Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93100 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

(86)hijack this log(86)


  • This topic is locked This topic is locked
13 replies to this topic

#1 timboxcviii

timboxcviii

    New Member

  • Authentic Member
  • Pip
  • 10 posts

Posted 28 December 2005 - 06:56 PM

My computer runs sluggish and there are many processes in task manage that may not belong. Any help would be greatly appreciated.

Logfile of HijackThis v1.99.1
Scan saved at 7:52:49 PM, on 12/28/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Nhksrv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\DELLMMKB.EXE
C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
C:\Program Files\Creative\SBLive\Creative Diagnostics 2.0\DIAGENT.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\System32\devldr32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Browser Mouse\mouse32a.exe
C:\Program Files\Java\j2re1.4.2_07\bin\jusched.exe
C:\Program Files\y69fzerg\y69fzerg.exe
C:\Program Files\Muiltmedia keyboard utility\1.1\KbdAp32A.exe
C:\Program Files\Microsoft Money\System\Money Express.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\PROGRA~1\PANICW~1\POP-UP~2\PSFree.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Netropa\OSD.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\y69fzerg\58902127.exe
C:\Program Files\y69fzerg\y69fzerg.exe
C:\Program Files\WebRebates4\webrebates.exe
C:\Program Files\WebRebates4\w11150.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Documents and Settings\tim hunsicker\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://yoursearch.ws/browser/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yoursearch.ws/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://qxhezv.t.muxa.cc/s.php?aid=420 (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://yoursearch.ws/browser/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = http://qxhezv.t.muxa.cc/h.php?aid=420 (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = http://qxhezv.t.muxa.cc/h.php?aid=420 (obfuscated)
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: CCHelper Class - {0CF0B8EE-6596-11D5-A98E-0003470BB48E} - C:\Program Files\Panicware\Pop-Up Stopper\CCHelper.dll
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: (no name) - {EA3798D3-69DC-47BD-8A10-C3C1D8C4A0EA} - C:\WINDOWS\System32\aagdcd.dll (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: Pa&nicware Pop-Up Stopper - {7E82235C-F31E-46CB-AF9F-1ADD94C585FF} - C:\Program Files\Panicware\Pop-Up Stopper\pstopper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\DELLMMKB.EXE
O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [DIAGENT] C:\Program Files\Creative\SBLive\Creative Diagnostics 2.0\DIAGENT.EXE startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Windows Security Assistant] C:\WINDOWS\system32\rundll32.vbe
O4 - HKLM\..\Run: [sys] regedit -s sys.reg
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Browser Mouse\mouse32a.exe
O4 - HKLM\..\Run: [FLMK08KB] C:\Program Files\Muiltmedia keyboard utility\1.1\MMKEYBD.EXE
O4 - HKLM\..\Run: [Windows ControlAd] C:\Program Files\Windows ControlAd\WinCtlAd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_07\bin\jusched.exe
O4 - HKLM\..\Run: [y69fzerg] C:\Program Files\y69fzerg\y69fzerg.exe
O4 - HKLM\..\Run: [webrebates] "C:\Program Files\WebRebates4\webrebates.exe"
O4 - HKLM\..\RunServices: [Windows Security Assistant] C:\WINDOWS\system32\rundll32.vbe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [Windows Security Assistant] C:\WINDOWS\system32\rundll32.vbe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~2\PSFree.exe"
O4 - HKCU\..\Run: [irfw] C:\PROGRA~1\COMMON~1\irfw\irfwm.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: Web Rebates. - file://C:\Program Files\WebRebates4\websrebates\webtrebates\toprC0.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\IEExtension.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\IEExtension.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windup...02b8bf1fcecd7ff
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.c.../ymmapi_416.dll
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart...ploadClient.cab
O18 - Filter: text/html - {1E9B043E-826E-4CA9-9811-BFC5EF883F92} - C:\WINDOWS\System32\aagdcd.dll
O18 - Filter: text/plain - {1E9B043E-826E-4CA9-9811-BFC5EF883F92} - C:\WINDOWS\System32\aagdcd.dll
O19 - User stylesheet: C:\WINDOWS\system32\readme.txt
O19 - User stylesheet: C:\WINDOWS\hh.htt (HKLM)
O20 - AppInit_DLLs: cpan.dll
O21 - SSODL: mNRzWY - {10F19A92-BA5B-3038-FCF1-EFC4520ED01B} - C:\WINDOWS\System32\zjf.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

    Advertisements

Register to Remove


#2 Siggyx

Siggyx

    SuperHelper

  • Authentic Member
  • PipPipPipPipPipPip
  • 6,776 posts

Posted 09 January 2006 - 08:43 PM

Step # 1

Please download and run CWShredder. Make sure that all browser windows are closed with the exception of Cwshredder and choose FIX.

http://www.majorgeek...7fd6b3ff02edc90

REBOOT

Step #2

Please download and run Spybot 1.4 & AdAware SE Then follow the instructions in the link below to run.

Spybot & Adaware Tutorial

REBOOT

Step # 3

Then do a virus scan here >>> Trend Micro

Step # 4

Please download the trial version of Ewido Security Suite here:
http://www.ewido.net/en/download/

Install it, and update the definitions to the newest files.

Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.

Then please run Ewido, and run a full scan. Save the logfile from the scan.

Restart your computer in normal mode and please post a new HijackThis log, as well as the log from the Ewido scan.

#3 timboxcviii

timboxcviii

    New Member

  • Authentic Member
  • Pip
  • 10 posts

Posted 12 January 2006 - 07:08 PM

Thank you for the help Siggyx. I am attempting your cleanup now. I am moving rather slow though on the downloading of the freeware. I have never had this much trouble downloading a program. I am running on a wireless network connection of 11.1Mbs, but right now I am downloading at 900 bytes per second. Can you help me in determining why I have such a slow rate of download. I will continue to download and run the steps. I will update again as I progress. Thanks again for the help! Tim

#4 Siggyx

Siggyx

    SuperHelper

  • Authentic Member
  • PipPipPipPipPipPip
  • 6,776 posts

Posted 12 January 2006 - 09:10 PM

Your system is full of trojans and spyware and that is the issue. If you dont have much luck with the downloads we can do some cleaning and try again to download.

#5 timboxcviii

timboxcviii

    New Member

  • Authentic Member
  • Pip
  • 10 posts

Posted 12 January 2006 - 10:06 PM

I have done the spybot and adaware cleaning and that seems to help some. I can load websites and other pages rather quickly, it just seems to be downloads that are very slow. I have been downloading ewido for over two hours. It is at 82% now. I will run this tomorrow and the other virus scan and let you know the results. thanks Tim

#6 timboxcviii

timboxcviii

    New Member

  • Authentic Member
  • Pip
  • 10 posts

Posted 15 January 2006 - 09:44 AM

siggyx,
I was finally able to download and run all of the steps you gave. Here are my updated logs.

I look forward to hearing from you soon.

Tim

Logfile of HijackThis v1.99.1
Scan saved at 10:39:33 AM, on 1/15/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Nhksrv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\DELLMMKB.EXE
C:\Program Files\Creative\SBLive\Creative Diagnostics 2.0\DIAGENT.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Browser Mouse\mouse32a.exe
C:\Program Files\Java\j2re1.4.2_07\bin\jusched.exe
C:\Program Files\Microsoft Money\System\Money Express.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\PROGRA~1\PANICW~1\POP-UP~2\PSFree.exe
C:\Program Files\Muiltmedia keyboard utility\1.1\KbdAp32A.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Netropa\OSD.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\tim hunsicker\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://yoursearch.ws/browser/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yoursearch.ws/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://qxhezv.t.muxa.cc/s.php?aid=420 (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://yoursearch.ws/browser/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = http://qxhezv.t.muxa.cc/h.php?aid=420 (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = http://qxhezv.t.muxa.cc/h.php?aid=420 (obfuscated)
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {00000000-0000-48BC-BF33-54672BA4EE73} - C:\Program Files\y69fzerg\y69fzerg.dll (file missing)
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: CCHelper Class - {0CF0B8EE-6596-11D5-A98E-0003470BB48E} - C:\Program Files\Panicware\Pop-Up Stopper\CCHelper.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: Pa&nicware Pop-Up Stopper - {7E82235C-F31E-46CB-AF9F-1ADD94C585FF} - C:\Program Files\Panicware\Pop-Up Stopper\pstopper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\DELLMMKB.EXE
O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\Run: [DIAGENT] C:\Program Files\Creative\SBLive\Creative Diagnostics 2.0\DIAGENT.EXE startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Browser Mouse\mouse32a.exe
O4 - HKLM\..\Run: [FLMK08KB] C:\Program Files\Muiltmedia keyboard utility\1.1\MMKEYBD.EXE
O4 - HKLM\..\Run: [Windows ControlAd] C:\Program Files\Windows ControlAd\WinCtlAd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_07\bin\jusched.exe
O4 - HKLM\..\Run: [y69fzerg] C:\Program Files\y69fzerg\y69fzerg.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~2\PSFree.exe"
O4 - HKCU\..\Run: [irfw] C:\PROGRA~1\COMMON~1\irfw\irfwm.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\IEExtension.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\IEExtension.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.c.../ymmapi_416.dll
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart...ploadClient.cab
O20 - AppInit_DLLs: cpan.dll
O21 - SSODL: mNRzWY - {10F19A92-BA5B-3038-FCF1-EFC4520ED01B} - C:\WINDOWS\System32\zjf.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe




ewido log:ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 10:35:22 AM, 1/15/2006
+ Report-Checksum: D31557AF

+ Scan result:

HKLM\SOFTWARE\Admilli Service -> Spyware.BlazeFind : Cleaned with backup
HKLM\SOFTWARE\Classes\AppID\adm.EXE -> Spyware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Classes\AppID\Altnet Signing Module.EXE -> Spyware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Classes\ClientAX.ClientInstaller -> Spyware.180Solutions : Cleaned with backup
HKLM\SOFTWARE\Classes\ClientAX.ClientInstaller\CLSID -> Spyware.180Solutions : Cleaned with backup
HKLM\SOFTWARE\Classes\ClientAX.ClientInstaller\CurVer -> Spyware.180Solutions : Cleaned with backup
HKLM\SOFTWARE\Classes\ClientAX.ClientInstaller.1 -> Spyware.180Solutions : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{016235BE-59D4-4CEB-ADD5-E2378282A1D9} -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} -> Spyware.WinFavorites : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{1D7E3B41-23CE-469B-BE1B-A64B877923E1} -> Spyware.BlazeFind : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{6E21F428-5617-47F7-AED8-B2E1D8FBA711} -> Spyware.IBIS : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{708BE496-E202-497B-BC31-9CF47E3BF8D6} -> Spyware.IBIS : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{87067F04-DE4C-4688-BC3C-4FCF39D609E7} -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{87766247-311C-43B4-8499-3D5FEC94A183} -> Spyware.HuntBar : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{8B0FA130-0C3D-4CB1-AEB7-2C29DA5509A3} -> Spyware.IBIS : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{9F95F736-0F62-4214-A4B4-CAA6738D4C07} -> Spyware.SaveNow : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{A8DEB4A5-D9EF-4D21-B4F6-921475004E7D} -> Spyware.IBIS : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{B5AB638F-D76C-415B-A8F2-F3CEAC502212} -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{BC333116-6EA1-40A1-9D07-ECB192DB8CEA} -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{F4E04583-354E-4076-BE7D-ED6A80FD66DA} -> Spyware.BargainBuddy : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{234F09FB-FE89-4C6D-9203-31832FC051C3} -> Spyware.IBIS : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{2B0ECEAC-F597-4858-A542-D966B49055B9} -> Spyware.180Solutions : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{365B9A54-E613-46E5-9DB1-4F91A9DE80BD} -> Spyware.IBIS : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{4438A5DC-E00B-41A0-B0E6-B63FD3B86EEE} -> Spyware.NetworkEssentials : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{618BE527-B7F5-417C-BC51-98FDC2D6DE61} -> Spyware.IBIS : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{66C22569-F05C-4A70-A142-763B337E1002} -> Spyware.IBIS : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{7B8BD940-B1EF-460C-85A2-9ACAAF7F9303} -> Spyware.IBIS : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{8EEE58D5-130E-4CBD-9C83-35A0564E5678} -> Spyware.BargainBuddy : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{99AA88D1-D9D3-410A-BE9E-044F94C183DA} -> Spyware.IBIS : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{AA4939C3-DECA-4A48-A454-97CD587C0EF5} -> Spyware.ISTBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{B548B7D8-3D03-4AED-A6A1-4251FAD00C10} -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{B99A727F-0782-4A71-BCC2-6E1E66414904} -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{BC333116-6EA1-40A1-9D07-ECB192DB8CEA} -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{C285D18D-43A2-4AEF-83FB-BF280E660A97} -> Spyware.SaveNow : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{C6906A23-4717-4E1F-B6FD-F06EBED15678} -> Spyware.BargainBuddy : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{D1951679-1D52-43FC-9585-0737143585F5} -> Spyware.IBIS : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{DDEA2E1D-8555-45E5-AF09-EC9AA4EA27AD} -> Spyware.180Solutions : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{EEE4A2E5-9F56-432F-A6ED-F6F625B551E0} -> Dialer.Generic : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{F273D4EA-2025-4410-8408-251A0CD46BE7} -> Spyware.IBIS : Cleaned with backup
HKLM\SOFTWARE\Classes\MP.MediaPops -> Spyware.NetworkEssentials : Cleaned with backup
HKLM\SOFTWARE\Classes\MP.MediaPops\CLSID -> Spyware.NetworkEssentials : Cleaned with backup
HKLM\SOFTWARE\Classes\MP.MediaPops\CurVer -> Spyware.NetworkEssentials : Cleaned with backup
HKLM\SOFTWARE\Classes\MP.MediaPops.1 -> Spyware.NetworkEssentials : Cleaned with backup
HKLM\SOFTWARE\Classes\PROTOCOLS\Name-Space Handler\res -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\PROTOCOLS\Name-Space Handler\res\WToolsB.ResProtocol -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\SearchRelevancy -> Spyware.SearchRelevancy : Cleaned with backup
HKLM\SOFTWARE\Classes\SearchRelevancy\CLSID -> Spyware.SearchRelevancy : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{4767C447-EF15-42F2-8809-68ADB7FA76F1} -> Spyware.NetworkEssentials : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{4EB7BBE8-2E15-424B-9DDB-2CDB9516B2C3} -> Spyware.NaviSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{5B6689B5-C2D4-4DC7-BFD1-24AC17E5FCDA} -> Spyware.180Solutions : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{B23B3ADD-84B1-414A-92B9-0CABE5A781F4} -> Spyware.IBIS : Cleaned with backup
HKLM\SOFTWARE\Classes\WinAdCtlX.Installer -> Spyware.BlazeFind : Cleaned with backup
HKLM\SOFTWARE\Classes\WinAdCtlX.Installer\CLSID -> Spyware.BlazeFind : Cleaned with backup
HKLM\SOFTWARE\Classes\WinTaskAdX.Installer -> Spyware.BlazeFind : Cleaned with backup
HKLM\SOFTWARE\Classes\WinTaskAdX.Installer\CLSID -> Spyware.BlazeFind : Cleaned with backup
HKLM\SOFTWARE\Classes\WToolsB.ResProtocol -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\WToolsB.ResProtocol\Clsid -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Elitum -> Spyware.EliteBar : Cleaned with backup
HKLM\SOFTWARE\Elitum\EliteToolBar -> Spyware.EliteBar : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} -> Spyware.WinFavorites : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Spyware.WebRebates : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\STO -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Kapabout -> Spyware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MediaLoads Enhanced -> Spyware.Downloadware : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Rotue -> Spyware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchAssistant Uninstall -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\PerfectNav -> Spyware.KeenValue : Cleaned with backup
HKLM\SOFTWARE\Policies\Avenue Media -> Spyware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\PowerScan -> Spyware.PowerScan : Cleaned with backup
HKLM\SOFTWARE\salm -> Spyware.180Solutions : Cleaned with backup
HKLM\SOFTWARE\WinTools -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\WinTools\kydmzylki -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\WinTools\nlibjhin -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\WinTools\nlibx4m -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\WinTools\nlibx4m\0f -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\WinTools\nlibx4m\1v -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\WinTools\nlibx4m\80 -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\WinTools\nlibx4m\8v -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\WinTools\nlibx4m\f8 -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\WinTools\nlibx4m\vg -> Spyware.WebSearch : Cleaned with backup
HKU\S-1-5-21-516116760-3508293876-2501954535-1006\Software\localNRD -> Spyware.BetterInternet : Cleaned with backup
HKU\S-1-5-21-516116760-3508293876-2501954535-1006\Software\Policies\Avenue Media -> Spyware.InternetOptimizer : Cleaned with backup
HKU\S-1-5-21-516116760-3508293876-2501954535-1006\Software\salm -> Spyware.180Solutions : Cleaned with backup
HKU\S-1-5-21-516116760-3508293876-2501954535-1006\Software\WinTools -> Spyware.WebSearch : Cleaned with backup
HKU\S-1-5-21-516116760-3508293876-2501954535-1006\Software\WinTools\URLSearchHooks -> Spyware.WebSearch : Cleaned with backup
C:\Documents and Settings\tim hunsicker\Cookies\tim hunsicker@ad.yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\tim hunsicker\Cookies\tim hunsicker@ads.pointroll[2].txt -> Spyware.Cookie.Pointroll : Cleaned with backup
C:\Documents and Settings\tim hunsicker\Cookies\tim hunsicker@advertising[2].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\tim hunsicker\Cookies\tim hunsicker@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\tim hunsicker\Cookies\tim hunsicker@burstnet[1].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
C:\Documents and Settings\tim hunsicker\Cookies\tim hunsicker@com[2].txt -> Spyware.Cookie.Com : Cleaned with backup
C:\Documents and Settings\tim hunsicker\Cookies\tim hunsicker@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\tim hunsicker\Cookies\tim hunsicker@serving-sys[2].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\tim hunsicker\Cookies\tim hunsicker@trafic[1].txt -> Spyware.Cookie.Trafic : Cleaned with backup
C:\Documents and Settings\tim hunsicker\Cookies\tim hunsicker@www.burstbeacon[1].txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
C:\Documents and Settings\tim hunsicker\Desktop\backups\backup-20051227-220159-381.dll -> Spyware.ClearSearch : Cleaned with backup
C:\Documents and Settings\tim hunsicker\Local Settings\Temp\Cookies\tim hunsicker@2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\tim hunsicker\Local Settings\Temp\Cookies\tim hunsicker@ad.yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\tim hunsicker\Local Settings\Temp\Cookies\tim hunsicker@adopt.specificclick[1].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\Documents and Settings\tim hunsicker\Local Settings\Temp\Cookies\tim hunsicker@ads.addynamix[1].txt -> Spyware.Cookie.Addynamix : Cleaned with backup
C:\Documents and Settings\tim hunsicker\Local Settings\Temp\Cookies\tim hunsicker@ads.pointroll[2].txt -> Spyware.Cookie.Pointroll : Cleaned with backup
C:\Documents and Settings\tim hunsicker\Local Settings\Temp\Cookies\tim hunsicker@advertising[2].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\tim hunsicker\Local Settings\Temp\Cookies\tim hunsicker@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\tim hunsicker\Local Settings\Temp\Cookies\tim hunsicker@banner.casinoking[2].txt -> Spyware.Cookie.Casinoking : Cleaned with backup
C:\Documents and Settings\tim hunsicker\Local Settings\Temp\Cookies\tim hunsicker@banner.casinolasvegas[2].txt -> Spyware.Cookie.Casinolasvegas : Cleaned with backup
C:\Documents and Settings\tim hunsicker\Local Settings\Temp\Cookies\tim hunsicker@banner.goldenpalace[2].txt -> Spyware.Cookie.Goldenpalace : Cleaned with backup
C:\Documents and Settings\tim hunsicker\Local Settings\Temp\Cookies\tim hunsicker@banner.grandonline[2].txt -> Spyware.Cookie.Grandonline : Cleaned with backup
C:\Documents and Settings\tim hunsicker\Local Settings\Temp\Cookies\tim hunsicker@bluestreak[2].txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
C:\Documents and Settings\tim hunsicker\Local Settings\Temp\Cookies\tim hunsicker@casalemedia[1].txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\tim hunsicker\Local Settings\Temp\Cookies\tim hunsicker@casinoking[1].txt -> Spyware.Cookie.Casinoking : Cleaned with backup
C:\Documents and Settings\tim hunsicker\Local Settings\Temp\Cookies\tim hunsicker@casinolasvegas[1].txt -> Spyware.Cookie.Casinolasvegas : Cleaned with backup
C:\Documents and Settings\tim hunsicker\Local Settings\Temp\Cookies\tim hunsicker@centrport[1].txt -> Spyware.Cookie.Centrport : Cleaned with backup
C:\Documents and Settings\tim hunsicker\Local Settings\Temp\Cookies\tim hunsicker@cityclub.gamingpromo[2].txt -> Spyware.Cookie.Gamingpromo : Cleaned with backup
C:\Documents and Settings\tim hunsicker\Local Settings\Temp\Cookies\tim hunsicker@clickagents[1].txt -> Spyware.Cookie.Clickagents : Cleaned with backup
C:\Documents and Settings\tim hunsicker\Local Settings\Temp\Cookies\tim hunsicker@commission-junction[2].txt -> Spyware.Cookie.Commission-junction : Cleaned with backup
C:\Documents and Settings\tim hunsicker\Local Settings\Temp\Cookies\tim hunsicker@com[2].txt -> Spyware.Cookie.Com : Cleaned with backup
C:\Documents and Settings\tim hunsicker\Local Settings\Temp\Cookies\tim hunsicker@cs.sexcounter[2].txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
C:\Documents and Settings\tim hunsicker\Local Settings\Temp\Cookies\tim hunsicker@data.coremetrics[2].txt -> Spyware.Cookie.Coremetrics : Cleaned with backup
C:\Documents and Settings\tim hunsicker\Local Settings\Temp\Cookies\tim hunsicker@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\tim hunsicker\Local Settings\Temp\Cookies\tim hunsicker@e-2dj6wfkionc5kdq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\tim hunsicker\Local Settings\Temp\Cookies\tim hunsicker@e-2dj6wfl4klajwlp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\tim hunsicker\Local Settings\Temp\Cookies\tim hunsicker@e-2dj6wfl4opc5chp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\tim hunsicker\Local Settings\Temp\Cookies\tim hunsicker@e-2dj6wflieocjwcp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\tim hunsicker\Local Settings\Temp\Cookies\tim hunsicker@e-2dj6wfliqpajmfo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\tim hunsicker\Local Settings\Temp\Cookies\tim hunsicker@e-2dj6wfloandjskq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\tim hunsicker\Local Settings\Temp\Cookies\tim hunsicker@e-2dj6wjk4emdjecq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\tim hunsicker\Local Settings\Temp\Cookies\tim hunsicker@e-2dj6wjk4gkdzcdo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\tim hunsicker\Local Settings\Temp\Cookies\tim hunsicker@e-2dj6wjkyeoczgbo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\tim hunsicker\Local Settings\Temp\Cookies\tim hunsicker@e-2dj6wjkysjajohp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\tim hunsicker\Local Settings\Temp\Cookies\tim hunsicker@e-2dj6wjl4ekc5adq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\tim hunsicker\Local Settings\Temp\Cookies\tim hunsicker@e-2dj6wjl4glc5geo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\tim hunsicker\Local Settings\Temp\Cookies\tim hunsicker@e-2dj6wjl4ujd5slo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\tim hunsicker\Local Settings\Temp\Cookies\tim hunsicker@e-2dj6wjl4uocpcgo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\tim hunsicker\Local Settings\Temp\Cookies\tim hunsicker@e-2dj6wjliencjmgo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\tim hunsicker\Local Settings\Temp\Cookies\tim hunsicker@e-2dj6wjlokhajoep.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\tim hunsicker\Local Settings\Temp\Cookies\tim hunsicker@e-2dj6wjlyukdzebq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\tim hunsicker\Local Settings\Temp\Cookies\tim hunsicker@e-2dj6wjmienazwap.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\tim hunsicker\Local Settings\Temp\Cookies\tim hunsicker@e-2dj6wjmikhd5sao.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\tim hunsicker\Local Settings\Temp\Cookies\tim hunsicker@e-2dj6wjmycgczicp.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\tim hunsicker\Local Settings\Temp\Cookies\tim hunsicker@e-2dj6wjmysicjefp.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\tim hunsicker\Local Settings\Temp\Cookies\tim hunsicker@e-2dj6wjny-1ndpcb.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\tim hunsicker\Local Settings\Temp\Cookies\tim hunsicker@e-2dj6wjnyemajkdo.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\tim hunsicker\Local Settings\Temp\Cookies\tim hunsicker@e-2dj6wjnyggdjwcp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\tim hunsicker\Local Settings\Temp\Cookies\tim hunsicker@e-2dj6wjnygic5mhq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\tim hunsicker\Local Settings\Temp\Cookies\tim hunsicker@e-2dj6wjnygoczsfp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\tim hunsicker\Local Settings\Temp\Cookies\tim hunsicker@e-2dj6wjnyogdpoko.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\tim hunsicker\Local Settings\Temp\Cookies\tim hunsicker@edge.ru4[1].txt -> Spyware.Cookie.Ru4 : Cleaned with backup
C:\Documents and Settings\tim hunsicker\Local Settings\Temp\Cookies\tim hunsicker@ehg-dig.hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\tim hunsicker\Local Settings\Temp\Cookies\tim hunsicker@ehg-guba.hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\tim hunsicker\Local Settings\Temp\Cookies\tim hunsicker@fastclick[1].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Documents and Settings\tim hunsicker\Local Settings\Temp\Cookies\tim hunsicker@gamingpromo[1].txt -> Spyware.Cookie.Gamingpromo : Cleaned with backup
C:\Documents and Settings\tim hunsicker\Local Settings\Temp\Cookies\tim hunsicker@goldenpalace[1].txt -> Spyware.Cookie.Goldenpalace : Cleaned with backup
C:\Documents and Settings\tim hunsicker\Local Settings\Temp\Cookies\tim hunsicker@grandonline[2].txt -> Spyware.Cookie.Grandonline : Cleaned with backup
C:\Documents and Settings\tim hunsicker\Local Settings\Temp\Cookies\tim hunsicker@hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\tim hunsicker\Local Settings\Temp\Cookies\tim hunsicker@linksynergy[2].txt -> Spyware.Cookie.Linksynergy : Cleaned with backup
C:\Documents and Settings\tim hunsicker\Local Settings\Temp\Cookies\tim hunsicker@mediaplex[1].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\tim hunsicker\Local Settings\Temp\Cookies\tim hunsicker@overture[2].txt -> Spyware.Cookie.Overture : Cleaned with backup
C:\Documents and Settings\tim hunsicker\Local Settings\Temp\Cookies\tim hunsicker@paycounter[1].txt -> Spyware.Cookie.Paycounter : Cleaned with backup
C:\Documents and Settings\tim hunsicker\Local Settings\Temp\Cookies\tim hunsicker@perf.overture[1].txt -> Spyware.Cookie.Overture : Cleaned with backup
C:\Documents and Settings\tim hunsicker\Local Settings\Temp\Cookies\tim hunsicker@phg.hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\tim hunsicker\Local Settings\Temp\Cookies\tim hunsicker@qksrv[2].txt -> Spyware.Cookie.Qksrv : Cleaned with backup
C:\Documents and Settings\tim hunsicker\Local Settings\Temp\Cookies\tim hunsicker@questionmarket[1].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\tim hunsicker\Local Settings\Temp\Cookies\tim hunsicker@sales.liveperson[1].txt -> Spyware.Cookie.Liveperson : Cleaned with backup
C:\Documents and Settings\tim hunsicker\Local Settings\Temp\Cookies\tim hunsicker@servedby.advertising[1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\tim hunsicker\Local Settings\Temp\Cookies\tim hunsicker@server.iad.liveperson[1].txt -> Spyware.Cookie.Liveperson : Cleaned with backup
C:\Documents and Settings\tim hunsicker\Local Settings\Temp\Cookies\tim hunsicker@serving-sys[2].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\tim hunsicker\Local Settings\Temp\Cookies\tim hunsicker@sexlist[1].txt -> Spyware.Cookie.Sexlist : Cleaned with backup
C:\Documents and Settings\tim hunsicker\Local Settings\Temp\Cookies\tim hunsicker@tradedoubler[2].txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
C:\Documents and Settings\tim hunsicker\Local Settings\Temp\Cookies\tim hunsicker@trafficmp[2].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\tim hunsicker\Local Settings\Temp\Cookies\tim hunsicker@tribalfusion[1].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\tim hunsicker\Local Settings\Temp\Cookies\tim hunsicker@valueclick[1].txt -> Spyware.Cookie.Valueclick : Cleaned with backup
C:\Documents and Settings\tim hunsicker\Local Settings\Temp\Cookies\tim hunsicker@www.goldenpalace[1].txt -> Spyware.Cookie.Goldenpalace : Cleaned with backup
C:\Documents and Settings\tim hunsicker\Local Settings\Temp\Cookies\tim hunsicker@www.grandonline[1].txt -> Spyware.Cookie.Grandonline : Cleaned with backup
C:\Documents and Settings\tim hunsicker\Local Settings\Temp\Cookies\tim hunsicker@z1.adserver[1].txt -> Spyware.Cookie.Adserver : Cleaned with backup
C:\Documents and Settings\tim hunsicker\Local Settings\Temp\saveinstwm.exe -> Adware.SaveNow : Cleaned with backup
C:\Documents and Settings\tim hunsicker\Local Settings\Temp\THI1EA2.tmp\localNrd.cab/preInsln.exe -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\tim hunsicker\Local Settings\Temp\THI1EA2.tmp\preInsln.exe -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\tim hunsicker\Local Settings\Temp\THI2D34.tmp\localNrd.cab/preInsln.exe -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\tim hunsicker\Local Settings\Temp\THI2D34.tmp\preInsln.exe -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\tim hunsicker\Local Settings\Temp\THI394E.tmp\localNrd.cab/preInsln.exe -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\tim hunsicker\Local Settings\Temp\THI394E.tmp\preInsln.exe -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\tim hunsicker\Local Settings\Temp\THI5C73.tmp\localNrd.cab/preInsln.exe -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\tim hunsicker\Local Settings\Temp\THI5C73.tmp\preInsln.exe -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\tim hunsicker\Local Settings\Temp\THI63CF.tmp\localNrd.cab/preInsln.exe -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\tim hunsicker\Local Settings\Temp\THI63CF.tmp\preInsln.exe -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\tim hunsicker\Local Settings\Temp\THI734E.tmp\localNrd.cab/preInsln.exe -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\tim hunsicker\Local Settings\Temp\THI734E.tmp\preInsln.exe -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\tim hunsicker\Local Settings\Temp\THI747E.tmp\localNrd.cab/preInsln.exe -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\tim hunsicker\Local Settings\Temp\THI747E.tmp\preInsln.exe -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\tim hunsicker\Local Settings\Temp\THI7EF6.tmp\localNrd.cab/preInsln.exe -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\tim hunsicker\Local Settings\Temp\THI7EF6.tmp\preInsln.exe -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\tim hunsicker\Local Settings\Temp\upd48F.tmp/ME.dll -> Spyware.MediaPops : Cleaned with backup
C:\Documents and Settings\tim hunsicker\Local Settings\Temp\__unin__.exe -> Spyware.Altnet : Cleaned with backup
C:\Documents and Settings\tim hunsicker\Start Menu\Programs\Power Scan -> Spyware.PowerScan : Cleaned with backup
C:\Documents and Settings\tim hunsicker\Start Menu\Programs\Power Scan\Power Scan.lnk -> Spyware.PowerScan : Cleaned with backup
C:\Program Files\Altnet -> Spyware.Altnet : Cleaned with backup
C:\Program Files\Altnet\My Altnet Shares -> Spyware.Altnet : Cleaned with backup
C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection -> Spyware.Altnet : Cleaned with backup
C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection\plugins.cab.cab -> Spyware.Altnet : Cleaned with backup
C:\Program Files\BearShare\Installer\saveinstwm.exe -> Adware.SaveNow : Cleaned with backup
C:\Program Files\Common Files\irfw\irfwd\irfwc.dll -> Downloader.Small : Cleaned with backup
C:\Program Files\CxtPls -> Adware.AproposMedia : Cleaned with backup
C:\Program Files\CxtPls\ace.dll -> Adware.AproposMedia : Cleaned with backup
C:\Program Files\CxtPls\AI_23-03-2005.log -> Adware.AproposMedia : Cleaned with backup
C:\Program Files\CxtPls\AI_24-03-2005.log -> Adware.AproposMedia : Cleaned with backup
C:\Program Files\CxtPls\AI_25-03-2005.log -> Adware.AproposMedia : Cleaned with backup
C:\Program Files\CxtPls\AI_27-03-2005.log -> Adware.AproposMedia : Cleaned with backup
C:\Program Files\CxtPls\atl.dll -> Adware.AproposMedia : Cleaned with backup
C:\Program Files\CxtPls\data.bin -> Adware.AproposMedia : Cleaned with backup
C:\Program Files\CxtPls\libexpat.dll -> Adware.AproposMedia : Cleaned with backup
C:\Program Files\CxtPls\WinGenerics.dll -> Adware.AproposMedia : Cleaned with backup
C:\Program Files\MediaLoads Enhanced\install.exe -> Spyware.Downloadware : Cleaned with backup
C:\Program Files\MediaLoads Enhanced\ME1.DLL -> Spyware.MediaPops : Cleaned with backup
C:\Program Files\MediaLoads Enhanced\ME2.DLL -> Spyware.MediaPops : Cleaned with backup
C:\Program Files\Power Scan -> Spyware.PowerScan : Cleaned with backup
C:\Program Files\y69fzerg\1ftfaptp.DLL -> Spyware.ClearSearch : Cleaned with backup
C:\Program Files\y69fzerg\lhya5pqh.DLL -> Spyware.ClearSearch : Cleaned with backup
C:\Program Files\y69fzerg\oyiag0sq.DLL -> Spyware.ClearSearch : Cleaned with backup
C:\Program Files\y69fzerg\vjk0hkwc.DLL -> Spyware.ClearSearch : Cleaned with backup
C:\Program Files\y69fzerg\y69fzerg1\y69fzerg1.dll -> Spyware.ClearSearch : Cleaned with backup
C:\Program Files\y69fzerg\y69fzerg1\y69fzerg1.exe -> Spyware.ClearSearch : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP1001\A0086632.dll -> Spyware.WinAD : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP1001\A0086633.exe -> Spyware.WinAD : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP1001\A0086635.dll -> Spyware.WinAD : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP1001\A0086637.exe -> Spyware.WinAD : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP1001\A0086683.dll -> Adware.SAHA : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP1001\A0086684.exe -> Adware.SAHA : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP1001\A0086699.dll -> Spyware.ClearSearch : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP1001\A0086701.dll -> Spyware.ClearSearch : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP1001\A0086702.exe -> Spyware.ClearSearch : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP1003\A0087692.dll -> Spyware.ClearSearch : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP1003\A0087694.dll -> Spyware.ClearSearch : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP1003\A0087695.exe -> Spyware.ClearSearch : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP1020\A0087962.dll -> Spyware.ClearSearch : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP1020\A0087963.exe -> Spyware.ClearSearch : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP1020\A0087975.dll -> Spyware.ClearSearch : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP1020\A0087977.dll -> Spyware.ClearSearch : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP1020\A0087978.exe -> Spyware.ClearSearch : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP1021\A0088036.dll -> Spyware.ClearSearch : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP1021\A0088037.exe -> Spyware.ClearSearch : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP1034\A0089032.dll -> Spyware.ClearSearch : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP1034\A0089034.dll -> Spyware.ClearSearch : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP1034\A0089035.exe -> Spyware.ClearSearch : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP1037\A0090048.dll -> Spyware.ClearSearch : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP1037\A0090050.dll -> Spyware.ClearSearch : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP1037\A0090051.exe -> Spyware.ClearSearch : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP1049\A0090215.dll -> Spyware.ClearSearch : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP1049\A0090217.dll -> Spyware.ClearSearch : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP1049\A0090218.exe -> Spyware.ClearSearch : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP1057\A0090352.dll -> Spyware.ClearSearch : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP1057\A0090354.dll -> Spyware.ClearSearch : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP1057\A0090355.exe -> Spyware.ClearSearch : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP1057\A0090372.dll -> Spyware.ClearSearch : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP1057\A0090374.dll -> Spyware.ClearSearch : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP1057\A0090375.exe -> Spyware.ClearSearch : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP1057\A0090384.exe -> Adware.WebRebates : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP1057\A0090385.dll -> Adware.WebRebates : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP1067\A0091637.vxd/C:/WINDOWS/System32/exul.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP1067\A0091637.vxd/C:/WINDOWS/System32/javexulm.vxd -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP1067\A0091637.vxd/C:/WINDOWS/System32/bbchk.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP1067\A0091637.vxd/C:/WINDOWS/System32/msexreg.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP1067\A0091637.vxd/C:/WINDOWS/System32/instsrv.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP1067\A0091682.exe -> Spyware.WinAD : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP1067\A0091691.dll -> Spyware.WinAD : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP1067\A0091692.dll -> Spyware.WinAD : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP1068\A0091714.dll -> Spyware.ClearSearch : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP1068\A0091715.exe -> Spyware.ClearSearch : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP1068\A0091769.dll -> Spyware.ClearSearch : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP1068\A0091770.exe -> Spyware.ClearSearch : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP1068\A0091779.dll -> Spyware.ClearSearch : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP1068\A0091781.dll -> Spyware.ClearSearch : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP1068\A0091782.exe -> Spyware.ClearSearch : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP1069\A0091796.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP1069\A0091813.dll -> Spyware.ClearSearch : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP1069\A0091814.exe -> Spyware.ClearSearch : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP1070\A0091820.exe -> Spyware.ClearSearch : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP1070\A0091824.dll -> Spyware.ClearSearch : Cleaned with backup
C:\WINDOWS\NDNuninstall4_80.exe -> Spyware.NewDotNet : Cleaned with backup
C:\WINDOWS\NDNuninstall5_20.exe -> Spyware.NewDotNet : Cleaned with backup
C:\WINDOWS\NDNuninstall5_40.exe -> Spyware.NewDotNet : Cleaned with backup
C:\WINDOWS\NDNuninstall6_10.exe -> Spyware.NewDotNet : Cleaned with backup
C:\WINDOWS\NDNuninstall6_22.exe -> Spyware.NewDotNet : Cleaned with backup
C:\WINDOWS\NDNuninstall6_30.exe -> Spyware.NewDotNet : Cleaned with backup
C:\WINDOWS\preInsln.exe -> Spyware.BiSpy : Cleaned with backup
C:\WINDOWS\sys.reg -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\SYSTEM32\chktrust.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts.20040207-191029.backup -> Spyware.XmlMimeFilter : Cleaned with backup
C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts.20040301-230415.backup -> Spyware.XmlMimeFilter : Cleaned with backup
C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts.20040427-232433.backup -> Spyware.XmlMimeFilter : Cleaned with backup
C:\WINDOWS\SYSTEM32\netut80ex.vxd/C:/WINDOWS/System32/bbchk.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\WINDOWS\SYSTEM32\zjf.dll -> Downloader.Agent.ce : Cleaned with backup
C:\WINDOWS\Temp\Altnet -> Adware.Altnet : Cleaned with backup
C:\WINDOWS\Temp\Altnet\adm.exe -> Adware.Altnet : Cleaned with backup
C:\WINDOWS\Temp\Altnet\adm25.dll -> Adware.Altnet : Cleaned with backup
C:\WINDOWS\Temp\Altnet\adm4.dll -> Adware.Altnet : Cleaned with backup
C:\WINDOWS\Temp\Altnet\admdata.dll -> Adware.Altnet : Cleaned with backup
C:\WINDOWS\Temp\Altnet\admdloader.dll -> Adware.Altnet : Cleaned with backup
C:\WINDOWS\Temp\Altnet\admfdi.dll -> Adware.Altnet : Cleaned with backup
C:\WINDOWS\Temp\Altnet\admprog.dll -> Adware.Altnet : Cleaned with backup
C:\WINDOWS\Temp\Altnet\Atl.dll -> Adware.Altnet : Cleaned with backup
C:\WINDOWS\Temp\Altnet\dmfiles.cab -> Adware.Altnet : Cleaned with backup
C:\WINDOWS\Temp\Altnet\DMinfo2.cab -> Adware.Altnet : Cleaned with backup
C:\WINDOWS\Temp\Altnet\dminstall3.cab -> Adware.Altnet : Cleaned with backup
C:\WINDOWS\Temp\Altnet\msvcirt.dll -> Adware.Altnet : Cleaned with backup
C:\WINDOWS\Temp\Altnet\mysearch.cab -> Adware.Altnet : Cleaned with backup
C:\WINDOWS\Temp\Altnet\pmexe.cab -> Adware.Altnet : Cleaned with backup
C:\WINDOWS\Temp\Altnet\pmfiles.cab -> Adware.Altnet : Cleaned with backup
C:\WINDOWS\Temp\Altnet\pminstall.cab -> Adware.Altnet : Cleaned with backup
C:\WINDOWS\Temp\Altnet\Setup.cab -> Adware.Altnet : Cleaned with backup


::Report End


Thanks again for the help!

#7 Siggyx

Siggyx

    SuperHelper

  • Authentic Member
  • PipPipPipPipPipPip
  • 6,776 posts

Posted 15 January 2006 - 12:26 PM

:Download About Buster

1. Please download About:Buster from here: http://www.malwareby...AboutBuster.zip

2. Once it is downloaded extract it to c:\aboutbuster.

[*] Navigate to the c:\aboutbuster directory
[*] double-click on aboutbuster.exe
[*] When the tool opens press the OK button, then Start button, then the OK button
[*] then finally the Yes button. It will start scanning your computer for files.
[*] If it asks if you would like to do a second pass, allow it to do so.
[*] Post the log file in your next reply and a new hijackthis log please.

#8 timboxcviii

timboxcviii

    New Member

  • Authentic Member
  • Pip
  • 10 posts

Posted 16 January 2006 - 08:56 PM

I am starting to see major improvement, but am still having trouble downloading. Here are the latest logs.

Tim

Logfile of HijackThis v1.99.1
Scan saved at 9:54:42 PM, on 1/16/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Nhksrv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\DELLMMKB.EXE
C:\Program Files\Creative\SBLive\Creative Diagnostics 2.0\DIAGENT.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Browser Mouse\mouse32a.exe
C:\Program Files\Java\j2re1.4.2_07\bin\jusched.exe
C:\Program Files\Microsoft Money\System\Money Express.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\PROGRA~1\PANICW~1\POP-UP~2\PSFree.exe
C:\Program Files\Muiltmedia keyboard utility\1.1\KbdAp32A.exe
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Netropa\OSD.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\BearShare\BearShare.exe
C:\Program Files\BearShare\BearShare.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\tim hunsicker\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://yoursearch.ws/browser/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yoursearch.ws/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://qxhezv.t.muxa.cc/s.php?aid=420 (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://yoursearch.ws/browser/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = http://qxhezv.t.muxa.cc/h.php?aid=420 (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = http://qxhezv.t.muxa.cc/h.php?aid=420 (obfuscated)
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {00000000-0000-48BC-BF33-54672BA4EE73} - C:\Program Files\y69fzerg\y69fzerg.dll (file missing)
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: CCHelper Class - {0CF0B8EE-6596-11D5-A98E-0003470BB48E} - C:\Program Files\Panicware\Pop-Up Stopper\CCHelper.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: Pa&nicware Pop-Up Stopper - {7E82235C-F31E-46CB-AF9F-1ADD94C585FF} - C:\Program Files\Panicware\Pop-Up Stopper\pstopper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\DELLMMKB.EXE
O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\Run: [DIAGENT] C:\Program Files\Creative\SBLive\Creative Diagnostics 2.0\DIAGENT.EXE startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Browser Mouse\mouse32a.exe
O4 - HKLM\..\Run: [FLMK08KB] C:\Program Files\Muiltmedia keyboard utility\1.1\MMKEYBD.EXE
O4 - HKLM\..\Run: [Windows ControlAd] C:\Program Files\Windows ControlAd\WinCtlAd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_07\bin\jusched.exe
O4 - HKLM\..\Run: [y69fzerg] C:\Program Files\y69fzerg\y69fzerg.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~2\PSFree.exe"
O4 - HKCU\..\Run: [irfw] C:\PROGRA~1\COMMON~1\irfw\irfwm.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\IEExtension.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\IEExtension.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.c.../ymmapi_416.dll
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart...ploadClient.cab
O20 - AppInit_DLLs: cpan.dll
O21 - SSODL: mNRzWY - {10F19A92-BA5B-3038-FCF1-EFC4520ED01B} - C:\WINDOWS\System32\zjf.dll (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe


AboutBuster 6.0
Scan started on [1/16/2006] at [9:48:24 PM]
-------------------------------------------------------------
Internet Explorer Instances Terminated!
HomeSearch Service stopped if present
-------------------------------------------------------------
No Ads Found!
-------------------------------------------------------------
No Files Found!
-------------------------------------------------------------
Scan was COMPLETED SUCCESSFULLY at 9:51:53 PM

#9 Siggyx

Siggyx

    SuperHelper

  • Authentic Member
  • PipPipPipPipPipPip
  • 6,776 posts

Posted 16 January 2006 - 10:18 PM

Ok now lets try some manual cleaning

Scan with hijackthis and put a hceck beside these lines and choose FIX

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://yoursearch.ws/browser/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yoursearch.ws/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://qxhezv.t.muxa.cc/s.php?aid=420 (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://yoursearch.ws/browser/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = http://qxhezv.t.muxa.cc/h.php?aid=420 (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = http://qxhezv.t.muxa.cc/h.php?aid=420 (obfuscated)
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: (no name) - {00000000-0000-48BC-BF33-54672BA4EE73} - C:\Program Files\y69fzerg\y69fzerg.dll (file missing)

O4 - HKLM\..\Run: [Windows ControlAd] C:\Program Files\Windows ControlAd\WinCtlAd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_07\bin\jusched.exe
O4 - HKLM\..\Run: [y69fzerg] C:\Program Files\y69fzerg\y69fzerg.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [irfw] C:\PROGRA~1\COMMON~1\irfw\irfwm.exe

O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe

O20 - AppInit_DLLs: cpan.dll

O21 - SSODL: mNRzWY - {10F19A92-BA5B-3038-FCF1-EFC4520ED01B} - C:\WINDOWS\System32\zjf.dll (file missing)

Then reboot and a new log please.

#10 timboxcviii

timboxcviii

    New Member

  • Authentic Member
  • Pip
  • 10 posts

Posted 17 January 2006 - 09:20 PM

okay, here is the new log.

Tim

Logfile of HijackThis v1.99.1
Scan saved at 10:17:26 PM, on 1/17/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Nhksrv.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\DELLMMKB.EXE
C:\Program Files\Creative\SBLive\Creative Diagnostics 2.0\DIAGENT.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Browser Mouse\mouse32a.exe
C:\Program Files\Microsoft Money\System\Money Express.exe
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\PROGRA~1\PANICW~1\POP-UP~2\PSFree.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Muiltmedia keyboard utility\1.1\KbdAp32A.exe
C:\Program Files\Netropa\OSD.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\tim hunsicker\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: CCHelper Class - {0CF0B8EE-6596-11D5-A98E-0003470BB48E} - C:\Program Files\Panicware\Pop-Up Stopper\CCHelper.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: Pa&nicware Pop-Up Stopper - {7E82235C-F31E-46CB-AF9F-1ADD94C585FF} - C:\Program Files\Panicware\Pop-Up Stopper\pstopper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\DELLMMKB.EXE
O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\Run: [DIAGENT] C:\Program Files\Creative\SBLive\Creative Diagnostics 2.0\DIAGENT.EXE startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Browser Mouse\mouse32a.exe
O4 - HKLM\..\Run: [FLMK08KB] C:\Program Files\Muiltmedia keyboard utility\1.1\MMKEYBD.EXE
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~2\PSFree.exe"
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\IEExtension.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\IEExtension.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.c.../ymmapi_416.dll
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart...ploadClient.cab
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

#11 Siggyx

Siggyx

    SuperHelper

  • Authentic Member
  • PipPipPipPipPipPip
  • 6,776 posts

Posted 17 January 2006 - 09:22 PM

Looks good, how is it running?

#12 timboxcviii

timboxcviii

    New Member

  • Authentic Member
  • Pip
  • 10 posts

Posted 19 January 2006 - 07:13 AM

It is running much faster, thanks! I haven't tried downloading anything since the ewido, etc. I want to try that and see if it is still slow. I will let you know. Again thanks for all your help, you guys do a great service! Tim

#13 Siggyx

Siggyx

    SuperHelper

  • Authentic Member
  • PipPipPipPipPipPip
  • 6,776 posts

Posted 19 January 2006 - 09:16 PM

This topic has been reopened by request of the starter of this topic. Or it has been moved to the correct forum

#14 Siggyx

Siggyx

    SuperHelper

  • Authentic Member
  • PipPipPipPipPipPip
  • 6,776 posts

Posted 19 January 2006 - 09:16 PM

Glad we could be of assistance. This topic is now closed. If you wish it reopened, please send us an email (Click for address) with a link to your thread.

Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
Make sure you use proper prevention to keep from having problems occur to your computer in the future.

Coyote's Installed programs for prevention:

http://forums.tomcoy...showtopic=31418

The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Visit the CoyoteStore http://TomCoyote.org/coyotestore.php

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users