1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

ads345.com

Discussion in 'Virus & Other Malware Removal' started by Chelejohnson1, Aug 14, 2008.

Thread Status:
Not open for further replies.
Advertisement
  1. Chelejohnson1

    Chelejohnson1 Thread Starter

    Joined:
    Aug 14, 2008
    Messages:
    11
    I have a problem with internet explorer. no matter what website i try to go to it takes me to ads345.com.... I can't get anywhere on the internet... It will let me see my comcast home page but as soon as i try to go anywhere else it takes me back to ads345.com... I had someone tell me to reinstall internet explorer.. i installed internet explorer 7 and it did the same thing....


    here is that log....
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 5:58:06 PM, on 8/14/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16705)
    Boot mode: Normal
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\zHotkey.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Multimedia Card Reader\shwicon2k.exe
    C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
    C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
    C:\documents and settings\michele johnson\local settings\temp\UhW.exe
    C:\documents and settings\michele johnson\local settings\temp\R4pKEFsI.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\documents and settings\michele johnson\local settings\temp\L0PRcNU0j.exe
    C:\windows\system32\jzuz.exe
    C:\windows\system32\DsHQa7.exe
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\WINDOWS\system32\hphmon06.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\jzuz.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\PROGRA~1\PANICW~1\POP-UP~1\PSComp.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\WINDOWS\System32\?hkdsk.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\BigFix\BigFix.exe
    C:\Program Files\palmOne\Hotsync.exe
    C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\Program Files\palmOne\LifeDriveMgrTray.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
    C:\Program Files\palmOne\PalmOneLiveConnect.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton AntiVirus\SAVScan.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp_adbe/defaults/sb/*http://www.yahoo.com/search/ie.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp_adbe/defaults/sp/*http://www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.emachines.com/
    O2 - BHO: (no name) - {0000607D-D204-42C7-8E46-216055BF9918} - (no file)
    O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
    O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
    O2 - BHO: (no name) - {0C3EBCE2-0E53-04FB-2C85-2287E8F4E9BE} - C:\WINDOWS\System32\llk.dll (file missing)
    O2 - BHO: CCHelper Class - {0CF0B8EE-6596-11D5-A98E-0003470BB48E} - C:\Program Files\Panicware\Pop-Up Stopper Companion\CCHelper.dll
    O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
    O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: Band Class - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - C:\Program Files\SEP\sep.dll
    O2 - BHO: Band Class - {CC378B83-9577-44D0-B4F8-0DD965E176FC} - C:\Program Files\eSyndicate\esyn.dll
    O2 - BHO: Search Help - {E8EAEB34-F7B5-4C55-87FF-720FAF53D841} - C:\Program Files\Middadle\Clicks10017.dll
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
    O3 - Toolbar: Pop-Up Stopper &Companion - {8F05B1A8-9D77-4B8F-AF54-6B2202066F95} - C:\Program Files\Panicware\Pop-Up Stopper Companion\popupus.dll
    O3 - Toolbar: Band Class - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - C:\Program Files\SEP\sep.dll
    O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Sunkisk2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
    O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
    O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
    O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
    O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\eMachines Bay Reader\shwiconem.exe
    O4 - HKLM\..\Run: [ICQ Net] C:\WINDOWS\winlogon.exe -stealth
    O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
    O4 - HKLM\..\Run: [xzyzjvp] C:\WINDOWS\System32\ozhpqga.exe
    O4 - HKLM\..\Run: [UhW] C:\documents and settings\michele johnson\local settings\temp\UhW.exe
    O4 - HKLM\..\Run: [2N85L533MR#GJT] C:\WINDOWS\System32\UflSN7p.exe
    O4 - HKLM\..\Run: [zgzqj] C:\WINDOWS\zgzqj.exe
    O4 - HKLM\..\Run: [R4pKEFsI] C:\documents and settings\michele johnson\local settings\temp\R4pKEFsI.exe
    O4 - HKLM\..\Run: [NTCACHEF] C:\WINDOWS\System32\NTCACHEF.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [033S35h] wupcp.exe
    O4 - HKLM\..\Run: [L0PRcNU0j] C:\documents and settings\michele johnson\local settings\temp\L0PRcNU0j.exe
    O4 - HKLM\..\Run: [LsbotYoKd] C:\documents and settings\michele johnson\local settings\temp\LsbotYoKd.exe
    O4 - HKLM\..\Run: [jzuz.exe] c:\windows\system32\jzuz.exe
    O4 - HKLM\..\Run: [DsHQa7] C:\windows\system32\DsHQa7.exe
    O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
    O4 - HKLM\..\Run: [HPHUPD06] C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
    O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
    O4 - HKCU\..\Run: [H0s2RRN6V] wsh3dmod.exe
    O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0
    O4 - HKCU\..\Run: [PopUpStopperCompanion] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSComp.exe"
    O4 - HKCU\..\Run: [Eqg] C:\WINDOWS\System32\?hkdsk.exe
    O4 - HKCU\..\Run: [Registry Cleaner] "C:\Program Files\Registry Cleaner Trial\regclean.exe"
    O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_3
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Startup: LifeDrive™ Manager.lnk = C:\Program Files\palmOne\LifeDriveMgrTray.exe
    O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
    O4 - Startup: palmOne Registration.lnk = C:\Program Files\palmOne\register.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
    O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\digital imaging\bin\hpqtra08.exe
    O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\digital imaging\bin\hpqthb08.exe
    O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZRxdm070
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
    O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
    O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/PopularScreenSaversInitialSetup1.0.0.8.cab
    O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} - http://www.errorguard.com/installation/Install.cab
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/280281d11a9ccbe4ea05/netzip/RdxIE601.cab
    O16 - DPF: {BE5431D2-0F30-11D4-89D9-00C04F509C0A} (SDCInstaller Class) - http://files.stamps.com/download/us/cab/stamps/isr/stamps.cab?r=0.409881591796875&file=stamps.cab
    O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
    O18 - Protocol: CDS300 - {AD43AA67-6860-4531-AC8A-0E68F9CF023E} - E:\CDS300\__CDS2.dll (file missing)
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\hpbpro.exe
    O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\hpboid.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
    --
    End of file - 13122 bytes


    Please help
    chelejohnson1:eek:
     
  2. eddie5659

    eddie5659 Moderator Malware Specialist

    Joined:
    Mar 19, 2001
    Messages:
    28,770
    Hiya and welcome to TSG :)

    Are you still having this problem? If so, can we see a fresh Hijackthis log please :)

    Regards

    eddie
     
  3. Chelejohnson1

    Chelejohnson1 Thread Starter

    Joined:
    Aug 14, 2008
    Messages:
    11
    Here is the new on you requested.

    Thanks
    Michele

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 4:54:10 PM, on 8/18/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16705)
    Boot mode: Normal
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\zHotkey.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Multimedia Card Reader\shwicon2k.exe
    C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
    C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
    C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
    C:\documents and settings\michele johnson\local settings\temp\UhW.exe
    C:\documents and settings\michele johnson\local settings\temp\R4pKEFsI.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\documents and settings\michele johnson\local settings\temp\L0PRcNU0j.exe
    C:\windows\system32\DsHQa7.exe
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\WINDOWS\system32\hphmon06.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\BigFix\BigFix.exe
    C:\Program Files\palmOne\Hotsync.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\Program Files\palmOne\LifeDriveMgrTray.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
    C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
    C:\Program Files\palmOne\PalmOneLiveConnect.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton AntiVirus\SAVScan.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp_adbe/defaults/sb/*http://www.yahoo.com/search/ie.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp_adbe/defaults/sp/*http://www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.emachines.com/
    O2 - BHO: (no name) - {0000607D-D204-42C7-8E46-216055BF9918} - (no file)
    O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
    O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
    O2 - BHO: (no name) - {0C3EBCE2-0E53-04FB-2C85-2287E8F4E9BE} - C:\WINDOWS\System32\llk.dll (file missing)
    O2 - BHO: CCHelper Class - {0CF0B8EE-6596-11D5-A98E-0003470BB48E} - C:\Program Files\Panicware\Pop-Up Stopper Companion\CCHelper.dll
    O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
    O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: Band Class - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - C:\Program Files\SEP\sep.dll
    O2 - BHO: Band Class - {CC378B83-9577-44D0-B4F8-0DD965E176FC} - C:\Program Files\eSyndicate\esyn.dll
    O2 - BHO: Search Help - {E8EAEB34-F7B5-4C55-87FF-720FAF53D841} - C:\Documents and Settings\Michele Johnson\Local Settings\Temp\jXzBAG2e.dll
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
    O3 - Toolbar: Pop-Up Stopper &Companion - {8F05B1A8-9D77-4B8F-AF54-6B2202066F95} - C:\Program Files\Panicware\Pop-Up Stopper Companion\popupus.dll
    O3 - Toolbar: Band Class - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - C:\Program Files\SEP\sep.dll
    O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Sunkisk2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
    O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
    O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
    O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
    O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\eMachines Bay Reader\shwiconem.exe
    O4 - HKLM\..\Run: [ICQ Net] C:\WINDOWS\winlogon.exe -stealth
    O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
    O4 - HKLM\..\Run: [xzyzjvp] C:\WINDOWS\System32\ozhpqga.exe
    O4 - HKLM\..\Run: [UhW] C:\documents and settings\michele johnson\local settings\temp\UhW.exe
    O4 - HKLM\..\Run: [2N85L533MR#GJT] C:\WINDOWS\System32\UflSN7p.exe
    O4 - HKLM\..\Run: [zgzqj] C:\WINDOWS\zgzqj.exe
    O4 - HKLM\..\Run: [R4pKEFsI] C:\documents and settings\michele johnson\local settings\temp\R4pKEFsI.exe
    O4 - HKLM\..\Run: [NTCACHEF] C:\WINDOWS\System32\NTCACHEF.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [033S35h] wupcp.exe
    O4 - HKLM\..\Run: [L0PRcNU0j] C:\documents and settings\michele johnson\local settings\temp\L0PRcNU0j.exe
    O4 - HKLM\..\Run: [DsHQa7] C:\windows\system32\DsHQa7.exe
    O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
    O4 - HKLM\..\Run: [HPHUPD06] C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
    O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
    O4 - HKCU\..\Run: [H0s2RRN6V] wsh3dmod.exe
    O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_3
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Startup: LifeDrive™ Manager.lnk = C:\Program Files\palmOne\LifeDriveMgrTray.exe
    O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
    O4 - Startup: palmOne Registration.lnk = C:\Program Files\palmOne\register.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
    O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\digital imaging\bin\hpqtra08.exe
    O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\digital imaging\bin\hpqthb08.exe
    O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZRxdm070
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
    O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/PopularScreenSaversInitialSetup1.0.0.8.cab
    O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
    O18 - Protocol: CDS300 - {AD43AA67-6860-4531-AC8A-0E68F9CF023E} - E:\CDS300\__CDS2.dll (file missing)
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\hpbpro.exe
    O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\hpboid.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
    --
    End of file - 11797 bytes
     
  4. eddie5659

    eddie5659 Moderator Malware Specialist

    Joined:
    Mar 19, 2001
    Messages:
    28,770
    Please read this post completely. It may make it easier for you if you print, or copy and paste this post to a new text document for reference later.

    This will likely be a few steps process in removing the malware that has infected your system. I encourage you to stick with it and follow my directions as closely as possible so as to avoid complicating the problem further.


    Please download Malwarebytes' Anti-Malware from Here or Here

    Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the entire report in your next reply.
    Extra Note:
    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.


    Download and scan with SUPERAntiSpyware Free for Home Users
    • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
    • An icon will be created on your desktop. Double-click that icon to launch the program.
    • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
    • Under "Configuration and Preferences", click the Preferences button.
    • Click the Scanning Control tab.
    • Under Scanner Options make sure the following are checked (leave all others unchecked):
      • Close browsers before scanning.
      • Scan for tracking cookies.
      • Terminate memory threats before quarantining.
    • Click the "Close" button to leave the control center screen.
    • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
    • On the left, make sure you check C:\Fixed Drive.
    • On the right, under "Complete Scan", choose Perform Complete Scan.
    • Click "Next" to start the scan. Please be patient while it scans your computer.
    • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
    • Make sure everything has a checkmark next to it and click "Next".
    • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
    • If asked if you want to reboot, click "Yes".
    • To retrieve the removal information after reboot, launch SUPERAntispyware again.
      • Click Preferences, then click the Statistics/Logs tab.
      • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
      • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
      • Please copy and paste the Scan Log results in your next reply.
    • Click Close to exit the program.


    Then in your next reply, post the contents of the MBAM and SAS logs, and a fresh HijackThis log :)

    eddie
     
  5. Chelejohnson1

    Chelejohnson1 Thread Starter

    Joined:
    Aug 14, 2008
    Messages:
    11
    Both would not fit at the same time:/

    Malwarebytes' Anti-Malware 1.25
    Database version: 1062
    Windows 5.1.2600 Service Pack 2
    8:33:24 PM 8/19/2008
    mbam-log-08-19-2008 (20-33-24).txt
    Scan type: Quick Scan
    Objects scanned: 57344
    Time elapsed: 9 minute(s), 47 second(s)
    Memory Processes Infected: 0
    Memory Modules Infected: 2
    Registry Keys Infected: 74
    Registry Values Infected: 7
    Registry Data Items Infected: 0
    Folders Infected: 18
    Files Infected: 74
    Memory Processes Infected:
    (No malicious items detected)
    Memory Modules Infected:
    C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (Adware.MyWebSearch) -> Delete on reboot.
    C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (Adware.MyWebSearch) -> Delete on reboot.
    Registry Keys Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e8eaeb34-f7b5-4c55-87ff-720faf53d841} (Trojan.BHO.H) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{e8eaeb34-f7b5-4c55-87ff-720faf53d841} (Trojan.BHO.H) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\asapcom.asapenvelope.1 (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\asapcom.asapmain.1 (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\asapcom.asapmessage.1 (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\asapcom.asaprecipients.1 (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\funwebproducts.htmlmenu (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{e47caee0-deea-464a-9326-3f2801535a4d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{3e1656ed-f60e-4597-b6aa-b6a58e171495} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.2 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{8e6f1830-9607-4440-8530-13be7c4b1d14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{63d0ed2b-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{63d0ed2d-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{8e6f1832-9607-4440-8530-13be7c4b1d14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{a9571378-68a1-443d-b082-284f960c6d17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\mywebsearch.outlookaddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{adb01e80-3c79-4272-a0f1-7b2be7a782dc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{adb01e81-3c79-4272-a0f1-7b2be7a782dc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\mywebsearch.outlookaddin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{07b18ea0-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{07b18eaa-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{07b18eac-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{07b18ea2-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{07b18ea3-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{29d67d3c-509a-4544-903f-c8c1b8236554} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{2e3537fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{938aa51a-996c-4884-98ce-80dd16a5c9da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\spamblockerconfig.application.1 (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{21447c90-6ec1-4fc1-9379-bd515008aedb} (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{32c97a37-e2b8-4097-9330-5f3e1125e181} (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{6e74766c-4d93-4cc0-96d1-47b8e07ff9ca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{7473d291-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{b0c3de1b-e3ff-4dd0-9229-f452cf9c678e} (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{d2d94732-a74d-433c-98f7-9ed740e82ae9} (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{de38c398-b328-4f4c-a3ad-1b5e4ed93477} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{dfd5d79b-ef2f-4a51-9821-5b469f05262e} (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{7473d292-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{7473d290-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{00a6faf0-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{f42228fb-e84e-479e-b922-fbbd096e792c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{549b5ca7-4a86-11d7-a4df-000874180bb3} (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    Registry Values Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mywebsearch email plugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mywebsearch email plugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Exchange\Client\Extensions\spam blocker for ms outlook (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    Registry Data Items Infected:
    (No malicious items detected)
    Folders Infected:
    C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> Delete on reboot.
    C:\Program Files\MyWebSearch\bar (Adware.MyWebSearch) -> Delete on reboot.
    C:\Program Files\MyWebSearch\bar\1.bin (Adware.MyWebSearch) -> Delete on reboot.
    C:\Program Files\MyWebSearch\bar\Cache (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\Game (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\SrchAstt (Adware.MyWebSearch) -> Delete on reboot.
    C:\Program Files\MyWebSearch\SrchAstt\1.bin (Adware.MyWebSearch) -> Delete on reboot.
    C:\Program Files\MyWebSearch\SrchAstt\Cache (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\SrchAstt\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\FunWebProducts\ScreenSaver (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\FunWebProducts\ScreenSaver\Cache (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\FunWebProducts\ScreenSaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\FunWebProducts\Shared (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\FunWebProducts\Shared\Cache (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Michele Johnson\Application Data\SpamBlocker (Adware.Hotbar) -> Quarantined and deleted successfully.
    Files Infected:
    C:\Documents and Settings\Michele Johnson\Local Settings\Temp\jXzBAG2e.dll (Trojan.BHO.H) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\1.bin\F3POPSWT.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (Adware.MyWebSearch) -> Delete on reboot.
    C:\Program Files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\1.bin\M3SKIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (Adware.MyWebSearch) -> Delete on reboot.
    C:\Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\1.bin\F3BKGERR.JPG (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\1.bin\F3CJPEG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\1.bin\F3REPROX.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\1.bin\F3RESTUB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\1.bin\F3WALLPP.DAT (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE (Adware.MyWebSearch) -> Delete on reboot.
    C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL (Adware.MyWebSearch) -> Delete on reboot.
    C:\Program Files\MyWebSearch\bar\Cache\00010838 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\Cache\00594D82.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\Cache\00594E7C.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\Cache\00594F38.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\Cache\0078B9A3.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\Cache\05504DAB.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\Cache\0A4484D1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\Cache\0A448619.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\Cache\0A4486D5.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\Cache\0A448790.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\Cache\0A44883C.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\Cache\0A4488E8.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\Cache\0A448994.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\Cache\10872910.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\Cache\10872A87.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\Cache\10872B42.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\Cache\10872BEE.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\Cache\10872CAA.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\Cache\10872D65.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\Cache\10872E11.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\Cache\10872EDC.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\Cache\files.ini (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\History\search (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\Settings\prevcfg.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\Settings\settings.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\Settings\settings.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\Settings\~ (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\SrchAstt\Cache\00024C61 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\SrchAstt\Cache\00024FEB (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\SrchAstt\Cache\files.ini (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\SrchAstt\Settings\prevcfg.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\FunWebProducts\ScreenSaver\Cache\1082FEE6.jpg (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\FunWebProducts\ScreenSaver\Cache\files.ini (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\FunWebProducts\ScreenSaver\Images\00021C29.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\FunWebProducts\ScreenSaver\Images\0D0FF393.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\FunWebProducts\ScreenSaver\Images\0D106D08.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\FunWebProducts\ScreenSaver\Images\0D10C4CD.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\FunWebProducts\ScreenSaver\Images\1080C6D8.urr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\FunWebProducts\ScreenSaver\Images\1082FC94.urr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\FunWebProducts\ScreenSaver\Images\108309D3.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\FunWebProducts\ScreenSaver\Images\108A7126.urr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\FunWebProducts\ScreenSaver\Images\2084B146.urr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\FunWebProducts\ScreenSaver\Images\208634F8.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\FunWebProducts\ScreenSaver\Images\f3wallpp.bmp (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\FunWebProducts\ScreenSaver\Images\wrkparam.lst (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\FunWebProducts\Shared\Cache\CursorManiaBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\FunWebProducts\Shared\Cache\MailStampBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\FunWebProducts\Shared\Cache\MyStationeryBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Michele Johnson\Application Data\SpamBlocker\{F30FB4C7-F5E6-4A47-B5FD-725183D965FB}.dat (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\f3pssavr.scr (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Michele Johnson\Local Settings\Temp\!update.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
     
  6. Chelejohnson1

    Chelejohnson1 Thread Starter

    Joined:
    Aug 14, 2008
    Messages:
    11
    And:

    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com
    Generated 08/19/2008 at 08:54 PM
    Application Version : 4.15.1000
    Core Rules Database Version : 3541
    Trace Rules Database Version: 1530
    Scan type : Quick Scan
    Total Scan Time : 00:08:51
    Memory items scanned : 458
    Memory threats detected : 4
    Registry items scanned : 443
    Registry threats detected : 37
    File items scanned : 6755
    File threats detected : 122
    Adware.WildMedia/WinFetcher
    C:\DOCUMENTS AND SETTINGS\MICHELE JOHNSON\LOCAL SETTINGS\TEMP\UHW.EXE
    C:\DOCUMENTS AND SETTINGS\MICHELE JOHNSON\LOCAL SETTINGS\TEMP\UHW.EXE
    C:\WINDOWS\SYSTEM32\DSHQA7.EXE
    C:\WINDOWS\SYSTEM32\DSHQA7.EXE
    [UhW] C:\DOCUMENTS AND SETTINGS\MICHELE JOHNSON\LOCAL SETTINGS\TEMP\UHW.EXE
    [DsHQa7] C:\WINDOWS\SYSTEM32\DSHQA7.EXE
    C:\WINDOWS\Prefetch\DSHQA7.EXE-0162133E.pf
    C:\WINDOWS\Prefetch\UHW.EXE-08C5B020.pf
    Adware.WildMedia/Midaddle
    C:\DOCUMENTS AND SETTINGS\MICHELE JOHNSON\LOCAL SETTINGS\TEMP\L0PRCNU0J.EXE
    C:\DOCUMENTS AND SETTINGS\MICHELE JOHNSON\LOCAL SETTINGS\TEMP\L0PRCNU0J.EXE
    [L0PRcNU0j] C:\DOCUMENTS AND SETTINGS\MICHELE JOHNSON\LOCAL SETTINGS\TEMP\L0PRCNU0J.EXE
    C:\DOCUMENTS AND SETTINGS\MICHELE JOHNSON\LOCAL SETTINGS\TEMP\0GTF7DL.DLL
    C:\DOCUMENTS AND SETTINGS\MICHELE JOHNSON\LOCAL SETTINGS\TEMP\8TPZ5T.DLL
    C:\DOCUMENTS AND SETTINGS\MICHELE JOHNSON\LOCAL SETTINGS\TEMP\I.DLL
    C:\DOCUMENTS AND SETTINGS\MICHELE JOHNSON\LOCAL SETTINGS\TEMP\JDS0TU.DLL
    C:\DOCUMENTS AND SETTINGS\MICHELE JOHNSON\LOCAL SETTINGS\TEMP\KBA.DLL
    C:\DOCUMENTS AND SETTINGS\MICHELE JOHNSON\LOCAL SETTINGS\TEMP\LSBOTYOKD.EXE
    C:\DOCUMENTS AND SETTINGS\MICHELE JOHNSON\LOCAL SETTINGS\TEMP\MFIWDQXR.DLL
    C:\DOCUMENTS AND SETTINGS\MICHELE JOHNSON\LOCAL SETTINGS\TEMP\Y8UFYTX.DLL
    C:\DOCUMENTS AND SETTINGS\MICHELE JOHNSON\LOCAL SETTINGS\TEMP\OJUQNG.DLL
    C:\WINDOWS\Prefetch\L0PRCNU0J.EXE-0E44165C.pf
    C:\WINDOWS\Prefetch\LSBOTYOKD.EXE-163712F1.pf
    Adware.MyWebSearch
    C:\AVENGER\MWSOEMON.EXE
    C:\AVENGER\MWSOEMON.EXE
    C:\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PROGRAMS\STARTUP\MYWEBSEARCH EMAIL PLUGIN.LNK
    C:\DOCUMENTS AND SETTINGS\MICHELE JOHNSON\START MENU\PROGRAMS\STARTUP\MYWEBSEARCH EMAIL PLUGIN.LNK
    www.mx-targeting
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0000607D-D204-42C7-8E46-216055BF9918}
    Adware.Lycos/SideSearch
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C5183ABC-EB6E-4E05-B8C9-500A16B6CF94}
    HKCR\CLSID\{C5183ABC-EB6E-4E05-B8C9-500A16B6CF94}
    HKCR\CLSID\{C5183ABC-EB6E-4E05-B8C9-500A16B6CF94}
    HKCR\CLSID\{C5183ABC-EB6E-4E05-B8C9-500A16B6CF94}\InprocServer32
    HKCR\CLSID\{C5183ABC-EB6E-4E05-B8C9-500A16B6CF94}\InprocServer32#ThreadingModel
    HKCR\CLSID\{C5183ABC-EB6E-4E05-B8C9-500A16B6CF94}\ProgID
    HKCR\CLSID\{C5183ABC-EB6E-4E05-B8C9-500A16B6CF94}\Programmable
    HKCR\CLSID\{C5183ABC-EB6E-4E05-B8C9-500A16B6CF94}\TypeLib
    HKCR\CLSID\{C5183ABC-EB6E-4E05-B8C9-500A16B6CF94}\VersionIndependentProgID
    C:\PROGRAM FILES\SEP\SEP.DLL
    HKLM\Software\Microsoft\Internet Explorer\Toolbar#{C5183ABC-EB6E-4E05-B8C9-500A16B6CF94}
    HKCR\Sep.Band.1
    HKCR\Sep.Band.1\CLSID
    HKCR\Sep.Band
    HKCR\Sep.Band\CLSID
    HKCR\Sep.Band\CurVer
    HKCR\TypeLib\{4E627A1E-BC4B-4FAF-8DE8-1D9A54D37DA3}
    HKCR\TypeLib\{4E627A1E-BC4B-4FAF-8DE8-1D9A54D37DA3}\1.0
    HKCR\TypeLib\{4E627A1E-BC4B-4FAF-8DE8-1D9A54D37DA3}\1.0\0
    HKCR\TypeLib\{4E627A1E-BC4B-4FAF-8DE8-1D9A54D37DA3}\1.0\0\win32
    HKCR\TypeLib\{4E627A1E-BC4B-4FAF-8DE8-1D9A54D37DA3}\1.0\FLAGS
    HKCR\TypeLib\{4E627A1E-BC4B-4FAF-8DE8-1D9A54D37DA3}\1.0\HELPDIR
    ESyndicate BHO
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC378B83-9577-44D0-B4F8-0DD965E176FC}
    HKCR\CLSID\{CC378B83-9577-44D0-B4F8-0DD965E176FC}
    HKCR\CLSID\{CC378B83-9577-44D0-B4F8-0DD965E176FC}
    HKCR\CLSID\{CC378B83-9577-44D0-B4F8-0DD965E176FC}\InprocServer32
    HKCR\CLSID\{CC378B83-9577-44D0-B4F8-0DD965E176FC}\InprocServer32#ThreadingModel
    HKCR\CLSID\{CC378B83-9577-44D0-B4F8-0DD965E176FC}\ProgID
    HKCR\CLSID\{CC378B83-9577-44D0-B4F8-0DD965E176FC}\Programmable
    HKCR\CLSID\{CC378B83-9577-44D0-B4F8-0DD965E176FC}\TypeLib
    HKCR\CLSID\{CC378B83-9577-44D0-B4F8-0DD965E176FC}\VersionIndependentProgID
    C:\PROGRAM FILES\ESYNDICATE\ESYN.DLL
    Adware.Tracking Cookie
    C:\Documents and Settings\Michele Johnson\Cookies\[email protected][2].txt
    C:\Documents and Settings\Michele Johnson\Cookies\[email protected][2].txt
    C:\Documents and Settings\Michele Johnson\Cookies\michele_johnson@doubleclick[2].txt
    C:\Documents and Settings\Michele Johnson\Cookies\michele_johnson@overture[1].txt
    C:\Documents and Settings\Michele Johnson\Cookies\michele_johnson@revsci[1].txt
    C:\Documents and Settings\Michele Johnson\Cookies\[email protected][2].txt
    C:\Documents and Settings\Michele Johnson\Cookies\michele_johnson@mywebsearch[1].txt
    C:\Documents and Settings\Michele Johnson\Cookies\michele_johnson@atdmt[2].txt
    C:\Documents and Settings\Michele Johnson\Cookies\michele_johnson@zedo[1].txt
    C:\Documents and Settings\Michele Johnson\Cookies\[email protected][1].txt
    C:\Documents and Settings\Billy Johnson\Cookies\billy [email protected][1].txt
    C:\Documents and Settings\Billy Johnson\Cookies\billy johnson@mywebsearch[1].txt
    C:\Documents and Settings\Daniele Carpenter\Cookies\daniele carpenter@apmebf[2].txt
    C:\Documents and Settings\Daniele Carpenter\Cookies\daniele carpenter@mywebsearch[1].txt
    C:\Documents and Settings\Daniele Carpenter\Cookies\daniele [email protected][1].txt
    C:\Documents and Settings\Daniele Carpenter\Cookies\daniele carpenter@mediaplex[1].txt
    C:\Documents and Settings\Daniele Carpenter\Cookies\daniele carpenter@smileycentral[1].txt
    C:\Documents and Settings\Daniele Carpenter\Cookies\daniele [email protected][1].txt
    C:\Documents and Settings\Daniele Carpenter\Cookies\daniele carpenter@advertising[1].txt
    C:\Documents and Settings\Daniele Carpenter\Cookies\daniele carpenter@maxserving[1].txt
    C:\Documents and Settings\Daniele Carpenter\Cookies\daniele carpenter@valueclick[1].txt
    C:\Documents and Settings\Daniele Carpenter\Cookies\daniele carpenter@casalemedia[2].txt
    C:\Documents and Settings\Daniele Carpenter\Cookies\daniele carpenter@statcounter[1].txt
    C:\Documents and Settings\Daniele Carpenter\Cookies\daniele [email protected][2].txt
    C:\Documents and Settings\Daniele Carpenter\Cookies\daniele carpenter@adknowledge[1].txt
    C:\Documents and Settings\Daniele Carpenter\Cookies\daniele carpenter@qksrv[2].txt
    C:\Documents and Settings\Daniele Carpenter\Cookies\daniele carpenter@atdmt[2].txt
    C:\Documents and Settings\Daniele Carpenter\Cookies\daniele [email protected][1].txt
    C:\Documents and Settings\Daniele Carpenter\Cookies\daniele [email protected][1].txt
    C:\Documents and Settings\Daniele Carpenter\Cookies\daniele [email protected][2].txt
    C:\Documents and Settings\Daniele Carpenter\Cookies\daniele carpenter@xtracker[1].txt
    C:\Documents and Settings\Daniele Carpenter\Cookies\daniele carpenter@doubleclick[1].txt
    C:\Documents and Settings\Daniele Carpenter\Cookies\daniele [email protected][1].txt
    C:\Documents and Settings\Daniele Carpenter\Cookies\daniele [email protected][2].txt
    C:\Documents and Settings\Daniele Carpenter\Cookies\daniele carpenter@zedo[2].txt
    C:\Documents and Settings\Daniele Carpenter\Cookies\daniele carpenter@fastclick[2].txt
    C:\Documents and Settings\Daniele Carpenter\Cookies\daniele [email protected][2].txt
    C:\Documents and Settings\Daniele Carpenter\Cookies\daniele carpenter@questionmarket[1].txt
    C:\Documents and Settings\Daniele Carpenter\Cookies\daniele carpenter@realmedia[2].txt
    C:\Documents and Settings\Daniele Carpenter\Cookies\daniele [email protected][2].txt
    C:\Documents and Settings\Daniele Carpenter\Cookies\daniele carpenter@belnk[2].txt
    C:\Documents and Settings\Daniele Carpenter\Cookies\daniele [email protected][1].txt
    C:\Documents and Settings\Michele Johnson\Local Settings\Temp\Cookies\michele johnson@burstnet[2].txt
    C:\Documents and Settings\Michele Johnson\Local Settings\Temp\Cookies\michele johnson@2o7[1].txt
    C:\Documents and Settings\Michele Johnson\Local Settings\Temp\Cookies\michele johnson@trafficmp[2].txt
    C:\Documents and Settings\Michele Johnson\Local Settings\Temp\Cookies\michele [email protected][1].txt
    C:\Documents and Settings\Michele Johnson\Local Settings\Temp\Cookies\michele johnson@casalemedia[1].txt
    C:\Documents and Settings\Michele Johnson\Local Settings\Temp\Cookies\michele [email protected][1].txt
    C:\Documents and Settings\Michele Johnson\Local Settings\Temp\Cookies\michele johnson@banner[1].txt
    C:\Documents and Settings\Michele Johnson\Local Settings\Temp\Cookies\michele johnson@adknowledge[2].txt
    C:\Documents and Settings\Michele Johnson\Local Settings\Temp\Cookies\michele [email protected][2].txt
    C:\Documents and Settings\Michele Johnson\Local Settings\Temp\Cookies\michele johnson@questionmarket[1].txt
    C:\Documents and Settings\Michele Johnson\Local Settings\Temp\Cookies\michele [email protected][2].txt
    C:\Documents and Settings\Michele Johnson\Local Settings\Temp\Cookies\michele [email protected][1].txt
    C:\Documents and Settings\Michele Johnson\Local Settings\Temp\Cookies\michele johnson@roiservice[1].txt
    C:\Documents and Settings\Michele Johnson\Local Settings\Temp\Cookies\michele johnson@fastclick[1].txt
    C:\Documents and Settings\Michele Johnson\Local Settings\Temp\Cookies\michele johnson@doubleclick[1].txt
    C:\Documents and Settings\Michele Johnson\Local Settings\Temp\Cookies\michele johnson@atwola[2].txt
    C:\Documents and Settings\Michele Johnson\Local Settings\Temp\Cookies\michele johnson@apmebf[2].txt
    C:\Documents and Settings\Michele Johnson\Local Settings\Temp\Cookies\michele johnson@interclick[1].txt
    C:\Documents and Settings\Michele Johnson\Local Settings\Temp\Cookies\michele johnson@tracking[1].txt
    C:\Documents and Settings\Michele Johnson\Local Settings\Temp\Cookies\michele johnson@adecn[1].txt
    C:\Documents and Settings\Michele Johnson\Local Settings\Temp\Cookies\michele [email protected][2].txt
    C:\Documents and Settings\Michele Johnson\Local Settings\Temp\Cookies\michele johnson@atdmt[2].txt
    C:\Documents and Settings\Michele Johnson\Local Settings\Temp\Cookies\michele johnson@addynamix[1].txt
    C:\Documents and Settings\Michele Johnson\Local Settings\Temp\Cookies\michele [email protected][2].txt
    C:\Documents and Settings\Michele Johnson\Local Settings\Temp\Cookies\michele [email protected][2].txt
    C:\Documents and Settings\Michele Johnson\Local Settings\Temp\Cookies\michele johnson@statcounter[1].txt
    C:\Documents and Settings\Michele Johnson\Local Settings\Temp\Cookies\michele johnson@zedo[1].txt
    C:\Documents and Settings\Michele Johnson\Local Settings\Temp\Cookies\michele johnson@adrevolver[1].txt
    C:\Documents and Settings\Michele Johnson\Local Settings\Temp\Cookies\michele johnson@centralmedia[2].txt
    C:\Documents and Settings\Michele Johnson\Local Settings\Temp\Cookies\michele [email protected][2].txt
    C:\Documents and Settings\Michele Johnson\Local Settings\Temp\Cookies\michele [email protected][2].txt
    C:\Documents and Settings\Michele Johnson\Local Settings\Temp\Cookies\michele johnson@advertising[1].txt
    C:\Documents and Settings\Michele Johnson\Local Settings\Temp\Cookies\michele johnson@belnk[1].txt
    C:\Documents and Settings\Michele Johnson\Local Settings\Temp\Cookies\michele [email protected][1].txt
    C:\Documents and Settings\Michele Johnson\Local Settings\Temp\Cookies\michele johnson@jamster[1].txt
    C:\Documents and Settings\Michele Johnson\Local Settings\Temp\Cookies\michele johnson@mywebsearch[1].txt
    C:\Documents and Settings\Michele Johnson\Local Settings\Temp\Cookies\michele johnson@pathfinder[1].txt
    C:\Documents and Settings\Michele Johnson\Local Settings\Temp\Cookies\michele [email protected][1].txt
    C:\Documents and Settings\Michele Johnson\Local Settings\Temp\Cookies\michele johnson@targetnet[2].txt
    C:\Documents and Settings\Michele Johnson\Local Settings\Temp\Cookies\michele [email protected][1].txt
    Adware.Apropos Media
    C:\WINDOWS\system32\auto_update_uninstall.log
    C:\DOCUMENTS AND SETTINGS\BILLY JOHNSON\LOCAL SETTINGS\TEMP\~APROPOS0\SYSAI.EXE
    C:\DOCUMENTS AND SETTINGS\BILLY JOHNSON\LOCAL SETTINGS\TEMP\~COMPOUNDINST0\AUTO_UPDATE_LOADER.EXE
    Registry Cleaner Trial
    HKCR\Install.Install.1
    HKCR\Install.Install.1\CLSID
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs#C:\WINDOWS\Downloaded Program Files\Install.dll [  ]
    C:\Documents and Settings\Michele Johnson\Application Data\Registry Cleaner\RegClean.ini
    C:\Documents and Settings\Michele Johnson\Application Data\Registry Cleaner
    Adware.IEPlugin
    C:\WINDOWS\lu.dat
    Calling Home
    C:\DOCUMENTS AND SETTINGS\DANIELE CARPENTER\LOCAL SETTINGS\TEMP\POLMX3.EXE
    Adware.Lop
    C:\DOCUMENTS AND SETTINGS\MICHELE JOHNSON\APPLICATION DATA\RPEN.EXE
    Adware.180solutions/Search Assistant
    C:\DOCUMENTS AND SETTINGS\MICHELE JOHNSON\LOCAL SETTINGS\TEMP\DELC6.TMP
    Adware.180solutions/ZangoSearch
    C:\DOCUMENTS AND SETTINGS\MICHELE JOHNSON\LOCAL SETTINGS\TEMP\DEL42.TMP
    eSyndicate Adware Installer
    C:\DOCUMENTS AND SETTINGS\MICHELE JOHNSON\LOCAL SETTINGS\TEMP\ESYNDICATEINST.EXE
    GLB32.TMP
    C:\DOCUMENTS AND SETTINGS\MICHELE JOHNSON\LOCAL SETTINGS\TEMP\GLB29.TMP
    Adware.ABetterInternet-Installer
    C:\WINDOWS\SYSTEM32\BIQ.EXE
    Adware.Spyware Labs
    C:\WINDOWS\SYSTEM32\BO2801040128.DLL
    Adware.Sandboxer (MemoryWatcher)
    C:\WINDOWS\SYSTEM32\GNY384F9.EXE
    Adware.ClickSpring
    C:\WINDOWS\SYSTEM32\?HKDSK.EXE
    Unknown Process (DBJYED.EXE)
    C:\WINDOWS\SYSTEM32\JZUZ.EXE
    C:\WINDOWS\Prefetch\JZUZ.EXE-0622A9FF.pf
    Trojan.Unknown Origin
    C:\WINDOWS\SYSTEM32\WTSSVTR.EXE

    If it is any sign, I am using my once infected computer to send this message. How does everything look?

    Michele Johnson (y)
     
  7. eddie5659

    eddie5659 Moderator Malware Specialist

    Joined:
    Mar 19, 2001
    Messages:
    28,770
    Can you post a fresh Hijack Log, as we may have more to remove :)
     
  8. Chelejohnson1

    Chelejohnson1 Thread Starter

    Joined:
    Aug 14, 2008
    Messages:
    11
    Here is the log. I am able to go online but it will not let me log in to most of the sites i have tried. My AOL email account is the main one. It tells me the service is not available to try later. But i use my cell phone and can access it. Other sites did the same thing. Myspace showed i was logged on but i could not go to my home page. There are several other sites also.


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:04:07 PM, on 8/20/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16705)
    Boot mode: Normal
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\zHotkey.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Multimedia Card Reader\shwicon2k.exe
    C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
    C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
    C:\documents and settings\michele johnson\local settings\temp\R4pKEFsI.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\WINDOWS\system32\hphmon06.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\Program Files\BigFix\BigFix.exe
    C:\Program Files\palmOne\Hotsync.exe
    C:\Avenger\MWSOEMON.EXE
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\Program Files\palmOne\LifeDriveMgrTray.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\palmOne\PalmOneLiveConnect.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton AntiVirus\SAVScan.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp_adbe/defaults/sb/*http://www.yahoo.com/search/ie.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp_adbe/defaults/sp/*http://www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.emachines.com/
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
    O2 - BHO: (no name) - {0C3EBCE2-0E53-04FB-2C85-2287E8F4E9BE} - C:\WINDOWS\System32\llk.dll (file missing)
    O2 - BHO: CCHelper Class - {0CF0B8EE-6596-11D5-A98E-0003470BB48E} - C:\Program Files\Panicware\Pop-Up Stopper Companion\CCHelper.dll
    O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Pop-Up Stopper &Companion - {8F05B1A8-9D77-4B8F-AF54-6B2202066F95} - C:\Program Files\Panicware\Pop-Up Stopper Companion\popupus.dll
    O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Sunkisk2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
    O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
    O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
    O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
    O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\eMachines Bay Reader\shwiconem.exe
    O4 - HKLM\..\Run: [ICQ Net] C:\WINDOWS\winlogon.exe -stealth
    O4 - HKLM\..\Run: [xzyzjvp] C:\WINDOWS\System32\ozhpqga.exe
    O4 - HKLM\..\Run: [2N85L533MR#GJT] C:\WINDOWS\System32\UflSN7p.exe
    O4 - HKLM\..\Run: [zgzqj] C:\WINDOWS\zgzqj.exe
    O4 - HKLM\..\Run: [R4pKEFsI] C:\documents and settings\michele johnson\local settings\temp\R4pKEFsI.exe
    O4 - HKLM\..\Run: [NTCACHEF] C:\WINDOWS\System32\NTCACHEF.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [033S35h] wupcp.exe
    O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
    O4 - HKLM\..\Run: [HPHUPD06] C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
    O4 - HKCU\..\Run: [H0s2RRN6V] wsh3dmod.exe
    O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_3
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - Startup: LifeDrive™ Manager.lnk = C:\Program Files\palmOne\LifeDriveMgrTray.exe
    O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Avenger\MWSOEMON.EXE
    O4 - Startup: palmOne Registration.lnk = C:\Program Files\palmOne\register.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
    O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\digital imaging\bin\hpqtra08.exe
    O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\digital imaging\bin\hpqthb08.exe
    O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Avenger\MWSOEMON.EXE
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZRxdm070
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
    O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
    O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O18 - Protocol: CDS300 - {AD43AA67-6860-4531-AC8A-0E68F9CF023E} - E:\CDS300\__CDS2.dll (file missing)
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\hpbpro.exe
    O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\hpboid.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
    --
    End of file - 10673 bytes


    It's a little better but somethings still not right. I did upgrade to internet explorer 7 before you started helping me. That is what someone suggested. Did i make a mistake with that?

    Thanks so much.
    Michele Johnson
     
  9. Chelejohnson1

    Chelejohnson1 Thread Starter

    Joined:
    Aug 14, 2008
    Messages:
    11
    :rolleyes:

    I had changed the privacy level on internet explorer when i was working the other day. The password thing is sold. I feel stupid.

    Michele Johnson

    How does everything else look?
     
  10. eddie5659

    eddie5659 Moderator Malware Specialist

    Joined:
    Mar 19, 2001
    Messages:
    28,770
    Okay, you still have some bad infections. As you have lowered your settings for passwords, I would be careful for the following reason:


    Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

    O4 - HKLM\..\Run: [ICQ Net] C:\WINDOWS\winlogon.exe -stealth

    Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis.

    THEN

    Please download the OTMoveIt2 by OldTimer.
    • Save it to your desktop.
    • Please double-click OTMoveIt2.exe to run it.
    • Copy the file path below to the clipboard by highlighting it and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

      Code:
      C:\WINDOWS\winlogon.exe
    • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to be Moved" window (under the light blue bar) and choose Paste.
    • Click the red Moveit! button.
    • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
    • Close OTMoveIt2
    If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

    Then

    Download Combofix from any of the links below, and save it to your desktop. For information regarding this download, please visit this webpage: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

    Link 1
    Link 2
    Link 3


    **Note: It is important that it is saved directly to your desktop**

    --------------------------------------------------------------------

    1. Close any open browsers.

    2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    --------------------------------------------------------------------

    Double click on ComboFix.exe & follow the prompts.
    • When finished, it will produce a report for you.
    • Please post the C:\ComboFix.txt for further review.


    Logs required : OTMoveit and Combofix
     
  11. Chelejohnson1

    Chelejohnson1 Thread Starter

    Joined:
    Aug 14, 2008
    Messages:
    11
    Here is the otmoveit2 response i got.

    File/Folder C:\WINDOWS\winlogon.exe not found.

    OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 08212008_182433


    Here is the combofix log:
    ComboFix 08-08-21.01 - Michele Johnson 2008-08-21 18:34:11.1 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.139 [GMT -5:00]
    Running from: C:\Documents and Settings\Michele Johnson\My Documents\ComboFix.exe
    * Created a new restore point
    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    C:\Documents and Settings\Billy Johnson\Application Data\{2CF0B992-5EEB-4143-99C0-5297EF71F444}
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\1.sdf
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\1042547.sdf
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\1066790.sdf
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\1069004.sdf
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\1181239.sdf
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\1240198.sdf
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\133187.sdf
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\1382031.sdf
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\1384083.sdf
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\1385513.sdf
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\1387335.sdf
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\1387639.sdf
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\1400989.sdf
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\1420235.sdf
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\145163.sdf
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\1874026.sdf
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\208623.sdf
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\2299547.sdf
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\2473953.sdf
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\2581501.sdf
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\2622365.sdf
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\2643193.sdf
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\2871764.sdf
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\2882090.sdf
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\2882579.sdf
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\385434.sdf
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\499863.sdf
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\515176.sdf
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\518969.sdf
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\547426.sdf
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\698191.sdf
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\737654.sdf
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\78828.sdf
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\863277.sdf
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\ASPL1.dat
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\domains.txt
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\hstat\3181.dat
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\10789
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\11213
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\11891
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\13634
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1369
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1491
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\150213
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\15024
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\15026
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\15046
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\15473
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\17025
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\18721
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\18806
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\19052
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\202699
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\20517
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\20970
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\21017
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\21170
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\21189
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\21218
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\21889
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\237613
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\23850
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\24996
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\25540
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\25810
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\26336
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\27414
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\27505
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\28049
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\29135
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\29419
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\29512
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\30237
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\30802
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\30908
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\33069
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\33384
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\34115
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\34120
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\34140
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\34174
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\34176
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\35047
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\352
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\35285
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\35941
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\36079
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\387961
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\39232
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\39333
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\40245
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\41668
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\41952
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\42194
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\43128
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\43979
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\44228
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\44293
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\44769
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\44878
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\45833
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\45837
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\47013
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\47914
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\4834
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\49512
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\49609
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\51293
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\52177
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\53062
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\54189
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\54984
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\56907
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\57973
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\58946
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\58960
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\58965
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\59243
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\61367
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\6292
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\63264
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\63930
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\64500
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\64703
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\65419
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\65502
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\6552
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\6556
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\6558
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\6562
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\6565
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\657920
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\6635
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\67226
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\67500
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\67564
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\6873
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\703336
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\70449
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\70611
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\72012
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\72072
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\72097
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\72748
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\72846
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\73415
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\73948
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\74303
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\75045
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\7518
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\7521
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\75743
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\76119
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\76125
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\7652
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\77468
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\78403
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\78600
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\78918
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\78920
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\79596
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\80201
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\80670
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\81504
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\82098
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\82106
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\82292
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\83216
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\83706
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\83733
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\84753
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\85449
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\85645
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\86258
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\86379
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\86632
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\87726
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\87733
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\87752
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\8941
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\89658
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\90163
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\90371
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\91224
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\91589
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\92886
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\93899
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\93913
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\94430
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\95645
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\95678
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\95704
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\95825
     
  12. Chelejohnson1

    Chelejohnson1 Thread Starter

    Joined:
    Aug 14, 2008
    Messages:
    11
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\9665
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\9667
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\96961
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\98248
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\99163
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\dynamic\ustat\3181.dat
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\1\business_promo.htm
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\1\components.cdf
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_2000.res
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar1.res
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar10.res
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar11.res
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar2.res
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar3.res
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar4.res
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar5.res
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar6.res
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar7.res
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar8.res
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar9.res
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_x.res
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\1\default.cdf
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_categorize.mnu
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_comparison.mnu
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_explorer-Mails.mnu
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_fastutilities.mnu
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_favorites.mnu
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_Games.mnu
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_Hide.mnu
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_hotbarcom.mnu
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_Hotmail.mnu
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_hsskin.mnu
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_new.mnu
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_premium.mnu
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_searchfor.mnu
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_searchgo.mnu
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_weather.mnu
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_yellowpages.mnu
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\1\email-t1-bg.res
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\1\hotbar_promo.htm
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\1\icons2.res
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\1\keywords.idx
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\1\keywords_idx.idx
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\1\keywords_sdf.sdf
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\1\keywords1.dat
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\1\layout.cdf
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\1\s_icons_buttons.res
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\1\t2_bg.res
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\1\top7.cdf
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\1\Top7_theweb.mnu
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\2\business_promo.htm
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\2\components.cdf
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_2000.res
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_bbar1.res
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_bbar10.res
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_bbar11.res
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_bbar2.res
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_bbar3.res
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_bbar4.res
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_bbar5.res
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_bbar6.res
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_bbar7.res
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_bbar8.res
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_bbar9.res
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_x.res
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\2\default.cdf
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_categorize.mnu
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_comparison.mnu
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_explorer-Mails.mnu
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_fastutilities.mnu
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_favorites.mnu
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_Games.mnu
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_Hide.mnu
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_hotbarcom.mnu
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_Hotmail.mnu
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_hsskin.mnu
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_new.mnu
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_premium.mnu
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_searchfor.mnu
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_searchgo.mnu
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_weather.mnu
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_yellowpages.mnu
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\2\email-t1-bg.res
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\2\hotbar_promo.htm
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\2\icons2.res
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\2\keywords.idx
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\2\keywords_idx.idx
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\2\keywords_sdf.sdf
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\2\keywords1.dat
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\2\layout.cdf
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\2\s_icons_buttons.res
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\2\t2_bg.res
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\2\top7.cdf
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\2\Top7_theweb.mnu
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_2000.xip
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar1.xip
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar10.xip
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar11.xip
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar2.xip
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar3.xip
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar4.xip
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar5.xip
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar6.xip
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar7.xip
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar8.xip
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar9.xip
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_x.xip
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\default.xip
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\email-t1-bg.xip
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\hotbar_promo.xip
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\icons2.xip
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\keywords.xip
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\keywords_idx.xip
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\keywords_sdf.xip
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\keywords1.xip
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\layout.xip
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\s_icons_buttons.xip
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\samplegroups2.txt
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\samplegroups2.xip
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\t2_bg.xip
    C:\Documents and Settings\Billy Johnson\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\top7.xip
    C:\Documents and Settings\Billy Johnson\Local Settings\Temporary Internet Files\Tvm.log
    C:\Documents and Settings\Michele Johnson\Local Settings\Temporary Internet Files\Tvm.log
    C:\Redemption.ECF
    C:\WINDOWS\system32\uninstall.exe
    .
    ((((((((((((((((((((((((( Files Created from 2008-07-21 to 2008-08-21 )))))))))))))))))))))))))))))))
    .
    2008-08-21 16:56 . 2008-08-21 16:56 <DIR> d-------- C:\_OTMoveIt
    2008-08-21 16:32 . 2008-08-21 16:32 <DIR> d-------- C:\WINDOWS\LastGood
    2008-08-19 21:42 . 2008-08-19 23:45 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak
    2008-08-19 20:51 . 2008-05-01 09:30 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll
    2008-08-19 20:50 . 2008-04-11 13:50 683,520 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
    2008-08-19 20:40 . 2008-08-19 20:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
    2008-08-19 20:39 . 2008-08-19 20:40 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
    2008-08-19 20:39 . 2008-08-19 20:39 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
    2008-08-19 20:39 . 2008-08-19 20:39 <DIR> d-------- C:\Documents and Settings\Michele Johnson\Application Data\SUPERAntiSpyware.com
    2008-08-19 20:21 . 2008-08-19 20:21 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-08-19 20:21 . 2008-08-19 20:21 <DIR> d-------- C:\Documents and Settings\Michele Johnson\Application Data\Malwarebytes
    2008-08-19 20:21 . 2008-08-19 20:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-08-19 20:21 . 2008-08-17 15:01 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
    2008-08-19 20:21 . 2008-08-17 15:01 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
    2008-08-14 17:57 . 2008-08-14 17:57 <DIR> d-------- C:\Program Files\Trend Micro
    2008-08-13 17:18 . 2008-06-23 11:57 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
    2008-08-13 17:18 . 2007-04-17 04:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
    2008-08-13 17:18 . 2007-03-08 00:10 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
    2008-08-13 17:18 . 2008-06-23 11:57 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
    2008-08-13 17:18 . 2008-06-23 11:57 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
    2008-08-13 17:18 . 2008-06-23 11:57 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
    2008-08-13 17:18 . 2008-06-23 11:57 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
    2008-08-13 17:18 . 2008-06-23 11:57 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
    2008-08-13 17:18 . 2008-06-23 04:20 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
    2008-08-10 17:28 . 2008-08-10 17:58 <DIR> d-------- C:\Program Files\RegistryFix7
    2008-07-28 00:58 . 2008-07-28 00:58 <DIR> d-------- C:\Program Files\MSXML 4.0
    2008-07-27 20:33 . 2008-06-13 08:10 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
    2008-07-27 20:33 . 2008-05-08 07:28 202,752 -----c--- C:\WINDOWS\system32\dllcache\rmcast.sys
    2008-07-27 20:29 . 2008-07-18 22:10 33,992 --a------ C:\WINDOWS\system32\wucltui.dll.mui
    2008-07-27 20:29 . 2008-07-18 22:09 25,800 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
    2008-07-27 20:29 . 2008-07-18 22:09 25,800 --a------ C:\WINDOWS\system32\wuapi.dll.mui
    2008-07-27 20:29 . 2008-07-18 22:08 20,680 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-08-20 02:02 --------- d-----w C:\Program Files\SEP
    2008-08-20 02:02 --------- d-----w C:\Program Files\eSyndicate
    2008-07-27 21:31 --------- d-----w C:\Program Files\BigFix
    2008-07-27 20:37 --------- d-----w C:\Program Files\Common Files\midaddle
    2008-07-19 03:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
    2008-07-19 03:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
    2008-07-19 03:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
    2008-07-19 03:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
    2008-07-19 03:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
    2008-07-19 03:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
    2008-07-16 03:20 --------- d-----w C:\Documents and Settings\Michele Johnson\Application Data\AdobeUM
    2008-07-07 20:32 253,952 ----a-w C:\WINDOWS\system32\es.dll
    2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
    2008-06-23 16:57 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
    2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
    2005-02-12 20:27 28 ----a-w C:\Documents and Settings\Billy Johnson\Application Data\tvmcwrd.dll
    2005-02-11 04:31 34 ----a-w C:\Documents and Settings\Michele Johnson\Application Data\tvmcwrd.dll
    2006-03-31 22:03 475 --sh--w C:\WINDOWS\system32\jzuz.dll
    2005-01-11 14:13 401,408 --sh--r C:\WINDOWS\system32\?hkdsk.exe
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24 1694208]
    "MoneyAgent"="C:\Program Files\Microsoft Money\System\mnyexpr.exe" [2003-06-18 15:00 200704]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56 15360]
    "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 10:33 1506544]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2003-11-10 13:30 70816]
    "Sunkisk2k"="C:\Program Files\Multimedia Card Reader\shwicon2k.exe" [2004-01-17 19:53 135168]
    "RoxioEngineUtility"="C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe" [2003-05-01 21:44 65536]
    "RoxioDragToDisc"="C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" [2004-01-09 19:01 868352]
    "RoxioAudioCentral"="C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe" [2003-07-15 15:38 319488]
    "SunKistEM"="C:\Program Files\eMachines Bay Reader\shwiconem.exe" [2004-03-11 18:18 135168]
    "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2004-07-29 13:27 180269]
    "ViewMgr"="C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe" [2004-11-12 12:24 106557]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe" [2005-03-04 03:36 36975]
    "HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe" [2004-04-06 05:28 172032]
    "HPHUPD06"="C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-06 23:53 49152]
    "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2004-02-12 13:38 49152]
    "HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 15:18 241664]
    "HPHmon06"="C:\WINDOWS\system32\hphmon06.exe" [2004-06-06 23:42 659456]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2005-10-18 11:58 278528]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-10-20 23:17 155648]
    "CHotkey"="zHotkey.exe" [2003-06-03 14:01 496640 C:\WINDOWS\zHotkey.exe]
    C:\Documents and Settings\Michele Johnson\Start Menu\Programs\Startup\
    LifeDriveT Manager.lnk - C:\Program Files\palmOne\LifeDriveMgrTray.exe [2005-04-21 17:05:06 86016]
    MyWebSearch Email Plugin.lnk - C:\Avenger\MWSOEMON.EXE [2004-06-14 21:03:32 28672]
    palmOne Registration.lnk - C:\Program Files\palmOne\register.exe [2005-04-21 19:44:32 2355200]
    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06 29696]
    BigFix.lnk - C:\Program Files\BigFix\BigFix.exe [2004-03-02 03:35:34 1742384]
    HotSync Manager.lnk - C:\Program Files\palmOne\Hotsync.exe [2004-06-09 15:16:08 471040]
    HP Digital Imaging Monitor.lnk - C:\Program Files\HP\digital imaging\bin\hpqtra08.exe [2004-05-28 22:31:38 241664]
    HP Image Zone Fast Start.lnk - C:\Program Files\HP\digital imaging\bin\hpqthb08.exe [2004-05-28 23:06:36 53248]
    MyWebSearch Email Plugin.lnk - C:\Avenger\MWSOEMON.EXE [2004-06-14 21:03:32 28672]
    WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2004-09-04 22:12:38 118784]
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll
    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\iTunes\\iTunes.exe"=
    "C:\\Program Files\\palmOne\\Hotsync.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    S3 faeda803-a173-4004-aa1d-85c3a0855a7e;faeda803-a173-4004-aa1d-85c3a0855a7e;D:\CDS300\cds300.dll []
    S3 SunkFilt92;Alcor Micro Corp - 9362;C:\WINDOWS\System32\Drivers\sunkfilt92.sys []
    *Newly Created Service* - CATCHME
    *Newly Created Service* - PROCEXP90
    .
    Contents of the 'Scheduled Tasks' folder
    2008-08-21 C:\WINDOWS\Tasks\HP Usg Daily FY04.job
    - C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\pexpress\hphped06.exe [2004-06-06 23:53]
    2008-01-19 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer.job
    - C:\PROGRA~1\NORTON~1\Navw32.exe [2003-12-04 18:22]
    2004-06-09 C:\WINDOWS\Tasks\Symantec NetDetect.job
    - C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE [2003-06-18 20:17]
    .
    - - - - ORPHANS REMOVED - - - -
    BHO-{0C3EBCE2-0E53-04FB-2C85-2287E8F4E9BE} - C:\WINDOWS\System32\llk.dll
    WebBrowser-{F3DF2532-A2CC-48D8-8643-A033AE4FC313} - (no file)
    HKCU-Run-updateMgr - C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
    HKCU-Run-H0s2RRN6V - wsh3dmod.exe
    HKLM-Run-xzyzjvp - C:\WINDOWS\System32\ozhpqga.exe
    HKLM-Run-2N85L533MR#GJT - C:\WINDOWS\System32\UflSN7p.exe
    HKLM-Run-zgzqj - C:\WINDOWS\zgzqj.exe
    HKLM-Run-R4pKEFsI - C:\documents and settings\michele johnson\local settings\temp\R4pKEFsI.exe
    HKLM-Run-NTCACHEF - C:\WINDOWS\System32\NTCACHEF.exe
    HKLM-Run-033S35h - wupcp.exe

    .
    ------- Supplementary Scan -------
    .
    R0 -: HKCU-Main,Start Page = hxxp://www.comcast.net
    R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
    R1 -: HKCU-Internet Connection Wizard,ShellNext = hxxp://www.emachines.com/
    O8 -: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZRxdm070
    O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O18 -: Handler: CDS300 - {AD43AA67-6860-4531-AC8A-0E68F9CF023E} -
    .
    **************************************************************************
    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-08-21 18:41:52
    Windows 5.1.2600 Service Pack 2 NTFS
    scanning hidden processes ...
    scanning hidden autostart entries ...
    scanning hidden files ...
    scan completed successfully
    hidden files: 0
    **************************************************************************
    .
    Completion time: 2008-08-21 18:47:00
    ComboFix-quarantined-files.txt 2008-08-21 23:46:55
    Pre-Run: 107,290,640,384 bytes free
    Post-Run: 107,994,001,408 bytes free
    488 --- E O F --- 2008-08-21 06:30:07
     
  13. Chelejohnson1

    Chelejohnson1 Thread Starter

    Joined:
    Aug 14, 2008
    Messages:
    11
    new hijackthis:
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 6:49:36 PM, on 8/21/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16705)
    Boot mode: Normal
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\zHotkey.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Multimedia Card Reader\shwicon2k.exe
    C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
    C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
    C:\Program Files\BigFix\BigFix.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\palmOne\Hotsync.exe
    C:\Avenger\MWSOEMON.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\WINDOWS\wanmpsvc.exe
    C:\Program Files\palmOne\LifeDriveMgrTray.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\palmOne\PalmOneLiveConnect.exe
    C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton AntiVirus\SAVScan.exe
    C:\WINDOWS\system32\CF19974.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.emachines.com/
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
    O2 - BHO: CCHelper Class - {0CF0B8EE-6596-11D5-A98E-0003470BB48E} - C:\Program Files\Panicware\Pop-Up Stopper Companion\CCHelper.dll
    O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Pop-Up Stopper &Companion - {8F05B1A8-9D77-4B8F-AF54-6B2202066F95} - C:\Program Files\Panicware\Pop-Up Stopper Companion\popupus.dll
    O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Sunkisk2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
    O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
    O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
    O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
    O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\eMachines Bay Reader\shwiconem.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
    O4 - HKLM\..\Run: [HPHUPD06] C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - Startup: LifeDrive™ Manager.lnk = C:\Program Files\palmOne\LifeDriveMgrTray.exe
    O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Avenger\MWSOEMON.EXE
    O4 - Startup: palmOne Registration.lnk = C:\Program Files\palmOne\register.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
    O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\digital imaging\bin\hpqtra08.exe
    O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\digital imaging\bin\hpqthb08.exe
    O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Avenger\MWSOEMON.EXE
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZRxdm070
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
    O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
    O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O18 - Protocol: CDS300 - {AD43AA67-6860-4531-AC8A-0E68F9CF023E} - E:\CDS300\__CDS2.dll (file missing)
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\hpbpro.exe
    O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\hpboid.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
    --
    End of file - 9449 bytes



    Michele johnson
     
  14. eddie5659

    eddie5659 Moderator Malware Specialist

    Joined:
    Mar 19, 2001
    Messages:
    28,770
    That's looking a lot better, but still some stuff to remove still.

    First of all, there is a file that I want checked out, as it helps us find new malware :)

    Please go to UploadMalware to upload a suspicious file for analysis.
    • Enter your username from this forum
    • Copy and paste the link to this thread
    • Browse for this filename: C:\WINDOWS\system32\jzuz.dll
    • In the comments, please mention that I asked you to upload this file
    • Click on Send File

    Let me know when its been uploaded.

    In the meantime, do this:

    Re-open HiJackThis and choose do a system scan only. Check the boxes of all the entries listed below.

    O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
    O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
    O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZRxdm070


    Now close all windows other than HiJackThis, then click Fix Checked. Reboot into safe mode.

    Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

    Please remove this entry from Add/Remove Programs in the Control Panel(if present):

    MyWebSearch

    Please delete this folder using Windows Explorer(if present):

    C:\Program Files\MyWebSearch\

    Reboot to Windows, and post a fresh Hijack Log
     
  15. Chelejohnson1

    Chelejohnson1 Thread Starter

    Joined:
    Aug 14, 2008
    Messages:
    11
    The file was sent.
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/740164