1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

ishost problem

Discussion in 'Virus & Other Malware Removal' started by [email protected], Jul 30, 2006.

Thread Status:
Not open for further replies.
Advertisement
  1. angry247@comcast

    [email protected] Thread Starter

    Joined:
    Jul 30, 2006
    Messages:
    8
    I have doing some research about this and was "glad" to see that I am not the only one with this stupid thing. So I have run hijackthis and here is my logfile. I appreciate in advance anyone that can talk me thru this process.

    Logfile of HijackThis v1.99.1
    Scan saved at 9:54:52 PM, on 7/29/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS2\System32\smss.exe
    C:\WINDOWS2\system32\winlogon.exe
    C:\WINDOWS2\system32\services.exe
    C:\WINDOWS2\system32\lsass.exe
    C:\WINDOWS2\system32\svchost.exe
    C:\WINDOWS2\System32\svchost.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS2\system32\LEXBCES.EXE
    C:\WINDOWS2\system32\spoolsv.exe
    C:\WINDOWS2\system32\LEXPPS.EXE
    C:\WINDOWS2\Explorer.EXE
    C:\WINDOWS2\System32\isnotify.exe
    C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
    C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
    C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
    C:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
    C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
    C:\WINDOWS2\System32\inetsrv\inetinfo.exe
    C:\PROGRA~1\McAfee.com\VSO\mcshield.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
    C:\WINDOWS2\System32\tcpsvcs.exe
    C:\WINDOWS2\System32\svchost.exe
    C:\Program Files\Microsoft Office\Office\OSA.EXE
    C:\Program Files\Greetings Workshop\GWREMIND.EXE
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    R3 - URLSearchHook: (no name) - {75CE9B00-5684-5466-777B-A4BCEF0BC5D8} - TRPT.dll (file missing)
    O1 - Hosts: localhost 127.0.0.1
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS2\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [ÿ_zskG] C:\WINDOWS2\System32\_zskwrkni05HJYS[VXNWY]^VR\G.exe
    O4 - HKLM\..\Run: [ActionScr] browsebar.exe
    O4 - HKLM\..\Run: [barint] LOPTCON.exe
    O4 - HKLM\..\Run: [SystemDoctor 2006 Free] C:\Program Files\SystemDoctor 2006 Free\sd2006.exe -scan
    O4 - HKLM\..\Run: [dmheg.exe] C:\WINDOWS2\System32\dmheg.exe
    O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
    O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
    O4 - HKLM\..\Run: [MPFEXE] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
    O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
    O4 - HKLM\..\Run: [CleanUp] C:\PROGRA~1\McAfee.com\Shared\mcappins.exe /v=3 /cleanup
    O4 - HKLM\..\RunServices: [ÿ_zskG] C:\WINDOWS2\System32\_zskwrkni05HJYS[VXNWY]^VR\G.exe
    O4 - HKCU\..\Run: [KillAndClean] "C:\Program Files\KillAndClean\KillAndClean.exe"
    O4 - HKCU\..\Run: [zxc] SYSTRAV.exe
    O4 - HKCU\..\Run: [SysEntry] ssweeper.exe
    O4 - HKCU\..\Run: [driver64] Serviceprocess.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - Startup: Greetings Workshop Reminders.lnk = C:\Program Files\Greetings Workshop\GWREMIND.EXE
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
    O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
    O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
    O16 - DPF: {0713E8D2-850A-101B-AFC0-4210102A8DA7} (Microsoft ProgressBar Control, version 5.0 (SP2)) - http://download.mcafee.com/molbin/Shared/ComCtl32/6,0,80,22/ComCtl32.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1154020372875
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1154020968500
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
    O20 - Winlogon Notify: artm_newreg - C:\Documents and Settings\All Users.WINDOWS2\Documents\Settings\artm_new.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS2\SYSTEM32\WgaLogon.dll
    O21 - SSODL: coursings - {f8d02387-789a-4c0f-a1d8-8a93f33ee4df} - C:\WINDOWS2\System32\yephk.dll
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS2\system32\LEXBCES.EXE
    O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - C:\PROGRA~1\McAfee.com\VSO\mcshield.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS2\System32\nvsvc32.exe
     
  2. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    Hi and welcome :)

    You may want to print out these instructions for reference, since you will have to restart your computer during the fix.

    Please download FixWareout from one of these sites:
    http://downloads.subratam.org/Fixwareout.exe
    http://swandog46.geekstogo.com/Fixwareout.exe

    Save it to your desktop and run it. Click Next, then Install, then make sure "Run fixit" is checked and click Finish. The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.

    When your system reboots, follow the prompts. Afterwards, Hijack This will launch. Close Hijack This, and click OK to proceed.

    At the end of the fix, you may need to restart your computer again.

    Finally, please post the contents of the logfile C:\fixwareout\report.txt, along with a new Hijack This log.
     
  3. angry247@comcast

    [email protected] Thread Starter

    Joined:
    Jul 30, 2006
    Messages:
    8
    OK so here is the fixwareout logfile and a new hijackthis logfile:


    Fixwareout ver 1.003
    Last edited 07/1/2006
    Post this report in the forums please

    Reg Entries that were deleted
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\swen
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\ogol
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\eno
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\llun
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\owt
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\eerht
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\ruof
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\evif
    ...

    Microsoft (R) Windows Script Host Version 5.6
    Random Runs removed from HKLM
    "dmheg.exe"=-
    ...

    PLEASE NOTE, There WILL be LEGIT FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.
    Example ipsec6.exe is legitimate

    »»»»» Search by size and names...
    C:\WINDOWS2\SYSTEM32\IPSEC6.EXE

    »»»»» Misc files

    »»»»» Checking for older varients covered by the Rem3 tool

    »»»»»
    Search five digit cs, dm and jb files
    This WILL/CAN also list Legit Files, Submit them at Virustotal
    C:\WINDOWS2\SYSTEM32\DMRML.EXE 44,131 2003-07-16
    Other suspects
    Directory of C:\WINDOWS2\system32
    {ECB745A9-D7FC-4400-A4BB-BD1B8DC02AD7}.exe



    Logfile of HijackThis v1.99.1
    Scan saved at 11:10:14 PM, on 7/29/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS2\System32\smss.exe
    C:\WINDOWS2\system32\winlogon.exe
    C:\WINDOWS2\system32\services.exe
    C:\WINDOWS2\system32\lsass.exe
    C:\WINDOWS2\system32\svchost.exe
    C:\WINDOWS2\System32\svchost.exe
    C:\WINDOWS2\system32\LEXBCES.EXE
    C:\WINDOWS2\system32\spoolsv.exe
    C:\WINDOWS2\system32\LEXPPS.EXE
    C:\WINDOWS2\Explorer.EXE
    C:\WINDOWS2\System32\inetsrv\inetinfo.exe
    C:\PROGRA~1\McAfee.com\VSO\mcshield.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
    C:\WINDOWS2\System32\tcpsvcs.exe
    C:\WINDOWS2\System32\svchost.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS2\system32\NOTEPAD.EXE
    C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
    C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
    C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
    C:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    c:\progra~1\mcafee.com\vso\mcvsescn.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
    C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
    C:\Program Files\Microsoft Office\Office\OSA.EXE
    c:\progra~1\mcafee.com\vso\mcvsftsn.exe
    C:\Program Files\Greetings Workshop\GWREMIND.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    R3 - URLSearchHook: (no name) - {75CE9B00-5684-5466-777B-A4BCEF0BC5D8} - TRPT.dll (file missing)
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS2\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [ÿ_zskG] C:\WINDOWS2\System32\_zskwrkni05HJYS[VXNWY]^VR\G.exe
    O4 - HKLM\..\Run: [ActionScr] browsebar.exe
    O4 - HKLM\..\Run: [barint] LOPTCON.exe
    O4 - HKLM\..\Run: [SystemDoctor 2006 Free] C:\Program Files\SystemDoctor 2006 Free\sd2006.exe -scan
    O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
    O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
    O4 - HKLM\..\Run: [MPFEXE] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
    O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
    O4 - HKLM\..\RunServices: [ÿ_zskG] C:\WINDOWS2\System32\_zskwrkni05HJYS[VXNWY]^VR\G.exe
    O4 - HKCU\..\Run: [zxc] SYSTRAV.exe
    O4 - HKCU\..\Run: [SysEntry] ssweeper.exe
    O4 - HKCU\..\Run: [driver64] Serviceprocess.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - Startup: Greetings Workshop Reminders.lnk = C:\Program Files\Greetings Workshop\GWREMIND.EXE
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
    O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
    O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
    O16 - DPF: {0713E8D2-850A-101B-AFC0-4210102A8DA7} (Microsoft ProgressBar Control, version 5.0 (SP2)) - http://download.mcafee.com/molbin/Shared/ComCtl32/6,0,80,22/ComCtl32.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1154020372875
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1154020968500
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
    O20 - Winlogon Notify: artm_newreg - C:\Documents and Settings\All Users.WINDOWS2\Documents\Settings\artm_new.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS2\SYSTEM32\WgaLogon.dll
    O21 - SSODL: coursings - {f8d02387-789a-4c0f-a1d8-8a93f33ee4df} - C:\WINDOWS2\System32\yephk.dll
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS2\system32\LEXBCES.EXE
    O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - C:\PROGRA~1\McAfee.com\VSO\mcshield.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS2\System32\nvsvc32.exe
     
  4. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    Download the trial version of Ewido Anti-spyware from HERE and save that file to your desktop. When the trial period expires, it becomes freeware with reduced functions but still worth keeping.


    • Once you have downloaded Ewido Anti-spyware, locate the icon on the desktop and double-click it to launch the set up program.
    • Once the setup is complete you will need run Ewido and update the definition files.
    • On the main screen select the icon "Update" then select the "Update now" link.
    • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
    • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
    • Once in the Settings screen click on "Recommended actions" and then select "Quarantine"
    • Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"

    Close Ewido Anti-Spyware, DO NOT run a scan yet. We will do that later in Safe Mode.


    • Reboot your computer into Safe Mode now. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode then hit enter.
      IMPORTANT: Do not open any other windows or programs while Ewido is scanning as it may interfere with the scanning process:
    • Launch Ewido Anti-spyware by double-clicking the icon on your desktop.
    • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
    • Ewido will now begin the scanning process. Be patient this may take a little time.
      Once the scan is complete do the following:
    • If you have any infections you will prompted, then select "Apply all actions"
    • Next select the "Reports" icon at the top.
    • Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
    • Close Ewido and reboot your system back into Normal Mode.


    Run ActiveScan online virus scan: here

    When the scan is finished, save the results from the scan!


    Come back here and post a new Hijack This log along with the logs from the Ewido and Panda scans.
     
  5. angry247@comcast

    [email protected] Thread Starter

    Joined:
    Jul 30, 2006
    Messages:
    8
    Ok Cheeseball, here are all of the result logs. Thanks for everything.

    Logfile of HijackThis v1.99.1
    Scan saved at 9:41:49 PM, on 7/31/2006

    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS2\System32\smss.exe
    C:\WINDOWS2\system32\winlogon.exe
    C:\WINDOWS2\system32\services.exe
    C:\WINDOWS2\system32\lsass.exe
    C:\WINDOWS2\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS2\System32\svchost.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS2\system32\LEXBCES.EXE
    C:\WINDOWS2\system32\spoolsv.exe
    C:\WINDOWS2\system32\LEXPPS.EXE
    C:\WINDOWS2\Explorer.EXE
    C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
    C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
    C:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\ewido anti-spyware 4.0\ewido.exe
    c:\progra~1\mcafee.com\vso\mcvsescn.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
    C:\Program Files\Microsoft Office\Office\OSA.EXE
    C:\Program Files\Greetings Workshop\GWREMIND.EXE
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\WINDOWS2\System32\inetsrv\inetinfo.exe
    c:\progra~1\mcafee.com\vso\mcvsftsn.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
    C:\WINDOWS2\System32\tcpsvcs.exe
    C:\WINDOWS2\System32\svchost.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
    C:\WINDOWS2\system32\NOTEPAD.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    R3 - URLSearchHook: (no name) - {75CE9B00-5684-5466-777B-A4BCEF0BC5D8} - TRPT.dll (file missing)
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS2\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [ÿ_zskG] C:\WINDOWS2\System32\_zskwrkni05HJYS[VXNWY]^VR\G.exe
    O4 - HKLM\..\Run: [ActionScr] browsebar.exe
    O4 - HKLM\..\Run: [barint] LOPTCON.exe
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
    O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
    O4 - HKLM\..\Run: [MPFEXE] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
    O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
    O4 - HKLM\..\RunServices: [ÿ_zskG] C:\WINDOWS2\System32\_zskwrkni05HJYS[VXNWY]^VR\G.exe
    O4 - HKCU\..\Run: [zxc] SYSTRAV.exe
    O4 - HKCU\..\Run: [SysEntry] ssweeper.exe
    O4 - HKCU\..\Run: [driver64] Serviceprocess.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - Startup: Greetings Workshop Reminders.lnk = C:\Program Files\Greetings Workshop\GWREMIND.EXE
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
    O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
    O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
    O16 - DPF: {0713E8D2-850A-101B-AFC0-4210102A8DA7} (Microsoft ProgressBar Control, version 5.0 (SP2)) - http://download.mcafee.com/molbin/Shared/ComCtl32/6,0,80,22/ComCtl32.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1154020372875
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1154020968500
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
    O20 - Winlogon Notify: artm_newreg - C:\Documents and Settings\All Users.WINDOWS2\Documents\Settings\artm_new.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS2\SYSTEM32\WgaLogon.dll
    O21 - SSODL: coursings - {f8d02387-789a-4c0f-a1d8-8a93f33ee4df} - (no file)
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS2\system32\LEXBCES.EXE
    O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - C:\PROGRA~1\McAfee.com\VSO\mcshield.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS2\System32\nvsvc32.exe
     
  6. angry247@comcast

    [email protected] Thread Starter

    Joined:
    Jul 30, 2006
    Messages:
    8
    ACTIVESCAN

    Incident Status Location

    Adware:Adware/Gator Not disinfected C:\Documents and Settings\DivXPro511Adware.exe[Gain_Trickler.exe]
    Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Kent\Cookies\[email protected][1].txt
    Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Kent\Cookies\[email protected][1].txt
    Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Kent\Cookies\[email protected][2].txt
    Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Kent\Cookies\[email protected][2].txt
    Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Kent\Cookies\[email protected][2].txt
    Spyware:Cookie/Ccbill Not disinfected C:\Documents and Settings\Kent\Local Settings\Temp\Cookies\[email protected][1].txt
    Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Kent\Local Settings\Temp\Cookies\[email protected][1].txt
    Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Kent\Local Settings\Temp\Cookies\[email protected][2].txt
    Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Kent\Local Settings\Temp\Cookies\[email protected][1].txt
    Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Kent\Local Settings\Temp\Cookies\[email protected][1].txt
    Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Kent.KENT-UDCMYBDTQ7\Cookies\[email protected][2].txt
    Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Kent.KENT-UDCMYBDTQ7\Cookies\[email protected][1].txt
    Adware:Adware/SystemDoctor Not disinfected C:\Documents and Settings\Kent.KENT-UDCMYBDTQ7\Local Settings\Temp\h91746.exe
    Spyware:Cookie/Hitbox Not disinfected C:\Program Files\Support.com\backup\Co\cookies.txt\10777_5d4cc503b_[cookies.txt][.hitbox.com/]
    Spyware:Cookie/Doubleclick Not disinfected C:\Program Files\Support.com\backup\Co\cookies.txt\10777_5d4cc503b_[cookies.txt][.doubleclick.net/]
    Spyware:Cookie/Go Not disinfected C:\Program Files\Support.com\backup\Co\cookies.txt\10777_5d4cc503b_[cookies.txt][.go.com/]
    Spyware:Cookie/Hitbox Not disinfected C:\Program Files\Support.com\backup\Co\cookies.txt\10777_5d4cc503b_[cookies.txt][.ehg-dig.hitbox.com/]
    Spyware:Cookie/2o7 Not disinfected C:\Program Files\Support.com\backup\Co\cookies.txt\10777_5d4cc503b_[cookies.txt][.2o7.net/]
    Spyware:Cookie/Mediaplex Not disinfected C:\Program Files\Support.com\backup\Co\cookies.txt\10777_5d4cc503b_[cookies.txt][.mediaplex.com/]
    Spyware:Cookie/Sextracker Not disinfected C:\Program Files\Support.com\backup\Co\cookies.txt\10777_5d4cc503b_[cookies.txt][.sextracker.com/]
    Spyware:Cookie/Sextracker Not disinfected C:\Program Files\Support.com\backup\Co\cookies.txt\10777_5d4cc503b_[cookies.txt][.counter7.sextracker.com/]
    Spyware:Cookie/Casalemedia Not disinfected C:\Program Files\Support.com\backup\Co\cookies.txt\10777_5d4cc503b_[cookies.txt][.casalemedia.com/]
    Spyware:Cookie/Advertising Not disinfected C:\Program Files\Support.com\backup\Co\cookies.txt\10777_5d4cc503b_[cookies.txt][.advertising.com/]
    Spyware:Cookie/Sextracker Not disinfected C:\Program Files\Support.com\backup\Co\cookies.txt\10777_5d4cc503b_[cookies.txt][.counter5.sextracker.com/]
    Spyware:Cookie/Belnk Not disinfected C:\Program Files\Support.com\backup\Co\cookies.txt\10777_5d4cc503b_[cookies.txt][.dist.belnk.com/]
    Spyware:Cookie/Atlas DMT Not disinfected C:\Program Files\Support.com\backup\Co\cookies.txt\10777_5d4cc503b_[cookies.txt][.atdmt.com/]
    Spyware:Cookie/Advertising Not disinfected C:\Program Files\Support.com\backup\Co\cookies.txt\10777_5d4cc503b_[cookies.txt][.servedby.advertising.com/]
    Spyware:Cookie/Serving-sys Not disinfected C:\Program Files\Support.com\backup\Co\cookies.txt\10777_5d4cc503b_[cookies.txt][.serving-sys.com/]
    Spyware:Cookie/FastClick Not disinfected C:\Program Files\Support.com\backup\Co\cookies.txt\10777_5d4cc503b_[cookies.txt][.fastclick.net/]
    Spyware:Cookie/Adserver Not disinfected C:\Program Files\Support.com\backup\Co\cookies.txt\10777_5d4cc503b_[cookies.txt][.z1.adserver.com/]
    Spyware:Cookie/CentrPort Not disinfected C:\Program Files\Support.com\backup\Co\cookies.txt\10777_5d4cc503b_[cookies.txt][.centrport.net/]
    Spyware:Cookie/Sextracker Not disinfected C:\Program Files\Support.com\backup\Co\cookies.txt\10777_5d4cc503b_[cookies.txt][.counter2.sextracker.com/]
    Spyware:Cookie/Go Not disinfected C:\Program Files\Support.com\backup\Co\cookies.txt\2267_58212af4d_[cookies.txt][.go.com/]
    Spyware:Cookie/Doubleclick Not disinfected C:\Program Files\Support.com\backup\Co\cookies.txt\2267_58212af4d_[cookies.txt][.doubleclick.net/]
    Spyware:Cookie/Hitbox Not disinfected C:\Program Files\Support.com\backup\Co\cookies.txt\2267_58212af4d_[cookies.txt][.hitbox.com/]
    Spyware:Cookie/Hitbox Not disinfected C:\Program Files\Support.com\backup\Co\cookies.txt\2267_58212af4d_[cookies.txt][.ehg-dig.hitbox.com/]
    Spyware:Cookie/Mediaplex Not disinfected C:\Program Files\Support.com\backup\Co\cookies.txt\2267_58212af4d_[cookies.txt][.mediaplex.com/]
    Spyware:Cookie/Atlas DMT Not disinfected C:\Program Files\Support.com\backup\Co\cookies.txt\366_587d48bbb_[cookies.txt][.atdmt.com/]
    Spyware:Cookie/Sextracker Not disinfected C:\Program Files\Support.com\backup\Co\cookies.txt\875_5df6b41bc_[cookies.txt][counter7.sextracker.com/]
    Spyware:Cookie/Sextracker Not disinfected C:\Program Files\Support.com\backup\Co\cookies.txt\875_5df6b41bc_[cookies.txt][.sextracker.com/]
    Spyware:Cookie/Sextracker Not disinfected C:\Program Files\Support.com\backup\Co\cookies.txt\875_5df6b41bc_[cookies.txt][counter2.sextracker.com/]
    Spyware:Cookie/Statcounter Not disinfected C:\Program Files\Support.com\backup\Co\cookies.txt\875_5df6b41bc_[cookies.txt][.statcounter.com/]
    Spyware:Cookie/Sextracker Not disinfected C:\Program Files\Support.com\backup\Co\cookies.txt\875_5df6b41bc_[cookies.txt][counter5.sextracker.com/]
    Spyware:Spyware/BetterInet Not disinfected C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP723\A0117575.inf
    Dialer:dialer.avv Not disinfected C:\WINDOWS2\Downloaded Program Files\gdnUS2218.exe
    Virus:Trj/Downloader.JMW Disinfected C:\WINDOWS2\system32\components\flx2.dll
    Adware:Adware/SpywareQuake Not disinfected C:\WINDOWS2\system32\components\flx27.dll
    Adware:Adware/SpywareQuake Not disinfected C:\WINDOWS2\system32\components\flx43.dll
    Adware:Adware/SpywareQuake Not disinfected C:\WINDOWS2\system32\components\flx45.dll
    Adware:Adware/SafetyBar Not disinfected C:\WINDOWS2\system32\components\flx7.dll
    Virus:Trj/Ruins.MB Disinfected C:\WINDOWS2\system32\dmrml.exe
    Potentially unwanted tool:Application/Kill&Clean Not disinfected C:\WINDOWS2\system32\{ECB745A9-D7FC-4400-A4BB-BD1B8DC02AD7}.exe[KillAndClean.exe]
    Potentially unwanted tool:Application/Kill&Clean Not disinfected C:\WINDOWS2\system32\{ECB745A9-D7FC-4400-A4BB-BD1B8DC02AD7}.exe[KillAndCleanUpdate.exe]
    Spyware:Cookie/Cgi-bin Not disinfected D:\Documents and Settings\Kent\Cookies\[email protected][3].txt
    Spyware:Cookie/FortuneCity Not disinfected D:\Documents and Settings\Kent\Cookies\[email protected][2].txt
    Spyware:Cookie/Go Not disinfected D:\Documents and Settings\Kent\Cookies\[email protected][1].txt
    Spyware:Cookie/RealMedia Not disinfected D:\Documents and Settings\Kent\Cookies\[email protected][1].txt
     
  7. angry247@comcast

    [email protected] Thread Starter

    Joined:
    Jul 30, 2006
    Messages:
    8
    ewido anti-spyware - Scan Report
    ---------------------------------------------------------

    + Created at: 6:51:43 PM 7/31/2006


    + Scan result:



    C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP719\A0114433.dll -> Adware.BargainBuddy : Cleaned with backup (quarantined).
    C:\WINDOWS\SYSTEM32\BO2802040113.dll -> Adware.BargainBuddy : Cleaned with backup (quarantined).
    C:\WINDOWS\SYSTEM32\MoreResultsSetup.dll -> Adware.BargainBuddy : Cleaned with backup (quarantined).
    C:\WINDOWS\SYSTEM32\msbb321.dll -> Adware.BargainBuddy : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\CLSID\{f8d02387-789a-4c0f-a1d8-8a93f33ee4df} -> Adware.Generic : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\SystemDoctor 2006 Free -> Adware.SystemDoctor2006 : Cleaned with backup (quarantined).
    C:\Documents and Settings\Kent.KENT-UDCMYBDTQ7\Local Settings\Application Data\Microsoft\CD Burning\JDAmericanFarmer_Setup-dm.exe -> Adware.Trymedia : Cleaned with backup (quarantined).
    C:\Documents and Settings\Kent.KENT-UDCMYBDTQ7\Local Settings\Application Data\Microsoft\CD Burning\WPCSetup-dm.exe -> Adware.Trymedia : Cleaned with backup (quarantined).
    C:\Downloads\JDAmericanFarmer_Setup-dm.exe -> Adware.Trymedia : Cleaned with backup (quarantined).
    C:\Downloads\WPCSetup-dm.exe -> Adware.Trymedia : Cleaned with backup (quarantined).
    C:\RECYCLER\S-1-5-21-1993962763-1326574676-725345543-500\Dc1.exe -> Adware.Trymedia : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{7EEFF720-851B-47DD-9CF9-C12818513495}\RP147\A0029308.exe -> Adware.Trymedia : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{216CEE21-D789-4FD6-8C57-B5C6D334D4A3}\RP107\A0021894.dll -> Backdoor.Agent.uu : Cleaned with backup (quarantined).
    C:\WINDOWS2\system32\dxvwcwko.exe -> Backdoor.SdBot.ate : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{216CEE21-D789-4FD6-8C57-B5C6D334D4A3}\RP0\A0003026.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{216CEE21-D789-4FD6-8C57-B5C6D334D4A3}\RP0\A0003089.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{216CEE21-D789-4FD6-8C57-B5C6D334D4A3}\RP0\A0003095.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{216CEE21-D789-4FD6-8C57-B5C6D334D4A3}\RP0\A0003101.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{216CEE21-D789-4FD6-8C57-B5C6D334D4A3}\RP107\A0021886.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{216CEE21-D789-4FD6-8C57-B5C6D334D4A3}\RP1\A0004101.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{216CEE21-D789-4FD6-8C57-B5C6D334D4A3}\RP1\A0005531.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{216CEE21-D789-4FD6-8C57-B5C6D334D4A3}\RP1\A0005540.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP719\A0114422.exe -> Downloader.Keenval.e : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{216CEE21-D789-4FD6-8C57-B5C6D334D4A3}\RP3\A0008273.exe -> Downloader.Small : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{216CEE21-D789-4FD6-8C57-B5C6D334D4A3}\RP3\A0008287.exe -> Downloader.Small.ctk : Cleaned with backup (quarantined).
    C:\Documents and Settings\Kent.KENT-UDCMYBDTQ7\Local Settings\Temp\5.dlb -> Downloader.Small.cwj : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{216CEE21-D789-4FD6-8C57-B5C6D334D4A3}\RP3\A0008271.exe -> Downloader.Small.cwj : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{216CEE21-D789-4FD6-8C57-B5C6D334D4A3}\RP3\A0008315.exe -> Downloader.Small.cwo : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{216CEE21-D789-4FD6-8C57-B5C6D334D4A3}\RP3\A0008288.exe -> Downloader.Small.cxx : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{216CEE21-D789-4FD6-8C57-B5C6D334D4A3}\RP3\A0008292.exe -> Downloader.Small.cyb : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{216CEE21-D789-4FD6-8C57-B5C6D334D4A3}\RP3\A0008299.exe -> Downloader.Small.cyb : Cleaned with backup (quarantined).
    C:\Documents and Settings\Kent.KENT-UDCMYBDTQ7\Local Settings\Temp\28.tmp -> Downloader.Small.cyz : Cleaned with backup (quarantined).
    C:\Documents and Settings\Kent.KENT-UDCMYBDTQ7\Local Settings\Temp\2A.tmp -> Downloader.Small.cyz : Cleaned with backup (quarantined).
    C:\Documents and Settings\Kent.KENT-UDCMYBDTQ7\Local Settings\Temp\28.tmp3072.exe -> Downloader.Small.dcj : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{216CEE21-D789-4FD6-8C57-B5C6D334D4A3}\RP3\A0008293.exe -> Downloader.Small.skn : Cleaned with backup (quarantined).
    C:\Documents and Settings\Kent.KENT-UDCMYBDTQ7\Local Settings\Temp\6.dlb -> Downloader.Tibs.fj : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{216CEE21-D789-4FD6-8C57-B5C6D334D4A3}\RP107\A0021888.exe -> Downloader.Tibs.fj : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{216CEE21-D789-4FD6-8C57-B5C6D334D4A3}\RP3\A0008269.exe -> Downloader.Tibs.fj : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{216CEE21-D789-4FD6-8C57-B5C6D334D4A3}\RP3\A0008270.exe -> Downloader.Tibs.fj : Cleaned with backup (quarantined).
    C:\t.inx -> Downloader.Tibs.fj : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{216CEE21-D789-4FD6-8C57-B5C6D334D4A3}\RP3\A0008296.exe -> Downloader.Tiny.ap : Cleaned with backup (quarantined).
    D:\Documents and Settings\Kent\Local Settings\Temp\nsc25.tmp\Loader.dll -> Downloader.Zlob.qm : Cleaned with backup (quarantined).
    D:\Documents and Settings\Kent\Local Settings\Temp\nsr1E.tmp\Loader.dll -> Downloader.Zlob.qm : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{216CEE21-D789-4FD6-8C57-B5C6D334D4A3}\RP1\A0007969.exe -> Downloader.Zlob.to : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{216CEE21-D789-4FD6-8C57-B5C6D334D4A3}\RP65\A0013763.exe -> Downloader.Zlob.to : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{216CEE21-D789-4FD6-8C57-B5C6D334D4A3}\RP105\A0017822.exe -> Downloader.Zlob.zk : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{216CEE21-D789-4FD6-8C57-B5C6D334D4A3}\RP105\A0017861.exe -> Downloader.Zlob.zk : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{216CEE21-D789-4FD6-8C57-B5C6D334D4A3}\RP106\A0017954.exe -> Downloader.Zlob.zk : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{216CEE21-D789-4FD6-8C57-B5C6D334D4A3}\RP10\A0010421.exe -> Downloader.Zlob.zk : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{216CEE21-D789-4FD6-8C57-B5C6D334D4A3}\RP10\A0010986.exe -> Downloader.Zlob.zk : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{216CEE21-D789-4FD6-8C57-B5C6D334D4A3}\RP10\A0011986.exe -> Downloader.Zlob.zk : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{216CEE21-D789-4FD6-8C57-B5C6D334D4A3}\RP11\A0013005.exe -> Downloader.Zlob.zk : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{216CEE21-D789-4FD6-8C57-B5C6D334D4A3}\RP14\A0013058.exe -> Downloader.Zlob.zk : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{216CEE21-D789-4FD6-8C57-B5C6D334D4A3}\RP14\A0013118.exe -> Downloader.Zlob.zk : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{216CEE21-D789-4FD6-8C57-B5C6D334D4A3}\RP1\A0007961.exe -> Downloader.Zlob.zk : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{216CEE21-D789-4FD6-8C57-B5C6D334D4A3}\RP2\A0008059.exe -> Downloader.Zlob.zk : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{216CEE21-D789-4FD6-8C57-B5C6D334D4A3}\RP2\A0008170.exe -> Downloader.Zlob.zk : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{216CEE21-D789-4FD6-8C57-B5C6D334D4A3}\RP3\A0008371.exe -> Downloader.Zlob.zk : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{216CEE21-D789-4FD6-8C57-B5C6D334D4A3}\RP4\A0008637.exe -> Downloader.Zlob.zk : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{216CEE21-D789-4FD6-8C57-B5C6D334D4A3}\RP4\A0008696.exe -> Downloader.Zlob.zk : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{216CEE21-D789-4FD6-8C57-B5C6D334D4A3}\RP4\A0008711.exe -> Downloader.Zlob.zk : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{216CEE21-D789-4FD6-8C57-B5C6D334D4A3}\RP65\A0013863.exe -> Downloader.Zlob.zk : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{216CEE21-D789-4FD6-8C57-B5C6D334D4A3}\RP65\A0013900.exe -> Downloader.Zlob.zk : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{216CEE21-D789-4FD6-8C57-B5C6D334D4A3}\RP65\A0014001.exe -> Downloader.Zlob.zk : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{216CEE21-D789-4FD6-8C57-B5C6D334D4A3}\RP7\A0008985.exe -> Downloader.Zlob.zk : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{216CEE21-D789-4FD6-8C57-B5C6D334D4A3}\RP8\A0009080.exe -> Downloader.Zlob.zk : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{216CEE21-D789-4FD6-8C57-B5C6D334D4A3}\RP98\A0017349.exe -> Downloader.Zlob.zk : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{216CEE21-D789-4FD6-8C57-B5C6D334D4A3}\RP106\A0018895.exe -> Downloader.Zlob.zl : Cleaned with backup (quarantined).
    C:\Documents and Settings\Kent.KENT-UDCMYBDTQ7\Local Settings\Temp\kiujsmtk.exe -> Hijacker.Small.cc : Cleaned with backup (quarantined).
    C:\Documents and Settings\Kent.KENT-UDCMYBDTQ7\Local Settings\Temp\2.dlb -> Hijacker.Spywad.o : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{216CEE21-D789-4FD6-8C57-B5C6D334D4A3}\RP3\A0008272.exe -> Hijacker.Spywad.o : Cleaned with backup (quarantined).
    C:\WINDOWS\xpupdate.exe -> Hijacker.Spywad.o : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP704\A0112112.exe -> Not-A-Virus.Downloader.Win32.DigStream : Cleaned with backup (quarantined).
    C:\Program Files\DIGStream\digstream.exe -> Not-A-Virus.Downloader.Win32.DigStream.a : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{216CEE21-D789-4FD6-8C57-B5C6D334D4A3}\RP113\A0021939.dll -> Not-A-Virus.Hoax.Win32.Renos.dw : Cleaned with backup (quarantined).
    C:\WINDOWS2\system32\components\flx5.dll -> Not-A-Virus.Hoax.Win32.Renos.dw : Cleaned with backup (quarantined).
    C:\WINDOWS2\system32\oeb.dll -> Proxy.Agent.df : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{216CEE21-D789-4FD6-8C57-B5C6D334D4A3}\RP1\A0003110.dll -> Proxy.Agent.ji : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{216CEE21-D789-4FD6-8C57-B5C6D334D4A3}\RP1\A0004107.dll -> Proxy.Agent.ji : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{216CEE21-D789-4FD6-8C57-B5C6D334D4A3}\RP1\A0005538.dll -> Proxy.Agent.ji : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{216CEE21-D789-4FD6-8C57-B5C6D334D4A3}\RP1\A0007965.dll -> Proxy.Agent.ji : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{216CEE21-D789-4FD6-8C57-B5C6D334D4A3}\RP2\A0008070.dll -> Proxy.Agent.ji : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{216CEE21-D789-4FD6-8C57-B5C6D334D4A3}\RP2\A0008175.dll -> Proxy.Agent.ji : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{216CEE21-D789-4FD6-8C57-B5C6D334D4A3}\RP3\A0008285.exe -> Proxy.Agent.ji : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{216CEE21-D789-4FD6-8C57-B5C6D334D4A3}\RP3\A0008310.dll -> Proxy.Agent.ji : Cleaned with backup (quarantined).
    C:\WINDOWS2\Temp\art455B.tmp -> Proxy.Agent.ji : Cleaned with backup (quarantined).
    C:\WINDOWS2\comdlj32.dll_tobedeleted -> Proxy.Agent.ji : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{216CEE21-D789-4FD6-8C57-B5C6D334D4A3}\RP107\A0021890.exe -> Proxy.Agent.km : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{216CEE21-D789-4FD6-8C57-B5C6D334D4A3}\RP107\A0021891.exe -> Proxy.Agent.km : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{216CEE21-D789-4FD6-8C57-B5C6D334D4A3}\RP3\A0008289.exe -> Proxy.Agent.km : Cleaned with backup (quarantined).
    C:\WINDOWS2\system32\_zskwrkni05JSVTXTMAIUGPKOZO.dll -> Proxy.Agent.km : Cleaned with backup (quarantined).
    C:\WINDOWS2\system32\_zskwrkni05_IRDHXC^YXMYGIAH.dll -> Proxy.Agent.km : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{216CEE21-D789-4FD6-8C57-B5C6D334D4A3}\RP107\A0021887.exe -> Proxy.Lager.aq : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{216CEE21-D789-4FD6-8C57-B5C6D334D4A3}\RP107\A0021889.exe -> Proxy.Lager.aq : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{216CEE21-D789-4FD6-8C57-B5C6D334D4A3}\RP3\A0008298.exe -> Proxy.Small.bo : Cleaned with backup (quarantined).
    C:\WINDOWS2\Temp\art4D9A.tmp -> Proxy.Xorpix.ag : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{216CEE21-D789-4FD6-8C57-B5C6D334D4A3}\RP3\A0008290.exe -> Proxy.Xorpix.u : Cleaned with backup (quarantined).
    C:\Documents and Settings\Kent.KENT-UDCMYBDTQ7\Cookies\[email protected][2].txt -> TrackingCookie.247realmedia : Cleaned with backup (quarantined).
    :mozilla.30:C:\Program Files\Support.com\backup\Co\cookies.txt\10777_5d4cc503b_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
    :mozilla.31:C:\Program Files\Support.com\backup\Co\cookies.txt\10777_5d4cc503b_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
    C:\Documents and Settings\Kent.KENT-49UW9YGZL9\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    C:\Documents and Settings\Kent.KENT-UDCMYBDTQ7\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    C:\Documents and Settings\Kent\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    C:\Documents and Settings\Kent\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    D:\Documents and Settings\Kent\Cookies\[email protected][2].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    D:\Documents and Settings\Kent\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    C:\Documents and Settings\Kent\Cookies\[email protected][1].txt -> TrackingCookie.Addynamix : Cleaned with backup (quarantined).
    C:\Documents and Settings\Kent\Local Settings\Temp\Cookies\[email protected][1].txt -> TrackingCookie.Addynamix : Cleaned with backup (quarantined).
    :mozilla.88:C:\Program Files\Support.com\backup\Co\cookies.txt\10777_5d4cc503b_/cookies.txt -> TrackingCookie.Adserver : Error during cleaning.
    :mozilla.89:C:\Program Files\Support.com\backup\Co\cookies.txt\10777_5d4cc503b_/cookies.txt -> TrackingCookie.Adserver : Error during cleaning.
    C:\Documents and Settings\Kent\Cookies\[email protected][1].txt -> TrackingCookie.Adserver : Cleaned with backup (quarantined).
    C:\Documents and Settings\Kent\Local Settings\Temp\Cookies\[email protected][1].txt -> TrackingCookie.Adserver : Cleaned with backup (quarantined).
    D:\Documents and Settings\Kent\Cookies\[email protected][1].txt -> TrackingCookie.Adserver : Cleaned with backup (quarantined).
    :mozilla.47:C:\Program Files\Support.com\backup\Co\cookies.txt\10777_5d4cc503b_/cookies.txt -> TrackingCookie.Advertising : Error during cleaning.
    :mozilla.48:C:\Program Files\Support.com\backup\Co\cookies.txt\10777_5d4cc503b_/cookies.txt -> TrackingCookie.Advertising : Error during cleaning.
    :mozilla.49:C:\Program Files\Support.com\backup\Co\cookies.txt\10777_5d4cc503b_/cookies.txt -> TrackingCookie.Advertising : Error during cleaning.
    :mozilla.50:C:\Program Files\Support.com\backup\Co\cookies.txt\10777_5d4cc503b_/cookies.txt -> TrackingCookie.Advertising : Error during cleaning.
    :mozilla.61:C:\Program Files\Support.com\backup\Co\cookies.txt\10777_5d4cc503b_/cookies.txt -> TrackingCookie.Advertising : Error during cleaning.
    :mozilla.62:C:\Program Files\Support.com\backup\Co\cookies.txt\10777_5d4cc503b_/cookies.txt -> TrackingCookie.Advertising : Error during cleaning.
    :mozilla.63:C:\Program Files\Support.com\backup\Co\cookies.txt\10777_5d4cc503b_/cookies.txt -> TrackingCookie.Advertising : Error during cleaning.
    :mozilla.64:C:\Program Files\Support.com\backup\Co\cookies.txt\10777_5d4cc503b_/cookies.txt -> TrackingCookie.Advertising : Error during cleaning.
    :mozilla.65:C:\Program Files\Support.com\backup\Co\cookies.txt\10777_5d4cc503b_/cookies.txt -> TrackingCookie.Advertising : Error during cleaning.
    :mozilla.66:C:\Program Files\Support.com\backup\Co\cookies.txt\10777_5d4cc503b_/cookies.txt -> TrackingCookie.Advertising : Error during cleaning.
    :mozilla.67:C:\Program Files\Support.com\backup\Co\cookies.txt\10777_5d4cc503b_/cookies.txt -> TrackingCookie.Advertising : Error during cleaning.
    :mozilla.68:C:\Program Files\Support.com\backup\Co\cookies.txt\10777_5d4cc503b_/cookies.txt -> TrackingCookie.Advertising : Error during cleaning.
    :mozilla.69:C:\Program Files\Support.com\backup\Co\cookies.txt\10777_5d4cc503b_/cookies.txt -> TrackingCookie.Advertising : Error during cleaning.
    :mozilla.70:C:\Program Files\Support.com\backup\Co\cookies.txt\10777_5d4cc503b_/cookies.txt -> TrackingCookie.Advertising : Error during cleaning.
    :mozilla.71:C:\Program Files\Support.com\backup\Co\cookies.txt\10777_5d4cc503b_/cookies.txt -> TrackingCookie.Advertising : Error during cleaning.
    :mozilla.72:C:\Program Files\Support.com\backup\Co\cookies.txt\10777_5d4cc503b_/cookies.txt -> TrackingCookie.Advertising : Error during cleaning.
    :mozilla.73:C:\Program Files\Support.com\backup\Co\cookies.txt\10777_5d4cc503b_/cookies.txt -> TrackingCookie.Advertising : Error during cleaning.
    :mozilla.74:C:\Program Files\Support.com\backup\Co\cookies.txt\10777_5d4cc503b_/cookies.txt -> TrackingCookie.Advertising : Error during cleaning.
    :mozilla.75:C:\Program Files\Support.com\backup\Co\cookies.txt\10777_5d4cc503b_/cookies.txt -> TrackingCookie.Advertising : Error during cleaning.
    :mozilla.76:C:\Program Files\Support.com\backup\Co\cookies.txt\10777_5d4cc503b_/cookies.txt -> TrackingCookie.Advertising : Error during cleaning.
    :mozilla.77:C:\Program Files\Support.com\backup\Co\cookies.txt\10777_5d4cc503b_/cookies.txt -> TrackingCookie.Advertising : Error during cleaning.
    :mozilla.78:C:\Program Files\Support.com\backup\Co\cookies.txt\10777_5d4cc503b_/cookies.txt -> TrackingCookie.Advertising : Error during cleaning.
    :mozilla.79:C:\Program Files\Support.com\backup\Co\cookies.txt\10777_5d4cc503b_/cookies.txt -> TrackingCookie.Advertising : Error during cleaning.
    C:\Documents and Settings\Kent\Cookies\[email protected][2].txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
     
  8. angry247@comcast

    [email protected] Thread Starter

    Joined:
    Jul 30, 2006
    Messages:
    8
    C:\Documents and Settings\Kent\Local Settings\Temp\Cookies\[email protected][1].txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
    :mozilla.59:C:\Program Files\Support.com\backup\Co\cookies.txt\10777_5d4cc503b_/cookies.txt -> TrackingCookie.Atdmt : Error during cleaning.
    :mozilla.8:C:\Program Files\Support.com\backup\Co\cookies.txt\366_587d48bbb_/cookies.txt -> TrackingCookie.Atdmt : Error during cleaning.
    C:\Documents and Settings\Kent.KENT-49UW9YGZL9\Cookies\[email protected][2].txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
    C:\Documents and Settings\Kent\Cookies\[email protected][2].txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
    C:\Documents and Settings\Kent\Local Settings\Temp\Cookies\[email protected][2].txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
    C:\Documents and Settings\Kent\Cookies\[email protected][1].txt -> TrackingCookie.Bluestreak : Cleaned with backup (quarantined).
    C:\Documents and Settings\Kent\Local Settings\Temp\Cookies\[email protected][2].txt -> TrackingCookie.Bridgetrack : Cleaned with backup (quarantined).
    D:\Documents and Settings\Kent\Cookies\[email protected][1].txt -> TrackingCookie.Bridgetrack : Cleaned with backup (quarantined).
    :mozilla.42:C:\Program Files\Support.com\backup\Co\cookies.txt\10777_5d4cc503b_/cookies.txt -> TrackingCookie.Casalemedia : Error during cleaning.
    :mozilla.43:C:\Program Files\Support.com\backup\Co\cookies.txt\10777_5d4cc503b_/cookies.txt -> TrackingCookie.Casalemedia : Error during cleaning.
    :mozilla.44:C:\Program Files\Support.com\backup\Co\cookies.txt\10777_5d4cc503b_/cookies.txt -> TrackingCookie.Casalemedia : Error during cleaning.
    C:\Documents and Settings\Kent\Cookies\[email protected][1].txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
    D:\Documents and Settings\Kent\Cookies\[email protected][2].txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
    :mozilla.91:C:\Program Files\Support.com\backup\Co\cookies.txt\10777_5d4cc503b_/cookies.txt -> TrackingCookie.Centrport : Error during cleaning.
    :mozilla.92:C:\Program Files\Support.com\backup\Co\cookies.txt\10777_5d4cc503b_/cookies.txt -> TrackingCookie.Centrport : Error during cleaning.
    C:\Documents and Settings\Kent\Local Settings\Temp\Cookies\[email protected][2].txt -> TrackingCookie.Centrport : Cleaned with backup (quarantined).
    :mozilla.14:C:\Program Files\Support.com\backup\Co\cookies.txt\10777_5d4cc503b_/cookies.txt -> TrackingCookie.Doubleclick : Error during cleaning.
    :mozilla.18:C:\Program Files\Support.com\backup\Co\cookies.txt\2267_58212af4d_/cookies.txt -> TrackingCookie.Doubleclick : Error during cleaning.
    C:\Documents and Settings\Kent\Cookies\[email protected][1].txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
    C:\Documents and Settings\Kent\Local Settings\Temp\Cookies\[email protected][1].txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
    :mozilla.39:C:\Program Files\Support.com\backup\Co\cookies.txt\10777_5d4cc503b_/cookies.txt -> TrackingCookie.Esomniture : Error during cleaning.
    :mozilla.40:C:\Program Files\Support.com\backup\Co\cookies.txt\10777_5d4cc503b_/cookies.txt -> TrackingCookie.Esomniture : Error during cleaning.
    :mozilla.54:C:\Program Files\Support.com\backup\Co\cookies.txt\10777_5d4cc503b_/cookies.txt -> TrackingCookie.Esomniture : Error during cleaning.
    :mozilla.60:C:\Program Files\Support.com\backup\Co\cookies.txt\10777_5d4cc503b_/cookies.txt -> TrackingCookie.Esomniture : Error during cleaning.
    :mozilla.90:C:\Program Files\Support.com\backup\Co\cookies.txt\10777_5d4cc503b_/cookies.txt -> TrackingCookie.Esomniture : Error during cleaning.
    D:\Documents and Settings\Kent\Cookies\[email protected][1].txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
    :mozilla.85:C:\Program Files\Support.com\backup\Co\cookies.txt\10777_5d4cc503b_/cookies.txt -> TrackingCookie.Fastclick : Error during cleaning.
    :mozilla.86:C:\Program Files\Support.com\backup\Co\cookies.txt\10777_5d4cc503b_/cookies.txt -> TrackingCookie.Fastclick : Error during cleaning.
    :mozilla.87:C:\Program Files\Support.com\backup\Co\cookies.txt\10777_5d4cc503b_/cookies.txt -> TrackingCookie.Fastclick : Error during cleaning.
    C:\Documents and Settings\Kent\Cookies\[email protected][2].txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
    C:\Documents and Settings\Kent\Local Settings\Temp\Cookies\[email protected][1].txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
    :mozilla.19:C:\Program Files\Support.com\backup\Co\cookies.txt\2267_58212af4d_/cookies.txt -> TrackingCookie.Hitbox : Error during cleaning.
    :mozilla.20:C:\Program Files\Support.com\backup\Co\cookies.txt\2267_58212af4d_/cookies.txt -> TrackingCookie.Hitbox : Error during cleaning.
    :mozilla.21:C:\Program Files\Support.com\backup\Co\cookies.txt\2267_58212af4d_/cookies.txt -> TrackingCookie.Hitbox : Error during cleaning.
    :mozilla.22:C:\Program Files\Support.com\backup\Co\cookies.txt\2267_58212af4d_/cookies.txt -> TrackingCookie.Hitbox : Error during cleaning.
    :mozilla.23:C:\Program Files\Support.com\backup\Co\cookies.txt\10777_5d4cc503b_/cookies.txt -> TrackingCookie.Hitbox : Error during cleaning.
    :mozilla.23:C:\Program Files\Support.com\backup\Co\cookies.txt\2267_58212af4d_/cookies.txt -> TrackingCookie.Hitbox : Error during cleaning.
    :mozilla.25:C:\Program Files\Support.com\backup\Co\cookies.txt\10777_5d4cc503b_/cookies.txt -> TrackingCookie.Hitbox : Error during cleaning.
    :mozilla.26:C:\Program Files\Support.com\backup\Co\cookies.txt\10777_5d4cc503b_/cookies.txt -> TrackingCookie.Hitbox : Error during cleaning.
    :mozilla.27:C:\Program Files\Support.com\backup\Co\cookies.txt\10777_5d4cc503b_/cookies.txt -> TrackingCookie.Hitbox : Error during cleaning.
    :mozilla.7:C:\Program Files\Support.com\backup\Co\cookies.txt\10777_5d4cc503b_/cookies.txt -> TrackingCookie.Hitbox : Error during cleaning.
    :mozilla.8:C:\Program Files\Support.com\backup\Co\cookies.txt\10777_5d4cc503b_/cookies.txt -> TrackingCookie.Hitbox : Error during cleaning.
    :mozilla.9:C:\Program Files\Support.com\backup\Co\cookies.txt\10777_5d4cc503b_/cookies.txt -> TrackingCookie.Hitbox : Error during cleaning.
    C:\Documents and Settings\Kent\Cookies\[email protected][1].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
    C:\Documents and Settings\Kent\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
    C:\Documents and Settings\Kent\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
    C:\Documents and Settings\Kent\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
    C:\Documents and Settings\Kent\Local Settings\Temp\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
    C:\Documents and Settings\Kent\Local Settings\Temp\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
    C:\Documents and Settings\Kent.KENT-UDCMYBDTQ7\Cookies\[email protected][1].txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
    :mozilla.25:C:\Program Files\Support.com\backup\Co\cookies.txt\2267_58212af4d_/cookies.txt -> TrackingCookie.Mediaplex : Error during cleaning.
    :mozilla.32:C:\Program Files\Support.com\backup\Co\cookies.txt\10777_5d4cc503b_/cookies.txt -> TrackingCookie.Mediaplex : Error during cleaning.
    C:\Documents and Settings\Kent\Cookies\[email protected][1].txt -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined).
    C:\Documents and Settings\Kent\Local Settings\Temp\Cookies\[email protected][1].txt -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined).
    C:\Documents and Settings\Kent\Cookies\[email protected][2].txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
    C:\Documents and Settings\Kent\Cookies\[email protected][1].txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
    C:\Documents and Settings\Kent\Local Settings\Temp\Cookies\[email protected][2].txt -> TrackingCookie.Paycounter : Cleaned with backup (quarantined).
    C:\Documents and Settings\Kent\Cookies\[email protected][2].txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
    C:\Documents and Settings\Kent\Local Settings\Temp\Cookies\[email protected][2].txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
    D:\Documents and Settings\Kent\Cookies\[email protected][1].txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
    :mozilla.6:C:\Documents and Settings\Kent\Application Data\Mozilla\Firefox\Profiles\vuaa73kn.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
    C:\Documents and Settings\Kent.KENT-UDCMYBDTQ7\Cookies\[email protected][2].txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
    C:\Documents and Settings\Kent\Cookies\[email protected]uestionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
    C:\Documents and Settings\Kent\Local Settings\Temp\Cookies\[email protected][2].txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
    D:\Documents and Settings\Kent\Cookies\[email protected][1].txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
    C:\Documents and Settings\Kent\Local Settings\Temp\Cookies\[email protected][2].txt -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).
    :mozilla.80:C:\Program Files\Support.com\backup\Co\cookies.txt\10777_5d4cc503b_/cookies.txt -> TrackingCookie.Serving-sys : Error during cleaning.
    :mozilla.81:C:\Program Files\Support.com\backup\Co\cookies.txt\10777_5d4cc503b_/cookies.txt -> TrackingCookie.Serving-sys : Error during cleaning.
    :mozilla.82:C:\Program Files\Support.com\backup\Co\cookies.txt\10777_5d4cc503b_/cookies.txt -> TrackingCookie.Serving-sys : Error during cleaning.
    :mozilla.83:C:\Program Files\Support.com\backup\Co\cookies.txt\10777_5d4cc503b_/cookies.txt -> TrackingCookie.Serving-sys : Error during cleaning.
    C:\Documents and Settings\Kent\Cookies\[email protected][2].txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
    D:\Documents and Settings\Kent\Cookies\[email protected][2].txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
    C:\Documents and Settings\Kent\Cookies\[email protected][2].txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
    C:\Documents and Settings\Kent\Local Settings\Temp\Cookies\[email protected][2].txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
    D:\Documents and Settings\Kent\Cookies\[email protected][2].txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
    C:\Documents and Settings\Kent\Local Settings\Temp\Cookies\[email protected][2].txt -> TrackingCookie.Sexlist : Cleaned with backup (quarantined).
    :mozilla.10:C:\Program Files\Support.com\backup\Co\cookies.txt\875_5df6b41bc_/cookies.txt -> TrackingCookie.Sextracker : Error during cleaning.
    :mozilla.14:C:\Program Files\Support.com\backup\Co\cookies.txt\875_5df6b41bc_/cookies.txt -> TrackingCookie.Sextracker : Error during cleaning.
    :mozilla.36:C:\Program Files\Support.com\backup\Co\cookies.txt\10777_5d4cc503b_/cookies.txt -> TrackingCookie.Sextracker : Error during cleaning.
    :mozilla.37:C:\Program Files\Support.com\backup\Co\cookies.txt\10777_5d4cc503b_/cookies.txt -> TrackingCookie.Sextracker : Error during cleaning.
    :mozilla.38:C:\Program Files\Support.com\backup\Co\cookies.txt\10777_5d4cc503b_/cookies.txt -> TrackingCookie.Sextracker : Error during cleaning.
    :mozilla.41:C:\Program Files\Support.com\backup\Co\cookies.txt\10777_5d4cc503b_/cookies.txt -> TrackingCookie.Sextracker : Error during cleaning.
    :mozilla.51:C:\Program Files\Support.com\backup\Co\cookies.txt\10777_5d4cc503b_/cookies.txt -> TrackingCookie.Sextracker : Error during cleaning.
    :mozilla.6:C:\Program Files\Support.com\backup\Co\cookies.txt\875_5df6b41bc_/cookies.txt -> TrackingCookie.Sextracker : Error during cleaning.
    :mozilla.7:C:\Program Files\Support.com\backup\Co\cookies.txt\875_5df6b41bc_/cookies.txt -> TrackingCookie.Sextracker : Error during cleaning.
    :mozilla.8:C:\Program Files\Support.com\backup\Co\cookies.txt\875_5df6b41bc_/cookies.txt -> TrackingCookie.Sextracker : Error during cleaning.
    :mozilla.97:C:\Program Files\Support.com\backup\Co\cookies.txt\10777_5d4cc503b_/cookies.txt -> TrackingCookie.Sextracker : Error during cleaning.
    :mozilla.9:C:\Program Files\Support.com\backup\Co\cookies.txt\875_5df6b41bc_/cookies.txt -> TrackingCookie.Sextracker : Error during cleaning.
    C:\Documents and Settings\Kent\Cookies\[email protected][1].txt -> TrackingCookie.Sextracker : Cleaned with backup (quarantined).
    C:\Documents and Settings\Kent\Cookies\[email protected][1].txt -> TrackingCookie.Sextracker : Cleaned with backup (quarantined).
    C:\Documents and Settings\Kent\Cookies\[email protected][2].txt -> TrackingCookie.Sextracker : Cleaned with backup (quarantined).
    C:\Documents and Settings\Kent\Cookies\[email protected][1].txt -> TrackingCookie.Sextracker : Cleaned with backup (quarantined).
    C:\Documents and Settings\Kent\Cookies\[email protected][1].txt -> TrackingCookie.Sextracker : Cleaned with backup (quarantined).
    C:\Documents and Settings\Kent\Cookies\[email protected][1].txt -> TrackingCookie.Sextracker : Cleaned with backup (quarantined).
    C:\Documents and Settings\Kent\Local Settings\Temp\Cookies\[email protected][1].txt -> TrackingCookie.Sextracker : Cleaned with backup (quarantined).
    C:\Documents and Settings\Kent\Local Settings\Temp\Cookies\[email protected][2].txt -> TrackingCookie.Sextracker : Cleaned with backup (quarantined).
    C:\Documents and Settings\Kent\Local Settings\Temp\Cookies\[email protected][1].txt -> TrackingCookie.Sextracker : Cleaned with backup (quarantined).
    C:\Documents and Settings\Kent\Local Settings\Temp\Cookies\[email protected][2].txt -> TrackingCookie.Sextracker : Cleaned with backup (quarantined).
    C:\Documents and Settings\Kent\Local Settings\Temp\Cookies\[email protected][1].txt -> TrackingCookie.Sextracker : Cleaned with backup (quarantined).
    C:\Documents and Settings\Kent\Local Settings\Temp\Cookies\[email protected][1].txt -> TrackingCookie.Sextracker : Cleaned with backup (quarantined).
    C:\Documents and Settings\Kent\Local Settings\Temp\Cookies\[email protected][1].txt -> TrackingCookie.Sextracker : Cleaned with backup (quarantined).
    C:\Documents and Settings\Kent\Local Settings\Temp\Cookies\[email protected][1].txt -> TrackingCookie.Sextracker : Cleaned with backup (quarantined).
    C:\Documents and Settings\Kent.KENT-UDCMYBDTQ7\Cookies\[email protected][1].txt -> TrackingCookie.Specificclick : Cleaned with backup (quarantined).
    :mozilla.11:C:\Program Files\Support.com\backup\Co\cookies.txt\875_5df6b41bc_/cookies.txt -> TrackingCookie.Statcounter : Error during cleaning.
    C:\Documents and Settings\Kent.KENT-UDCMYBDTQ7\Cookies\[email protected][1].txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
    C:\Documents and Settings\Kent.KENT-UDCMYBDTQ7\Cookies\[email protected][1].txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
    C:\Documents and Settings\Kent.KENT-UDCMYBDTQ7\Cookies\[email protected][1].txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
    C:\Documents and Settings\Kent.KENT-UDCMYBDTQ7\Cookies\[email protected][1].txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
    D:\Documents and Settings\Kent\Cookies\[email protected][1].txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
    C:\Documents and Settings\Kent\Cookies\[email protected][1].txt -> TrackingCookie.Tradedoubler : Cleaned with backup (quarantined).
    D:\Documents and Settings\Kent\Cookies\[email protected][2].txt -> TrackingCookie.Tradedoubler : Cleaned with backup (quarantined).
    C:\Documents and Settings\Kent.KENT-UDCMYBDTQ7\Cookies\[email protected][2].txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
    C:\Documents and Settings\Kent\Cookies\[email protected][1].txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
    C:\Documents and Settings\Kent\Local Settings\Temp\Cookies\[email protected][1].txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
    D:\Documents and Settings\Kent\Cookies\[email protected][1].txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
    C:\Documents and Settings\Kent.KENT-UDCMYBDTQ7\Cookies\[email protected][1].txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
    C:\Documents and Settings\Kent\Cookies\[email protected][1].txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
    D:\Documents and Settings\Kent\Cookies\[email protected][1].txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
    D:\Documents and Settings\Kent\Cookies\[email protected][1].txt -> TrackingCookie.Valuead : Cleaned with backup (quarantined).
    C:\Documents and Settings\Kent\Cookies\[email protected][1].txt -> TrackingCookie.Webtrendslive : Cleaned with backup (quarantined).
    C:\Documents and Settings\Kent\Cookies\[email protected][1].txt -> TrackingCookie.Xxxcounter : Cleaned with backup (quarantined).
    D:\Documents and Settings\Kent\Cookies\[email protected][1].txt -> TrackingCookie.Xxxcounter : Cleaned with backup (quarantined).
    C:\Documents and Settings\Kent.KENT-UDCMYBDTQ7\Cookies\[email protected][2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
    C:\Documents and Settings\Kent\Cookies\[email protected][2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
    D:\Documents and Settings\Kent\Cookies\[email protected][2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
    C:\Documents and Settings\Kent.KENT-UDCMYBDTQ7\Cookies\[email protected][1].txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
    C:\Documents and Settings\Kent\Cookies\[email protected][1].txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
    C:\Documents and Settings\Kent\Local Settings\Temp\Cookies\[email protected][2].txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
    C:\Documents and Settings\Kent\Local Settings\Temp\Cookies\[email protected][1].txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
    C:\WINDOWS2\system32\msjeclus.exe -> Trojan.Agent.mm : Cleaned with backup (quarantined).
    C:\Documents and Settings\Kent.KENT-UDCMYBDTQ7\Local Settings\Temp\art76DA.tmp -> Trojan.Agent.oh : Cleaned with backup (quarantined).
    C:\Documents and Settings\Kent.KENT-UDCMYBDTQ7\Local Settings\Temp\art8E58.tmp -> Trojan.Agent.oh : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{216CEE21-D789-4FD6-8C57-B5C6D334D4A3}\RP2\A0008060.dll -> Trojan.Agent.oh : Cleaned with backup (quarantined).
    C:\Documents and Settings\Kent.KENT-UDCMYBDTQ7\Local Settings\Temp\uckfwnmd.exe -> Trojan.Agent.pk : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{216CEE21-D789-4FD6-8C57-B5C6D334D4A3}\RP3\A0008313.exe -> Trojan.Dialer.pw : Cleaned with backup (quarantined).
    C:\Documents and Settings\Kent.KENT-UDCMYBDTQ7\Local Settings\Temp\rsysinit.exe -> Trojan.ExitWin.z : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{216CEE21-D789-4FD6-8C57-B5C6D334D4A3}\RP3\A0008281.exe -> Trojan.Fakealert : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{216CEE21-D789-4FD6-8C57-B5C6D334D4A3}\RP3\A0008282.exe -> Trojan.Fakealert : Cleaned with backup (quarantined).
    C:\WINDOWS2\system32\wuclcryp.dll -> Trojan.Opnis.p : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{216CEE21-D789-4FD6-8C57-B5C6D334D4A3}\RP107\A0021892.exe -> Trojan.Puper.bx : Cleaned with backup (quarantined).
    C:\Documents and Settings\Kent.KENT-UDCMYBDTQ7\Local Settings\Temp\msn.exe -> Trojan.Sinowal.aa : Cleaned with backup (quarantined).
    C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll -> Trojan.Sinowal.aa : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{216CEE21-D789-4FD6-8C57-B5C6D334D4A3}\RP3\A0008312.exe -> Trojan.Sinowal.aa : Cleaned with backup (quarantined).
    C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.dll -> Trojan.Sinowal.ac : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{216CEE21-D789-4FD6-8C57-B5C6D334D4A3}\RP107\A0021893.exe -> Trojan.Small.gq : Cleaned with backup (quarantined).
    C:\WINDOWS2\system32\cmprieak.exe -> Trojan.Spambot : Cleaned with backup (quarantined).


    ::Report end
     
  9. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    Rescan with Hijack This.
    Close all browser windows except Hijack This.
    Put a check mark beside these entries and click "Fix Checked".

    R3 - URLSearchHook: (no name) - {75CE9B00-5684-5466-777B-A4BCEF0BC5D8} - TRPT.dll (file missing)

    O4 - HKLM\..\Run: [ÿ_zskG] C:\WINDOWS2\System32\_zskwrkni05HJYS[VXNWY]^VR\G.exe

    O4 - HKLM\..\Run: [ActionScr] browsebar.exe

    O4 - HKLM\..\Run: [barint] LOPTCON.exe

    O4 - HKLM\..\RunServices: [ÿ_zskG] C:\WINDOWS2\System32\_zskwrkni05HJYS[VXNWY]^VR\G.exe

    O4 - HKCU\..\Run: [zxc] SYSTRAV.exe

    O4 - HKCU\..\Run: [SysEntry] ssweeper.exe

    O4 - HKCU\..\Run: [driver64] Serviceprocess.exe

    O20 - Winlogon Notify: artm_newreg - C:\Documents and Settings\All Users.WINDOWS2\Documents\Settings\artm_new.dll

    O21 - SSODL: coursings - {f8d02387-789a-4c0f-a1d8-8a93f33ee4df} - (no file)


    Close Hijack This.

    Please download the Killbox by Option^Explicit.

    Note: In the event you already have Killbox, this is a new version that I need you to download.
    • Save it to your desktop.
    • Please double-click Killbox.exe to run it.
    • Select:
      • Delete on Reboot
      • then Click on the All Files button.
    • Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):


      C:\Documents and Settings\DivXPro511Adware.exe
      C:\WINDOWS2\Downloaded Program Files\gdnUS2218.exe
      C:\WINDOWS2\system32\components\flx2.dll
      C:\WINDOWS2\system32\components\flx27.dll
      C:\WINDOWS2\system32\components\flx43.dll
      C:\WINDOWS2\system32\components\flx45.dll
      C:\WINDOWS2\system32\components\flx7.dll
      C:\WINDOWS2\system32\dmrml.exe
      C:\WINDOWS2\system32\{ECB745A9-D7FC-4400-A4BB-BD1B8DC02AD7}.exe[KillAndClean.exe]
      C:\WINDOWS2\System32\_zskwrkni05HJYS[VXNWY]^VR\G.exe
      C:\WINDOWS2\System32\browsebar.exe
      C:\WINDOWS2\System32\LOPTCON.exe
      C:\WINDOWS2\System32\_zskwrkni05HJYS[VXNWY]^VR\G.exe
      C:\WINDOWS2\System32\SYSTRAV.exe
      C:\WINDOWS2\System32\ssweeper.exe
      C:\WINDOWS2\System32\Serviceprocess.exe
      C:\Documents and Settings\All Users.WINDOWS2\Documents\Settings\artm_new.dll


    • Return to Killbox, go to the File menu, and choose Paste from Clipboard.
    • Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).

    If your computer does not restart automatically, please restart it manually.

    If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click here to download and run missingfilesetup.exe. Then try Killbox again.

    Post a new Hijack This log.
     
  10. angry247@comcast

    [email protected] Thread Starter

    Joined:
    Jul 30, 2006
    Messages:
    8
    Here is the final hijackthis logfile. Everyting seems to be running well now. Thanks for your help.

    Logfile of HijackThis v1.99.1
    Scan saved at 7:21:09 AM, on 8/3/2006

    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS2\System32\smss.exe
    C:\WINDOWS2\system32\winlogon.exe
    C:\WINDOWS2\system32\services.exe
    C:\WINDOWS2\system32\lsass.exe
    C:\WINDOWS2\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS2\System32\svchost.exe
    C:\WINDOWS2\system32\LEXBCES.EXE
    C:\WINDOWS2\system32\spoolsv.exe
    C:\WINDOWS2\system32\LEXPPS.EXE
    C:\WINDOWS2\Explorer.EXE
    C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
    C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    c:\progra~1\mcafee.com\vso\mcvsescn.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\ewido anti-spyware 4.0\ewido.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
    C:\Program Files\Microsoft Office\Office\OSA.EXE
    C:\Program Files\Greetings Workshop\GWREMIND.EXE
    c:\progra~1\mcafee.com\vso\mcvsftsn.exe
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\WINDOWS2\System32\inetsrv\inetinfo.exe
    C:\PROGRA~1\McAfee.com\VSO\mcshield.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
    C:\WINDOWS2\System32\tcpsvcs.exe
    C:\WINDOWS2\System32\svchost.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
    C:\PROGRA~1\mcafee.com\agent\McDash.exe
    C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
    C:\Program Files\Microsoft Office\Office\Winword.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS2\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [ÿ_zskG] C:\WINDOWS2\System32\_zskwrkni05HJYS[VXNWY]^VR\G.exe
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
    O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
    O4 - HKLM\..\Run: [MPFEXE] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
    O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
    O4 - HKLM\..\Run: [CleanUp] C:\PROGRA~1\McAfee.com\Shared\mcappins.exe /v=3 /cleanup
    O4 - HKLM\..\RunServices: [ÿ_zskG] C:\WINDOWS2\System32\_zskwrkni05HJYS[VXNWY]^VR\G.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - Startup: Greetings Workshop Reminders.lnk = C:\Program Files\Greetings Workshop\GWREMIND.EXE
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
    O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
    O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
    O16 - DPF: {0713E8D2-850A-101B-AFC0-4210102A8DA7} (Microsoft ProgressBar Control, version 5.0 (SP2)) - http://download.mcafee.com/molbin/Shared/ComCtl32/6,0,80,22/ComCtl32.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1154020372875
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1154020968500
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
    O20 - Winlogon Notify: artm_newreg - C:\Documents and Settings\All Users.WINDOWS2\Documents\Settings\artm_new.dll (file missing)
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS2\SYSTEM32\WgaLogon.dll
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS2\system32\LEXBCES.EXE
    O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - C:\PROGRA~1\McAfee.com\VSO\mcshield.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS2\System32\nvsvc32.exe
     
  11. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    Boot into Safe Mode.

    Rescan with Hijack This.
    Close all browser windows except Hijack This.
    Put a check mark beside these entries and click "Fix Checked".

    O4 - HKLM\..\Run: [ÿ_zskG] C:\WINDOWS2\System32\_zskwrkni05HJYS[VXNWY]^VR\G.exe

    O4 - HKLM\..\RunServices: [ÿ_zskG] C:\WINDOWS2\System32\_zskwrkni05HJYS[VXNWY]^VR\G.exe

    O20 - Winlogon Notify: artm_newreg - C:\Documents and Settings\All Users.WINDOWS2\Documents\Settings\artm_new.dll (file missing)


    Reboot, post a new log.
     
  12. angry247@comcast

    [email protected] Thread Starter

    Joined:
    Jul 30, 2006
    Messages:
    8
    The latest and greatest. Things are running very smoothly now. Thanks again.


    Logfile of HijackThis v1.99.1
    Scan saved at 12:05:53 AM, on 8/8/2006

    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS2\System32\smss.exe
    C:\WINDOWS2\system32\winlogon.exe
    C:\WINDOWS2\system32\services.exe
    C:\WINDOWS2\system32\lsass.exe
    C:\WINDOWS2\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS2\System32\svchost.exe
    C:\WINDOWS2\system32\LEXBCES.EXE
    C:\WINDOWS2\system32\spoolsv.exe
    C:\WINDOWS2\system32\LEXPPS.EXE
    C:\WINDOWS2\Explorer.EXE
    C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
    C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
    C:\Program Files\ewido anti-spyware 4.0\ewido.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
    C:\Program Files\Microsoft Office\Office\OSA.EXE
    C:\Program Files\Greetings Workshop\GWREMIND.EXE
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\WINDOWS2\System32\inetsrv\inetinfo.exe
    C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
    C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
    C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
    c:\program files\common files\mcafee\mna\mcnasvc.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
    c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    C:\PROGRA~1\McAfee\MSC\mctskshd.exe
    C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\WINDOWS2\System32\tcpsvcs.exe
    C:\WINDOWS2\System32\svchost.exe
    C:\Program Files\McAfee\MPS\mps.exe
    C:\Program Files\McAfee\MPS\mpsevh.exe
    C:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
    C:\Program Files\LimeWire\LimeWire.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Windows Media Player\wmplayer.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (file missing)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptsn.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: McAfee Popup Blocker - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - c:\program files\mcafee\mps\mcpopup.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (file missing)
    O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS2\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - Startup: Greetings Workshop Reminders.lnk = C:\Program Files\Greetings Workshop\GWREMIND.EXE
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
    O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
    O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS2\SYSTEM32\WgaLogon.dll
    O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS2\system32\LEXBCES.EXE
    O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
    O23 - Service: McAfee Log Manager (McLogManagerService) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
    O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: McAfee Task Scheduler (mctskshd.exe) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mctskshd.exe
    O23 - Service: McAfee User Manager (mcusrmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\Program Files\McAfee\MPS\mps.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS2\System32\nvsvc32.exe
     
  13. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    You're welcome :)

    Everything looks good. (y)

    Now turn off System Restore:

    On the Desktop, right-click My Computer.
    Click Properties.
    Click the System Restore tab.
    Check Turn off System Restore.
    Click Apply, and then click OK.

    Restart your computer.

    Turn System Restore back on and create a restore point.

    To create a restore point:

    Single-click Start and point to All Programs.
    Mouse over Accessories, then System Tools, and select System Restore.
    In the System Restore wizard, select the box next the text labeled "Create a restore point" and click the Next button.
    Type a description for your new restore point. Something like "After trojan/spyware cleanup". Click Create and you're done.

    You can mark your thread "Solved" from the Thread Tools drop down menu.
     
  14. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/487704

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice