1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

continual restarting and explorer popup

Discussion in 'Virus & Other Malware Removal' started by Scottp7, Jan 23, 2006.

Thread Status:
Not open for further replies.
Advertisement
  1. Scottp7

    Scottp7 Thread Starter

    Joined:
    Apr 28, 2004
    Messages:
    20
    I was helped on this site about a year ago or longer and i'm hoping you can again. I use netscape and keep getting pop ups from Explorer. I run adaware and spybot search and pick up nothing. When I try to run a Norton scan the computer keeps rebooting before it can finish.

    I can surf and do everything on the computer pretty much normal, but even then the computer wil just reboot pretty frequently. The problem seems to be getting worse!!

    Can you help?

    Thanks

    Scott
     
  2. 2PInZ

    2PInZ

    Joined:
    May 22, 2005
    Messages:
    91
    hey you should download and post a Hijack This log. I found better instructions from a different thread, so here they are on how to do that.

    Hijack This is a simple program that takes a good look into your computer then creates a log of files, ec. and will let the folks here see if there is something that is causing problems on your computer... like the one's you've described. They are very qualified here and will advise you on how to clean it up after they've examined your log.

    Click here to download HJTsetup.exe: http://www.thespykiller.co.uk/files/HJTSetup.exe
    Save HJTsetup.exe to your desktop.

    Double click on the HJTsetup.exe icon on your desktop.
    By default it will install to C:\Program Files\Hijack This.
    Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
    Put a check by Create a desktop icon then click Next again.
    Continue to follow the rest of the prompts from there.
    At the final dialogue box click Finish and it will launch Hijack This.
    Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
    Click Save to save the log file and then the log will open in notepad.
    Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
    Come back here to this thread and Paste the log in your next reply.
    DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
     
  3. Scottp7

    Scottp7 Thread Starter

    Joined:
    Apr 28, 2004
    Messages:
    20
    Thanks, I ran Hijack and here is what I get if anyone can hlp it wold be aprreciated. My popups appear mostly when I first start nescape. Yet I still can't run a full scan as it reboots everyitme I try.



    Logfile of HijackThis v1.97.7
    Scan saved at 5:02:48 PM, on 23/01/2006
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Updater.exe
    C:\Program Files\Ahead\InCD\InCD.exe
    C:\WINDOWS\System32\devldr32.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\PopupDummy!\PopupDummy! 2.5.EXE
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\RioMSC.exe
    C:\Program Files\Norton AntiVirus\SAVScan.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\Norton AntiVirus\OPScan.exe
    C:\Program Files\Netscape\Netscape\Netscp.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Documents and Settings\Scott\My Documents\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.web--search.com/to.php?ID1=0001&ID2=0001&ID3=00010001&ID4=0&ID5=0000000001
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.seekerbar.com/ie.aspx?tb_id=50154
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.seekerbar.com/ie.aspx?tb_id=50154
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
    R3 - Default URLSearchHook is missing
    N1 - Netscape 4: user_pref("browser.startup.homepage", "http://www.canada.com/vancouver/"); (C:\Program Files\Netscape\Users\ebonvan\prefs.js)
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-86BD-FD60BB9AAE3A} - C:\PROGRA~1\BFGTOO~1\BFGTOO~1.DLL
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll (file missing)
    O2 - BHO: (no name) - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
    O2 - BHO: (no name) - {962F12AE-2773-4BEB-99EA-B5C3AB9A6606} - C:\WINDOWS\System32\DSMANA~1.DLL (file missing)
    O2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-ca\msntb.dll
    O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: (no name) - {339BB23F-A864-48C0-A59F-29EA915965EC} - (no file)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: (no name) - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - (no file)
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O3 - Toolbar: BFGTOOLBAR - {4E7BD74F-2B8D-469E-86BD-FD60BB9AAE3A} - C:\PROGRA~1\BFGTOO~1\BFGTOO~1.DLL
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-ca\msntb.dll
    O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
    O3 - Toolbar: YourSiteBar - {86227D9C-0EFE-4f8a-AA55-30386A3F5686} - C:\Program Files\YourSiteBar\ysb.dll (file missing)
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
    O4 - HKLM\..\Run: [iRiver Updater] \Updater.exe
    O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [X6FMC6U] C:\WINDOWS\pheydpm.exe
    O4 - HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - Startup: PopupDummy!.lnk = C:\Program Files\PopupDummy!\PopupDummy! 2.5.EXE
    O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
    O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
    O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
    O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
    O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
    O9 - Extra button: Research (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Messenger (HKLM)
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
    O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
    O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab
     
  4. Flrman1

    Flrman1

    Joined:
    Jul 26, 2002
    Messages:
    46,329
    You are using an old version of Hijack This. Get rid of the old one then do the following please:


    * Click here to download HJTsetup.exe
    • Save HJTsetup.exe to your desktop.
    • Doubleclick on the HJTsetup.exe icon on your desktop.
    • By default it will install to C:\Program Files\Hijack This.
    • Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
    • Put a check by Create a desktop icon then click Next again.
    • Continue to follow the rest of the prompts from there.
    • At the final dialogue box click Finish and it will launch Hijack This.
    • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
    • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
    • Come back here to this thread and Paste the log in your next reply.
    • DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
     
  5. Scottp7

    Scottp7 Thread Starter

    Joined:
    Apr 28, 2004
    Messages:
    20
    Hey Flrman,

    Good to hear from you! I have done as requested and here is the post.

    Thanks for getting back to me.

    Logfile of HijackThis v1.99.1
    Scan saved at 6:05:33 PM, on 24/01/2006
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\RioMSC.exe
    C:\Program Files\Norton AntiVirus\SAVScan.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Updater.exe
    C:\Program Files\Ahead\InCD\InCD.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\WINDOWS\System32\devldr32.exe
    C:\Program Files\PopupDummy!\PopupDummy! 2.5.EXE
    C:\WINDOWS\system32\winlogon.exe
    C:\Program Files\Netscape\Netscape\Netscp.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.web--search.com/to.php?ID1=0001&ID2=0001&ID3=00010001&ID4=0&ID5=0000000001
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.seekerbar.com/ie.aspx?tb_id=50154
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.seekerbar.com/ie.aspx?tb_id=50154
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
    R3 - Default URLSearchHook is missing
    N1 - Netscape 4: user_pref("browser.startup.homepage", "http://www.canada.com/vancouver/"); (C:\Program Files\Netscape\Users\ebonvan\prefs.js)
    O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: BFGTOOLBAR - {4E7BD74F-2B8D-469E-86BD-FD60BB9AAE3A} - C:\PROGRA~1\BFGTOO~1\BFGTOO~1.DLL
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll (file missing)
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
    O2 - BHO: Explorer Class - {962F12AE-2773-4BEB-99EA-B5C3AB9A6606} - C:\WINDOWS\System32\DSMANA~1.DLL (file missing)
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-ca\msntb.dll
    O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: (no name) - {339BB23F-A864-48C0-A59F-29EA915965EC} - (no file)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: (no name) - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - (no file)
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O3 - Toolbar: BFGTOOLBAR - {4E7BD74F-2B8D-469E-86BD-FD60BB9AAE3A} - C:\PROGRA~1\BFGTOO~1\BFGTOO~1.DLL
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-ca\msntb.dll
    O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
    O3 - Toolbar: YourSiteBar - {86227D9C-0EFE-4f8a-AA55-30386A3F5686} - C:\Program Files\YourSiteBar\ysb.dll (file missing)
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
    O4 - HKLM\..\Run: [iRiver Updater] \Updater.exe
    O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [X6FMC6U] C:\WINDOWS\pheydpm.exe
    O4 - HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - Startup: PopupDummy!.lnk = C:\Program Files\PopupDummy!\PopupDummy! 2.5.EXE
    O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
    O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
    O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
    O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
    O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
    O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Rio MSC Manager (RioMSC) - Digital Networks North America, Inc. - C:\WINDOWS\System32\RioMSC.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    O23 - Service: WebSeach Toolbar support NT service (TBPSSvc) - Unknown owner - C:\PROGRA~1\Toolbar\TBPSSvc.exe (file missing)
     
  6. Flrman1

    Flrman1

    Joined:
    Jul 26, 2002
    Messages:
    46,329
    *Download Cleanup from here
    • Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
    • Click the Options... button on the right.
    • Move the arrow down to "Custom CleanUp!"
    • Put a check next to the following (Make sure nothing else is checked!):
      • Empty Recycle Bins
      • Delete Cookies
      • Cleanup! All Users
      Click OK
    • DO NOT RUN IT YET


    * Download the trial version of Ewido Security Suite here.
    • Install ewido.
    • During the installation, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
    • Launch ewido
    • It will prompt you to update click the OK button and it will go to the main screen
    • On the left side of the main screen click update
    • Click on Start and let it update.
    • DO NOT run a scan yet. You will do that later in safe mode.

    * Click here for info on how to boot to safe mode if you don't already know how.


    * Now copy these instructions to notepad and save them to your desktop. You will need them to refer to in safe mode.


    * Restart your computer into safe mode now. Perform the following steps in safe mode:


    * Run Ewido:
    • Click on scanner
    • Click Complete System Scan and the scan will begin.
    • During the scan it will prompt you to clean files, click OK
    • When the scan is finished, look at the bottom of the screen and click the Save report button.
    • Save the report to your desktop



    * Run Cleanup:
    • Click on the "Cleanup" button and let it run.
    • Once its done, close the program.


    * Go to Control Panel > Internet Options. Click on the Programs tab then click the "Reset Web Settings" button. Click Apply then OK.


    * Restart back into Windows normally now.


    * Come back here and post a new HijackThis log, as well as the log from the Ewido scan.
     
  7. Scottp7

    Scottp7 Thread Starter

    Joined:
    Apr 28, 2004
    Messages:
    20
    Hey Flrman,

    Here is the new Hjack log:

    Logfile of HijackThis v1.99.1
    Scan saved at 8:02:09 PM, on 24/01/2006
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\RioMSC.exe
    C:\Program Files\Norton AntiVirus\SAVScan.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\devldr32.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Updater.exe
    C:\Program Files\Ahead\InCD\InCD.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
    C:\Program Files\PopupDummy!\PopupDummy! 2.5.EXE
    C:\WINDOWS\System32\wuauclt.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.seekerbar.com/ie.aspx?tb_id=50154
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
    R3 - Default URLSearchHook is missing
    N1 - Netscape 4: user_pref("browser.startup.homepage", "http://www.canada.com/vancouver/"); (C:\Program Files\Netscape\Users\ebonvan\prefs.js)
    O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: BFGTOOLBAR - {4E7BD74F-2B8D-469E-86BD-FD60BB9AAE3A} - C:\PROGRA~1\BFGTOO~1\BFGTOO~1.DLL
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
    O2 - BHO: Explorer Class - {962F12AE-2773-4BEB-99EA-B5C3AB9A6606} - C:\WINDOWS\System32\DSMANA~1.DLL (file missing)
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-ca\msntb.dll
    O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: (no name) - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - (no file)
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O3 - Toolbar: BFGTOOLBAR - {4E7BD74F-2B8D-469E-86BD-FD60BB9AAE3A} - C:\PROGRA~1\BFGTOO~1\BFGTOO~1.DLL
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-ca\msntb.dll
    O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
    O4 - HKLM\..\Run: [iRiver Updater] \Updater.exe
    O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [X6FMC6U] C:\WINDOWS\pheydpm.exe
    O4 - HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - Startup: PopupDummy!.lnk = C:\Program Files\PopupDummy!\PopupDummy! 2.5.EXE
    O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
    O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
    O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
    O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
    O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
    O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Rio MSC Manager (RioMSC) - Digital Networks North America, Inc. - C:\WINDOWS\System32\RioMSC.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe



    ::Report End

    I will have to post the Ewido log as it says posting the two together is too long
     
  8. Scottp7

    Scottp7 Thread Starter

    Joined:
    Apr 28, 2004
    Messages:
    20
    Here is the Ewido log

    thanks

    And here is the Ewido log:

    ---------------------------------------------------------
    ewido anti-malware - Scan report
    ---------------------------------------------------------

    + Created on: 7:50:58 PM, 24/01/2006
    + Report-Checksum: 66CEBA6B

    + Scan result:

    HKLM\SOFTWARE\Classes\AppID\adm.EXE -> Spyware.Altnet : Cleaned with backup
    HKLM\SOFTWARE\Classes\AppID\Altnet Signing Module.EXE -> Spyware.Altnet : Cleaned with backup
    HKLM\SOFTWARE\Classes\CLSID\{69357D4E-BF4D-4651-91E9-52ECD45A0128} -> Spyware.IBIS : Cleaned with backup
    HKLM\SOFTWARE\Classes\CLSID\{6E21F428-5617-47F7-AED8-B2E1D8FBA711} -> Spyware.IBIS : Cleaned with backup
    HKLM\SOFTWARE\Classes\CLSID\{708BE496-E202-497B-BC31-9CF47E3BF8D6} -> Spyware.IBIS : Cleaned with backup
    HKLM\SOFTWARE\Classes\CLSID\{86227D9C-0EFE-4f8a-AA55-30386A3F5686} -> Spyware.YourSiteBar : Cleaned with backup
    HKLM\SOFTWARE\Classes\CLSID\{87067F04-DE4C-4688-BC3C-4FCF39D609E7} -> Spyware.WebSearch : Cleaned with backup
    HKLM\SOFTWARE\Classes\CLSID\{87766247-311C-43B4-8499-3D5FEC94A183} -> Spyware.HuntBar : Cleaned with backup
    HKLM\SOFTWARE\Classes\CLSID\{A8DEB4A5-D9EF-4D21-B4F6-921475004E7D} -> Spyware.IBIS : Cleaned with backup
    HKLM\SOFTWARE\Classes\CLSID\{BBF122A7-8A4D-45B5-9E00-0F68BC87C904} -> Spyware.IBIS : Cleaned with backup
    HKLM\SOFTWARE\Classes\CLSID\{CAE0999F-78C5-49DC-9F30-13142AAAABA4} -> Spyware.IBIS : Cleaned with backup
    HKLM\SOFTWARE\Classes\Common.Buttons -> Spyware.WebSearch : Cleaned with backup
    HKLM\SOFTWARE\Classes\Common.Buttons\Clsid -> Spyware.WebSearch : Cleaned with backup
    HKLM\SOFTWARE\Classes\Interface\{03B800F9-2536-4441-8CDA-2A3E6D15B4F8} -> Spyware.YourSiteBar : Cleaned with backup
    HKLM\SOFTWARE\Classes\Interface\{234F09FB-FE89-4C6D-9203-31832FC051C3} -> Spyware.IBIS : Cleaned with backup
    HKLM\SOFTWARE\Classes\Interface\{365B9A54-E613-46E5-9DB1-4F91A9DE80BD} -> Spyware.IBIS : Cleaned with backup
    HKLM\SOFTWARE\Classes\Interface\{4438A5DC-E00B-41A0-B0E6-B63FD3B86EEE} -> Spyware.NetworkEssentials : Cleaned with backup
    HKLM\SOFTWARE\Classes\Interface\{66C22569-F05C-4A70-A142-763B337E1002} -> Spyware.IBIS : Cleaned with backup
    HKLM\SOFTWARE\Classes\Interface\{7B8BD940-B1EF-460C-85A2-9ACAAF7F9303} -> Spyware.IBIS : Cleaned with backup
    HKLM\SOFTWARE\Classes\Interface\{99AA88D1-D9D3-410A-BE9E-044F94C183DA} -> Spyware.IBIS : Cleaned with backup
    HKLM\SOFTWARE\Classes\Interface\{AA4939C3-DECA-4A48-A454-97CD587C0EF5} -> Spyware.ISTBar : Cleaned with backup
    HKLM\SOFTWARE\Classes\Interface\{DFBCC1EB-B149-487E-80C1-CC1562021542} -> Spyware.YourSiteBar : Cleaned with backup
    HKLM\SOFTWARE\Classes\Interface\{EEE4A2E5-9F56-432F-A6ED-F6F625B551E0} -> Dialer.Generic : Cleaned with backup
    HKLM\SOFTWARE\Classes\Interface\{F273D4EA-2025-4410-8408-251A0CD46BE7} -> Spyware.IBIS : Cleaned with backup
    HKLM\SOFTWARE\Classes\MP.MediaPops -> Spyware.NetworkEssentials : Cleaned with backup
    HKLM\SOFTWARE\Classes\MP.MediaPops\CLSID -> Spyware.NetworkEssentials : Cleaned with backup
    HKLM\SOFTWARE\Classes\MP.MediaPops\CurVer -> Spyware.NetworkEssentials : Cleaned with backup
    HKLM\SOFTWARE\Classes\MP.MediaPops.1 -> Spyware.NetworkEssentials : Cleaned with backup
    HKLM\SOFTWARE\Classes\PROTOCOLS\Name-Space Handler\res -> Spyware.WebSearch : Cleaned with backup
    HKLM\SOFTWARE\Classes\PROTOCOLS\Name-Space Handler\res\WToolsB.ResProtocol -> Spyware.WebSearch : Cleaned with backup
    HKLM\SOFTWARE\Classes\TBPS.PluginConfig -> Spyware.WebSearch : Cleaned with backup
    HKLM\SOFTWARE\Classes\TBPS.PluginConfig\Clsid -> Spyware.WebSearch : Cleaned with backup
    HKLM\SOFTWARE\Classes\TBPS.PluginEvents -> Spyware.WebSearch : Cleaned with backup
    HKLM\SOFTWARE\Classes\TBPS.PluginEvents\Clsid -> Spyware.WebSearch : Cleaned with backup
    HKLM\SOFTWARE\Classes\TBPS.PluginServer -> Spyware.WebSearch : Cleaned with backup
    HKLM\SOFTWARE\Classes\TBPS.PluginServer\Clsid -> Spyware.WebSearch : Cleaned with backup
    HKLM\SOFTWARE\Classes\TBPS.ToolbarScript -> Spyware.WebSearch : Cleaned with backup
    HKLM\SOFTWARE\Classes\TBPS.ToolbarScript\Clsid -> Spyware.WebSearch : Cleaned with backup
    HKLM\SOFTWARE\Classes\TypeLib\{37AC49E3-E906-4BD8-AE83-D0F7FB48FD17} -> Spyware.IBIS : Cleaned with backup
    HKLM\SOFTWARE\Classes\TypeLib\{4767C447-EF15-42F2-8809-68ADB7FA76F1} -> Spyware.NetworkEssentials : Cleaned with backup
    HKLM\SOFTWARE\Classes\TypeLib\{4EE12B71-AA5E-45EC-8666-2DB3AD3FDF44} -> Spyware.YourSiteBar : Cleaned with backup
    HKLM\SOFTWARE\Classes\TypeLib\{B23B3ADD-84B1-414A-92B9-0CABE5A781F4} -> Spyware.IBIS : Cleaned with backup
    HKLM\SOFTWARE\Classes\WToolsB.ResProtocol -> Spyware.WebSearch : Cleaned with backup
    HKLM\SOFTWARE\Classes\WToolsB.ResProtocol\Clsid -> Spyware.WebSearch : Cleaned with backup
    HKLM\SOFTWARE\Classes\Ysb.YsbObj -> Spyware.YourSiteBar : Cleaned with backup
    HKLM\SOFTWARE\Classes\Ysb.YsbObj\CLSID -> Spyware.YourSiteBar : Cleaned with backup
    HKLM\SOFTWARE\Classes\Ysb.YsbObj\CurVer -> Spyware.YourSiteBar : Cleaned with backup
    HKLM\SOFTWARE\Classes\Ysb.YsbObj.1 -> Spyware.YourSiteBar : Cleaned with backup
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{339BB23F-A864-48C0-A59F-29EA915965EC} -> Spyware.HuntBar : Cleaned with backup
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{86227D9C-0EFE-4f8a-AA55-30386A3F5686} -> Spyware.YourSiteBar : Cleaned with backup
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{87766247-311C-43B4-8499-3D5FEC94A183} -> Spyware.HuntBar : Cleaned with backup
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\AMeOpt -> Spyware.InternetOptimizer : Cleaned with backup
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Kapabout -> Spyware.InternetOptimizer : Cleaned with backup
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MediaLoads Enhanced -> Spyware.Downloadware : Cleaned with backup
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SBSoft -> Spyware.CoolWebSearch : Cleaned with backup
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\YourSiteBar -> Spyware.ISTBar : Cleaned with backup
    HKLM\SOFTWARE\PerfectNav -> Spyware.KeenValue : Cleaned with backup
    HKLM\SOFTWARE\PerfectNav\BHO -> Spyware.KeenValue : Cleaned with backup
    HKLM\SOFTWARE\PerfectNav\BHO\HomePage -> Spyware.KeenValue : Cleaned with backup
    HKLM\SOFTWARE\PerfectNav\BHO\RedirectURLS -> Spyware.KeenValue : Cleaned with backup
    HKLM\SOFTWARE\YourSiteBar -> Spyware.ISTBar : Cleaned with backup
    HKLM\SOFTWARE\YourSiteBar\Historyfiles -> Spyware.ISTBar : Cleaned with backup
    HKLM\SOFTWARE\YourSiteBar\Historystring -> Spyware.ISTBar : Cleaned with backup
    HKLM\SYSTEM\CurrentControlSet\Services\TBPSSvc -> Spyware.WebSearch : Cleaned with backup
    HKLM\SYSTEM\CurrentControlSet\Services\TBPSSvc\Security -> Spyware.WebSearch : Cleaned with backup
    HKLM\SYSTEM\CurrentControlSet\Services\TBPSSvc\Enum -> Spyware.WebSearch : Cleaned with backup
    HKU\S-1-5-21-776561741-884357618-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Policies\AMeOpt -> Spyware.InternetOptimizer : Cleaned with backup
    HKU\S-1-5-21-776561741-884357618-725345543-1003\Software\SerG -> Spyware.EZ-Finder : Cleaned with backup
    HKU\S-1-5-21-776561741-884357618-725345543-1003\Software\SerG\SearchBar -> Spyware.EZ-Finder : Cleaned with backup
    HKU\S-1-5-21-776561741-884357618-725345543-1003\Software\WinTools -> Spyware.WebSearch : Cleaned with backup
    HKU\S-1-5-21-776561741-884357618-725345543-1003\Software\WinTools\URLSearchHooks -> Spyware.WebSearch : Cleaned with backup
    C:\data -> Downloader.IstBar.nh : Cleaned with backup
    :mozilla.7:C:\Documents and Settings\Angela\Application Data\Mozilla\Profiles\ebonvan\hvvyv7aj.slt\Cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
    :mozilla.8:C:\Documents and Settings\Angela\Application Data\Mozilla\Profiles\ebonvan\hvvyv7aj.slt\Cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
    :mozilla.9:C:\Documents and Settings\Angela\Application Data\Mozilla\Profiles\ebonvan\hvvyv7aj.slt\Cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
    :mozilla.11:C:\Documents and Settings\Angela\Application Data\Mozilla\Profiles\ebonvan\hvvyv7aj.slt\Cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
    :mozilla.16:C:\Documents and Settings\Angela\Application Data\Mozilla\Profiles\ebonvan\hvvyv7aj.slt\Cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
    :mozilla.34:C:\Documents and Settings\Angela\Application Data\Mozilla\Profiles\ebonvan\hvvyv7aj.slt\Cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
    :mozilla.50:C:\Documents and Settings\Angela\Application Data\Mozilla\Profiles\ebonvan\hvvyv7aj.slt\Cookies.txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
    C:\Documents and Settings\Angela\Cookies\[email protected][1].txt -> Spyware.Cookie.Euroclick : Cleaned with backup
    C:\Documents and Settings\Angela\Cookies\[email protected][1].txt -> Spyware.Cookie.Pointroll : Cleaned with backup
    C:\Documents and Settings\Angela\Cookies\[email protected][1].txt -> Spyware.Cookie.Com : Cleaned with backup
    C:\Documents and Settings\Angela\Cookies\[email protected][2].txt -> Spyware.Cookie.Com : Cleaned with backup
    C:\Documents and Settings\Angela\Cookies\[email protected][2].txt -> Spyware.Cookie.Liveperson : Cleaned with backup
    C:\Documents and Settings\Angela\Cookies\[email protected][2].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
    :mozilla.7:C:\Documents and Settings\Scott\Application Data\Mozilla\Profiles\locinvan\g5rr3xsp.slt\Cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
    :mozilla.9:C:\Documents and Settings\Scott\Application Data\Mozilla\Profiles\locinvan\g5rr3xsp.slt\Cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
    :mozilla.31:C:\Documents and Settings\Scott\Application Data\Mozilla\Profiles\locinvan\g5rr3xsp.slt\Cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
    :mozilla.41:C:\Documents and Settings\Scott\Application Data\Mozilla\Profiles\locinvan\g5rr3xsp.slt\Cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
    :mozilla.42:C:\Documents and Settings\Scott\Application Data\Mozilla\Profiles\locinvan\g5rr3xsp.slt\Cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
    :mozilla.43:C:\Documents and Settings\Scott\Application Data\Mozilla\Profiles\locinvan\g5rr3xsp.slt\Cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
    :mozilla.44:C:\Documents and Settings\Scott\Application Data\Mozilla\Profiles\locinvan\g5rr3xsp.slt\Cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
    :mozilla.45:C:\Documents and Settings\Scott\Application Data\Mozilla\Profiles\locinvan\g5rr3xsp.slt\Cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
    :mozilla.46:C:\Documents and Settings\Scott\Application Data\Mozilla\Profiles\locinvan\g5rr3xsp.slt\Cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
    :mozilla.47:C:\Documents and Settings\Scott\Application Data\Mozilla\Profiles\locinvan\g5rr3xsp.slt\Cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
    :mozilla.48:C:\Documents and Settings\Scott\Application Data\Mozilla\Profiles\locinvan\g5rr3xsp.slt\Cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
    :mozilla.49:C:\Documents and Settings\Scott\Application Data\Mozilla\Profiles\locinvan\g5rr3xsp.slt\Cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
    :mozilla.50:C:\Documents and Settings\Scott\Application Data\Mozilla\Profiles\locinvan\g5rr3xsp.slt\Cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
    :mozilla.51:C:\Documents and Settings\Scott\Application Data\Mozilla\Profiles\locinvan\g5rr3xsp.slt\Cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
    :mozilla.53:C:\Documents and Settings\Scott\Application Data\Mozilla\Profiles\locinvan\g5rr3xsp.slt\Cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
    :mozilla.54:C:\Documents and Settings\Scott\Application Data\Mozilla\Profiles\locinvan\g5rr3xsp.slt\Cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
    :mozilla.55:C:\Documents and Settings\Scott\Application Data\Mozilla\Profiles\locinvan\g5rr3xsp.slt\Cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
    :mozilla.56:C:\Documents and Settings\Scott\Application Data\Mozilla\Profiles\locinvan\g5rr3xsp.slt\Cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
    :mozilla.57:C:\Documents and Settings\Scott\Application Data\Mozilla\Profiles\locinvan\g5rr3xsp.slt\Cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
    :mozilla.59:C:\Documents and Settings\Scott\Application Data\Mozilla\Profiles\locinvan\g5rr3xsp.slt\Cookies.txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
    :mozilla.65:C:\Documents and Settings\Scott\Application Data\Mozilla\Profiles\locinvan\g5rr3xsp.slt\Cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
    :mozilla.66:C:\Documents and Settings\Scott\Application Data\Mozilla\Profiles\locinvan\g5rr3xsp.slt\Cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
    :mozilla.70:C:\Documents and Settings\Scott\Application Data\Mozilla\Profiles\locinvan\g5rr3xsp.slt\Cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
    :mozilla.71:C:\Documents and Settings\Scott\Application Data\Mozilla\Profiles\locinvan\g5rr3xsp.slt\Cookies.txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
    :mozilla.75:C:\Documents and Settings\Scott\Application Data\Mozilla\Profiles\locinvan\g5rr3xsp.slt\Cookies.txt -> Spyware.Cookie.Paycounter : Cleaned with backup
    :mozilla.76:C:\Documents and Settings\Scott\Application Data\Mozilla\Profiles\locinvan\g5rr3xsp.slt\Cookies.txt -> Spyware.Cookie.Clickzs : Cleaned with backup
    :mozilla.77:C:\Documents and Settings\Scott\Application Data\Mozilla\Profiles\locinvan\g5rr3xsp.slt\Cookies.txt -> Spyware.Cookie.Clickzs : Cleaned with backup
    :mozilla.89:C:\Documents and Settings\Scott\Application Data\Mozilla\Profiles\locinvan\g5rr3xsp.slt\Cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
    :mozilla.101:C:\Documents and Settings\Scott\Application Data\Mozilla\Profiles\locinvan\g5rr3xsp.slt\Cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
    :mozilla.102:C:\Documents and Settings\Scott\Application Data\Mozilla\Profiles\locinvan\g5rr3xsp.slt\Cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
    :mozilla.109:C:\Documents and Settings\Scott\Application Data\Mozilla\Profiles\locinvan\g5rr3xsp.slt\Cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
    :mozilla.127:C:\Documents and Settings\Scott\Application Data\Mozilla\Profiles\locinvan\g5rr3xsp.slt\Cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
    :mozilla.128:C:\Documents and Settings\Scott\Application Data\Mozilla\Profiles\locinvan\g5rr3xsp.slt\Cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
    :mozilla.129:C:\Documents and Settings\Scott\Application Data\Mozilla\Profiles\locinvan\g5rr3xsp.slt\Cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
    :mozilla.130:C:\Documents and Settings\Scott\Application Data\Mozilla\Profiles\locinvan\g5rr3xsp.slt\Cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
    :mozilla.135:C:\Documents and Settings\Scott\Application Data\Mozilla\Profiles\locinvan\g5rr3xsp.slt\Cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
    :mozilla.141:C:\Documents and Settings\Scott\Application Data\Mozilla\Profiles\locinvan\g5rr3xsp.slt\Cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
    :mozilla.142:C:\Documents and Settings\Scott\Application Data\Mozilla\Profiles\locinvan\g5rr3xsp.slt\Cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
    :mozilla.143:C:\Documents and Settings\Scott\Application Data\Mozilla\Profiles\locinvan\g5rr3xsp.slt\Cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
    :mozilla.144:C:\Documents and Settings\Scott\Application Data\Mozilla\Profiles\locinvan\g5rr3xsp.slt\Cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
    :mozilla.145:C:\Documents and Settings\Scott\Application Data\Mozilla\Profiles\locinvan\g5rr3xsp.slt\Cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
    :mozilla.156:C:\Documents and Settings\Scott\Application Data\Mozilla\Profiles\locinvan\g5rr3xsp.slt\Cookies.txt -> Spyware.Cookie.247realmedia : Cleaned with backup
    :mozilla.157:C:\Documents and Settings\Scott\Application Data\Mozilla\Profiles\locinvan\g5rr3xsp.slt\Cookies.txt -> Spyware.Cookie.Pro-market : Cleaned with backup
    :mozilla.158:C:\Documents and Settings\Scott\Application Data\Mozilla\Profiles\locinvan\g5rr3xsp.slt\Cookies.txt -> Spyware.Cookie.Pro-market : Cleaned with backup
    :mozilla.160:C:\Documents and Settings\Scott\Application Data\Mozilla\Profiles\locinvan\g5rr3xsp.slt\Cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
    :mozilla.169:C:\Documents and Settings\Scott\Application Data\Mozilla\Profiles\locinvan\g5rr3xsp.slt\Cookies.txt -> Spyware.Cookie.Sexlist : Cleaned with backup
    :mozilla.170:C:\Documents and Settings\Scott\Application Data\Mozilla\Profiles\locinvan\g5rr3xsp.slt\Cookies.txt -> Spyware.Cookie.Sexlist : Cleaned with backup
    :mozilla.171:C:\Documents and Settings\Scott\Application Data\Mozilla\Profiles\locinvan\g5rr3xsp.slt\Cookies.txt -> Spyware.Cookie.Sexlist : Cleaned with backup
    :mozilla.172:C:\Documents and Settings\Scott\Application Data\Mozilla\Profiles\locinvan\g5rr3xsp.slt\Cookies.txt -> Spyware.Cookie.Sexlist : Cleaned with backup
    :mozilla.173:C:\Documents and Settings\Scott\Application Data\Mozilla\Profiles\locinvan\g5rr3xsp.slt\Cookies.txt -> Spyware.Cookie.Sexlist : Cleaned with backup
    :mozilla.174:C:\Documents and Settings\Scott\Application Data\Mozilla\Profiles\locinvan\g5rr3xsp.slt\Cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
    :mozilla.175:C:\Documents and Settings\Scott\Application Data\Mozilla\Profiles\locinvan\g5rr3xsp.slt\Cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
    :mozilla.176:C:\Documents and Settings\Scott\Application Data\Mozilla\Profiles\locinvan\g5rr3xsp.slt\Cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
    :mozilla.177:C:\Documents and Settings\Scott\Application Data\Mozilla\Profiles\locinvan\g5rr3xsp.slt\Cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
    :mozilla.178:C:\Documents and Settings\Scott\Application Data\Mozilla\Profiles\locinvan\g5rr3xsp.slt\Cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
    :mozilla.179:C:\Documents and Settings\Scott\Application Data\Mozilla\Profiles\locinvan\g5rr3xsp.slt\Cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
    :mozilla.188:C:\Documents and Settings\Scott\Application Data\Mozilla\Profiles\locinvan\g5rr3xsp.slt\Cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
    :mozilla.195:C:\Documents and Settings\Scott\Application Data\Mozilla\Profiles\locinvan\g5rr3xsp.slt\Cookies.txt -> Spyware.Cookie.Bfast : Cleaned with backup
    :mozilla.196:C:\Documents and Settings\Scott\Application Data\Mozilla\Profiles\locinvan\g5rr3xsp.slt\Cookies.txt -> Spyware.Cookie.Bfast : Cleaned with backup
    :mozilla.199:C:\Documents and Settings\Scott\Application Data\Mozilla\Profiles\locinvan\g5rr3xsp.slt\Cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
    :mozilla.200:C:\Documents and Settings\Scott\Application Data\Mozilla\Profiles\locinvan\g5rr3xsp.slt\Cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
    :mozilla.202:C:\Documents and Settings\Scott\Application Data\Mozilla\Profiles\locinvan\g5rr3xsp.slt\Cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
    C:\Documents and Settings\Scott\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-155c9e85-79a76a8d.zip/binny/binny.class -> Trojan.Binny.a : Cleaned with backup
    C:\Documents and Settings\Scott\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count3.jar-78d6a057-43e52e69.zip/Beyond.class -> Not-A-Virus.Exploit.Java.Bytverify : Cleaned with backup
    C:\Documents and Settings\Scott\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count3.jar-78d6a057-43e52e69.zip/BlackBox.class -> Not-A-Virus.Exploit.Java.Bytverify : Cleaned with backup
    C:\Documents and Settings\Scott\My Documents\backup-20040501-075211-179.dll -> Spyware.MyWay : Cleaned with backup
    C:\Downloads\Bej2Setup_TryGames-dm[1].exe -> Spyware.Trymedia : Cleaned with backup
    C:\Downloads\BigKahunaReefSetup-dm[1].exe -> Spyware.Trymedia : Cleaned with backup
    C:\Downloads\ChessmasterChallenge-dm[1].exe -> Spyware.Trymedia : Cleaned with backup
    C:\Downloads\DinerDashSetup-dm[1].exe -> Spyware.Trymedia : Cleaned with backup
    C:\Downloads\orbz_trymedia_210-dm[1].exe -> Spyware.Trymedia : Cleaned with backup
    C:\Downloads\Scrabble_Setup-dm[1].exe -> Spyware.Trymedia : Cleaned with backup
    C:\Downloads\SolitaireMaster3-dm[1].exe -> Spyware.Trymedia : Cleaned with backup
    C:\Downloads\WinBejSetup-dm[1].exe -> Spyware.Trymedia : Cleaned with backup
    C:\Program Files\Altnet -> Adware.Altnet : Cleaned with backup
    C:\Program Files\Altnet\My Altnet Shares -> Adware.Altnet : Cleaned with backup
    C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection -> Adware.Altnet : Cleaned with backup
    C:\Program Files\Internet Optimizer -> Spyware.InternetOptimizer : Cleaned with backup
    C:\Program Files\ISTsvc -> Spyware.ISTBar : Cleaned with backup
    C:\Program Files\MediaLoads\v1\ML.exe -> Spyware.DownloadWare : Cleaned with backup
    C:\Program Files\Netscape\Communicator\Program\Plugins\MyWayPluginProxy.class -> Spyware.MyWay : Cleaned with backup
    C:\Program Files\Netscape\Communicator\Program\Plugins\npwthost.dll -> Spyware.WildTangent : Cleaned with backup
    C:\Program Files\Netscape\Netscape 6\Plugins\npwthost.dll -> Spyware.WildTangent : Cleaned with backup
    C:\Program Files\PerfectNav -> Adware.PerfectNav : Cleaned with backup
    C:\Program Files\PerfectNav\BHO -> Adware.PerfectNav : Cleaned with backup
    C:\Program Files\PerfectNav\BHO\PerfectNav150.dll -> Adware.PerfectNav : Cleaned with backup
    C:\Program Files\Power Scan -> Spyware.PowerScan : Cleaned with backup
    C:\Program Files\Save -> Adware.SaveNow : Cleaned with backup
    C:\Program Files\SideFind -> Adware.SideFind : Cleaned with backup
    C:\Program Files\YourSiteBar -> Adware.YourSiteBar : Cleaned with backup
    C:\Program Files\YourSiteBar\imagemap_normal.bmp -> Adware.YourSiteBar : Cleaned with backup
    C:\Program Files\YourSiteBar\imagemap_over.bmp -> Adware.YourSiteBar : Cleaned with backup
    C:\Program Files\YourSiteBar\version.txt -> Adware.YourSiteBar : Cleaned with backup
    C:\Program Files\YourSiteBar\yoursitebar.xml -> Adware.YourSiteBar : Cleaned with backup
    C:\WINDOWS\NDNuninstall4_34.exe -> Spyware.NewDotNet : Cleaned with backup
    C:\WINDOWS\NDNuninstall5_64.exe -> Spyware.NewDotNet : Cleaned with backup

    Thanks
     
  9. Flrman1

    Flrman1

    Joined:
    Jul 26, 2002
    Messages:
    46,329
    Before we can provide you any assistance, you need to go to here and install "Service Pack 1" This will patch numerous security holes in IE and Windows. Many baddies get on your machine by taking advantage of these vulnerabilities. As your machine stands now it is wide open to attack from all sorts of nasties. You need to get these updates before we proceed or we will be wasting our time.

    DO NOT install Service pack 2 yet. If you install SP 2 on an infected machine it will cause serious problems. Just get Service Pack 1 installed then come back here and post a new Hijack This log.
     
  10. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - continual restarting explorer
  1. dtall
    Replies:
    0
    Views:
    591
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/436513

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice