m8h2r.default\cookies.txt -> Spyware.Cookie.Advertising : Ignored
:mozilla.50:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\si2m8h2r.default\cookies.txt -> Spyware.Cookie.Advertising : Ignored
:mozilla.51:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\si2m8h2r.default\cookies.txt -> Spyware.Cookie.Advertising : Ignored
:mozilla.52:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\si2m8h2r.default\cookies.txt -> Spyware.Cookie.Advertising : Ignored
:mozilla.54:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\si2m8h2r.default\cookies.txt -> Spyware.Cookie.Advertising : Ignored
:mozilla.55:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\si2m8h2r.default\cookies.txt -> Spyware.Cookie.Advertising : Ignored
:mozilla.56:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\si2m8h2r.default\cookies.txt -> Spyware.Cookie.Advertising : Ignored
:mozilla.57:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\si2m8h2r.default\cookies.txt -> Spyware.Cookie.Advertising : Ignored
:mozilla.58:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\si2m8h2r.default\cookies.txt -> Spyware.Cookie.Advertising : Ignored
:mozilla.59:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\si2m8h2r.default\cookies.txt -> Spyware.Cookie.Advertising : Ignored
:mozilla.61:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\si2m8h2r.default\cookies.txt -> Spyware.Cookie.Atdmt : Ignored
:mozilla.76:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\si2m8h2r.default\cookies.txt -> Spyware.Cookie.Mediaplex : Ignored
:mozilla.83:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\si2m8h2r.default\cookies.txt -> Spyware.Cookie.Questionmarket : Ignored
:mozilla.94:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\si2m8h2r.default\cookies.txt -> Spyware.Cookie.Fastclick : Ignored
:mozilla.95:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\si2m8h2r.default\cookies.txt -> Spyware.Cookie.Fastclick : Ignored
:mozilla.96:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\si2m8h2r.default\cookies.txt -> Spyware.Cookie.Fastclick : Ignored
:mozilla.97:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\si2m8h2r.default\cookies.txt -> Spyware.Cookie.Fastclick : Ignored
:mozilla.98:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\si2m8h2r.default\cookies.txt -> Spyware.Cookie.Specificclick : Ignored
:mozilla.99:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\si2m8h2r.default\cookies.txt -> Spyware.Cookie.Specificclick : Ignored
:mozilla.100:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\si2m8h2r.default\cookies.txt -> Spyware.Cookie.Specificclick : Ignored
:mozilla.101:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\si2m8h2r.default\cookies.txt -> Spyware.Cookie.Specificclick : Ignored
:mozilla.114:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\si2m8h2r.default\cookies.txt -> Spyware.Cookie.Hitbox : Ignored
:mozilla.116:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\si2m8h2r.default\cookies.txt -> Spyware.Cookie.Hitbox : Ignored
:mozilla.117:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\si2m8h2r.default\cookies.txt -> Spyware.Cookie.Adtech : Ignored
:mozilla.118:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\si2m8h2r.default\cookies.txt -> Spyware.Cookie.Adtech : Ignored
:mozilla.124:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\si2m8h2r.default\cookies.txt -> Spyware.Cookie.Hitbox : Ignored
:mozilla.126:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\si2m8h2r.default\cookies.txt -> Spyware.Cookie.Hitbox : Ignored
:mozilla.128:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\si2m8h2r.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Ignored
:mozilla.129:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\si2m8h2r.default\cookies.txt -> Spyware.Cookie.Hitbox : Ignored
:mozilla.145:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\si2m8h2r.default\cookies.txt -> Spyware.Cookie.Trafficmp : Ignored
:mozilla.146:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\si2m8h2r.default\cookies.txt -> Spyware.Cookie.Trafficmp : Ignored
:mozilla.147:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\si2m8h2r.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Ignored
:mozilla.148:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\si2m8h2r.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Ignored
:mozilla.149:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\si2m8h2r.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Ignored
:mozilla.150:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\si2m8h2r.default\cookies.txt -> Spyware.Cookie.Trafficmp : Ignored
:mozilla.151:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\si2m8h2r.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Ignored
:mozilla.152:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\si2m8h2r.default\cookies.txt -> Spyware.Cookie.Trafficmp : Ignored
:mozilla.153:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\si2m8h2r.default\cookies.txt -> Spyware.Cookie.Trafficmp : Ignored
:mozilla.154:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\si2m8h2r.default\cookies.txt -> Spyware.Cookie.Trafficmp : Ignored
:mozilla.155:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\si2m8h2r.default\cookies.txt -> Spyware.Cookie.Trafficmp : Ignored
:mozilla.156:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\si2m8h2r.default\cookies.txt -> Spyware.Cookie.Trafficmp : Ignored
:mozilla.157:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\si2m8h2r.default\cookies.txt -> Spyware.Cookie.Overture : Ignored
:mozilla.158:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\si2m8h2r.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Ignored
:mozilla.159:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\si2m8h2r.default\cookies.txt -> Spyware.Cookie.Valueclick : Ignored
:mozilla.160:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\si2m8h2r.default\cookies.txt -> Spyware.Cookie.Valueclick : Ignored
:mozilla.165:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\si2m8h2r.default\cookies.txt -> Spyware.Cookie.Googleadservices : Ignored
:mozilla.167:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\si2m8h2r.default\cookies.txt -> Spyware.Cookie.Overture : Ignored
:mozilla.170:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\si2m8h2r.default\cookies.txt -> Spyware.Cookie.Googleadservices : Ignored
:mozilla.175:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\si2m8h2r.default\cookies.txt -> Spyware.Cookie.Com : Ignored
:mozilla.176:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\si2m8h2r.default\cookies.txt -> Spyware.Cookie.Com : Ignored
:mozilla.177:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\si2m8h2r.default\cookies.txt -> Spyware.Cookie.Googleadservices : Ignored
:mozilla.188:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\si2m8h2r.default\cookies.txt -> Spyware.Cookie.Casalemedia : Ignored
:mozilla.189:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\si2m8h2r.default\cookies.txt -> Spyware.Cookie.Casalemedia : Ignored
:mozilla.190:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\si2m8h2r.default\cookies.txt -> Spyware.Cookie.Casalemedia : Ignored
:mozilla.191:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\si2m8h2r.default\cookies.txt -> Spyware.Cookie.Casalemedia : Ignored
:mozilla.192:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\si2m8h2r.default\cookies.txt -> Spyware.Cookie.Casalemedia : Ignored
:mozilla.193:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\si2m8h2r.default\cookies.txt -> Spyware.Cookie.Casalemedia : Ignored
:mozilla.208:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\si2m8h2r.default\cookies.txt -> Spyware.Cookie.Linksynergy : Ignored
:mozilla.209:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\si2m8h2r.default\cookies.txt -> Spyware.Cookie.Linksynergy : Ignored
:mozilla.223:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\si2m8h2r.default\cookies.txt -> Spyware.Cookie.Pointroll : Ignored
:mozilla.224:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\si2m8h2r.default\cookies.txt -> Spyware.Cookie.Pointroll : Ignored
:mozilla.225:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\si2m8h2r.default\cookies.txt -> Spyware.Cookie.Pointroll : Ignored
:mozilla.226:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\si2m8h2r.default\cookies.txt -> Spyware.Cookie.Pointroll : Ignored
:mozilla.229:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\si2m8h2r.default\cookies.txt -> Spyware.Cookie.Hitbox : Ignored
:mozilla.230:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\si2m8h2r.default\cookies.txt -> Spyware.Cookie.Hitbox : Ignored
:mozilla.232:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\si2m8h2r.default\cookies.txt -> Spyware.Cookie.Centrport : Ignored
:mozilla.233:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\si2m8h2r.default\cookies.txt -> Spyware.Cookie.2o7 : Ignored
:mozilla.242:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\si2m8h2r.default\cookies.txt -> Spyware.Cookie.Esomniture : Ignored
:mozilla.247:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\si2m8h2r.default\cookies.txt -> Spyware.Cookie.Esomniture : Ignored
:mozilla.252:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\si2m8h2r.default\cookies.txt -> Spyware.Cookie.Sexlist : Ignored
:mozilla.272:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\si2m8h2r.default\cookies.txt -> Spyware.Cookie.Googleadservices : Ignored
:mozilla.284:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\si2m8h2r.default\cookies.txt -> Spyware.Cookie.Ru4 : Ignored
:mozilla.285:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\si2m8h2r.default\cookies.txt -> Spyware.Cookie.Ru4 : Ignored
:mozilla.287:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\si2m8h2r.default\cookies.txt -> Spyware.Cookie.Hitbox : Ignored
:mozilla.301:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\si2m8h2r.default\cookies.txt -> Spyware.Cookie.Hitbox : Ignored
:mozilla.311:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\si2m8h2r.default\cookies.txt -> Spyware.Cookie.Coremetrics : Ignored
C:\Documents and Settings\Deborah\Start Menu\Programs\Power Scan -> Spyware.PowerScan : Ignored
C:\Documents and Settings\Deborah\Start Menu\Programs\Power Scan\Power Scan.lnk -> Spyware.PowerScan : Ignored
C:\Documents and Settings\Owner\Cookies\owner@z1.adserver[1].txt -> Spyware.Cookie.Adserver : Ignored
C:\Documents and Settings\Owner\Local Settings\Application Data\Wildtangent\Cdacache\00\00\0F.dat/files\wtvh.dll -> Spyware.WildTangent : Ignored
:mozilla.6:C:\Documents and Settings\Robbie\Application Data\Mozilla\Firefox\Profiles\buq12yig.default\cookies.txt -> Spyware.Cookie.2o7 : Ignored
:mozilla.7:C:\Documents and Settings\Robbie\Application Data\Mozilla\Firefox\Profiles\buq12yig.default\cookies.txt -> Spyware.Cookie.2o7 : Ignored
:mozilla.8:C:\Documents and Settings\Robbie\Application Data\Mozilla\Firefox\Profiles\buq12yig.default\cookies.txt -> Spyware.Cookie.2o7 : Ignored
:mozilla.9:C:\Documents and Settings\Robbie\Application Data\Mozilla\Firefox\Profiles\buq12yig.default\cookies.txt -> Spyware.Cookie.2o7 : Ignored
:mozilla.10:C:\Documents and Settings\Robbie\Application Data\Mozilla\Firefox\Profiles\buq12yig.default\cookies.txt -> Spyware.Cookie.2o7 : Ignored
:mozilla.11:C:\Documents and Settings\Robbie\Application Data\Mozilla\Firefox\Profiles\buq12yig.default\cookies.txt -> Spyware.Cookie.2o7 : Ignored
:mozilla.12:C:\Documents and Settings\Robbie\Application Data\Mozilla\Firefox\Profiles\buq12yig.default\cookies.txt -> Spyware.Cookie.2o7 : Ignored
:mozilla.13:C:\Documents and Settings\Robbie\Application Data\Mozilla\Firefox\Profiles\buq12yig.default\cookies.txt -> Spyware.Cookie.2o7 : Ignored
:mozilla.14:C:\Documents and Settings\Robbie\Application Data\Mozilla\Firefox\Profiles\buq12yig.default\cookies.txt -> Spyware.Cookie.2o7 : Ignored
:mozilla.15:C:\Documents and Settings\Robbie\Application Data\Mozilla\Firefox\Profiles\buq12yig.default\cookies.txt -> Spyware.Cookie.2o7 : Ignored
:mozilla.16:C:\Documents and Settings\Robbie\Application Data\Mozilla\Firefox\Profiles\buq12yig.default\cookies.txt -> Spyware.Cookie.2o7 : Ignored
:mozilla.17:C:\Documents and Settings\Robbie\Application Data\Mozilla\Firefox\Profiles\buq12yig.default\cookies.txt -> Spyware.Cookie.2o7 : Ignored
:mozilla.18:C:\Documents and Settings\Robbie\Application Data\Mozilla\Firefox\Profiles\buq12yig.default\cookies.txt -> Spyware.Cookie.2o7 : Ignored
:mozilla.19:C:\Documents and Settings\Robbie\Application Data\Mozilla\Firefox\Profiles\buq12yig.default\cookies.txt -> Spyware.Cookie.2o7 : Ignored
:mozilla.20:C:\Documents and Settings\Robbie\Application Data\Mozilla\Firefox\Profiles\buq12yig.default\cookies.txt -> Spyware.Cookie.2o7 : Ignored
:mozilla.21:C:\Documents and Settings\Robbie\Application Data\Mozilla\Firefox\Profiles\buq12yig.default\cookies.txt -> Spyware.Cookie.2o7 : Ignored
:mozilla.22:C:\Documents and Settings\Robbie\Application Data\Mozilla\Firefox\Profiles\buq12yig.default\cookies.txt -> Spyware.Cookie.2o7 : Ignored
:mozilla.23:C:\Documents and Settings\Robbie\Application Data\Mozilla\Firefox\Profiles\buq12yig.default\cookies.txt -> Spyware.Cookie.2o7 : Ignored
:mozilla.24:C:\Documents and Settings\Robbie\Application Data\Mozilla\Firefox\Profiles\buq12yig.default\cookies.txt -> Spyware.Cookie.2o7 : Ignored
:mozilla.25:C:\Documents and Settings\Robbie\Application Data\Mozilla\Firefox\Profiles\buq12yig.default\cookies.txt -> Spyware.Cookie.2o7 : Ignored
:mozilla.26:C:\Documents and Settings\Robbie\Application Data\Mozilla\Firefox\Profiles\buq12yig.default\cookies.txt -> Spyware.Cookie.2o7 : Ignored
:mozilla.27:C:\Documents and Settings\Robbie\Application Data\Mozilla\Firefox\Profiles\buq12yig.default\cookies.txt -> Spyware.Cookie.2o7 : Ignored
:mozilla.31:C:\Documents and Settings\Robbie\Application Data\Mozilla\Firefox\Profiles\buq12yig.default\cookies.txt -> Spyware.Cookie.Doubleclick : Ignored
:mozilla.32:C:\Documents and Settings\Robbie\Application Data\Mozilla\Firefox\Profiles\buq12yig.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Ignored
:mozilla.33:C:\Documents and Settings\Robbie\Application Data\Mozilla\Firefox\Profiles\buq12yig.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Ignored
:mozilla.34:C:\Documents and Settings\Robbie\Application Data\Mozilla\Firefox\Profiles\buq12yig.default\cookies.txt -> Spyware.Cookie.Atdmt : Ignored
:mozilla.35:C:\Documents and Settings\Robbie\Application Data\Mozilla\Firefox\Profiles\buq12yig.default\cookies.txt -> Spyware.Cookie.Fastclick : Ignored
:mozilla.36:C:\Documents and Settings\Robbie\Application Data\Mozilla\Firefox\Profiles\buq12yig.default\cookies.txt -> Spyware.Cookie.Adserver : Ignored
:mozilla.37:C:\Documents and Settings\Robbie\Application Data\Mozilla\Firefox\Profiles\buq12yig.default\cookies.txt -> Spyware.Cookie.Adserver : Ignored
:mozilla.38:C:\Documents and Settings\Robbie\Application Data\Mozilla\Firefox\Profiles\buq12yig.default\cookies.txt -> Spyware.Cookie.Adserver : Ignored
:mozilla.39:C:\Documents and Settings\Robbie\Application Data\Mozilla\Firefox\Profiles\buq12yig.default\cookies.txt -> Spyware.Cookie.Fastclick : Ignored
:mozilla.43:C:\Documents and Settings\Robbie\Application Data\Mozilla\Firefox\Profiles\buq12yig.default\cookies.txt -> Spyware.Cookie.Hitbox : Ignored
:mozilla.45:C:\Documents and Settings\Robbie\Application Data\Mozilla\Firefox\Profiles\buq12yig.default\cookies.txt -> Spyware.Cookie.Hitbox : Ignored
:mozilla.49:C:\Documents and Settings\Robbie\Application Data\Mozilla\Firefox\Profiles\buq12yig.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Ignored
:mozilla.50:C:\Documents and Settings\Robbie\Application Data\Mozilla\Firefox\Profiles\buq12yig.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Ignored
:mozilla.51:C:\Documents and Settings\Robbie\Application Data\Mozilla\Firefox\Profiles\buq12yig.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Ignored
:mozilla.52:C:\Documents and Settings\Robbie\Application Data\Mozilla\Firefox\Profiles\buq12yig.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Ignored
:mozilla.53:C:\Documents and Settings\Robbie\Application Data\Mozilla\Firefox\Profiles\buq12yig.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Ignored
:mozilla.54:C:\Documents and Settings\Robbie\Application Data\Mozilla\Firefox\Profiles\buq12yig.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Ignored
:mozilla.55:C:\Documents and Settings\Robbie\Application Data\Mozilla\Firefox\Profiles\buq12yig.default\cookies.txt -> Spyware.Cookie.Advertising : Ignored
:mozilla.56:C:\Documents and Settings\Robbie\Application Data\Mozilla\Firefox\Profiles\buq12yig.default\cookies.txt -> Spyware.Cookie.Advertising : Ignored
:mozilla.57:C:\Documents and Settings\Robbie\Application Data\Mozilla\Firefox\Profiles\buq12yig.default\cookies.txt -> Spyware.Cookie.Advertising : Ignored
:mozilla.58:C:\Documents and Settings\Robbie\Application Data\Mozilla\Firefox\Profiles\buq12yig.default\cookies.txt -> Spyware.Cookie.Advertising : Ignored
:mozilla.59:C:\Documents and Settings\Robbie\Application Data\Mozilla\Firefox\Profiles\buq12yig.default\cookies.txt -> Spyware.Cookie.Advertising : Ignored
:mozilla.60:C:\Documents and Settings\Robbie\Application Data\Mozilla\Firefox\Profiles\buq12yig.default\cookies.txt -> Spyware.Cookie.Advertising : Ignored
:mozilla.61:C:\Documents and Settings\Robbie\Application Data\Mozilla\Firefox\Profiles\buq12yig.default\cookies.txt -> Spyware.Cookie.Advertising : Ignored
:mozilla.62:C:\Documents and Settings\Robbie\Application Data\Mozilla\Firefox\Profiles\buq12yig.default\cookies.txt -> Spyware.Cookie.Advertising : Ignored
:mozilla.63:C:\Documents and Settings\Robbie\Application Data\Mozilla\Firefox\Profiles\buq12yig.default\cookies.txt -> Spyware.Cookie.Advertising : Ignored
:mozilla.64:C:\Documents and Settings\Robbie\Application Data\Mozilla\Firefox\Profiles\buq12yig.default\cookies.txt -> Spyware.Cookie.Advertising : Ignored
:mozilla.65:C:\Documents and Settings\Robbie\Application Data\Mozilla\Firefox\Profiles\buq12yig.default\cookies.txt -> Spyware.Cookie.Advertising : Ignored
:mozilla.66:C:\Documents and Settings\Robbie\Application Data\Mozilla\Firefox\Profiles\buq12yig.default\cookies.txt -> Spyware.Cookie.Advertising : Ignored
:mozilla.67:C:\Documents and Settings\Robbie\Application Data\Mozilla\Firefox\Profiles\buq12yig.default\cookies.txt -> Spyware.Cookie.Advertising : Ignored
:mozilla.68:C:\Documents and Settings\Robbie\Application Data\Mozilla\Firefox\Profiles\buq12yig.default\cookies.txt -> Spyware.Cookie.Advertising : Ignored
:mozilla.69:C:\Documents and Settings\Robbie\Application Data\Mozilla\Firefox\Profiles\buq12yig.default\cookies.txt -> Spyware.Cookie.Advertising : Ignored
:mozilla.70:C:\Documents and Settings\Robbie\Application Data\Mozilla\Firefox\Profiles\buq12yig.default\cookies.txt -> Spyware.Cookie.Advertising : Ignored
:mozilla.81:C:\Documents and Settings\Robbie\Application Data\Mozilla\Firefox\Profiles\buq12yig.default\cookies.txt -> Spyware.Cookie.Mediaplex : Ignored
:mozilla.85:C:\Documents and Settings\Robbie\Application Data\Mozilla\Firefox\Profiles\buq12yig.default\cookies.txt -> Spyware.Cookie.2o7 : Ignored
:mozilla.111:C:\Documents and Settings\Robbie\Application Data\Mozilla\Firefox\Profiles\buq12yig.default\cookies.txt -> Spyware.Cookie.Burstbeacon : Ignored
:mozilla.134:C:\Documents and Settings\Robbie\Application Data\Mozilla\Firefox\Profiles\buq12yig.default\cookies.txt -> Spyware.Cookie.Burstnet : Ignored
:mozilla.223:C:\Documents and Settings\Robbie\Application Data\Mozilla\Firefox\Profiles\buq12yig.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Ignored
:mozilla.224:C:\Documents and Settings\Robbie\Application Data\Mozilla\Firefox\Profiles\buq12yig.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Ignored
:mozilla.304:C:\Documents and Settings\Robbie\Application Data\Mozilla\Firefox\Profiles\buq12yig.default\cookies.txt -> Spyware.Cookie.Esomniture : Ignored
:mozilla.305:C:\Documents and Settings\Robbie\Application Data\Mozilla\Firefox\Profiles\buq12yig.default\cookies.txt -> Spyware.Cookie.Burstnet : Ignored
:mozilla.316:C:\Documents and Settings\Robbie\Application Data\Mozilla\Firefox\Profiles\buq12yig.default\cookies.txt -> Spyware.Cookie.Clickzs : Ignored
:mozilla.317:C:\Documents and Settings\Robbie\Application Data\Mozilla\Firefox\Profiles\buq12yig.default\cookies.txt -> Spyware.Cookie.Clickzs : Ignored
:mozilla.345:C:\Documents and Settings\Robbie\Application Data\Mozilla\Firefox\Profiles\buq12yig.default\cookies.txt -> Spyware.Cookie.Esomniture : Ignored
:mozilla.352:C:\Documents and Settings\Robbie\Application Data\Mozilla\Firefox\Profiles\buq12yig.default\cookies.txt -> Spyware.Cookie.Esomniture : Ignored
:mozilla.363:C:\Documents and Settings\Robbie\Application Data\Mozilla\Firefox\Profiles\buq12yig.default\cookies.txt -> Spyware.Cookie.Esomniture : Ignored
:mozilla.373:C:\Documents and Settings\Robbie\Application Data\Mozilla\Firefox\Profiles\buq12yig.default\cookies.txt -> Spyware.Cookie.Com : Ignored
:mozilla.374:C:\Documents and Settings\Robbie\Application Data\Mozilla\Firefox\Profiles\buq12yig.default\cookies.txt -> Spyware.Cookie.Com : Ignored
:mozilla.393:C:\Documents and Settings\Robbie\Application Data\Mozilla\Firefox\Profiles\buq12yig.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Ignored
:mozilla.406:C:\Documents and Settings\Robbie\Application Data\Mozilla\Firefox\Profiles\buq12yig.default\cookies.txt -> Spyware.Cookie.Esomniture : Ignored
:mozilla.415:C:\Documents and Settings\Robbie\Application Data\Mozilla\Firefox\Profiles\buq12yig.default\cookies.txt -> Spyware.Cookie.Liveperson : Ignored
:mozilla.418:C:\Documents and Settings\Robbie\Application Data\Mozilla\Firefox\Profiles\buq12yig.default\cookies.txt -> Spyware.Cookie.Liveperson : Ignored
C:\Program Files\HijackThis\backups\backup-20051114-234455-735.dll -> Spyware.WinAD : Ignored

::Report End

11) Then I rebooted and reran HJT. Here is that scan:

Logfile of HijackThis v1.99.1
Scan saved at 7:44:11 AM, on 11/16/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.lds.org/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [AutoTKit] C:\hp\bin\AUTOTKIT.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [certmgr] C:\WINDOWS\System32\certmgr.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar3.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar3.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar3.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar3.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar3.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar3.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {FE5B9F54-7764-4C01-89F0-4862601EE954} (DigWebHelper Class) - http://photos.msn.co....cab?10,0,910,0
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - c:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe

#6 pskelley

R.I.P Always in our hearts

Authentic Member
3,879 posts

Interests:Computers, fishing, biking, basketball, travel

Posted 16 November 2005 - 07:04 AM

For some reason you ignored all of the bad items ewido located? I looked at the list and everything it found is bad. Run ewido again and delete everything it locates. Then post a new ewido scan result and a new HJT log. We can't proceed until this is done. Thanks for the other feedback, I will wait for the new information before I comment on it. I will say that ewido identified many malware items that cause popups, using ewido to remove them may well fix your issues?
If you need a tutorial for ewido:
http://rstones12.gee.../ewidosetup.htm
Thanks...Phil

Edited by pskelley, 16 November 2005 - 08:23 AM.

MS-MVP Windows Security 2007-8-9 Proud Member ASAP UNITE Member 2006

#7 drjatalb

New Member

New Member
7 posts

Posted 16 November 2005 - 09:16 PM

I reran ewido and cleaned everything up. The scan logs are posted below. I still got a popup just now when I launched Firefox and went to TomCoyote.org. This popup is: http://ad.firstadsol...QTAADspgAAL..... (bunch of letters)
Do you still see something that could be causing these popups? I am wondering if my FireFox is completely screwed and needs to be replaced. Whatever it is it is deeply rooted.

Here is the new ewido scan report:

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 10:00:33 PM, 11/16/2005
+ Report-Checksum: 93675630

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -> Spyware.MiniBug : Cleaned with backup
HKLM\SOFTWARE\Classes\MiniBugTransporter.MiniBugTransporterX\CLSID\\ -> Spyware.MiniBug : Cleaned with backup
HKLM\SOFTWARE\Classes\MiniBugTransporter.MiniBugTransporterX.1\CLSID\\ -> Spyware.MiniBug : Cleaned with backup
HKLM\SOFTWARE\ISTbar -> Spyware.ISTBar : Error during cleaning
HKLM\SOFTWARE\ISTbar\Historyfiles -> Spyware.ISTBar : Error during cleaning
HKLM\SOFTWARE\ISTbar\Historystring -> Spyware.ISTBar : Error during cleaning
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/HDPlugin1015.dll\\.Owner -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/HDPlugin1015.dll\\{DBAE7000-01EC-4162-8FEB-8A27AC937CA0} -> Spyware.Gator : Cleaned with backup
HKU\S-1-5-21-2830983197-1402316693-1564819534-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000010-6F7D-442C-93E3-4A4827C2E4C8} -> Spyware.InternetOptimizer : Cleaned with backup
HKU\S-1-5-21-2830983197-1402316693-1564819534-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10E42047-DEB9-4535-A118-B3F6EC39B807} -> Spyware.SideFind : Cleaned with backup
HKU\S-1-5-21-2830983197-1402316693-1564819534-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FAA356E4-D317-42A6-AB41-A3021C6E7D52} -> Spyware.ISTBar : Cleaned with backup
:mozilla.9:C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\bdtsfdps.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.10:C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\bdtsfdps.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.11:C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\bdtsfdps.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.12:C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\bdtsfdps.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.13:C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\bdtsfdps.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.19:C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\bdtsfdps.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.22:C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\bdtsfdps.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.28:C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\bdtsfdps.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.29:C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\bdtsfdps.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.30:C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\bdtsfdps.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.31:C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\bdtsfdps.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.32:C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\bdtsfdps.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.33:C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\bdtsfdps.default\cookies.txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
:mozilla.36:C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\bdtsfdps.default\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.37:C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\bdtsfdps.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.39:C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\bdtsfdps.default\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
:mozilla.45:C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\bdtsfdps.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.46:C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\bdtsfdps.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.53:C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\bdtsfdps.default\cookies.txt -> Spyware.Cookie.Coremetrics : Cleaned with backup
:mozilla.54:C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\bdtsfdps.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.55:C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\bdtsfdps.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.56:C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\bdtsfdps.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.57:C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\bdtsfdps.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.61:C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\bdtsfdps.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.63:C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\bdtsfdps.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.66:C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\bdtsfdps.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.13:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\si2m8h2r.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.14:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\si2m8h2r.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.15:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\si2m8h2r.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.16:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\si2m8h2r.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.17:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\si2m8h2r.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.18:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\si2m8h2r.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.19:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\si2m8h2r.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.20:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\si2m8h2r.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.21:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\si2m8h2r.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.22:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\si2m8h2r.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.23:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\si2m8h2r.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.24:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\si2m8h2r.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.25:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\si2m8h2r.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.26:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\si2m8h2r.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.45:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\si2m8h2r.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.46:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\si2m8h2r.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.47:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\si2m8h2r.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.48:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\si2m8h2r.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.49:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\si2m8h2r.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.50:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\si2m8h2r.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.51:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\si2m8h2r.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.52:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\si2m8h2r.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.54:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\si2m8h2r.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.55:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\si2m8h2r.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.56:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\si2m8h2r.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.57:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\si2m8h2r.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.58:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\si2m8h2r.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.59:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\si2m8h2r.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.61:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\si2m8h2r.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.76:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\si2m8h2r.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.83:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\si2m8h2r.default\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.94:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\si2m8h2r.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.95:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\si2m8h2r.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.96:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\si2m8h2r.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.97:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\si2m8h2r.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.98:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\si2m8h2r.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.99:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\si2m8h2r.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.100:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\si2m8h2r.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.101:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\si2m8h2r.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.114:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\si2m8h2r.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.116:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\si2m8h2r.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.117:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\si2m8h2r.default\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup
:mozilla.118:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\si2m8h2r.default\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup
:mozilla.124:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\si2m8h2r.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.126:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\si2m8h2r.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.128:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\si2m8h2r.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.129:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\si2m8h2r.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.145:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\si2m8h2r.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.146:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\si2m8h2r.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.147:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\si2m8h2r.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.148:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\si2m8h2r.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.149:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\si2m8h2r.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.150:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\si2m8h2r.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.151:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\si2m8h2r.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.152:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\si2m8h2r.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.153:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\si2m8h2r.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.154:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\si2m8h2r.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.155:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\si2m8h2r.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.156:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\si2m8h2r.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.157:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\si2m8h2r.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.158:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\si2m8h2r.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.159:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\si2m8h2r.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.160:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\si2m8h2r.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.165:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\si2m8h2r.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.167:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\si2m8h2r.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.170:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\si2m8h2r.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.175:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\si2m8h2r.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.176:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\si2m8h2r.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.177:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\si2m8h2r.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.188:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\si2m8h2r.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.189:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\si2m8h2r.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.190:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\si2m8h2r.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.191:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\si2m8h2r.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.192:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\si2m8h2r.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.193:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\si2m8h2r.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.208:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\si2m8h2r.default\cookies.txt -> Spyware.Cookie.Linksynergy : Cleaned with backup
:mozilla.209:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\si2m8h2r.default\cookies.txt -> Spyware.Cookie.Linksynergy : Cleaned with backup
:mozilla.223:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\si2m8h2r.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.224:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\si2m8h2r.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.225:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\si2m8h2r.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.226:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\si2m8h2r.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.229:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\si2m8h2r.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.230:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\si2m8h2r.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.232:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\si2m8h2r.default\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.233:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\si2m8h2r.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.242:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\si2m8h2r.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.247:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\si2m8h2r.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.252:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\si2m8h2r.default\cookies.txt -> Spyware.Cookie.Sexlist : Cleaned with backup
:mozilla.272:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\si2m8h2r.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.284:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\si2m8h2r.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.285:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\si2m8h2r.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.287:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\si2m8h2r.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.301:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\si2m8h2r.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.311:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\si2m8h2r.default\cookies.txt -> Spyware.Cookie.Coremetrics : Cleaned with backup
C:\Documents and Settings\Deborah\Start Menu\Programs\Power Scan -> Spyware.PowerScan : Cleaned with backup
C:\Documents and Settings\Deborah\Start Menu\Programs\Power Scan\Power Scan.lnk -> Spyware.PowerScan : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@ad.yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@adopt.specificclick[1].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@advertising[1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@as-us.falkag[1].txt -> Spyware.Cookie.Falkag : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@doubleclick[2].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@edge.ru4[2].txt -> Spyware.Cookie.Ru4 : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@mediaplex[1].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@servedby.advertising[2].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@trafficmp[2].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@valueclick[2].txt -> Spyware.Cookie.Valueclick : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@z1.adserver[1].txt -> Spyware.Cookie.Adserver : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Application Data\Wildtangent\Cdacache\00\00\0F.dat/files\wtvh.dll -> Spyware.WildTangent : Cleaned with backup
:mozilla.6:C:\Documents and Settings\Robbie\Application Data\Mozilla\Firefox\Profiles\buq12yig.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.7:C:\Documents and Settings\Robbie\Application Data\Mozilla\Firefox\Profiles\buq12yig.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.8:C:\Documents and Settings\Robbie\Application Data\Mozilla\Firefox\Profiles\buq12yig.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.9:C:\Documents and Settings\Robbie\Application Data\Mozilla\Firefox\Profiles\buq12yig.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.10:C:\Documents and Settings\Robbie\Application Data\Mozilla\Firefox\Profiles\buq12yig.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.11:C:\Documents and Settings\Robbie\Application Data\Mozilla\Firefox\Profiles\buq12yig.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.12:C:\Documents and Settings\Robbie\Application Data\Mozilla\Firefox\Profiles\buq12yig.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.13:C:\Documents and Settings\Robbie\Application Data\Mozilla\Firefox\Profiles\buq12yig.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.14:C:\Documents and Settings\Robbie\Application Data\Mozilla\Firefox\Profiles\buq12yig.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.15:C:\Documents and Settings\Robbie\Application Data\Mozilla\Firefox\Profiles\buq12yig.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.16:C:\Documents and Settings\Robbie\Application Data\Mozilla\Firefox\Profiles\buq12yig.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.17:C:\Documents and Settings\Robbie\Application Data\Mozilla\Firefox\Profiles\buq12yig.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.18:C:\Documents and Settings\Robbie\Application Data\Mozilla\Firefox\Profiles\buq12yig.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.19:C:\Documents and Settings\Robbie\Application Data\Mozilla\Firefox\Profiles\buq12yig.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.20:C:\Documents and Settings\Robbie\Application Data\Mozilla\Firefox\Profiles\buq12yig.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.21:C:\Documents and Settings\Robbie\Application Data\Mozilla\Firefox\Profiles\buq12yig.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.22:C:\Documents and Settings\Robbie\Application Data\Mozilla\Firefox\Profiles\buq12yig.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.23:C:\Documents and Settings\Robbie\Application Data\Mozilla\Firefox\Profiles\buq12yig.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.24:C:\Documents and Settings\Robbie\Application Data\Mozilla\Firefox\Profiles\buq12yig.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.25:C:\Documents and Settings\Robbie\Application Data\Mozilla\Firefox\Profiles\buq12yig.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.26:C:\Documents and Settings\Robbie\Application Data\Mozilla\Firefox\Profiles\buq12yig.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.27:C:\Documents and Settings\Robbie\Application Data\Mozilla\Firefox\Profiles\buq12yig.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.31:C:\Documents and Settings\Robbie\Application Data\Mozilla\Firefox\Profiles\buq12yig.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.32:C:\Documents and Settings\Robbie\Application Data\Mozilla\Firefox\Profiles\buq12yig.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.33:C:\Documents and Settings\Robbie\Application Data\Mozilla\Firefox\Profiles\buq12yig.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.34:C:\Documents and Settings\Robbie\Application Data\Mozilla\Firefox\Profiles\buq12yig.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.35:C:\Documents and Settings\Robbie\Application Data\Mozilla\Firefox\Profiles\buq12yig.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.36:C:\Documents and Settings\Robbie\Application Data\Mozilla\Firefox\Profiles\buq12yig.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.37:C:\Documents and Settings\Robbie\Application Data\Mozilla\Firefox\Profiles\buq12yig.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.38:C:\Documents and Settings\Robbie\Application Data\Mozilla\Firefox\Profiles\buq12yig.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.39:C:\Documents and Settings\Robbie\Application Data\Mozilla\Firefox\Profiles\buq12yig.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.43:C:\Documents and Settings\Robbie\Application Data\Mozilla\Firefox\Profiles\buq12yig.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.45:C:\Documents and Settings\Robbie\Application Data\Mozilla\Firefox\Profiles\buq12yig.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.49:C:\Documents and Settings\Robbie\Application Data\Mozilla\Firefox\Profiles\buq12yig.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.50:C:\Documents and Settings\Robbie\Application Data\Mozilla\Firefox\Profiles\buq12yig.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.51:C:\Documents and Settings\Robbie\Application Data\Mozilla\Firefox\Profiles\buq12yig.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.52:C:\Documents and Settings\Robbie\Application Data\Mozilla\Firefox\Profiles\buq12yig.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.53:C:\Documents and Settings\Robbie\Application Data\Mozilla\Firefox\Profiles\buq12yig.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.54:C:\Documents and Settings\Robbie\Application Data\Mozilla\Firefox\Profiles\buq12yig.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.55:C:\Documents and Settings\Robbie\Application Data\Mozilla\Firefox\Profiles\buq12yig.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.56:C:\Documents and Settings\Robbie\Application Data\Mozilla\Firefox\Profiles\buq12yig.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.57:C:\Documents and Settings\Robbie\Application Data\Mozilla\Firefox\Profiles\buq12yig.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.58:C:\Documents and Settings\Robbie\Application Data\Mozilla\Firefox\Profiles\buq12yig.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.59:C:\Documents and Settings\Robbie\Application Data\Mozilla\Firefox\Profiles\buq12yig.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.60:C:\Documents and Settings\Robbie\Application Data\Mozilla\Firefox\Profiles\buq12yig.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.61:C:\Documents and Settings\Robbie\Application Data\Mozilla\Firefox\Profiles\buq12yig.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.62:C:\Documents and Settings\Robbie\Application Data\Mozilla\Firefox\Profiles\buq12yig.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.63:C:\Documents and Settings\Robbie\Application Data\Mozilla\Firefox\Profiles\buq12yig.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.64:C:\Documents and Settings\Robbie\Application Data\Mozilla\Firefox\Profiles\buq12yig.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.65:C:\Documents and Settings\Robbie\Application Data\Mozilla\Firefox\Profiles\buq12yig.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.66:C:\Documents and Settings\Robbie\Application Data\Mozilla\Firefox\Profiles\buq12yig.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.67:C:\Documents and Settings\Robbie\Application Data\Mozilla\Firefox\Profiles\buq12yig.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.68:C:\Documents and Settings\Robbie\Application Data\Mozilla\Firefox\Profiles\buq12yig.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.69:C:\Documents and Settings\Robbie\Application Data\Mozilla\Firefox\Profiles\buq12yig.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.70:C:\Documents and Settings\Robbie\Application Data\Mozilla\Firefox\Profiles\buq12yig.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.81:C:\Documents and Settings\Robbie\Application Data\Mozilla\Firefox\Profiles\buq12yig.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.85:C:\Documents and Settings\Robbie\Application Data\Mozilla\Firefox\Profiles\buq12yig.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.111:C:\Documents and Settings\Robbie\Application Data\Mozilla\Firefox\Profiles\buq12yig.default\cookies.txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
:mozilla.134:C:\Documents and Settings\Robbie\Application Data\Mozilla\Firefox\Profiles\buq12yig.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.223:C:\Documents and Settings\Robbie\Application Data\Mozilla\Firefox\Profiles\buq12yig.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.224:C:\Documents and Settings\Robbie\Application Data\Mozilla\Firefox\Profiles\buq12yig.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.304:C:\Documents and Settings\Robbie\Application Data\Mozilla\Firefox\Profiles\buq12yig.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.305:C:\Documents and Settings\Robbie\Application Data\Mozilla\Firefox\Profiles\buq12yig.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.316:C:\Documents and Settings\Robbie\Application Data\Mozilla\Firefox\Profiles\buq12yig.default\cookies.txt -> Spyware.Cookie.Clickzs : Cleaned with backup
:mozilla.317:C:\Documents and Settings\Robbie\Application Data\Mozilla\Firefox\Profiles\buq12yig.default\cookies.txt -> Spyware.Cookie.Clickzs : Cleaned with backup
:mozilla.345:C:\Documents and Settings\Robbie\Application Data\Mozilla\Firefox\Profiles\buq12yig.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.352:C:\Documents and Settings\Robbie\Application Data\Mozilla\Firefox\Profiles\buq12yig.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.363:C:\Documents and Settings\Robbie\Application Data\Mozilla\Firefox\Profiles\buq12yig.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.373:C:\Documents and Settings\Robbie\Application Data\Mozilla\Firefox\Profiles\buq12yig.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.374:C:\Documents and Settings\Robbie\Application Data\Mozilla\Firefox\Profiles\buq12yig.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.393:C:\Documents and Settings\Robbie\Application Data\Mozilla\Firefox\Profiles\buq12yig.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.406:C:\Documents and Settings\Robbie\Application Data\Mozilla\Firefox\Profiles\buq12yig.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.415:C:\Documents and Settings\Robbie\Application Data\Mozilla\Firefox\Profiles\buq12yig.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.418:C:\Documents and Settings\Robbie\Application Data\Mozilla\Firefox\Profiles\buq12yig.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
C:\Program Files\HijackThis\backups\backup-20051114-234455-735.dll -> Spyware.WinAD : Cleaned with backup

::Report End

After running ewido I rebooted and ran HJT. Here is the HJT scan log:

Logfile of HijackThis v1.99.1
Scan saved at 10:02:37 PM, on 11/16/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.lds.org/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [AutoTKit] C:\hp\bin\AUTOTKIT.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [certmgr] C:\WINDOWS\System32\certmgr.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar3.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar3.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar3.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar3.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar3.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar3.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {FE5B9F54-7764-4C01-89F0-4862601EE954} (DigWebHelper Class) - http://photos.msn.co....cab?10,0,910,0
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - c:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe

#8 pskelley

R.I.P Always in our hearts

Authentic Member
3,879 posts

Interests:Computers, fishing, biking, basketball, travel

Posted 17 November 2005 - 04:03 AM

First I wish to say I am doing my best to help you with your issue, I need a little patience from you. It is rare that this junk comes off as easily as it went on. For you information, this appears to be the item causing the problems, that is unless you have a rootkit infection.
Here is information about it: http://www.doxdesk.c...ite/ISTbar.html including manual removal if you are so inclined.
HKLM\SOFTWARE\ISTbar -> Spyware.ISTBar : Error during cleaning
HKLM\SOFTWARE\ISTbar\Historyfiles -> Spyware.ISTBar : Error during cleaning
HKLM\SOFTWARE\ISTbar\Historystring -> Spyware.ISTBar : Error during cleaning

The ewido scan was unable to remove this piece of junk in normal mode, and option would be to try in safe mode. Before I go to that I want to give you some information about what we may be up against. At this point I do not think so, but you need to be informed:
http://www.pcsupport...om/rootkits.htm
http://www.ad-mkt-re...r/ai200412.html
http://www.symantec....rat.client.html

Symantec has a removal tool that may work, depends on how fast the hackers are and if Symantec is keeping their removal tool updated? Make sure you read the instruction carefully and follow them exactly.
http://securityrespo...valinstructions

If that works, great if not you may try this tool by Microsoft: http://www.microsoft...ve/default.mspx

I need to say that you need to take a serious look at where the junk is being stored on your computer, because much of it is in Firefox. http://privacy.getne...tools/firefox1/
http://www.mozilla.o..._priv_help.html

Let's see what happens with that information, for a check, run ewido to see if we can get a clean ewido log, post that for me.

Thanks...Phil

Edited by pskelley, 22 November 2005 - 05:32 PM.

MS-MVP Windows Security 2007-8-9 Proud Member ASAP UNITE Member 2006

#9 drjatalb

New Member

New Member
7 posts

Posted 22 November 2005 - 02:11 PM

I will try your suggestions tonight. Sorry for the long delay since the last posting. I was away from home for a few days. BTW, I am going to go ahead and uninstall FireFox.

#10 pskelley

R.I.P Always in our hearts

Authentic Member
3,879 posts

Interests:Computers, fishing, biking, basketball, travel

Posted 22 November 2005 - 05:36 PM

I believe you did not understand me, there is nothing wrong with Firefox, I use it myself along with Internet Explorer. Getting rid of it would be like getting rid a car because of the driver

Edited by pskelley, 22 November 2005 - 05:37 PM.

MS-MVP Windows Security 2007-8-9 Proud Member ASAP UNITE Member 2006

Advertisements

Register to Remove

#11 drjatalb

New Member

New Member
7 posts

Posted 30 November 2005 - 06:17 AM

Here is what I have done based on your last recommendations:
1. I read all the links about ISTBar removal. I followed the manual removal steps as they applied. Nearly all of the directores, files, processes, registry entries, etc. that were discussed did not exist on my system so could not be removed. The only ISTBar items present on my system is one registry entry which I cannot delete -- ewido appears to have the same problem deleting it.
2. I read all the links on rootkits. Those are definitely bad.
3. I downloaded and ran the Symantec tool for ISTBar removal. It ran for about 10 minutes and then said "ISTBar is not present on your system".
4. I downloaded RootkitRevealer from sysinternals.com but have not been able to run it. I tried double clicking on it from Windows Explorer and it said that it can only be run from the console. I tried running it from a DOS command window and that failed the same way. Then I tried running it from Safe Mode and it said that it could not be run from Safe Mode. I read the available doc and don't know what else to try. Can you give me some instructions on how to run it?
5. I ran ewido in Safe Mode. It found 19 problems and was able to delete 16 of them. The other 3 are ISTBar items which cause errors when attempting to delete. I will attach the log below.
6. I downloaded and ran the Microsoft malwareremoval tool. It ran and said that my system did not have any of the problems that it knew about.
7. I ran HijackThis again and will attach the log below.
8. This morning I am not getting any popups. I have tried running both IE and FF and going to google and searching for things like "insurance quotes", "home theaters", "home loans" and I am not getting popups. That is a good thing, of course, but I don't trust it yet mostly because the steps above haven't really changed anything.

Here is the ewido log:
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 6:06:54 AM, 11/30/2005
+ Report-Checksum: 89DB6805

+ Scan result:

HKLM\SOFTWARE\ISTbar -> Spyware.ISTBar : Error during cleaning
HKLM\SOFTWARE\ISTbar\Historyfiles -> Spyware.ISTBar : Error during cleaning
HKLM\SOFTWARE\ISTbar\Historystring -> Spyware.ISTBar : Error during cleaning
:mozilla.18:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\si2m8h2r.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned without backup
C:\Documents and Settings\Deborah\Cookies\deborah@atdmt[1].txt -> Spyware.Cookie.Atdmt : Cleaned without backup
C:\Documents and Settings\Deborah\Cookies\deborah@msnportal.112.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned without backup
C:\Documents and Settings\Owner\Cookies\owner@2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned without backup
C:\Documents and Settings\Owner\Cookies\owner@ad.yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager : Cleaned without backup
C:\Documents and Settings\Owner\Cookies\owner@adopt.specificclick[1].txt -> Spyware.Cookie.Specificclick : Cleaned without backup
C:\Documents and Settings\Owner\Cookies\owner@ads.addynamix[1].txt -> Spyware.Cookie.Addynamix : Cleaned without backup
C:\Documents and Settings\Owner\Cookies\owner@advertising[2].txt -> Spyware.Cookie.Advertising : Cleaned without backup
C:\Documents and Settings\Owner\Cookies\owner@as1.falkag[2].txt -> Spyware.Cookie.Falkag : Cleaned without backup
C:\Documents and Settings\Owner\Cookies\owner@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned without backup
C:\Documents and Settings\Owner\Cookies\owner@counter.hitslink[2].txt -> Spyware.Cookie.Hitslink : Cleaned without backup
C:\Documents and Settings\Owner\Cookies\owner@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned without backup
C:\Documents and Settings\Owner\Cookies\owner@perf.overture[1].txt -> Spyware.Cookie.Overture : Cleaned without backup
C:\Documents and Settings\Owner\Cookies\owner@questionmarket[1].txt -> Spyware.Cookie.Questionmarket : Cleaned without backup
C:\Documents and Settings\Owner\Cookies\owner@trafficmp[1].txt -> Spyware.Cookie.Trafficmp : Cleaned without backup
C:\Documents and Settings\Owner\Cookies\owner@valueclick[1].txt -> Spyware.Cookie.Valueclick : Cleaned without backup

::Report End

Here is the HijackThis log:
Logfile of HijackThis v1.99.1
Scan saved at 6:39:23 AM, on 11/30/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
c:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\DirectX Extensions\DXDebugService.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.lds.org/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [AutoTKit] C:\hp\bin\AUTOTKIT.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [certmgr] C:\WINDOWS\System32\certmgr.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar3.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar3.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar3.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar3.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar3.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar3.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {FE5B9F54-7764-4C01-89F0-4862601EE954} (DigWebHelper Class) - http://photos.msn.co....cab?10,0,910,0
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - c:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: BG - Sysinternals - www.sysinternals.com - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BG.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: FLXJZXO - Sysinternals - www.sysinternals.com - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\FLXJZXO.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe

Thanks for your help.

#12 drjatalb

New Member

New Member
7 posts

Posted 30 November 2005 - 06:25 AM

I forgot to post the log from the Symantec ISTBar removal tool. Here it is: Symantec Adware.Istbar / Trojan.ISTsvc Removal Tool 1.1.0 registry: HKEY_USERS\S-1-5-21-2830983197-1402316693-1564819534-1007\Software\Avenue Media (key deleted) registry: HKEY_USERS\S-1-5-21-2830983197-1402316693-1564819534-1009\Software\Avenue Media (key deleted) registry: HKEY_USERS\S-1-5-21-2830983197-1402316693-1564819534-1010\Software\Avenue Media (key deleted) registry: HKEY_USERS\S-1-5-21-2830983197-1402316693-1564819534-1007\Software\IST (key deleted) registry: HKEY_USERS\S-1-5-21-2830983197-1402316693-1564819534-1009\Software\IST (key deleted) registry: HKEY_USERS\S-1-5-21-2830983197-1402316693-1564819534-1010\Software\IST (key deleted) registry: HKEY_USERS\S-1-5-21-2830983197-1402316693-1564819534-1007\Software\Policies\Avenue Media (key deleted) registry: HKEY_USERS\S-1-5-21-2830983197-1402316693-1564819534-1007\Software\Microsoft\Internet Explorer\Extensions\CmdMapping: {10E42047-DEB9-4535-A118-B3F6EC39B807} (value deleted) registry: HKEY_USERS\S-1-5-21-2830983197-1402316693-1564819534-1009\Software\Microsoft\Internet Explorer\Extensions\CmdMapping: {10E42047-DEB9-4535-A118-B3F6EC39B807} (value deleted) registry: HKEY_USERS\S-1-5-21-2830983197-1402316693-1564819534-1010\Software\Microsoft\Internet Explorer\Extensions\CmdMapping: {10E42047-DEB9-4535-A118-B3F6EC39B807} (value deleted) registry: HKEY_USERS\S-1-5-21-2830983197-1402316693-1564819534-1007\Software\Microsoft\Internet Explorer\Main: BandRest (value deleted) registry: HKEY_USERS\S-1-5-21-2830983197-1402316693-1564819534-1007\Software\Microsoft\Internet Explorer\URLSearchHooks: _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} (value deleted) registry: HKEY_USERS\S-1-5-21-2830983197-1402316693-1564819534-1007\SOFTWARE\PowerScan (key deleted) C:\Program Files\Audible\Admin: (not scanned) C:\System Volume Information: (not scanned) Adware.Istbar has not been found on your computer.

#13 pskelley

R.I.P Always in our hearts

Authentic Member
3,879 posts

Interests:Computers, fishing, biking, basketball, travel

Posted 30 November 2005 - 10:17 AM

Thanks for the feedback, I will only comment where it is necessary.

I downloaded RootkitRevealer from sysinternals.com but have not been able to run it

I provided that link just fyi. I will always state: download this and do this and supply directions for using a tool if I want you to do this. I do not know that you have a RK infection. We will rule out all else before we use that tool. You may leave it, if we do not use it uninstall it later. Thanks.

First here is some information to help you control those cookies:
http://www.mvps.org/...002/cookies.htm
http://www.microsoft...acy/config.mspx

Since these: HKLM\SOFTWARE\ISTbar -> Spyware.ISTBar : Error during cleaning
HKLM\SOFTWARE\ISTbar\Historyfiles -> Spyware.ISTBar : Error during cleaning
HKLM\SOFTWARE\ISTbar\Historystring -> Spyware.ISTBar : Error during cleaning
are in your registry and you will know them when you see them, let's do a good cleaning of the registry. Make sure you read and follow the directions carefully, especially the part about backing it up.

Backup Registry:
Backup your Registry...
- Press "CTRL - ALT - DEL" keys all at the same time to start "Task Manager"
- In the Task Manager window click on "File", then from the drop-down menu select "New Task (Run...)"
- In the "Create New Task" window enter\type "regedit" (without quotes)
- Once Regedit opens click on the FILE menu and select Export
- Save the file as backup. Save the file somewhere you will remember and not delete.
IMPORTANT: make sure to set the export range to ALL

Download RegSeeker from here: http://www.hoverdesk.net/freeware.htm Extract it to it's own folder,
open and double click RegSeeker.exe to start the program.
Maximize the window and click clean registry. Check all sections and click OK.
When the scan is complete, verify the backup box in lower left corner is checked
and click the select all button, then select all again. Then right click within
the search results and select delete. Run it again and again, deleting everything
it finds until it finds nothing. Reboot and make sure your programs are working properly,
control panel and add/remove programs windows open, etc (basically just do a quick check of everything).
In the event anything was 'broken', you can open RegSeeker, click backups and double click
any/all files to put the information back. A reboot may be required for the effects to be seen.
Reboot When done.

Logfile of HijackThis v1.99.1 Scan saved at 6:39:23 AM, on 11/30/2005
There are a few items I am not familiar with but they check out as valid. I see Google, you do have the popup blocker in Google enabled? Many site will send a popup if you are not blocking.

There may be a few items not needed at startup, but we will save that until we know you are clean. Use this information to get fresh System Restore files in case anything bad is backed up in there:
When you are completely finished with the removal procedure and are satisfied that the threat has been removed follow these instructions:
http://service1.syma...src=sec_doc_nam

Symantec Adware.Istbar / Trojan.ISTsvc Removal Tool 1.1.0
I use their tools because it is usually much easier than a lot of fixes and they mean to help if they can. I think the program is gone but I wonder why thet tool removes stuff from the registry that other adware put there and not the 1st bar stuff?
C:\Program Files\Audible\Admin: (not scanned) <<< you can look in there to see if anything looks stange.C:\System Volume Information: (not scanned) <<< we are addressing this above.
Try what is suggested above, continue to monitor and make sure Google is blocking popups, drive it for a couple of days, then give me some feedback.

Thanks...Phil

Edited by pskelley, 30 November 2005 - 10:18 AM.

MS-MVP Windows Security 2007-8-9 Proud Member ASAP UNITE Member 2006

#14 pskelley

R.I.P Always in our hearts

Authentic Member
3,879 posts

Interests:Computers, fishing, biking, basketball, travel

Posted 05 December 2005 - 07:20 AM

Hi, looking for some feedback on this, are your issues resolved? Thanks...Phil

MS-MVP Windows Security 2007-8-9 Proud Member ASAP UNITE Member 2006

#15 pskelley

R.I.P Always in our hearts

Authentic Member
3,879 posts

Interests:Computers, fishing, biking, basketball, travel

Posted 08 December 2005 - 05:08 AM

No response...closing this topic.

Here is some great information from Tony Klein, Texruss, ChrisRLG and Grinler to help you stay clean and safe online:
http://boards.cexx.o...topic.php?t=957
http://russelltexas....re/allclear.htm
http://forum.malware...wtopic.php?t=14
http://www.bleepingc...topict2520.html

Thanks...pskelley
TomCoyote forum
Expert Member
If you are reading this information...thank a teacher,
If you are reading it in English...thank a soldier.

MS-MVP Windows Security 2007-8-9 Proud Member ASAP UNITE Member 2006

Body Background

skin color theme