10 replies to this topic

[Jro]

Thanks in advance for your help!

Logfile of HijackThis v1.99.1
Scan saved at 4:06:10 PM, on 11/17/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Personal Firewall\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Shutdownaware.exe
C:\WINDOWS\system32\RUNDLL32.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
C:\Program Files\VVSN\VVSN.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\RunDLL32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Sierra\Planner\PLNRnote.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Documents and Settings\cathy hall\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.emachines.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://memberservic...tPW.srf?lc=1033
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL
O2 - BHO: My Search BHO - {014DA6C1-189F-421a-88CD-07CFE51CFF10} - C:\Program Files\MySearch\bar\1.bin\S4BAR.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: My &Search Bar - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - C:\Program Files\MySearch\bar\1.bin\S4BAR.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Personal Firewall - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [Shutdownaware] C:\WINDOWS\Shutdownaware.exe
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
O4 - HKLM\..\Run: [VVSN] C:\Program Files\VVSN\VVSN.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,ClientStartup -s
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [OfotoNow USB Detection] C:\WINDOWS\System32\RunDLL32.exe C:\PROGRA~1\Ofoto\OfotoNow\OFUSBS.DLL,WatchForConnection OfotoNow
O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Event Planner Reminders Tray Icon.lnk = C:\Sierra\Planner\PLNRnote.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE
O4 - Global Startup: Norton GoBack.lnk = C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Search - http://bar.mywebsear...?p=ZNxdm824YYUS
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\aim\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O15 - Trusted Zone: *.musicmatch.com
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O16 - DPF: Yahoo! Cribbage - http://download.game...nts/y/it1_x.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.co...tup1.0.0.15.cab
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://download.weat...Transporter.cab?
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp...ads/sysinfo.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://mirror.worldw...ed/wwlaunch.cab
O16 - DPF: {94299420-321F-4FF9-A247-62A23EBB640B} (WordMojo Control) - http://mirror.worldw...jo/wordmojo.cab
O16 - DPF: {9BFC2253-B9D9-477E-9488-CA450232620D} (BinAg1 Class) - https://fastconnectk...flowActiveX.CAB
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.c...utocomplete.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.h.../qdiagh.cab?326
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalci...illama/ampx.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: GoBack Polling Service (GBPoll) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Personal Firewall\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

[pskelley]

Hello and welcome to TomCoyote forum. You have some other nasties that need to go but let's get rid of the hijacker New.Net first. There is always a slim possiblility you downloaded New.Net on purpose, if so, stop and make me aware. Here is some recent news about this junk:
http://www.benedelma...s/100505-1.html Use these instructions to get rid of it, it looks like this in your HJT log: O10 - Hijacked Internet access by New.Net
http://www.newdotnet.com/removal.html

Post a new HJT log and I will go after the other junk as soon as possible after you post. I want you to look at all of the junk in the R1/R0 area of your log. Click the links to see where they go. I would like to remove all of that clutter which is surely not making your browser run better. You can still set any home page you wish. Let me know along with the next log.

Thanks...pskelley
TomCoyote forum
Expert Member

[Jro]

Thanks for your help!

I ran CleanUp!, Spy Bot, and Ewido. Thaught this fixed it, but it is still running slow.
Sorry my reply took so long, but this is my mother's computer, and have not been here to rerun HJT.

We can remove the stuff in R0/R1 if this will help!

Here is the latest log:

Logfile of HijackThis v1.99.1
Scan saved at 5:26:49 PM, on 11/28/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Personal Firewall\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Shutdownaware.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\RunDLL32.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\Program Files\BigFix\BigFix.exe
C:\Sierra\Planner\PLNRnote.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Documents and Settings\cathy hall\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.emachines.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://memberservic...tPW.srf?lc=1033
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Personal Firewall - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [Shutdownaware] C:\WINDOWS\Shutdownaware.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [OfotoNow USB Detection] C:\WINDOWS\System32\RunDLL32.exe C:\PROGRA~1\Ofoto\OfotoNow\OFUSBS.DLL,WatchForConnection OfotoNow
O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Event Planner Reminders Tray Icon.lnk = C:\Sierra\Planner\PLNRnote.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Norton GoBack.lnk = C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Search - http://bar.mywebsear...?p=ZNxdm824YYUS
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\aim\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O15 - Trusted Zone: *.musicmatch.com
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O16 - DPF: Yahoo! Cribbage - http://download.game...nts/y/it1_x.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp...ads/sysinfo.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://mirror.worldw...ed/wwlaunch.cab
O16 - DPF: {94299420-321F-4FF9-A247-62A23EBB640B} (WordMojo Control) - http://mirror.worldw...jo/wordmojo.cab
O16 - DPF: {9BFC2253-B9D9-477E-9488-CA450232620D} (BinAg1 Class) - https://fastconnectk...flowActiveX.CAB
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.c...utocomplete.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.h.../qdiagh.cab?326
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalci...illama/ampx.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: GoBack Polling Service (GBPoll) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Personal Firewall\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Edited by Jro, 28 November 2005 - 05:35 PM.

[pskelley]

It's hard for me to help you like this. You ask me for help then go off ad do what you want. Why bother me in the first place? I will give this one more try. The first thing I need to see is that ewido scan report. I do not need to see a new one, I need to see the first one run Open the ewido folder and then the security suite folder. There is a folder there called "Reports" Open it and mouse over the scan reports until you find the FIRST scan report. Open it and copy/paste it to this thread. Do that before you start the other instructions.

This program is installed by aol usually without the owers knowledge. At the very least it is a resource waster. I will remove it, if you wish to keep this junk, pass over it in the instructions.
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

1) Download, update, configure and run these two programs: http://tomcoyote.org/aawsb.php
The newest version of Ad-aware is 1.06 and Spybot 1.04. Even if you have these programs, use the link to get the newest version, update and configure them as in the link. Run Spybot first, reboot then run Ad-aware. Both programs back up what they remove so delete anything the programs say should be removed.

2) Microsoft AntiSpyware will stop our HJT fix, make sure you are offline then turn it off, turn it back on when you are finished before going back online.
Open Microsoft AntiSpyware.
Click on Tools, Settings.
In the left pane, click on Real-time Protection.
Under Startup Options uncheck: Enable the Microsoft AntiSpyware Security Agents on startup (recommended).
Under Real-time spyware threat protection uncheck: Enable real-time spyware threat protection (recommended).
After you uncheck these, click on the Save button and close Microsoft AntiSpyware.
Right click on the Microsoft AntiSpyware icon on the taskbar and select Shutdown Microsoft AntiSpyware.

3) Open HijackThis and choose "Do a system scan only" then check the box in front of these line items:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.emachines.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O8 - Extra context menu item: &Search - http://bar.mywebsear...?p=ZNxdm824YYUS
O15 - Trusted Zone: *.musicmatch.com
O15 - Trusted Zone: *.musicmatch.com (HKLM)

Close all programs but HJT and all browser windows, then click on "Fix Checked"

3) Enable hidden files&folders..reverse the process when finished.
http://www.xtra.co.n...1916458,00.html

RIGHT Click on Start then click on Explore. Locate and delete these items:

C:\Program Files\Viewpoint\ >>> folder

C:\Windows\Prefetch\ >>> delete everything in this folder (NOT THE FOLDER)
Prefetch info: http://www.windowsne...refetch-XP.html

4) Open Hijackthis.
Click the "Open the Misc Tools" section Button.
Click the "Open Uninstall Manager" Button.
Click the "Save list..." Button.
Save it to your desktop. Copy and paste the contents into your reply.

5) Use this tutorial: http://www.bleepingc...tutorial93.html Since you already downloaded CleanUp! start here: Configure CleanUp! Make sure it is properly configured, then clean with it. I need to know when your ewido trial period expires?

Post a new HJT log and the uninstall list along with any information you think I should have.

Thanks...pskelley
TomCoyote forum
Expert Member

[Jro]

Sorry. I had not heard anything from my post, and was not going to be back at her house for awhile. The computer was basically unusable, so I tried to do what I could so she could use it. I posted the scan below, and will wait for you to respond with the go ahead to continue on with your instructions. Thanks for your help! --------------------------------------------------------- ewido security suite - Scan report --------------------------------------------------------- + Created on: 9:53:28 PM, 11/19/2005 + Report-Checksum: 7D874771 + Scan result: HKLM\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -> Spyware.MiniBug : Cleaned with backup HKLM\SOFTWARE\Classes\MiniBugTransporter.MiniBugTransporterX\CLSID\\ -> Spyware.MiniBug : Cleaned with backup HKLM\SOFTWARE\Classes\MiniBugTransporter.MiniBugTransporterX.1\CLSID\\ -> Spyware.MiniBug : Cleaned with backup HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -> Spyware.MiniBug : Cleaned with backup HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MiniBugTransporter.dll\\.Owner -> Spyware.MiniBug : Cleaned with backup HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MiniBugTransporter.dll\\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -> Spyware.MiniBug : Cleaned with backup HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{014DA6C9-189F-421A-88CD-07CFE51CFF10} -> Spyware.MySearch : Cleaned with backup HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{014DA6C1-189F-421A-88CD-07CFE51CFF10} -> Spyware.eXact : Cleaned with backup HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{014DA6C9-189F-421A-88CD-07CFE51CFF10} -> Spyware.MySearch : Cleaned with backup HKU\S-1-5-21-2126126319-204325065-2255316448-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} -> Spyware.MyWebSearch : Cleaned with backup HKU\S-1-5-21-2126126319-204325065-2255316448-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{014DA6C1-189F-421A-88CD-07CFE51CFF10} -> Spyware.eXact : Cleaned with backup HKU\S-1-5-21-2126126319-204325065-2255316448-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{014DA6C9-189F-421A-88CD-07CFE51CFF10} -> Spyware.MySearch : Cleaned with backup HKU\S-1-5-21-2126126319-204325065-2255316448-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA} -> Spyware.MyWebSearch : Cleaned with backup HKU\S-1-5-21-2126126319-204325065-2255316448-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -> Spyware.PopularScreensavers : Cleaned with backup HKU\S-1-5-21-2126126319-204325065-2255316448-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E} -> Spyware.NewDotNet : Cleaned with backup HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{014DA6C9-189F-421A-88CD-07CFE51CFF10} -> Spyware.MySearch : Error during cleaning HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{014DA6C1-189F-421A-88CD-07CFE51CFF10} -> Spyware.eXact : Cleaned with backup HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{014DA6C9-189F-421A-88CD-07CFE51CFF10} -> Spyware.MySearch : Cleaned with backup :mozilla.17:C:\Documents and Settings\cathy hall\Application Data\Mozilla\Firefox\Profiles\bpq1fth2.default\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup :mozilla.18:C:\Documents and Settings\cathy hall\Application Data\Mozilla\Firefox\Profiles\bpq1fth2.default\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup :mozilla.19:C:\Documents and Settings\cathy hall\Application Data\Mozilla\Firefox\Profiles\bpq1fth2.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup :mozilla.20:C:\Documents and Settings\cathy hall\Application Data\Mozilla\Firefox\Profiles\bpq1fth2.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup :mozilla.21:C:\Documents and Settings\cathy hall\Application Data\Mozilla\Firefox\Profiles\bpq1fth2.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup :mozilla.22:C:\Documents and Settings\cathy hall\Application Data\Mozilla\Firefox\Profiles\bpq1fth2.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup :mozilla.25:C:\Documents and Settings\cathy hall\Application Data\Mozilla\Firefox\Profiles\bpq1fth2.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup :mozilla.26:C:\Documents and Settings\cathy hall\Application Data\Mozilla\Firefox\Profiles\bpq1fth2.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup :mozilla.27:C:\Documents and Settings\cathy hall\Application Data\Mozilla\Firefox\Profiles\bpq1fth2.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup :mozilla.28:C:\Documents and Settings\cathy hall\Application Data\Mozilla\Firefox\Profiles\bpq1fth2.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup :mozilla.42:C:\Documents and Settings\cathy hall\Application Data\Mozilla\Firefox\Profiles\bpq1fth2.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup :mozilla.43:C:\Documents and Settings\cathy hall\Application Data\Mozilla\Firefox\Profiles\bpq1fth2.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup :mozilla.44:C:\Documents and Settings\cathy hall\Application Data\Mozilla\Firefox\Profiles\bpq1fth2.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup :mozilla.45:C:\Documents and Settings\cathy hall\Application Data\Mozilla\Firefox\Profiles\bpq1fth2.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup :mozilla.46:C:\Documents and Settings\cathy hall\Application Data\Mozilla\Firefox\Profiles\bpq1fth2.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup :mozilla.47:C:\Documents and Settings\cathy hall\Application Data\Mozilla\Firefox\Profiles\bpq1fth2.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup :mozilla.48:C:\Documents and Settings\cathy hall\Application Data\Mozilla\Firefox\Profiles\bpq1fth2.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup :mozilla.49:C:\Documents and Settings\cathy hall\Application Data\Mozilla\Firefox\Profiles\bpq1fth2.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup C:\Documents and Settings\cathy hall\Cookies\cathy hall@247realmedia[2].txt -> Spyware.Cookie.247realmedia : Cleaned with backup C:\Documents and Settings\cathy hall\Cookies\cathy hall@2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup C:\Documents and Settings\cathy hall\Cookies\cathy hall@ad.yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup C:\Documents and Settings\cathy hall\Cookies\cathy hall@adopt.specificclick[1].txt -> Spyware.Cookie.Specificclick : Cleaned with backup C:\Documents and Settings\cathy hall\Cookies\cathy hall@ads.addynamix[2].txt -> Spyware.Cookie.Addynamix : Cleaned with backup C:\Documents and Settings\cathy hall\Cookies\cathy hall@ads.pointroll[1].txt -> Spyware.Cookie.Pointroll : Cleaned with backup C:\Documents and Settings\cathy hall\Cookies\cathy hall@as-us.falkag[2].txt -> Spyware.Cookie.Falkag : Cleaned with backup C:\Documents and Settings\cathy hall\Cookies\cathy hall@bluestreak[1].txt -> Spyware.Cookie.Bluestreak : Cleaned with backup C:\Documents and Settings\cathy hall\Cookies\cathy hall@bs.serving-sys[1].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup C:\Documents and Settings\cathy hall\Cookies\cathy hall@burstnet[1].txt -> Spyware.Cookie.Burstnet : Cleaned with backup C:\Documents and Settings\cathy hall\Cookies\cathy hall@casalemedia[1].txt -> Spyware.Cookie.Casalemedia : Cleaned with backup C:\Documents and Settings\cathy hall\Cookies\cathy hall@centrport[2].txt -> Spyware.Cookie.Centrport : Cleaned with backup C:\Documents and Settings\cathy hall\Cookies\cathy hall@citi.bridgetrack[1].txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup C:\Documents and Settings\cathy hall\Cookies\cathy hall@citi.bridgetrack[3].txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup C:\Documents and Settings\cathy hall\Cookies\cathy hall@cnetaustralia.122.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup C:\Documents and Settings\cathy hall\Cookies\cathy hall@com[2].txt -> Spyware.Cookie.Com : Cleaned with backup C:\Documents and Settings\cathy hall\Cookies\cathy hall@data4.perf.overture[2].txt -> Spyware.Cookie.Overture : Cleaned with backup C:\Documents and Settings\cathy hall\Cookies\cathy hall@e-2dj6wjkowoazkeo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\cathy hall\Cookies\cathy hall@e-2dj6wjkysodpodq.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\cathy hall\Cookies\cathy hall@e-2dj6wjl4kmazeap.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\cathy hall\Cookies\cathy hall@e-2dj6wjny-1mcpwc.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\cathy hall\Cookies\cathy hall@e-2dj6wjnycjcjeho.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\cathy hall\Cookies\cathy hall@edge.ru4[2].txt -> Spyware.Cookie.Ru4 : Cleaned with backup C:\Documents and Settings\cathy hall\Cookies\cathy hall@mysearch[2].txt -> Spyware.Cookie.Mysearch : Cleaned with backup C:\Documents and Settings\cathy hall\Cookies\cathy hall@overture[2].txt -> Spyware.Cookie.Overture : Cleaned with backup C:\Documents and Settings\cathy hall\Cookies\cathy hall@pch.122.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup C:\Documents and Settings\cathy hall\Cookies\cathy hall@perf.overture[1].txt -> Spyware.Cookie.Overture : Cleaned with backup C:\Documents and Settings\cathy hall\Cookies\cathy hall@pro-market[1].txt -> Spyware.Cookie.Pro-market : Cleaned with backup C:\Documents and Settings\cathy hall\Cookies\cathy hall@qksrv[2].txt -> Spyware.Cookie.Qksrv : Cleaned with backup C:\Documents and Settings\cathy hall\Cookies\cathy hall@questionmarket[1].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup C:\Documents and Settings\cathy hall\Cookies\cathy hall@revenue[2].txt -> Spyware.Cookie.Revenue : Cleaned with backup C:\Documents and Settings\cathy hall\Cookies\cathy hall@server.iad.liveperson[2].txt -> Spyware.Cookie.Liveperson : Cleaned with backup C:\Documents and Settings\cathy hall\Cookies\cathy hall@serving-sys[1].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup C:\Documents and Settings\cathy hall\Cookies\cathy hall@statcounter[1].txt -> Spyware.Cookie.Statcounter : Cleaned with backup C:\Documents and Settings\cathy hall\Cookies\cathy hall@tradedoubler[1].txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup C:\Documents and Settings\cathy hall\Cookies\cathy hall@trafficmp[2].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup C:\Documents and Settings\cathy hall\Cookies\cathy hall@tribalfusion[1].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup C:\Documents and Settings\cathy hall\Cookies\cathy hall@www.burstbeacon[2].txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup C:\Documents and Settings\cathy hall\Cookies\cathy hall@yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup C:\Documents and Settings\cathy hall\Cookies\cathy hall@z1.adserver[1].txt -> Spyware.Cookie.Adserver : Cleaned with backup C:\Documents and Settings\cathy hall\Local Settings\Application Data\Wildtangent\Cdacache\00\00\0F.dat/files\wtvh.dll -> Spyware.WildTangent : Cleaned with backup C:\Documents and Settings\Heather\Cookies\heather@247realmedia[1].txt -> Spyware.Cookie.247realmedia : Cleaned with backup C:\Documents and Settings\Heather\Cookies\heather@2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup C:\Documents and Settings\Heather\Cookies\heather@ad.yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup C:\Documents and Settings\Heather\Cookies\heather@ads.addynamix[2].txt -> Spyware.Cookie.Addynamix : Cleaned with backup C:\Documents and Settings\Heather\Cookies\heather@ads.pointroll[2].txt -> Spyware.Cookie.Pointroll : Cleaned with backup C:\Documents and Settings\Heather\Cookies\heather@adtech[1].txt -> Spyware.Cookie.Adtech : Cleaned with backup C:\Documents and Settings\Heather\Cookies\heather@advertising[1].txt -> Spyware.Cookie.Advertising : Cleaned with backup C:\Documents and Settings\Heather\Cookies\heather@adviva[2].txt -> Spyware.Cookie.Adviva : Cleaned with backup C:\Documents and Settings\Heather\Cookies\heather@as-us.falkag[1].txt -> Spyware.Cookie.Falkag : Cleaned with backup C:\Documents and Settings\Heather\Cookies\heather@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup C:\Documents and Settings\Heather\Cookies\heather@bfast[1].txt -> Spyware.Cookie.Bfast : Cleaned with backup C:\Documents and Settings\Heather\Cookies\heather@bluestreak[2].txt -> Spyware.Cookie.Bluestreak : Cleaned with backup C:\Documents and Settings\Heather\Cookies\heather@bs.serving-sys[1].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup C:\Documents and Settings\Heather\Cookies\heather@burstnet[2].txt -> Spyware.Cookie.Burstnet : Cleaned with backup C:\Documents and Settings\Heather\Cookies\heather@casalemedia[2].txt -> Spyware.Cookie.Casalemedia : Cleaned with backup C:\Documents and Settings\Heather\Cookies\heather@cbs.112.2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup C:\Documents and Settings\Heather\Cookies\heather@centrport[2].txt -> Spyware.Cookie.Centrport : Cleaned with backup C:\Documents and Settings\Heather\Cookies\heather@citi.bridgetrack[1].txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup C:\Documents and Settings\Heather\Cookies\heather@com[2].txt -> Spyware.Cookie.Com : Cleaned with backup C:\Documents and Settings\Heather\Cookies\heather@coxhsi.112.2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup C:\Documents and Settings\Heather\Cookies\heather@data.coremetrics[1].txt -> Spyware.Cookie.Coremetrics : Cleaned with backup C:\Documents and Settings\Heather\Cookies\heather@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup C:\Documents and Settings\Heather\Cookies\heather@edge.ru4[1].txt -> Spyware.Cookie.Ru4 : Cleaned with backup C:\Documents and Settings\Heather\Cookies\heather@ehg-bestbuy.hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup C:\Documents and Settings\Heather\Cookies\heather@ehg-sonymusic.hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup C:\Documents and Settings\Heather\Cookies\heather@ehg-sonypictures.hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup C:\Documents and Settings\Heather\Cookies\heather@ehg-trilegiant.hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup C:\Documents and Settings\Heather\Cookies\heather@ehg-uniontrib.hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup C:\Documents and Settings\Heather\Cookies\heather@fastclick[2].txt -> Spyware.Cookie.Fastclick : Cleaned with backup C:\Documents and Settings\Heather\Cookies\heather@hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup C:\Documents and Settings\Heather\Cookies\heather@mediaplex[2].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup C:\Documents and Settings\Heather\Cookies\heather@mysearch[2].txt -> Spyware.Cookie.Mysearch : Cleaned with backup C:\Documents and Settings\Heather\Cookies\heather@perf.overture[1].txt -> Spyware.Cookie.Overture : Cleaned with backup C:\Documents and Settings\Heather\Cookies\heather@questionmarket[1].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup C:\Documents and Settings\Heather\Cookies\heather@revenue[1].txt -> Spyware.Cookie.Revenue : Cleaned with backup C:\Documents and Settings\Heather\Cookies\heather@servedby.advertising[2].txt -> Spyware.Cookie.Advertising : Cleaned with backup C:\Documents and Settings\Heather\Cookies\heather@serving-sys[1].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup C:\Documents and Settings\Heather\Cookies\heather@statcounter[1].txt -> Spyware.Cookie.Statcounter : Cleaned with backup C:\Documents and Settings\Heather\Cookies\heather@statse.webtrendslive[2].txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup C:\Documents and Settings\Heather\Cookies\heather@targetnet[1].txt -> Spyware.Cookie.Targetnet : Cleaned with backup C:\Documents and Settings\Heather\Cookies\heather@tradedoubler[2].txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup C:\Documents and Settings\Heather\Cookies\heather@trafficmp[1].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup C:\Documents and Settings\Heather\Cookies\heather@tribalfusion[1].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup C:\Documents and Settings\Heather\Cookies\heather@twci.coremetrics[1].txt -> Spyware.Cookie.Coremetrics : Cleaned with backup C:\Documents and Settings\Heather\Cookies\heather@valueclick[1].txt -> Spyware.Cookie.Valueclick : Cleaned with backup C:\Documents and Settings\Heather\Cookies\heather@www.burstbeacon[2].txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup C:\Documents and Settings\Heather\Cookies\heather@z1.adserver[1].txt -> Spyware.Cookie.Adserver : Cleaned with backup C:\Documents and Settings\NetworkService\Cookies\system@2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup C:\Documents and Settings\NetworkService\Cookies\system@advertising[1].txt -> Spyware.Cookie.Advertising : Cleaned with backup C:\Documents and Settings\NetworkService\Cookies\system@atdmt[1].txt -> Spyware.Cookie.Atdmt : Cleaned with backup C:\Documents and Settings\NetworkService\Cookies\system@doubleclick[2].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup C:\Documents and Settings\NetworkService\Cookies\system@mysearch[1].txt -> Spyware.Cookie.Mysearch : Cleaned with backup C:\Documents and Settings\NetworkService\Cookies\system@servedby.advertising[1].txt -> Spyware.Cookie.Advertising : Cleaned with backup C:\Documents and Settings\NetworkService\Cookies\system@trafficmp[2].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup C:\Documents and Settings\terry hall\Cookies\terry hall@2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup C:\Documents and Settings\terry hall\Cookies\terry hall@ads.pointroll[1].txt -> Spyware.Cookie.Pointroll : Cleaned with backup C:\Documents and Settings\terry hall\Cookies\terry hall@advertising[2].txt -> Spyware.Cookie.Advertising : Cleaned with backup C:\Documents and Settings\terry hall\Cookies\terry hall@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup C:\Documents and Settings\terry hall\Cookies\terry hall@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup C:\Documents and Settings\terry hall\Cookies\terry hall@ehg-darden.hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup C:\Documents and Settings\terry hall\Cookies\terry hall@hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup C:\Documents and Settings\terry hall\Cookies\terry hall@mediaplex[1].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup C:\Documents and Settings\terry hall\Cookies\terry hall@mysearch[2].txt -> Spyware.Cookie.Mysearch : Cleaned with backup C:\Documents and Settings\terry hall\Cookies\terry hall@overture[2].txt -> Spyware.Cookie.Overture : Cleaned with backup C:\Documents and Settings\terry hall\Cookies\terry hall@questionmarket[1].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup C:\Documents and Settings\terry hall\Cookies\terry hall@servedby.advertising[2].txt -> Spyware.Cookie.Advertising : Cleaned with backup C:\Program Files\Netscape\Netscape 6\Plugins\npwthost.dll -> Spyware.WildTangent : Cleaned with backup C:\WINDOWS\Downloaded Program Files\MiniBugTransporter.dll -> Spyware.Wheaterbug : Cleaned with backup C:\WINDOWS\NDNuninstall6_98.exe -> Adware.NewDotNet : Cleaned with backup F:\Program Files\NewDotNet\uninstall4_50.exe -> Spyware.NewDotNet : Cleaned with backup F:\Program Files\FirstLook\FirstLook.exe -> Spyware.NewDotNet : Cleaned with backup F:\Program Files\MediaLoads Enhanced\ME1.DLL -> Spyware.MediaPops : Cleaned with backup F:\Documents and Settings\Administrator\Cookies\administrator@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup F:\Documents and Settings\Administrator\Cookies\administrator@com[1].txt -> Spyware.Cookie.Com : Cleaned with backup F:\Documents and Settings\Administrator\Cookies\administrator@tribalfusion[1].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup F:\Documents and Settings\Administrator\Cookies\administrator@statse.webtrendslive[1].txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup F:\Documents and Settings\Administrator\Cookies\administrator@fastclick[1].txt -> Spyware.Cookie.Fastclick : Cleaned with backup F:\Documents and Settings\Administrator\Cookies\administrator@findwhat[1].txt -> Spyware.Cookie.Findwhat : Cleaned with backup F:\Documents and Settings\Administrator\Cookies\administrator@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup F:\Documents and Settings\Administrator\Cookies\administrator@ad-logics[1].txt -> Spyware.Cookie.Ad-logics : Cleaned with backup F:\Documents and Settings\Administrator\Cookies\administrator@centrport[1].txt -> Spyware.Cookie.Centrport : Cleaned with backup F:\Documents and Settings\Administrator\Cookies\administrator@servedfor.valuead[1].txt -> Spyware.Cookie.Valuead : Cleaned with backup F:\Documents and Settings\Administrator\Cookies\administrator@overture[2].txt -> Spyware.Cookie.Overture : Cleaned with backup F:\Documents and Settings\Administrator\Cookies\administrator@ehg-dig.hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup F:\Documents and Settings\Administrator\Cookies\administrator@x10[1].txt -> Spyware.Cookie.X10 : Cleaned with backup F:\Documents and Settings\Administrator\Cookies\administrator@bfast[1].txt -> Spyware.Cookie.Bfast : Cleaned with backup F:\Documents and Settings\Administrator\Cookies\administrator@w131.hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup F:\Documents and Settings\Administrator\Cookies\administrator@hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup F:\Documents and Settings\Administrator\Cookies\administrator@questionmarket[1].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup F:\Documents and Settings\Administrator\Cookies\administrator@adserv.internetfuel[1].txt -> Spyware.Cookie.Internetfuel : Cleaned with backup F:\Documents and Settings\Administrator\Cookies\administrator@banserv.internetfuel[1].txt -> Spyware.Cookie.Internetfuel : Cleaned with backup F:\Documents and Settings\Administrator\Cookies\administrator@targetnet[1].txt -> Spyware.Cookie.Targetnet : Cleaned with backup F:\Documents and Settings\Administrator\Cookies\administrator@www.infinite-ads[2].txt -> Spyware.Cookie.Infinite-ads : Cleaned with backup F:\Documents and Settings\Administrator\Cookies\administrator@ehg-spherion.hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup F:\Documents and Settings\Administrator\Cookies\administrator@pointroll[1].txt -> Spyware.Cookie.Pointroll : Cleaned with backup F:\Documents and Settings\Administrator\Cookies\administrator@addynamix[1].txt -> Spyware.Cookie.Addynamix : Cleaned with backup F:\Documents and Settings\Administrator\Cookies\administrator@gator[2].txt -> Spyware.Cookie.Gator : Cleaned with backup F:\Documents and Settings\Administrator\Cookies\administrator@adservingcentral[1].txt -> Spyware.Cookie.Adservingcentral : Cleaned with backup F:\Documents and Settings\Administrator\Cookies\administrator@2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup F:\Documents and Settings\Administrator\Cookies\administrator@popupsponsor[2].txt -> Spyware.Cookie.Popupsponsor : Cleaned with backup F:\Documents and Settings\Administrator\Cookies\administrator@server.iad.liveperson[2].txt -> Spyware.Cookie.Liveperson : Cleaned with backup F:\Documents and Settings\Administrator\Cookies\administrator@www1.paypopup[1].txt -> Spyware.Cookie.Paypopup : Cleaned with backup F:\Documents and Settings\Administrator\Cookies\administrator@z1.adserver[1].txt -> Spyware.Cookie.Adserver : Cleaned with backup F:\Documents and Settings\Administrator\Cookies\administrator@xxxcounter[2].txt -> Spyware.Cookie.Xxxcounter : Cleaned with backup F:\Documents and Settings\Administrator\Cookies\administrator@bluestreak[1].txt -> Spyware.Cookie.Bluestreak : Cleaned with backup F:\Documents and Settings\Administrator\Cookies\administrator@sexlist[1].txt -> Spyware.Cookie.Sexlist : Cleaned with backup F:\Documents and Settings\Administrator\Cookies\administrator@c.sexcounter[1].txt -> Spyware.Cookie.Sexcounter : Cleaned with backup F:\Documents and Settings\Administrator\Cookies\administrator@counter5.sextracker[2].txt -> Spyware.Cookie.Sextracker : Cleaned with backup F:\Documents and Settings\Administrator\Cookies\administrator@valueclick[1].txt -> Spyware.Cookie.Valueclick : Cleaned with backup F:\Documents and Settings\Administrator\Cookies\administrator@www4.paypopup[1].txt -> Spyware.Cookie.Paypopup : Cleaned with backup F:\Documents and Settings\Administrator\Cookies\administrator@hotlog[2].txt -> Spyware.Cookie.Hotlog : Cleaned with backup F:\Documents and Settings\Administrator\Cookies\administrator@fastclick[3].txt -> Spyware.Cookie.Fastclick : Cleaned with backup F:\Documents and Settings\Administrator\Cookies\administrator@trafficmp[2].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup F:\Documents and Settings\Administrator\Cookies\administrator@clickagents[1].txt -> Spyware.Cookie.Clickagents : Cleaned with backup F:\Documents and Settings\Administrator\Cookies\administrator@hg1.hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup F:\Documents and Settings\Administrator\Cookies\administrator@www5.paypopup[1].txt -> Spyware.Cookie.Paypopup : Cleaned with backup F:\Documents and Settings\Administrator\Cookies\administrator@www3.paypopup[1].txt -> Spyware.Cookie.Paypopup : Cleaned with backup F:\Documents and Settings\Administrator\Cookies\administrator@paycounter[1].txt -> Spyware.Cookie.Paycounter : Cleaned with backup F:\Documents and Settings\Administrator\Cookies\administrator@dbbsrv[1].txt -> Spyware.Cookie.Dbbsrv : Cleaned with backup F:\Documents and Settings\Administrator\Cookies\administrator@servedby.valuead[2].txt -> Spyware.Cookie.Valuead : Cleaned with backup F:\Documents and Settings\Administrator\Cookies\administrator@pmg.ad-logics[1].txt -> Spyware.Cookie.Ad-logics : Cleaned with backup F:\Documents and Settings\Administrator\Cookies\administrator@www2.paypopup[1].txt -> Spyware.Cookie.Paypopup : Cleaned with backup F:\Documents and Settings\Administrator\Cookies\administrator@ehg.hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup F:\Documents and Settings\Administrator\Cookies\administrator@bluemountain[1].txt -> Spyware.Cookie.Bluemountain : Cleaned with backup F:\Documents and Settings\Administrator\Cookies\administrator@ads15.bpath[1].txt -> Spyware.Cookie.Bpath : Cleaned with backup F:\Documents and Settings\Administrator\Cookies\administrator@adnetintads.valuead[1].txt -> Spyware.Cookie.Valuead : Cleaned with backup F:\Documents and Settings\Administrator\Cookies\administrator@sextracker[1].txt -> Spyware.Cookie.Sextracker : Cleaned with backup F:\Documents and Settings\Administrator\Cookies\administrator@ehg-nokiafin.hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup F:\Documents and Settings\Administrator\Cookies\administrator@tpl1.realtracker[1].txt -> Spyware.Cookie.Realtracker : Cleaned with backup F:\Documents and Settings\Administrator\Cookies\administrator@www.bluemountain[2].txt -> Spyware.Cookie.Bluemountain : Cleaned with backup F:\Documents and Settings\Administrator\Cookies\administrator@ads.specificpop[1].txt -> Spyware.Cookie.Specificpop : Cleaned with backup F:\Documents and Settings\Administrator\Cookies\administrator@mediatrack.popupsponsor[1].txt -> Spyware.Cookie.Popupsponsor : Cleaned with backup F:\Documents and Settings\Administrator\Cookies\administrator@www.qksrv[1].txt -> Spyware.Cookie.Qksrv : Cleaned with backup F:\Documents and Settings\Administrator\Cookies\administrator@mediaplex[2].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup F:\Documents and Settings\Administrator\Cookies\administrator@www7.paypopup[2].txt -> Spyware.Cookie.Paypopup : Cleaned with backup F:\Documents and Settings\Administrator\Cookies\administrator@web1.realtracker[1].txt -> Spyware.Cookie.Realtracker : Cleaned with backup F:\Documents and Settings\Administrator\Cookies\administrator@www.commission-junction[1].txt -> Spyware.Cookie.Commission-junction : Cleaned with backup F:\Documents and Settings\Administrator\Cookies\administrator@servedby.advertising[2].txt -> Spyware.Cookie.Advertising : Cleaned with backup F:\Documents and Settings\Administrator\Cookies\administrator@advertising[2].txt -> Spyware.Cookie.Advertising : Cleaned with backup F:\Documents and Settings\Administrator\Cookies\administrator@ehg-sportsline.hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup F:\Documents and Settings\Administrator\Cookies\administrator@stat.onestat[1].txt -> Spyware.Cookie.Onestat : Cleaned with backup F:\Documents and Settings\Administrator\Cookies\administrator@focusin.ads.targetnet[1].txt -> Spyware.Cookie.Targetnet : Cleaned with backup F:\Documents and Settings\Administrator\Cookies\administrator@adorigin[1].txt -> Spyware.Cookie.Adorigin : Cleaned with backup F:\Documents and Settings\Administrator\Cookies\administrator@data.coremetrics[2].txt -> Spyware.Cookie.Coremetrics : Cleaned with backup F:\Documents and Settings\Administrator\Cookies\administrator@counter14.sextracker[1].txt -> Spyware.Cookie.Sextracker : Cleaned with backup F:\Documents and Settings\Administrator\Cookies\administrator@atdmt[3].txt -> Spyware.Cookie.Atdmt : Cleaned with backup F:\Documents and Settings\Administrator\Cookies\administrator@doubleclick[3].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup F:\Documents and Settings\Administrator\Cookies\administrator@questionmarket[2].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup F:\Documents and Settings\Administrator\Cookies\administrator@mediatrack.revenue[1].txt -> Spyware.Cookie.Revenue : Cleaned with backup F:\Documents and Settings\Administrator\Cookies\administrator@euniverseads[1].txt -> Spyware.Cookie.Euniverseads : Cleaned with backup F:\Documents and Settings\Administrator\Cookies\administrator@ad-logics[3].txt -> Spyware.Cookie.Ad-logics : Cleaned with backup F:\Documents and Settings\Administrator\Cookies\administrator@2o7[3].txt -> Spyware.Cookie.2o7 : Cleaned with backup F:\Documents and Settings\Administrator\Cookies\administrator@fastclick[2].txt -> Spyware.Cookie.Fastclick : Cleaned with backup F:\Documents and Settings\Administrator\Cookies\administrator@ehg-sonyesolutions.hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup F:\Documents and Settings\Administrator\Cookies\administrator@trafficmp[1].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup F:\Documents and Settings\Administrator\Cookies\administrator@tribalfusion[2].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup F:\Documents and Settings\Administrator\Cookies\administrator@www.qksrv[3].txt -> Spyware.Cookie.Qksrv : Cleaned with backup F:\Documents and Settings\Administrator\Cookies\administrator@x10[2].txt -> Spyware.Cookie.X10 : Cleaned with backup F:\Documents and Settings\Administrator\Cookies\administrator@servedby.advertising[3].txt -> Spyware.Cookie.Advertising : Cleaned with backup F:\Documents and Settings\Administrator\Cookies\administrator@www4.paypopup[2].txt -> Spyware.Cookie.Paypopup : Cleaned with backup F:\Documents and Settings\Administrator\Cookies\administrator@edge.ru4[2].txt -> Spyware.Cookie.Ru4 : Cleaned with backup F:\Documents and Settings\Administrator\Cookies\administrator@mediaplex[1].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup F:\Documents and Settings\Administrator\Cookies\administrator@centrport[3].txt -> Spyware.Cookie.Centrport : Cleaned with backup F:\Documents and Settings\Administrator\Cookies\administrator@bfast[3].txt -> Spyware.Cookie.Bfast : Cleaned with backup F:\Documents and Settings\Administrator\Cookies\administrator@hg1.hitbox[3].txt -> Spyware.Cookie.Hitbox : Cleaned with backup F:\Documents and Settings\Administrator\Cookies\administrator@ads.specificpop[2].txt -> Spyware.Cookie.Specificpop : Cleaned with backup F:\Documents and Settings\Administrator\Cookies\administrator@fastclick[4].txt -> Spyware.Cookie.Fastclick : Cleaned with backup F:\Documents and Settings\Administrator\Cookies\administrator@revenue[2].txt -> Spyware.Cookie.Revenue : Cleaned with backup F:\Documents and Settings\Administrator\Cookies\administrator@ehg-dig.hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup F:\Documents and Settings\Administrator\Cookies\administrator@hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup F:\Documents and Settings\Administrator\Cookies\administrator@valueclick[2].txt -> Spyware.Cookie.Valueclick : Cleaned with backup F:\Documents and Settings\Administrator\Cookies\administrator@targetnet[2].txt -> Spyware.Cookie.Targetnet : Cleaned with backup F:\Documents and Settings\Administrator\Cookies\administrator@gator[1].txt -> Spyware.Cookie.Gator : Cleaned with backup F:\Documents and Settings\Administrator\Cookies\administrator@advertising[3].txt -> Spyware.Cookie.Advertising : Cleaned with backup F:\Documents and Settings\Administrator\Cookies\administrator@pointroll[3].txt -> Spyware.Cookie.Pointroll : Cleaned with backup F:\Documents and Settings\Administrator\Cookies\administrator@bluestreak[2].txt -> Spyware.Cookie.Bluestreak : Cleaned with backup ::Report End

[pskelley]

OK and thanks for the log, you did a good job with it. I want to give you some feedback on it but I need time to review the results. In the meantime, I would appreciate it if you would continue with the instructions I posted last and then post the new HJT log and any information I asked for and your comments about how the computer is doing now. Thanks...Phil

Edited by pskelley, 29 November 2005 - 06:52 PM.

[pskelley]

First, keep in mind I am discussing a scan report created on 11/19/05

ewido security suite - Scan report Created on: 9:53:28 PM, 11/19/2005
Seems you were able to remove everything ewido located and most were cookies (though not all)
Everyone using the computer needs to review this information on how to control cookies in:

Internet Explorer:
http://www.mvps.org/...002/cookies.htm
http://www.microsoft...acy/config.mspx

Firefox:
http://www.mozilla.o..._priv_help.html

Lastly, I understand the holiday has slowed us down, but I am waiting on a new HJT log since: Nov 29 2005, 07:51 PM
If your issues are resolved and you no longer need this topic, I would appreciate a post letting me know to close it. If I do not hear from you I will close the topic in 48 hours.

Thanks...pskelley
TomCoyote forum
Expert Member

[Jro]

The computer is still slow, but I have not had time to get back over to mother's house. I will definately get there by this weekend. I will post as soon as I can.

[Jro]

Sorry for the delay between posts. Here are the two logs HJT first and uninstall second. The computer is still slow on the internet, and slow to startup. Can I use HJT to cleanup some of the stuff that starts on boot (ie. Event Planner, Kodak etc.) or is there a better way to cleanup startup? Right now her main complaint is not being able to play Cribbage on Yahoo games. It is slow. She has a Cable modem, and the computer has not been this slow before.

Any advice would be appreciated.

Thanks, Johnny

Logfile of HijackThis v1.99.1
Scan saved at 9:25:28 PM, on 12/9/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Personal Firewall\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Shutdownaware.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\System32\RunDLL32.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\cathy hall\Desktop\hijackthis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Personal Firewall - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [Shutdownaware] C:\WINDOWS\Shutdownaware.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [OfotoNow USB Detection] C:\WINDOWS\System32\RunDLL32.exe C:\PROGRA~1\Ofoto\OfotoNow\OFUSBS.DLL,WatchForConnection OfotoNow
O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Event Planner Reminders Tray Icon.lnk = C:\Sierra\Planner\PLNRnote.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Norton GoBack.lnk = C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\aim\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: Yahoo! Cribbage - http://download.game...nts/y/it1_x.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp...ads/sysinfo.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://mirror.worldw...ed/wwlaunch.cab
O16 - DPF: {94299420-321F-4FF9-A247-62A23EBB640B} (WordMojo Control) - http://mirror.worldw...jo/wordmojo.cab
O16 - DPF: {9BFC2253-B9D9-477E-9488-CA450232620D} (BinAg1 Class) - https://fastconnectk...flowActiveX.CAB
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.c...utocomplete.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.h.../qdiagh.cab?326
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalci...illama/ampx.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: GoBack Polling Service (GBPoll) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Personal Firewall\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe




--------------------------------------------------------------------------------
Uninstall List

Ad-Aware SE Personal
Adobe Acrobat 5.0
Adobe Download Manager 2.0 (Remove Only)
America Online
AOL Coach Version 1.0(Build:20020823.1)
AOL Instant Messenger
Bejeweled 2 Deluxe 1.0
BigFix
CC_ccProxyExt
ccCommon
CCHelp
ccPxyCore
CCScore
CheckIt Diagnostics
CleanUp!
CompuServe
Conexant SoftK56 Modem(M)
ESSAdpt
ESSANUP
ESSBrwr
ESSCAM
ESSCDBK
ESScore
ESSCT
ESSEMAIL
ESSgui
ESShelp
ESSini
ESSPCD
ESSSONIC
ESSvpaht
ESSvpot
Event Planner
ewido security suite
Flip Words
Hallmark Card Studio 3 Deluxe
Halloween Screensaver
HiJaak Image Manager 1.5
HijackThis 1.99.1
HLPCCTR
HLPIndex
HLPSFO
HP Image Zone 4.2
HP PSC & OfficeJet 4.2
HP Software Update
ICQ
Intel® Extreme Graphics Driver
Internet Worm Protection
iPod Updater 2004-08-06
iTunes
Java 2 Runtime Environment Standard Edition v1.3.1
Java 2 Runtime Environment Standard Edition v1.3.1_02
Kodak EasyShare software
KSU
Legacy 4.0
LiveReg (Symantec Corporation)
LiveUpdate 2.6 (Symantec Corporation)
Macromedia Flash Player 8
Macromedia Shockwave Player
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft AntiSpyware
Microsoft Data Access Components KB870669
Microsoft Money 2005
Microsoft Office 2000 Professional
Microsoft Works 6.0
Mozilla Firefox (1.0.6)
MSN Music Assistant
MSRedist
MSRedist
Musicmatch® Jukebox
Netscape 6 (6.2.1)
Norton AntiSpam
Norton AntiVirus 2005
Norton AntiVirus Parent MSI
Norton GoBack 4.0 (Symantec Corporation)
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Personal Firewall
Norton Personal Firewall
Norton Personal Firewall 2005 (Symantec Corporation)
Norton SystemWorks
Norton SystemWorks 2005 (Symantec Corporation)
Norton Utilities
Norton WMI Update
Norton WMI Update
Norton WMI Update
Notifier
NSW_DRM_COLLECTION
OfotoNow
OfotoXMI
OTtBP
OTtBPSDK
overland
palette pts
PCDLNCH
PhotoShow Express
PowerDVD
QuickTime
RealArcade
RealPlayer
Realtek AC'97 Audio
Resume Workshop 1.000
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
SFR
SFR2
SPBBC
Spybot - Search & Destroy 1.4
STI-UMC600
Symantec Script Blocking Installer
SymNet
TaxCut 2004
TextPad 4.7
Typing Instructor
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
VCAMCEN
Viewpoint Manager (Remove Only)
Viewpoint Media Player
VPRINTOL
Winamp (remove only)
Windows Backup Utility
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
WinWay Resume Deluxe
XviD Video Codec 04102002-1 (Koepi's build with EPSZ ME)
Yahoo! Address AutoComplete
Yahoo! extras
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Toolbar

[pskelley]

OK Johnny, This has been a long drawn out situation, let me first before I look at the log make a few comments. You need to understand I am here to help you remove malware from the computer. I can't make it run fast, and I can't make online games work better. Many online gaming sites are also dangerous, using the free games to attract folks so they can install junk on their computer. Once I am fairly sure we have removed the malware, I will have some suggestions that may or may not make the computer run faster. Malware is only one thing that can slow them down. Many of these games and other programs require more resources than the computer has. If maintenance is neglected, this can have an effect. I'll make some suggestions once I have looked at the information you have provided.

Uninstall List: I am looking for problems, you should use this list to help you decide what programs are not needed and anything that is there you were not aware of and do some clean up. I have no idea how much space you have on the hard drive, but cleaning it up by removing un-needed program, running the disk maintenance programs like scan disk and defrag will surely not hurt performance.

Adobe Acrobat 5.0: If you use it, it is a couple of version out of date. Version 7 has been released.
ewido security suite: once the trial is over (14 days) you can still update and use the scanner but unless you own it, you should turn this program off because it does use many resources.
Java 2 Runtime Environment Standard Edition v1.3.1
Java 2 Runtime Environment Standard Edition v1.3.1_02 Make sure Java is updated to the newest version and get rid of these old one.
Viewpoint Manager (Remove Only)
Viewpoint Media Player: This is installed by aol usually without the owners knowledge. At the very least it is a resource waster. I would uninstall it and delete the folder in C:\Program Files\ if you have not already done so.
I do not see anything that is malware that I know of, many of these I do not know. I would look at each item and ask her about them. If you are in doubt, use Google to research them and be careful not to remove any security programs or Microsoft updates/hotfixes.

Logfile of HijackThis v1.99.1 Scan saved at 9:25:28 PM, on 12/9/2005
C:\Program Files\ewido\security suite\ewidoctrl.exe <<< unless you own it, turn it off and disable it in Services. You can still update and scan manually.

C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
Lot's of resources here, I would turn these all off or unistall them if they are not used.

If not mentioned above, see the links under the items:

O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
http://castlecops.co...plist-1438.html
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
http://castlecops.co...plist-9038.html
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
http://castlecops.co...plist-6698.html
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
http://castlecops.co...plist-2113.html
O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
http://castlecops.co...plist-6776.html
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
http://castlecops.co...qthb08_exe.html

I am not sure you need all of the 023 services running either. Leave security programs alone.
http://www.mvps.org/...02/services.htm
http://www.pcpitstop...ycheck/know.asp
http://vlaurie.com/c...s/runbetter.htm
http://www.linkgrind...rs_article.html
http://www.microsoft...acy/config.mspx

I would suggest a free diagnostic at: http://www.pcpitstop.com/ they will even help you understand the report here: http://pcpitstop.inv...php?showforum=6

Here is some great information from Tony Klein, Texruss, ChrisRLG and Grinler to help you stay clean and safe online:
http://boards.cexx.o...topic.php?t=957
http://russelltexas....re/allclear.htm
http://forum.malware...wtopic.php?t=14
http://www.bleepingc...topict2520.html

Thanks...pskelley
TomCoyote forum
Expert Member
If you are reading this information...thank a teacher, If you are reading it in English...thank a soldier.

Edited by pskelley, 10 December 2005 - 10:16 AM.

[pskelley]

Glad we could be of assistance. This topic is now closed. If you wish it reopened, please send us an email (Click for address) with a link to your thread.

Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
Make sure you use proper prevention to keep from having problems occur to your computer in the future.

Coyote's Installed programs for prevention:

http://forums.tomcoy...showtopic=31418

The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Visit the CoyoteStore http://TomCoyote.org/coyotestore.php