Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93099 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Please Help ASAP: Trying to remove Morwill and Winfixers.


  • This topic is locked This topic is locked
22 replies to this topic

#1 Corpus

Corpus

    New Member

  • Authentic Member
  • Pip
  • 18 posts
  • Interests:My fiance, computers, and music.

Posted 18 February 2006 - 01:18 AM

Well I have been trying to remove these programs for awhile, and I am now getting more and more spyware and virus' added due to them being on my computer. I stumbled across this website in search for answers! YAY! I found them, but the post that I had found did not seem to relate exactly to what mine was. So I downloaded hijackthis and I do not know exactly how to use it, it is my first time using this program, and my Nortan Systemworks doesn't seem to be any help resolving alot of these issues. So here is my hijack this log. Please respond to this as soon as you can, I could really use the help.

Logfile of HijackThis v1.99.1
Scan saved at 2:05:14 AM, on 2/18/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Um9u\command.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\tcpsvcs.exe
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Creative\Shared Files\Media Sniffer\MtdAcq.EXE
C:\Program Files\Plaxo\2.5.10.17\PlaxoHelper.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\Ron\LOCALS~1\Temp\Rar$EX00.531\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...sario&pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...sario&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...sario&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.fin...siteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.cox.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer presented by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3ef6243a-eef8-4a55-adb0-d7db536867b7} - C:\WINDOWS\system32\susgptml.dll
O2 - BHO: (no name) - {59879FA4-4790-461c-A1CC-4EC4DE4CA483} - (no file)
O2 - BHO: (no name) - {5a15af88-ff01-4fae-887d-45f2e86595cd} - C:\WINDOWS\system32\susgptml.dll
O2 - BHO: (no name) - {5c0a3294-9cb0-4d45-8ad5-252500feb3e4} - C:\WINDOWS\system32\susgptml.dll
O2 - BHO: MSEvents Object - {6DD0BC06-4719-4BA3-BEBC-FBAE6A448152} - (no file)
O2 - BHO: Bho - {900CA02A-990F-4f0d-8E8E-28A3F82F08D8} - C:\WINDOWS\system32\dsbpaasq.dll
O2 - BHO: (no name) - {95d7ce24-d8de-4b9c-8235-ff48bcb71368} - C:\WINDOWS\system32\susgptml.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\system32\yoqcry.exe reg_run
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe /startup
O4 - HKLM\..\Run: [AdwareAlert] C:\Program Files\AdwareAlert\AdwareAlert.Exe -boot
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MtdAcq] C:\Program Files\Creative\Shared Files\Media Sniffer\MtdAcq.EXE /s
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.5.10.17\PlaxoHelper.exe -a
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: Norton Disk Doctor.LNK = C:\Program Files\Norton SystemWorks\Norton Utilities\NDD32.EXE
O4 - Startup: Norton System Doctor.LNK = C:\Program Files\Norton SystemWorks\Norton Utilities\SYSDOC32.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXE (file missing)
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=presario&pf=laptop
O16 - DPF: Contains -
O16 - DPF: DownloadInformation -
O16 - DPF: InstalledVersion -
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} -
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games....GamesPlugin.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Filter: text/html - (no CLSID) - (no file)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: ssqpm - C:\WINDOWS\system32\ssqpm.dll (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\Um9u\command.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: Local Security Authority Subsystem Service (lsass) - Unknown owner - C:\WINDOWS\scvhost.exe (file missing)
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
Posted Image
A thousand eyes for an eye,
Vengence is mine.

    Advertisements

Register to Remove


#2 Corpus

Corpus

    New Member

  • Authentic Member
  • Pip
  • 18 posts
  • Interests:My fiance, computers, and music.

Posted 18 February 2006 - 02:25 PM

still looking for some assistance. thanks in advance.
Posted Image
A thousand eyes for an eye,
Vengence is mine.

#3 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 26 February 2006 - 06:59 AM

Hello Corpus, welcome to the forum. Sorry about the delay in responding :( If you still need help, Scan again with HijackThis, and copy/paste" a new log file into this thread.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#4 Corpus

Corpus

    New Member

  • Authentic Member
  • Pip
  • 18 posts
  • Interests:My fiance, computers, and music.

Posted 26 February 2006 - 11:38 AM

Thanks for the reply LD here is my new Hijack This Log. I hope you can help me get rid of this problem. It's become worse now, even more groups of pop-ups are happening. Some inscest site pop-ups bizshopping, etc.

Logfile of HijackThis v1.99.1
Scan saved at 12:36:51 PM, on 2/26/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Um9u\command.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Creative\Shared Files\Media Sniffer\MtdAcq.EXE
C:\Program Files\Norton SystemWorks\Norton Utilities\SYSDOC32.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Ron\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...sario&pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...sario&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...sario&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.fin...siteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.cox.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer presented by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3ef6243a-eef8-4a55-adb0-d7db536867b7} - C:\WINDOWS\system32\susgptml.dll
O2 - BHO: (no name) - {59879FA4-4790-461c-A1CC-4EC4DE4CA483} - (no file)
O2 - BHO: (no name) - {5a15af88-ff01-4fae-887d-45f2e86595cd} - C:\WINDOWS\system32\susgptml.dll
O2 - BHO: (no name) - {5c0a3294-9cb0-4d45-8ad5-252500feb3e4} - C:\WINDOWS\system32\susgptml.dll
O2 - BHO: MSEvents Object - {6DD0BC06-4719-4BA3-BEBC-FBAE6A448152} - (no file)
O2 - BHO: Bho Class - {900CA02A-990F-4f0d-8E8E-28A3F82F08D8} - C:\WINDOWS\system32\dsbpaasq.dll
O2 - BHO: (no name) - {95d7ce24-d8de-4b9c-8235-ff48bcb71368} - C:\WINDOWS\system32\susgptml.dll
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\system32\yoqcry.exe reg_run
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe /startup
O4 - HKLM\..\Run: [AdwareAlert] C:\Program Files\AdwareAlert\AdwareAlert.Exe -boot
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MtdAcq] C:\Program Files\Creative\Shared Files\Media Sniffer\MtdAcq.EXE /s
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - Startup: Norton Disk Doctor.LNK = C:\Program Files\Norton SystemWorks\Norton Utilities\NDD32.EXE
O4 - Startup: Norton System Doctor.LNK = C:\Program Files\Norton SystemWorks\Norton Utilities\SYSDOC32.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXE (file missing)
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=presario&pf=laptop
O16 - DPF: Contains -
O16 - DPF: DownloadInformation -
O16 - DPF: InstalledVersion -
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} -
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games....GamesPlugin.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/...s/msnchat45.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Filter: text/html - (no CLSID) - (no file)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: ssqpm - C:\WINDOWS\system32\ssqpm.dll (file missing)
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\Um9u\command.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: Local Security Authority Subsystem Service (lsass) - Unknown owner - C:\WINDOWS\scvhost.exe (file missing)
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
Posted Image
A thousand eyes for an eye,
Vengence is mine.

#5 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 26 February 2006 - 11:41 AM

Download VundoFix.exe to your desktop.
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES.
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will shutdown your computer, click OK.
  • Turn your computer back on.
The ewido security suite is now known as ewido anti-malware. If additional information is needed, click A Quick Guide.
  • Please download and install ewido anti-malware v3.5. If ewido finds something that you KNOW is legitimate (watch for alerts that have the word "Heuristic" in them - these may actually be false positives) select "none" as the action. DO NOT check "Perform action with all infections." If you are unsure of an entry, select "none" for the time being.
  • When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
  • Launch ewido by double-clicking the "e" icon on your desktop.
  • The program will now go to the main screen.
  • You will need to update ewido to the latest definition files.
    • On the left hand side of the main screen click "Update".
    • Then click on "Start Update".
    • The update will begin and a progress bar will show the updates being installed. If you are having problems with the updater, click Update ewido.
    • After the update finishes, the status bar at the bottom will display "Update successful".
  • After the updates are installed, click on Scanner and select "Settings".
    • Under the bottom section "What to Scan?" select "Scan every file".
    • Select "OK" and you will return to scanning options.
  • Click on "Complete System Scan". This can take a while to complete so please be patient.
  • While the scan is in progress, you will be prompted to clean the first infected file it finds. Choose "clean", then CHECK or UNCHECK "Perform action on all infections" and click "OK". Note: You will have to watch the scan all the way through and delete items manually.
  • After the scan has completed, ewido will create a report.
  • There will be a button located on the bottom of the screen named "Save report". Click "Save report" [to your desktop].
  • Exit ewido anti-malware when done.
  • Note: ewido is a free trial product for 14 days. Since ewido is a trial version, the realtime guard and automatic update will stop functioning after 14 days (which is the reason we uncheck them during installation). You can use ewido as an on-demand scanner (recommended) but you will have to manually update the definition file each time you scan by clicking on “Update” and “Start Update”.
Please post the contents of C:\vundofix.txt, the ewido anti-malware log and a new HijackThis log.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#6 Corpus

Corpus

    New Member

  • Authentic Member
  • Pip
  • 18 posts
  • Interests:My fiance, computers, and music.

Posted 26 February 2006 - 02:00 PM

Thanks again LD, here are the logs:

Logfile of HijackThis v1.99.1
Scan saved at 2:57:11 PM, on 2/26/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Um9u\command.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Creative\Shared Files\Media Sniffer\MtdAcq.EXE
C:\Program Files\Norton SystemWorks\Norton Utilities\SYSDOC32.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Ron\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...sario&pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...sario&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...sario&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.fin...siteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.cox.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer presented by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3ef6243a-eef8-4a55-adb0-d7db536867b7} - C:\WINDOWS\system32\susgptml.dll
O2 - BHO: (no name) - {5a15af88-ff01-4fae-887d-45f2e86595cd} - C:\WINDOWS\system32\susgptml.dll
O2 - BHO: (no name) - {5c0a3294-9cb0-4d45-8ad5-252500feb3e4} - C:\WINDOWS\system32\susgptml.dll
O2 - BHO: (no name) - {95d7ce24-d8de-4b9c-8235-ff48bcb71368} - C:\WINDOWS\system32\susgptml.dll
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\system32\yoqcry.exe reg_run
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe /startup
O4 - HKLM\..\Run: [AdwareAlert] C:\Program Files\AdwareAlert\AdwareAlert.Exe -boot
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MtdAcq] C:\Program Files\Creative\Shared Files\Media Sniffer\MtdAcq.EXE /s
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - Startup: Norton Disk Doctor.LNK = C:\Program Files\Norton SystemWorks\Norton Utilities\NDD32.EXE
O4 - Startup: Norton System Doctor.LNK = C:\Program Files\Norton SystemWorks\Norton Utilities\SYSDOC32.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXE (file missing)
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=presario&pf=laptop
O16 - DPF: Contains -
O16 - DPF: DownloadInformation -
O16 - DPF: InstalledVersion -
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} -
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games....GamesPlugin.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/...s/msnchat45.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Filter: text/html - (no CLSID) - (no file)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: ssqpm - C:\WINDOWS\system32\ssqpm.dll (file missing)
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\Um9u\command.exe (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: Local Security Authority Subsystem Service (lsass) - Unknown owner - C:\WINDOWS\scvhost.exe (file missing)
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe


VundoFix V4.2.27
Scan started at 1:58:58 PM 2/26/2006

Listing files found while scanning....


C:\WINDOWS\system32\mpqss.bak1
C:\WINDOWS\system32\mpqss.bak2
C:\WINDOWS\system32\mpqss.tmp
C:\WINDOWS\system32\mpqss.ini
C:\WINDOWS\system32\mpqss.ini2
C:\WINDOWS\system32\mpqss.ini2
C:\WINDOWS\system32\mpqss.bak2
C:\WINDOWS\system32\mpqss.tmp
C:\WINDOWS\system32\mpqss.ini
C:\WINDOWS\system32\mpqss.ini2
Attempting to delete C:\WINDOWS\system32\mpqss.bak1
C:\WINDOWS\system32\mpqss.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\mpqss.bak2
C:\WINDOWS\system32\mpqss.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\mpqss.tmp
C:\WINDOWS\system32\mpqss.tmp Has been deleted!

Attempting to delete C:\WINDOWS\system32\mpqss.ini
C:\WINDOWS\system32\mpqss.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\mpqss.ini2
C:\WINDOWS\system32\mpqss.ini2 Has been deleted!

Performing Repairs to the registry.
Done!

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 2:56:14 PM, 2/26/2006
+ Report-Checksum: A9170DE5

+ Scan result:

HKLM\SOFTWARE\Classes\ADM25.ADM25 -> Adware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Classes\ADM25.ADM25\CurVer -> Adware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Classes\ADM4.ADM4 -> Adware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Classes\ADM4.ADM4\CurVer -> Adware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Classes\AppID\adm.EXE -> Adware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Classes\AppID\Altnet Signing Module.EXE -> Adware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{900CA02A-990F-4f0d-8E8E-28A3F82F08D8} -> Hijacker.MorwillSearch : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59879FA4-4790-461c-A1CC-4EC4DE4CA483} -> Adware.RXToolbar : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{900CA02A-990F-4f0d-8E8E-28A3F82F08D8} -> Hijacker.MorwillSearch : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Optimizer -> Adware.InternetOptimizer : Cleaned with backup
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{59879FA4-4790-461C-A1CC-4EC4DE4CA483} -> Adware.RXToolbar : Cleaned with backup
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6DD0BC06-4719-4BA3-BEBC-FBAE6A448152} -> Adware.Virtumonde : Cleaned with backup
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{900CA02A-990F-4F0D-8E8E-28A3F82F08D8} -> Hijacker.MorwillSearch : Cleaned with backup
HKU\S-1-5-21-1292428093-706699826-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{59879FA4-4790-461C-A1CC-4EC4DE4CA483} -> Adware.RXToolbar : Cleaned with backup
HKU\S-1-5-21-1292428093-706699826-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6DD0BC06-4719-4BA3-BEBC-FBAE6A448152} -> Adware.Virtumonde : Cleaned with backup
HKU\S-1-5-21-1292428093-706699826-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{900CA02A-990F-4F0D-8E8E-28A3F82F08D8} -> Hijacker.MorwillSearch : Cleaned with backup
HKU\S-1-5-21-1292428093-706699826-682003330-1004\Software\RX Toolbar -> Adware.RXToolbar : Cleaned with backup
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{59879FA4-4790-461C-A1CC-4EC4DE4CA483} -> Adware.RXToolbar : Cleaned with backup
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6DD0BC06-4719-4BA3-BEBC-FBAE6A448152} -> Adware.Virtumonde : Cleaned with backup
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{900CA02A-990F-4F0D-8E8E-28A3F82F08D8} -> Hijacker.MorwillSearch : Cleaned with backup
[1808] C:\WINDOWS\Um9u\command.exe -> Adware.CommAd : Cleaned with backup
[1656] C:\WINDOWS\Um9u\asappsrv.dll -> Adware.CommAd : Cleaned with backup
[220] C:\WINDOWS\Um9u\asappsrv.dll -> Adware.CommAd : Error during cleaning
[144] C:\WINDOWS\Um9u\asappsrv.dll -> Adware.CommAd : Error during cleaning
[396] C:\WINDOWS\Um9u\asappsrv.dll -> Adware.CommAd : Error during cleaning
[412] C:\WINDOWS\Um9u\asappsrv.dll -> Adware.CommAd : Error during cleaning
[448] C:\WINDOWS\Um9u\asappsrv.dll -> Adware.CommAd : Error during cleaning
[540] C:\WINDOWS\Um9u\asappsrv.dll -> Adware.CommAd : Error during cleaning
[560] C:\WINDOWS\Um9u\asappsrv.dll -> Adware.CommAd : Error during cleaning
[564] C:\WINDOWS\Um9u\asappsrv.dll -> Adware.CommAd : Error during cleaning
[760] C:\WINDOWS\Um9u\asappsrv.dll -> Adware.CommAd : Error during cleaning
[1432] C:\WINDOWS\Um9u\asappsrv.dll -> Adware.CommAd : Error during cleaning
[1180] C:\WINDOWS\Um9u\asappsrv.dll -> Adware.CommAd : Error during cleaning
[2912] C:\WINDOWS\Um9u\asappsrv.dll -> Adware.CommAd : Error during cleaning
C:\cygwid.exe -> Downloader.Small.bmx : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@atdmt[1].txt -> TrackingCookie.Atdmt : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@c.enhance[1].txt -> TrackingCookie.Enhance : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@c.goclick[1].txt -> TrackingCookie.Goclick : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@findwhat[1].txt -> TrackingCookie.Findwhat : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\0LY7KXEV\876057[1].exe -> Adware.Mirar : Cleaned with backup
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\0LY7KXEV\eeedo[1].exe/eee2.exe -> Adware.MediaMotor : Error during cleaning
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\0LY7KXEV\htwfdr[1].exe -> Downloader.Small.bmx : Cleaned with backup
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\0LY7KXEV\ibycgt[1].cab/titno.exe -> Adware.MDH : Error during cleaning
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\0LY7KXEV\NNSCAA638[1].EXE -> Adware.NewDotNet : Cleaned with backup
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\CDINS1AF\876029[1].exe -> Adware.SaveNow : Cleaned with backup
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\CDINS1AF\mtrslib2[1].js -> Downloader.Small.ag : Cleaned with backup
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\CXA7W5YZ\cygwid[1].exe -> Downloader.Small.bmx : Cleaned with backup
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\CXA7W5YZ\kcash[1].exe -> Trojan.LowZones.dk : Cleaned with backup
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\CXA7W5YZ\surv3[1].exe -> Downloader.VB.vv : Cleaned with backup
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\CXA7W5YZ\titdric[1].cab/drwst.exe -> Adware.MDH : Error during cleaning
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\STE3GPA7\drsmartload_js[1].htm -> Downloader.IstBar.j : Cleaned with backup
C:\Documents and Settings\Nikki\Cookies\nikki@247realmedia[1].txt -> TrackingCookie.247realmedia : Cleaned with backup
C:\Documents and Settings\Nikki\Cookies\nikki@2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Nikki\Cookies\nikki@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Nikki\Cookies\nikki@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : Cleaned with backup
C:\Documents and Settings\Nikki\Cookies\nikki@adopt.specificclick[1].txt -> TrackingCookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Nikki\Cookies\nikki@adrevolver[1].txt -> TrackingCookie.Adrevolver : Cleaned with backup
C:\Documents and Settings\Nikki\Cookies\nikki@ads.addynamix[1].txt -> TrackingCookie.Addynamix : Cleaned with backup
C:\Documents and Settings\Nikki\Cookies\nikki@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Cleaned with backup
C:\Documents and Settings\Nikki\Cookies\nikki@ads.realcastmedia[1].txt -> TrackingCookie.Realcastmedia : Cleaned with backup
C:\Documents and Settings\Nikki\Cookies\nikki@advertising[1].txt -> TrackingCookie.Advertising : Cleaned with backup
C:\Documents and Settings\Nikki\Cookies\nikki@adviva[2].txt -> TrackingCookie.Adviva : Cleaned with backup
C:\Documents and Settings\Nikki\Cookies\nikki@anat.tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup
C:\Documents and Settings\Nikki\Cookies\nikki@as-eu.falkag[2].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\Documents and Settings\Nikki\Cookies\nikki@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Nikki\Cookies\nikki@bfast[1].txt -> TrackingCookie.Bfast : Cleaned with backup
C:\Documents and Settings\Nikki\Cookies\nikki@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned with backup
C:\Documents and Settings\Nikki\Cookies\nikki@burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Nikki\Cookies\nikki@c.goclick[1].txt -> TrackingCookie.Goclick : Cleaned with backup
C:\Documents and Settings\Nikki\Cookies\nikki@c5.zedo[1].txt -> TrackingCookie.Zedo : Cleaned with backup
C:\Documents and Settings\Nikki\Cookies\nikki@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\Nikki\Cookies\nikki@centrport[2].txt -> TrackingCookie.Centrport : Cleaned with backup
C:\Documents and Settings\Nikki\Cookies\nikki@citi.bridgetrack[1].txt -> TrackingCookie.Bridgetrack : Cleaned with backup
C:\Documents and Settings\Nikki\Cookies\nikki@com[2].txt -> TrackingCookie.Com : Cleaned with backup
C:\Documents and Settings\Nikki\Cookies\nikki@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned with backup
C:\Documents and Settings\Nikki\Cookies\nikki@cz3.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned with backup
C:\Documents and Settings\Nikki\Cookies\nikki@data1.perf.overture[2].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\Nikki\Cookies\nikki@data2.perf.overture[2].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\Nikki\Cookies\nikki@dbbsrv[1].txt -> TrackingCookie.Dbbsrv : Cleaned with backup
C:\Documents and Settings\Nikki\Cookies\nikki@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Nikki\Cookies\nikki@e-2dj6wfk4ahcjgdo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Nikki\Cookies\nikki@e-2dj6wfk4cmc5kcq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Nikki\Cookies\nikki@e-2dj6wfk4qiczsgo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Nikki\Cookies\nikki@e-2dj6wfk4qkczwfo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Nikki\Cookies\nikki@e-2dj6wfk4ukcpeao.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Nikki\Cookies\nikki@e-2dj6wfkieldpifp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Nikki\Cookies\nikki@e-2dj6wfkiepczgbp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Nikki\Cookies\nikki@e-2dj6wfkikicjgbo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Nikki\Cookies\nikki@e-2dj6wfkioncjwao.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Nikki\Cookies\nikki@e-2dj6wfkiqhazkdo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Nikki\Cookies\nikki@e-2dj6wfkiqhdzkdq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Nikki\Cookies\nikki@e-2dj6wfkiqocjckp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Nikki\Cookies\nikki@e-2dj6wfkoepdzibp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Nikki\Cookies\nikki@e-2dj6wfkosgcpahp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Nikki\Cookies\nikki@e-2dj6wfkouidjeko.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Nikki\Cookies\nikki@e-2dj6wfkycodzkaq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Nikki\Cookies\nikki@e-2dj6wfl4gidpigp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Nikki\Cookies\nikki@e-2dj6wflicmajoco.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Nikki\Cookies\nikki@e-2dj6wfligjczelo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Nikki\Cookies\nikki@e-2dj6wflioodpagp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Nikki\Cookies\nikki@e-2dj6wfliskcjmkp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Nikki\Cookies\nikki@e-2dj6wfloamcjwdo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Nikki\Cookies\nikki@e-2dj6wflocgajgcq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Nikki\Cookies\nikki@e-2dj6wgkield5gap.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Nikki\Cookies\nikki@e-2dj6wgkoaoczogp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Nikki\Cookies\nikki@e-2dj6wgkowmcjgfq.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Nikki\Cookies\nikki@e-2dj6wgkyuhajaho.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Nikki\Cookies\nikki@e-2dj6wjk4cld5wep.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Nikki\Cookies\nikki@e-2dj6wjk4eocjkcp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Nikki\Cookies\nikki@e-2dj6wjk4glc5gap.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Nikki\Cookies\nikki@e-2dj6wjk4khajeap.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Nikki\Cookies\nikki@e-2dj6wjk4kncjebo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Nikki\Cookies\nikki@e-2dj6wjk4qkd5gco.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Nikki\Cookies\nikki@e-2dj6wjkoeiazmfq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Nikki\Cookies\nikki@e-2dj6wjkoekazalo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Nikki\Cookies\nikki@e-2dj6wjkoekc5kao.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Nikki\Cookies\nikki@e-2dj6wjkosjajsgp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Nikki\Cookies\nikki@e-2dj6wjkoskdpklo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Nikki\Cookies\nikki@e-2dj6wjkougd5odo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Nikki\Cookies\nikki@e-2dj6wjkychd5mcp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Nikki\Cookies\nikki@e-2dj6wjkyekajoeq.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Nikki\Cookies\nikki@e-2dj6wjkyomazgfo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Nikki\Cookies\nikki@e-2dj6wjkyooajmko.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Nikki\Cookies\nikki@e-2dj6wjkyundpkeq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Nikki\Cookies\nikki@e-2dj6wjl4cicpmlp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Nikki\Cookies\nikki@e-2dj6wjl4ohcpoep.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Nikki\Cookies\nikki@e-2dj6wjl4ojd5igo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Nikki\Cookies\nikki@e-2dj6wjl4omcjgko.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Nikki\Cookies\nikki@e-2dj6wjliciazmeo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Nikki\Cookies\nikki@e-2dj6wjlieidzaaq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Nikki\Cookies\nikki@e-2dj6wjlikjczmfq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Nikki\Cookies\nikki@e-2dj6wjliugdjwcq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Nikki\Cookies\nikki@e-2dj6wjliuhd5maq.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Nikki\Cookies\nikki@e-2dj6wjlociazkhp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Nikki\Cookies\nikki@e-2dj6wjlockc5mep.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Nikki\Cookies\nikki@e-2dj6wjloclajeeo.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Nikki\Cookies\nikki@e-2dj6wjlooocjkcq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Nikki\Cookies\nikki@e-2dj6wjlyalcpcfo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Nikki\Cookies\nikki@e-2dj6wjlygndpsco.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Nikki\Cookies\nikki@e-2dj6wjlykicpscp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Nikki\Cookies\nikki@e-2dj6wjmianajado.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Nikki\Cookies\nikki@e-2dj6wjmikkdjefo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Nikki\Cookies\nikki@e-2dj6wjmiulczado.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Nikki\Cookies\nikki@e-2dj6wjmiuoc5sep.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Nikki\Cookies\nikki@e-2dj6wjmyklcjcbo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Nikki\Cookies\nikki@e-2dj6wjmyoiazkeo.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Nikki\Cookies\nikki@e-2dj6wjmyoicjgkp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Nikki\Cookies\nikki@e-2dj6wjmysjdpweo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Nikki\Cookies\nikki@e-2dj6wjny-1gajsf.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Nikki\Cookies\nikki@e-2dj6wjny-1idzkg.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Nikki\Cookies\nikki@e-2dj6wjny-1lcjek.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Nikki\Cookies\nikki@e-2dj6wjny-1oajah.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Nikki\Cookies\nikki@e-2dj6wjny-1sdzia.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Nikki\Cookies\nikki@e-2dj6wjnyggajilp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Nikki\Cookies\nikki@e-2dj6wjnyggajmlo.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Nikki\Cookies\nikki@e-2dj6wjnyqlajecp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Nikki\Cookies\nikki@e-2dj6wjnyqpazwao.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Nikki\Cookies\nikki@e-2dj6wjnyupdzkfo.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Nikki\Cookies\nikki@e-2dj6wjnywocpodo.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Nikki\Cookies\nikki@e-2dj6wjnywoczmkp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Nikki\Cookies\nikki@edge.ru4[2].txt -> TrackingCookie.Ru4 : Cleaned with backup
C:\Documents and Settings\Nikki\Cookies\nikki@ehg-chicos.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Nikki\Cookies\nikki@ehg-coastalcontacts.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Nikki\Cookies\nikki@ehg-commjun.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Nikki\Cookies\nikki@ehg-darden.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Nikki\Cookies\nikki@ehg.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Nikki\Cookies\nikki@entrepreneur.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Nikki\Cookies\nikki@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Nikki\Cookies\nikki@fl01.ct2.comclick[1].txt -> TrackingCookie.Comclick : Cleaned with backup
C:\Documents and Settings\Nikki\Cookies\nikki@hg1.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Nikki\Cookies\nikki@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Nikki\Cookies\nikki@linksynergy[1].txt -> TrackingCookie.Linksynergy : Cleaned with backup
C:\Documents and Settings\Nikki\Cookies\nikki@mediaplex[2].txt -> TrackingCookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\Nikki\Cookies\nikki@need2find[2].txt -> TrackingCookie.Need2find : Cleaned with backup
C:\Documents and Settings\Nikki\Cookies\nikki@overture[2].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\Nikki\Cookies\nikki@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Nikki\Cookies\nikki@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\Nikki\Cookies\nikki@phg.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Nikki\Cookies\nikki@qksrv[1].txt -> TrackingCookie.Qksrv : Cleaned with backup
C:\Documents and Settings\Nikki\Cookies\nikki@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Nikki\Cookies\nikki@reduxads.valuead[1].txt -> TrackingCookie.Valuead : Cleaned with backup
C:\Documents and Settings\Nikki\Cookies\nikki@revenue[2].txt -> TrackingCookie.Revenue : Cleaned with backup
C:\Documents and Settings\Nikki\Cookies\nikki@sales.liveperson[1].txt -> TrackingCookie.Liveperson : Cleaned with backup
C:\Documents and Settings\Nikki\Cookies\nikki@sel.as-us.falkag[2].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\Documents and Settings\Nikki\Cookies\nikki@server.iad.liveperson[1].txt -> TrackingCookie.Liveperson : Cleaned with backup
C:\Documents and Settings\Nikki\Cookies\nikki@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\Nikki\Cookies\nikki@spylog[1].txt -> TrackingCookie.Spylog : Cleaned with backup
C:\Documents and Settings\Nikki\Cookies\nikki@starware[2].txt -> TrackingCookie.Starware : Cleaned with backup
C:\Documents and Settings\Nikki\Cookies\nikki@statcounter[1].txt -> TrackingCookie.Statcounter : Cleaned with backup
C:\Documents and Settings\Nikki\Cookies\nikki@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Cleaned with backup
C:\Documents and Settings\Nikki\Cookies\nikki@statse.webtrendslive[1].txt -> TrackingCookie.Webtrendslive : Cleaned with backup
C:\Documents and Settings\Nikki\Cookies\nikki@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup
C:\Documents and Settings\Nikki\Cookies\nikki@targetnet[2].txt -> TrackingCookie.Targetnet : Cleaned with backup
C:\Documents and Settings\Nikki\Cookies\nikki@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Cleaned with backup
C:\Documents and Settings\Nikki\Cookies\nikki@trafficmp[2].txt -> TrackingCookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\Nikki\Cookies\nikki@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\Nikki\Cookies\nikki@twci.coremetrics[1].txt -> TrackingCookie.Coremetrics : Cleaned with backup
C:\Documents and Settings\Nikki\Cookies\nikki@valuead[2].txt -> TrackingCookie.Valuead : Cleaned with backup
C:\Documents and Settings\Nikki\Cookies\nikki@valueclick[2].txt -> TrackingCookie.Valueclick : Cleaned with backup
C:\Documents and Settings\Nikki\Cookies\nikki@www.burstbeacon[2].txt -> TrackingCookie.Burstbeacon : Cleaned with backup
C:\Documents and Settings\Nikki\Cookies\nikki@www.cj[1].txt -> TrackingCookie.Cj : Cleaned with backup
C:\Documents and Settings\Nikki\Cookies\nikki@yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Nikki\Cookies\nikki@z1.adserver[1].txt -> TrackingCookie.Adserver : Cleaned with backup
C:\Documents and Settings\Nikki\Cookies\nikki@zedo[2].txt -> TrackingCookie.Zedo : Cleaned with backup
C:\Documents and Settings\Ron\Cookies\ron@2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Ron\Cookies\ron@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Ron\Cookies\ron@adrevolver[2].txt -> TrackingCookie.Adrevolver : Cleaned with backup
C:\Documents and Settings\Ron\Cookies\ron@ads.addynamix[1].txt -> TrackingCookie.Addynamix : Cleaned with backup
C:\Documents and Settings\Ron\Cookies\ron@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Cleaned with backup
C:\Documents and Settings\Ron\Cookies\ron@advertising[2].txt -> TrackingCookie.Advertising : Cleaned with backup
C:\Documents and Settings\Ron\Cookies\ron@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Ron\Cookies\ron@c5.zedo[1].txt -> TrackingCookie.Zedo : Cleaned with backup
C:\Documents and Settings\Ron\Cookies\ron@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\Ron\Cookies\ron@citi.bridgetrack[1].txt -> TrackingCookie.Bridgetrack : Cleaned with backup
C:\Documents and Settings\Ron\Cookies\ron@data1.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\Ron\Cookies\ron@data4.perf.overture[2].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\Ron\Cookies\ron@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Ron\Cookies\ron@edge.ru4[2].txt -> TrackingCookie.Ru4 : Cleaned with backup
C:\Documents and Settings\Ron\Cookies\ron@ehg-comcast.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Ron\Cookies\ron@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Ron\Cookies\ron@media.fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Ron\Cookies\ron@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\Ron\Cookies\ron@overture[2].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\Ron\Cookies\ron@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\Ron\Cookies\ron@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Ron\Cookies\ron@revenue[2].txt -> TrackingCookie.Revenue : Cleaned with backup
C:\Documents and Settings\Ron\Cookies\ron@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Cleaned with backup
C:\Documents and Settings\Ron\Cookies\ron@trafficmp[1].txt -> TrackingCookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\Ron\Cookies\ron@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\Ron\Cookies\ron@valueclick[1].txt -> TrackingCookie.Valueclick : Cleaned with backup
C:\Documents and Settings\Ron\Cookies\ron@z1.adserver[1].txt -> TrackingCookie.Adserver : Cleaned with backup
C:\Documents and Settings\Ron\Cookies\ron@zedo[2].txt -> TrackingCookie.Zedo : Cleaned with backup
C:\Documents and Settings\Ron\Local Settings\Temp\asmfiles.cab/asm.exe -> Adware.Altnet : Error during cleaning
C:\Documents and Settings\Ron\Local Settings\Temp\asmfiles.cab/asmps.dll -> Adware.Altnet : Error during cleaning
C:\Documents and Settings\Ron\Local Settings\Temp\Cookies\ron@2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Ron\Local Settings\Temp\Cookies\ron@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Ron\Local Settings\Temp\Cookies\ron@adrevolver[2].txt -> TrackingCookie.Adrevolver : Cleaned with backup
C:\Documents and Settings\Ron\Local Settings\Temp\Cookies\ron@advertising[1].txt -> TrackingCookie.Advertising : Cleaned with backup
C:\Documents and Settings\Ron\Local Settings\Temp\Cookies\ron@as-us.falkag[2].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\Documents and Settings\Ron\Local Settings\Temp\Cookies\ron@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Ron\Local Settings\Temp\Cookies\ron@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\Ron\Local Settings\Temp\Cookies\ron@citi.bridgetrack[1].txt -> TrackingCookie.Bridgetrack : Cleaned with backup
C:\Documents and Settings\Ron\Local Settings\Temp\Cookies\ron@counter13.sextracker[1].txt -> TrackingCookie.Sextracker : Cleaned with backup
C:\Documents and Settings\Ron\Local Settings\Temp\Cookies\ron@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Cleaned with backup
C:\Documents and Settings\Ron\Local Settings\Temp\Cookies\ron@doubleclick[2].txt -> TrackingCookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Ron\Local Settings\Temp\Cookies\ron@edge.ru4[2].txt -> TrackingCookie.Ru4 : Cleaned with backup
C:\Documents and Settings\Ron\Local Settings\Temp\Cookies\ron@ehg-comcast.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Ron\Local Settings\Temp\Cookies\ron@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Ron\Local Settings\Temp\Cookies\ron@paycounter[2].txt -> TrackingCookie.Paycounter : Cleaned with backup
C:\Documents and Settings\Ron\Local Settings\Temp\Cookies\ron@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Ron\Local Settings\Temp\Cookies\ron@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\Ron\Local Settings\Temp\Cookies\ron@sextracker[2].txt -> TrackingCookie.Sextracker : Cleaned with backup
C:\Documents and Settings\Ron\Local Settings\Temp\Cookies\ron@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Cleaned with backup
C:\Documents and Settings\Ron\Local Settings\Temp\Cookies\ron@trafficmp[1].txt -> TrackingCookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\Ron\Local Settings\Temp\Cookies\ron@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\Ron\Local Settings\Temp\Cookies\ron@valueclick[2].txt -> TrackingCookie.Valueclick : Cleaned with backup
C:\Documents and Settings\Ron\Local Settings\Temp\Cookies\ron@xxxcounter[1].txt -> TrackingCookie.Xxxcounter : Cleaned with backup
C:\Documents and Settings\Ron\Local Settings\Temp\Cookies\ron@z1.adserver[1].txt -> TrackingCookie.Adserver : Cleaned with backup
C:\Documents and Settings\Ron\Local Settings\Temp\Cookies\ron@zedo[1].txt -> TrackingCookie.Zedo : Cleaned with backup
C:\Documents and Settings\Ron\Local Settings\Temp\__unin__.exe -> Adware.Altnet : Cleaned with backup
C:\kc.exe -> Trojan.LowZones.dk : Cleaned with backup
C:\NNSCAA638.EXE -> Adware.NewDotNet : Cleaned with backup
C:\Program Files\Common Files\WinSoftware\FCrXML.dll -> Adware.Winfixer : Cleaned with backup
C:\Program Files\INSTAFINK -> Adware.404Search : Cleaned with backup
C:\Program Files\Internet Optimizer -> Adware.InternetOptimizer : Cleaned with backup
C:\Program Files\Network Monitor\netmon.exe -> Not-A-Virus.Monitor.Win32.NetMon.a : Cleaned with backup
C:\Program Files\NewDotNet -> Adware.NewDotNet : Cleaned with backup
C:\Program Files\NewDotNet\newdotnet6_38.dll -> Adware.NewDotNet : Cleaned with backup
C:\Program Files\NewDotNet\uninstall6_38.exe -> Adware.NewDotNet : Cleaned with backup
C:\Program Files\RXToolBar -> Adware.RXToolbar : Cleaned with backup
C:\Program Files\RXToolBar\CacheCatolog.rx -> Adware.RXToolbar : Cleaned with backup
C:\RECYCLER\NPROTECT\00089989.TXT -> TrackingCookie.Advertising : Cleaned with backup
C:\RECYCLER\NPROTECT\00089990.TXT -> TrackingCookie.Advertising : Cleaned with backup
C:\RECYCLER\NPROTECT\00090107.TXT -> TrackingCookie.Goclick : Cleaned with backup
C:\RECYCLER\NPROTECT\00090286.TXT -> TrackingCookie.2o7 : Cleaned with backup
C:\RECYCLER\NPROTECT\00090290.TXT -> TrackingCookie.Advertising : Cleaned with backup
C:\RECYCLER\NPROTECT\00090291.TXT -> TrackingCookie.Advertising : Cleaned with backup
C:\RECYCLER\NPROTECT\00090292.TXT -> TrackingCookie.Advertising : Cleaned with backup
C:\RECYCLER\NPROTECT\00090295.TXT -> TrackingCookie.Advertising : Cleaned with backup
C:\RECYCLER\NPROTECT\00090301.TXT -> TrackingCookie.Advertising : Cleaned with backup
C:\RECYCLER\NPROTECT\00090303.TXT -> TrackingCookie.Advertising : Cleaned with backup
C:\RECYCLER\NPROTECT\00090304.TXT -> TrackingCookie.Advertising : Cleaned with backup
C:\RECYCLER\NPROTECT\00090309.TXT -> TrackingCookie.Casalemedia : Cleaned with backup
C:\RECYCLER\NPROTECT\00090311.TXT -> TrackingCookie.Casalemedia : Cleaned with backup
C:\RECYCLER\NPROTECT\00090313.TXT -> TrackingCookie.Casalemedia : Cleaned with backup
C:\RECYCLER\NPROTECT\00090316.TXT -> TrackingCookie.Casalemedia : Cleaned with backup
C:\RECYCLER\NPROTECT\00090317.TXT -> TrackingCookie.Casalemedia : Cleaned with backup
C:\RECYCLER\NPROTECT\00090318.TXT -> TrackingCookie.Casalemedia : Cleaned with backup
C:\RECYCLER\NPROTECT\00090323.TXT -> TrackingCookie.Advertising : Cleaned with backup
C:\RECYCLER\NPROTECT\00090324.TXT -> TrackingCookie.Advertising : Cleaned with backup
C:\RECYCLER\NPROTECT\00090325.TXT -> TrackingCookie.Advertising : Cleaned with backup
C:\RECYCLER\NPROTECT\00090326.TXT -> TrackingCookie.Advertising : Cleaned with backup
C:\RECYCLER\NPROTECT\00090328.TXT -> TrackingCookie.Advertising : Cleaned with backup
C:\RECYCLER\NPROTECT\00090329.TXT -> TrackingCookie.Advertising : Cleaned with backup
C:\RECYCLER\NPROTECT\00090332.TXT -> TrackingCookie.Advertising : Cleaned with backup
C:\RECYCLER\NPROTECT\00090334.TXT -> TrackingCookie.Advertising : Cleaned with backup
C:\RECYCLER\NPROTECT\00090338.TXT -> TrackingCookie.Advertising : Cleaned with backup
C:\RECYCLER\NPROTECT\00090339.TXT -> TrackingCookie.Advertising : Cleaned with backup
C:\RECYCLER\NPROTECT\00090341.TXT -> TrackingCookie.Advertising : Cleaned with backup
C:\RECYCLER\NPROTECT\00090342.TXT -> TrackingCookie.Advertising : Cleaned with backup
C:\RECYCLER\NPROTECT\00090346.TXT -> TrackingCookie.Advertising : Cleaned with backup
C:\RECYCLER\NPROTECT\00090347.TXT -> TrackingCookie.Advertising : Cleaned with backup
C:\RECYCLER\NPROTECT\00090349.TXT -> TrackingCookie.Advertising : Cleaned with backup
C:\RECYCLER\NPROTECT\00090350.TXT -> TrackingCookie.Advertising : Cleaned with backup
C:\RECYCLER\NPROTECT\00090352.TXT -> TrackingCookie.Questionmarket : Cleaned with backup
C:\RECYCLER\NPROTECT\00090353.TXT -> TrackingCookie.Casalemedia : Cleaned with backup
C:\RECYCLER\NPROTECT\00090357.TXT -> TrackingCookie.Casalemedia : Cleaned with backup
C:\RECYCLER\NPROTECT\00090358.TXT -> TrackingCookie.Casalemedia : Cleaned with backup
C:\RECYCLER\NPROTECT\00090359.TXT -> TrackingCookie.Casalemedia : Cleaned with backup
C:\RECYCLER\NPROTECT\00090363.TXT -> TrackingCookie.2o7 : Cleaned with backup
C:\RECYCLER\NPROTECT\00090364.TXT -> TrackingCookie.2o7 : Cleaned with backup
C:\RECYCLER\NPROTECT\00090367.TXT -> TrackingCookie.Ru4 : Cleaned with backup
C:\RECYCLER\NPROTECT\00090368.TXT -> TrackingCookie.Ru4 : Cleaned with backup
C:\RECYCLER\NPROTECT\00090369.TXT -> TrackingCookie.Ru4 : Cleaned with backup
C:\RECYCLER\NPROTECT\00090370.TXT -> TrackingCookie.Ru4 : Cleaned with backup
C:\RECYCLER\NPROTECT\00090380.TXT -> TrackingCookie.2o7 : Cleaned with backup
C:\RECYCLER\NPROTECT\00090381.TXT -> TrackingCookie.2o7 : Cleaned with backup
C:\RECYCLER\NPROTECT\00090382.TXT -> TrackingCookie.Ru4 : Cleaned with backup
C:\RECYCLER\NPROTECT\00090383.TXT -> TrackingCookie.Ru4 : Cleaned with backup
C:\RECYCLER\NPROTECT\00090384.TXT -> TrackingCookie.Ru4 : Cleaned with backup
C:\RECYCLER\NPROTECT\00090385.TXT -> TrackingCookie.Ru4 : Cleaned with backup
C:\RECYCLER\NPROTECT\00090393.TXT -> TrackingCookie.2o7 : Cleaned with backup
C:\RECYCLER\NPROTECT\00090394.TXT -> TrackingCookie.2o7 : Cleaned with backup
C:\RECYCLER\NPROTECT\00090395.TXT -> TrackingCookie.2o7 : Cleaned with backup
C:\RECYCLER\NPROTECT\00090396.TXT -> TrackingCookie.2o7 : Cleaned with backup
C:\RECYCLER\NPROTECT\00090397.TXT -> TrackingCookie.Advertising : Cleaned with backup
C:\RECYCLER\NPROTECT\00090398.TXT -> TrackingCookie.2o7 : Cleaned with backup
C:\RECYCLER\NPROTECT\00090399.TXT -> TrackingCookie.2o7 : Cleaned with backup
C:\RECYCLER\NPROTECT\00090400.TXT -> TrackingCookie.2o7 : Cleaned with backup
C:\RECYCLER\NPROTECT\00090401.TXT -> TrackingCookie.2o7 : Cleaned with backup
C:\RECYCLER\NPROTECT\00090402.TXT -> TrackingCookie.2o7 : Cleaned with backup
C:\RECYCLER\NPROTECT\00090403.TXT -> TrackingCookie.2o7 : Cleaned with backup
C:\RECYCLER\NPROTECT\00090409.TXT -> TrackingCookie.2o7 : Cleaned with backup
C:\RECYCLER\NPROTECT\00090410.TXT -> TrackingCookie.2o7 : Cleaned with backup
C:\RECYCLER\NPROTECT\00090411.TXT -> TrackingCookie.Advertising : Cleaned with backup
C:\RECYCLER\NPROTECT\00090412.TXT -> TrackingCookie.Advertising : Cleaned with backup
C:\RECYCLER\NPROTECT\00090416.TXT -> TrackingCookie.Trafficmp : Cleaned with backup
C:\RECYCLER\NPROTECT\00090417.TXT -> TrackingCookie.Trafficmp : Cleaned with backup
C:\RECYCLER\NPROTECT\00090418.TXT -> TrackingCookie.Trafficmp : Cleaned with backup
C:\RECYCLER\NPROTECT\00090419.TXT -> TrackingCookie.Trafficmp : Cleaned with backup
C:\RECYCLER\NPROTECT\00090425.TXT -> TrackingCookie.Advertising : Cleaned with backup
C:\RECYCLER\NPROTECT\00090426.TXT -> TrackingCookie.Advertising : Cleaned with backup
C:\RECYCLER\NPROTECT\00090427.TXT -> TrackingCookie.Trafficmp : Cleaned with backup
C:\RECYCLER\NPROTECT\00090428.TXT -> TrackingCookie.Trafficmp : Cleaned with backup
C:\RECYCLER\NPROTECT\00090429.TXT -> TrackingCookie.Trafficmp : Cleaned with backup
C:\RECYCLER\NPROTECT\00090430.TXT -> TrackingCookie.Trafficmp : Cleaned with backup
C:\RECYCLER\NPROTECT\00090433.TXT -> TrackingCookie.Casalemedia : Cleaned with backup
C:\RECYCLER\NPROTECT\00090434.TXT -> TrackingCookie.Casalemedia : Cleaned with backup
C:\RECYCLER\NPROTECT\00090435.TXT -> TrackingCookie.Casalemedia : Cleaned with backup
C:\RECYCLER\NPROTECT\00090438.TXT -> TrackingCookie.Adrevolver : Cleaned with backup
C:\RECYCLER\NPROTECT\00090441.TXT -> TrackingCookie.Advertising : Cleaned with backup
C:\RECYCLER\NPROTECT\00090445.TXT -> TrackingCookie.Casalemedia : Cleaned with backup
C:\RECYCLER\NPROTECT\00090446.TXT -> TrackingCookie.Casalemedia : Cleaned with backup
C:\RECYCLER\NPROTECT\00090447.TXT -> TrackingCookie.Casalemedia : Cleaned with backup
C:\RECYCLER\NPROTECT\00090448.TXT -> TrackingCookie.Adrevolver : Cleaned with backup
C:\RECYCLER\NPROTECT\00090451.TXT -> TrackingCookie.Advertising : Cleaned with backup
C:\RECYCLER\NPROTECT\00090452.TXT -> TrackingCookie.Advertising : Cleaned with backup
C:\RECYCLER\NPROTECT\00090454.TXT -> TrackingCookie.Adrevolver : Cleaned with backup
C:\RECYCLER\NPROTECT\00090457.TXT -> TrackingCookie.Casalemedia : Cleaned with backup
C:\RECYCLER\NPROTECT\00090458.TXT -> TrackingCookie.Casalemedia : Cleaned with backup
C:\RECYCLER\NPROTECT\00090459.TXT -> TrackingCookie.Casalemedia : Cleaned with backup
C:\RECYCLER\NPROTECT\00090460.TXT -> TrackingCookie.Casalemedia : Cleaned with backup
C:\RECYCLER\NPROTECT\00090461.TXT -> TrackingCookie.Casalemedia : Cleaned with backup
C:\RECYCLER\NPROTECT\00090462.TXT -> TrackingCookie.Casalemedia : Cleaned with backup
C:\RECYCLER\NPROTECT\00090464.TXT -> TrackingCookie.Advertising : Cleaned with backup
C:\RECYCLER\NPROTECT\00090465.TXT -> TrackingCookie.2o7 : Cleaned with backup
C:\RECYCLER\NPROTECT\00090467.TXT -> TrackingCooki
Posted Image
A thousand eyes for an eye,
Vengence is mine.

#7 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 26 February 2006 - 02:22 PM

I suggest you do this:

Double-click My Computer.
Click the Tools menu, and then click Folder Options.
Click the View tab.
Clear "Hide file extensions for known file types."
Under the "Hidden files" folder, select "Show hidden files and folders."
Clear "Hide protected operating system files."
Click Apply, and then click OK.


Please do not delete anything unless instructed to.


Use Add/Remove Programs and remove: If listed.
AdwareAlert



Run hijackthis. Hit None of the above, Click Do a System Scan Only. Put a Check in the box on the left side on these:

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.fin...siteyouneed.com

R3 - Default URLSearchHook is missing

O2 - BHO: (no name) - {3ef6243a-eef8-4a55-adb0-d7db536867b7} - C:\WINDOWS\system32\susgptml.dll
O2 - BHO: (no name) - {5a15af88-ff01-4fae-887d-45f2e86595cd} - C:\WINDOWS\system32\susgptml.dll
O2 - BHO: (no name) - {5c0a3294-9cb0-4d45-8ad5-252500feb3e4} - C:\WINDOWS\system32\susgptml.dll
O2 - BHO: (no name) - {95d7ce24-d8de-4b9c-8235-ff48bcb71368} - C:\WINDOWS\system32\susgptml.dll

O4 - HKLM\..\Run: [winsync] C:\WINDOWS\system32\yoqcry.exe reg_run
O4 - HKLM\..\Run: [AdwareAlert] C:\Program Files\AdwareAlert\AdwareAlert.Exe -boot

O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=presario&pf=laptop

O16 - DPF: Contains -
O16 - DPF: DownloadInformation -
O16 - DPF: InstalledVersion -

O18 - Filter: text/html - (no CLSID) - (no file)

O20 - Winlogon Notify: ssqpm - C:\WINDOWS\system32\ssqpm.dll (file missing)


Close ALL windows and browsers except HijackThis and click "Fix checked"


Delete these Files if listed:
C:\WINDOWS\system32\yoqcry.exe
C:\WINDOWS\system32\ssqpm.dll



Please download ATF Cleaner by Atribune.
Download - ATF Cleaner»
This program is for XP and Windows 2000 only
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

Reboot and "copy/paste" a new HijackThis log file into this thread.

Also please describe how your computer behaves at the moment.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#8 Corpus

Corpus

    New Member

  • Authentic Member
  • Pip
  • 18 posts
  • Interests:My fiance, computers, and music.

Posted 26 February 2006 - 02:42 PM

Thanks alot LD the morwill search pop-ups are gone, however now my computer is lagging quite a bit on starting up, and it takes about 5 minutes to register that I have opened internet explorer, as well as my aol instant messenger and what not. Even when I opened Hijack This! it took some time to register, but once everything was done loading up it all runs and opens smoothly now without any lag. Here is my new Hijack This! log.

Logfile of HijackThis v1.99.1
Scan saved at 3:38:43 PM, on 2/26/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Creative\Shared Files\Media Sniffer\MtdAcq.EXE
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\SYSDOC32.EXE
C:\WINDOWS\system32\tcpsvcs.exe
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Ron\Desktop\hijackthis\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...sario&pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...sario&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...sario&pf=laptop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.cox.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer presented by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe /startup
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MtdAcq] C:\Program Files\Creative\Shared Files\Media Sniffer\MtdAcq.EXE /s
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - Startup: Norton Disk Doctor.LNK = C:\Program Files\Norton SystemWorks\Norton Utilities\NDD32.EXE
O4 - Startup: Norton System Doctor.LNK = C:\Program Files\Norton SystemWorks\Norton Utilities\SYSDOC32.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXE (file missing)
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} -
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games....GamesPlugin.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/...s/msnchat45.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\Um9u\command.exe (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: Local Security Authority Subsystem Service (lsass) - Unknown owner - C:\WINDOWS\scvhost.exe (file missing)
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
Posted Image
A thousand eyes for an eye,
Vengence is mine.

#9 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 26 February 2006 - 02:56 PM

I suggest you do this:

Please do not delete anything unless instructed to.


Go to Start > Run and type in Services.msc then click OK

Click the Extended tab.

Scroll down until you find Command Service (cmdService)

Click once on the service to highlight it.

Click Stop

Right-Click on the service.

Click on 'Properties'

Select the 'General' tab

Click the Arrow-down tab on the right-hand side on the 'Start-up Type' box

From the drop-down menu, click on 'Disabled'

Click the 'Apply' tab, then click 'OK'

The service is now stopped and disabled.

Do the same as above for this one:
Local Security Authority Subsystem Service (lsass)



Run hijackthis. Hit None of the above, Click Do a System Scan Only. Put a Check in the box on the left side on these:

O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\Um9u\command.exe (file missing)

O23 - Service: Local Security Authority Subsystem Service (lsass) - Unknown owner - C:\WINDOWS\scvhost.exe (file missing)


Close ALL windows and browsers except HijackThis and click "Fix checked"




Boot into Safe Mode.
Windows 2000, XP:
1. Restart the computer
2. Watch the screen while it is black. After the BIOS memory check is done, start tapping the F8 key. If done right, the Windows Advanced Options Menu will appear.
3. Select Safe Mode from the menu. Starting Windows in Safe Mode may take several minutes

I am going to have you remove these bogus services by doing the following:
Click Start-> Run and type cmd in the Open: line. Click OK.
* Type or paste in the following in bold: sc delete cmdService
* Hit Enter
* Type: Exit
* Hit Enter

Click Start-> Run and type cmd in the Open: line. Click OK.
* Type or paste in the following in bold: sc delete lsass
* Hit Enter
* Type: Exit
* Hit Enter

Delete these Files if listed only from these locations:
C:\WINDOWS\Um9u\command.exe
C:\WINDOWS\scvhost.exe

Delete this Folder:
C:\WINDOWS\Um9u


Please download ATF Cleaner by Atribune.
Download - ATF Cleaner»
This program is for XP and Windows 2000 only
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

Reboot and "copy/paste" a new HijackThis log file into this thread.

Also please describe how your computer behaves at the moment.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#10 Corpus

Corpus

    New Member

  • Authentic Member
  • Pip
  • 18 posts
  • Interests:My fiance, computers, and music.

Posted 26 February 2006 - 03:02 PM

I don't seem to have those items in my hijack this scan that I just ran, I am about to do the safe mode options you have given me, but I thought I would post you my Hijack This log from this portion of the problem solving.

Logfile of HijackThis v1.99.1
Scan saved at 3:59:49 PM, on 2/26/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Creative\Shared Files\Media Sniffer\MtdAcq.EXE
C:\Program Files\Norton SystemWorks\Norton Utilities\SYSDOC32.EXE
C:\WINDOWS\system32\tcpsvcs.exe
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\mmc.exe
C:\Documents and Settings\Ron\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...sario&pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...sario&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...sario&pf=laptop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.cox.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer presented by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe /startup
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MtdAcq] C:\Program Files\Creative\Shared Files\Media Sniffer\MtdAcq.EXE /s
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - Startup: Norton Disk Doctor.LNK = C:\Program Files\Norton SystemWorks\Norton Utilities\NDD32.EXE
O4 - Startup: Norton System Doctor.LNK = C:\Program Files\Norton SystemWorks\Norton Utilities\SYSDOC32.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXE (file missing)
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} -
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games....GamesPlugin.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/...s/msnchat45.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

As you can see the services that you said i should fix are not in there. I shall finish what you suggested and repost again.
Posted Image
A thousand eyes for an eye,
Vengence is mine.

    Advertisements

Register to Remove


#11 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 26 February 2006 - 03:04 PM

If they're gone now, don't worry about what I just posted.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#12 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 26 February 2006 - 03:05 PM

Good Job :thumbup:

use Add/Remove Programs and remove Ewido. It's only a 14 day trial version.


Log looks good :D :thumbup: How is it running any issues?

Note: This will remove all previous Restore Points

Turn off System Restore:

On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

Restart your computer, turn it back on.

On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Remove the Check Turn off System Restore.
Click Apply, and then click OK.

Click Start> My Computer, select the Tools menu and then Folder Options, after the new window appears select the View tab…]
This time select the: Restore Defaults
Select: Apply, and click OK




If you dont have these three programs I would recommend that you get them. Spywareblaster, Spywareguard and IESPY AD. They will add 1000's of sites to your resticted zone and block some hijacks from happening. I also have a FREE FIREWALL and FREE ANTI VIRUS if you need one.

It is critical to have both a firewall and anti virus to protect your system.

Keep your system up to date and run Adaware & Spybot, once a week works, and hopefully you will be ok from here on. Both are available below.

Safe Surfing. :D

I would also suggest you read this:
So how did I get infected in the first place?
by Tony Klein

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#13 Corpus

Corpus

    New Member

  • Authentic Member
  • Pip
  • 18 posts
  • Interests:My fiance, computers, and music.

Posted 26 February 2006 - 03:13 PM

Well I just finished and then got your post not to worry about it. Lol, it is still running a little laggy at the start-up but not as bad as before, here is my new hijack this log if you think anything else is wrong. I will do the system restore shut off. Thanks again.

Logfile of HijackThis v1.99.1
Scan saved at 4:10:19 PM, on 2/26/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe
C:\Program Files\Winamp\winampa.exe
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Creative\Shared Files\Media Sniffer\MtdAcq.EXE
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\SYSDOC32.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Ron\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...sario&pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...sario&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...sario&pf=laptop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.cox.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer presented by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe /startup
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MtdAcq] C:\Program Files\Creative\Shared Files\Media Sniffer\MtdAcq.EXE /s
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - Startup: Norton Disk Doctor.LNK = C:\Program Files\Norton SystemWorks\Norton Utilities\NDD32.EXE
O4 - Startup: Norton System Doctor.LNK = C:\Program Files\Norton SystemWorks\Norton Utilities\SYSDOC32.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXE (file missing)
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} -
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games....GamesPlugin.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/...s/msnchat45.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
Posted Image
A thousand eyes for an eye,
Vengence is mine.

#14 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 26 February 2006 - 03:14 PM

lets see if this will help speed it up.

Backup your Registry...
- Press "CTRL - ALT - DEL" keys all at the same time to start "Task Manager"
- In the Task Manager window click on "File", then from the drop-down menu select "New Task (Run...)"
- In the "Create New Task" window enter\type "regedit" (without quotes)
- Once Regedit opens click on the FILE menu and select Export
- Save the file as backup. Save the file somewhere you will remember and not delete.
IMPORTANT: make sure to set the export range to ALL



I recommend you download RegSeeker. Extract it to it's own folder, open and double click RegSeeker.exe to start the program. Maximize the window and click clean registry. Check all sections and click OK. When the scan is complete, verify the backup box in lower left corner is checked and click the select all button, then select all again. Then right click within the search results and select delete. Run it again and again, deleting everything it finds until it finds nothing. Reboot and make sure your programs are working properly, control panel and add/remove programs windows open, etc (basically just do a quick check of everything). In the event anything was 'broken', you can open RegSeeker, click backups and double click any/all files to put the information back. A reboot may be required for the effects to be seen. Reboot When done.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#15 Corpus

Corpus

    New Member

  • Authentic Member
  • Pip
  • 18 posts
  • Interests:My fiance, computers, and music.

Posted 26 February 2006 - 03:44 PM

Well, it is still lagging on opening programs and windows after start-up, start-up screen actually lagged this time. Another issue now is that RegSeeker will not open the backups. I had save backups before deletion and they aren't loading. :( What should I try now?
Posted Image
A thousand eyes for an eye,
Vengence is mine.

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users