Pop-ups after spybot, ad-aware & defender

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

realmccoyDUI

Thread Starter
Joined
Mar 3, 2006
Messages
15
I cannot seem to stop these pop-ups. Any help would be appreciated TIA!

Lee McCoy



Here is my hijackthis! log:

Logfile of HijackThis v1.98.2
Scan saved at 7:40:02 AM, on 03/03/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
C:\WINNT\System32\cisvc.exe
C:\WINNT\Cpqdiag\Cpqdfwag.exe
C:\WINNT\System32\svchost.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\WINNT\System32\NMSSvc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\msdtc.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\PDesk.exe
C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
C:\WINNT\SYSTEM32\starter.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEAKSYSTEMTRAY.EXE
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\WINNT\tppaldr.exe
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\Program Files\Iomega HotBurn Pro\Autolaunch.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_FATI9LA.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINNT\system32\ctfmon.exe
C:\WINNT\system32\?hkdsk.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Warez P2P Client\warez.exe
C:\DOCUME~1\ADMINI~1\APPLIC~1\WNSXS~1\userinit.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopMail.exe
C:\WINNT\system32\DllHost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINNT\System32\cidaemon.exe
C:\Program Files\Netscape\Netscape\Netscp.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\hjt\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.google.com/mail/?auth=D...R6m4u_LpybW9q9IzJXzytdrAfBKxAT2bdfWXd6HVHNf3k
R3 - URLSearchHook: (no name) - {130D3B55-A9BD-D246-94A8-F88AD8D0F8C2} - C:\WINNT\system32\bbtuwyt.dll
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/bookmark/7_0/home.html"); (C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\prefs.js)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {130D3B55-A9BD-D246-94A8-F88AD8D0F8C2} - C:\WINNT\system32\bbtuwyt.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O2 - BHO: (no name) - {922B305F-3A3A-C7B3-FDA2-2A9B8B82B9EA} - C:\DOCUME~1\ADMINI~1\APPLIC~1\scrheck\flaponce.exe
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O3 - Toolbar: (no name) - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - (no file)
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Matrox Powerdesk] C:\WINNT\System32\PDesk.exe /Autolaunch
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [EnsoniqMixer] C:\WINNT\SYSTEM32\starter.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\BRMFLPRO\SetDefPrt.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TPP Auto Loader] C:\WINNT\tppaldr.exe
O4 - HKLM\..\Run: [Drag'n'Drop_Autolaunch] "C:\Program Files\Iomega HotBurn Pro\Autolaunch.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINNT\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [EPSON Stylus Photo R1800] C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_FATI9LA.EXE /P24 "EPSON Stylus Photo R1800" /O12 "EP1394D3_001" /M "Stylus Photo R1800"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Bolt Owns Deaf Kind] C:\Documents and Settings\All Users\Application Data\idol real bolt owns\Fast Default.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [PicasaNet] "C:\Program Files\Hello\Hello.exe" -b
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\RunServices: [CPQDFWAG] C:\WINNT\Cpqdiag\CpqDfwAg.exe
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [Plutl] C:\WINNT\system32\?hkdsk.exe
O4 - HKCU\..\Run: [warez] "C:\Program Files\Warez P2P Client\warez.exe" -h
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [PileDownload] C:\DOCUME~1\ADMINI~1\APPLIC~1\TRANST~1\Dentthecool.exe
O4 - HKCU\..\Run: [Hela] "C:\DOCUME~1\ADMINI~1\APPLIC~1\WNSXS~1\userinit.exe" -vt rbnd
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} - http://usercenter.cox.net/rsuite/sdccommon/download/tgctlcm.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z.net/content.inf...W/win/019-0312.20050111.MmVrT/iTunesSetup.exe
O16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E} (Install Class) - http://updates.lifescapeinc.com/installers/pinstall/pinstall.cab
O16 - DPF: {9AC54695-69A4-46F1-BE10-10C74F9520D5} - http://cabs.elitemediagroup.net/cabs/mediaview.cab
O16 - DPF: {FC67BB52-AAB6-4282-9D51-2DAFFE73AFD0} - http://download.spyspotter.com/spyspotter/SpSp29952.22opt/SpySpotterInstall.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
 
Joined
Sep 7, 2004
Messages
49,014
Old version of HiJack

Click here to download HJTsetup.exe: http://www.thespykiller.co.uk/files/HJTSetup.exe
Save HJTsetup.exe to your desktop.

Double click on the HJTsetup.exe icon on your desktop.
By default it will install to C:\Program Files\Hijack This.
Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
Put a check by Create a desktop icon then click Next again.
Continue to follow the rest of the prompts from there.
At the final dialogue box click Finish and it will launch Hijack This.
Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
Click Save to save the log file and then the log will open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.

==============
Do this before you post a new log

Download the trial version of Ewido Security Suite http://www.ewido.net/en/download/ (W2K/XP Only)
· Install ewido.
· During the installation, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
· Launch ewido
· It will prompt you to update click the OK button and it will go to the main screen
· On the left side of the main screen click update
· Click on Start and let it update.
· DO NOT run a scan yet. You will do that later in safe mode.

Restart your computer into safe mode now. Perform the following steps in safe mode:
(Start tapping F8 at the first black screen after power up)

Run Ewido:
· Click on scanner
· Click Complete System Scan and the scan will begin.
· During the scan it will prompt you to clean files, click OK
· When the scan is finished, look at the bottom of the screen and click the Save report button.
· Save the report to your C: Drive
This will take some time to run!
Boot to normal mode
Post that log and a new HiJack log
 

realmccoyDUI

Thread Starter
Joined
Mar 3, 2006
Messages
15
Done.


Logfile of HijackThis v1.99.1
Scan saved at 9:10:36 AM, on 03/03/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
C:\WINNT\System32\cisvc.exe
C:\WINNT\Cpqdiag\Cpqdfwag.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\WINNT\System32\NMSSvc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\msdtc.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\PDesk.exe
C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
C:\WINNT\SYSTEM32\starter.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINNT\tppaldr.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEAKSYSTEMTRAY.EXE
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\Program Files\Iomega HotBurn Pro\Autolaunch.exe
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_FATI9LA.EXE
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Warez P2P Client\warez.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\DOCUME~1\ADMINI~1\APPLIC~1\WNSXS~1\userinit.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopMail.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINNT\system32\DllHost.exe
C:\WINNT\System32\cidaemon.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.google.com/mail/?auth=D...R6m4u_LpybW9q9IzJXzytdrAfBKxAT2bdfWXd6HVHNf3k
R3 - URLSearchHook: (no name) - {130D3B55-A9BD-D246-94A8-F88AD8D0F8C2} - C:\WINNT\system32\bbtuwyt.dll (file missing)
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/bookmark/7_0/home.html"); (C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\prefs.js)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {130D3B55-A9BD-D246-94A8-F88AD8D0F8C2} - C:\WINNT\system32\bbtuwyt.dll (file missing)
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O2 - BHO: (no name) - {922B305F-3A3A-C7B3-FDA2-2A9B8B82B9EA} - C:\DOCUME~1\ADMINI~1\APPLIC~1\scrheck\flaponce.exe
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O3 - Toolbar: (no name) - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - (no file)
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Matrox Powerdesk] C:\WINNT\System32\PDesk.exe /Autolaunch
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [EnsoniqMixer] C:\WINNT\SYSTEM32\starter.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\BRMFLPRO\SetDefPrt.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TPP Auto Loader] C:\WINNT\tppaldr.exe
O4 - HKLM\..\Run: [Drag'n'Drop_Autolaunch] "C:\Program Files\Iomega HotBurn Pro\Autolaunch.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINNT\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [EPSON Stylus Photo R1800] C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_FATI9LA.EXE /P24 "EPSON Stylus Photo R1800" /O12 "EP1394D3_001" /M "Stylus Photo R1800"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Bolt Owns Deaf Kind] C:\Documents and Settings\All Users\Application Data\idol real bolt owns\Fast Default.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [PicasaNet] "C:\Program Files\Hello\Hello.exe" -b
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\RunServices: [CPQDFWAG] C:\WINNT\Cpqdiag\CpqDfwAg.exe
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [warez] "C:\Program Files\Warez P2P Client\warez.exe" -h
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [PileDownload] C:\DOCUME~1\ADMINI~1\APPLIC~1\TRANST~1\Dentthecool.exe
O4 - HKCU\..\Run: [Hela] "C:\DOCUME~1\ADMINI~1\APPLIC~1\WNSXS~1\userinit.exe" -vt rbnd
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} - http://usercenter.cox.net/rsuite/sdccommon/download/tgctlcm.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z.net/content.inf...W/win/019-0312.20050111.MmVrT/iTunesSetup.exe
O16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E} (Install Class) - http://updates.lifescapeinc.com/installers/pinstall/pinstall.cab
O16 - DPF: {9AC54695-69A4-46F1-BE10-10C74F9520D5} - http://cabs.elitemediagroup.net/cabs/mediaview.cab
O16 - DPF: {FC67BB52-AAB6-4282-9D51-2DAFFE73AFD0} - http://download.spyspotter.com/spyspotter/SpSp29952.22opt/SpySpotterInstall.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
O23 - Service: Compaq Remote Diagnostics Enabling Agent (CpqDfwWebAgent) - Compaq Computer Corporation - C:\WINNT\Cpqdiag\Cpqdfwag.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: jsdaemon - Unknown owner - c:\progra~1\jetsuite\jsdaemon.exe (file missing)
O23 - Service: Machine Debug Manager (MDM) - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe (file missing)
O23 - Service: MGABGEXE - Unknown owner - C:\WINNT\System32\mgabg.exe (file missing)
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINNT\System32\NMSSvc.exe
 

realmccoyDUI

Thread Starter
Joined
Mar 3, 2006
Messages
15
---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 8:56:44 AM, 03/03/2006
+ Report-Checksum: 37756E7A

+ Scan result:

HKLM\SOFTWARE\Classes\ImgConv.clsImgConv -> Adware.WebRebates : Cleaned with backup
HKLM\SOFTWARE\Classes\ImgConv.clsImgConv\Clsid -> Adware.WebRebates : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Adware.WebRebates : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows SR 3.0 -> Adware.BlazeFind : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows SR 3.0\- -> Adware.BlazeFind : Cleaned with backup
HKU\.DEFAULT\Software\MxTarget -> Adware.BetterInternet : Cleaned with backup
:mozilla.6:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i6scq8gh.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.7:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i6scq8gh.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.8:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i6scq8gh.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.9:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i6scq8gh.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.12:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i6scq8gh.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.37:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i6scq8gh.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.38:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i6scq8gh.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.39:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i6scq8gh.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.40:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i6scq8gh.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.41:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i6scq8gh.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.42:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i6scq8gh.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.58:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i6scq8gh.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.92:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i6scq8gh.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.95:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i6scq8gh.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.99:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i6scq8gh.default\cookies.txt -> TrackingCookie.Coremetrics : Cleaned with backup
:mozilla.100:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i6scq8gh.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.104:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i6scq8gh.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.108:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i6scq8gh.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.109:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i6scq8gh.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.110:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i6scq8gh.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.111:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i6scq8gh.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.113:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i6scq8gh.default\cookies.txt -> TrackingCookie.Linksynergy : Cleaned with backup
:mozilla.114:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i6scq8gh.default\cookies.txt -> TrackingCookie.Linksynergy : Cleaned with backup
:mozilla.115:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i6scq8gh.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned with backup
:mozilla.116:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i6scq8gh.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.118:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i6scq8gh.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.121:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i6scq8gh.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.122:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i6scq8gh.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup
:mozilla.124:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i6scq8gh.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.126:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i6scq8gh.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.129:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i6scq8gh.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.132:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i6scq8gh.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.140:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i6scq8gh.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.144:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i6scq8gh.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.146:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i6scq8gh.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.147:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i6scq8gh.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.154:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i6scq8gh.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.156:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i6scq8gh.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.157:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i6scq8gh.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.160:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i6scq8gh.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.186:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i6scq8gh.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.190:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i6scq8gh.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned with backup
:mozilla.191:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i6scq8gh.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned with backup
:mozilla.192:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i6scq8gh.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned with backup
:mozilla.228:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i6scq8gh.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.229:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i6scq8gh.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.230:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i6scq8gh.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.231:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i6scq8gh.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.265:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i6scq8gh.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.266:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i6scq8gh.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.276:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i6scq8gh.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.309:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i6scq8gh.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup
:mozilla.310:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i6scq8gh.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup
:mozilla.311:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i6scq8gh.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup
:mozilla.312:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i6scq8gh.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup
:mozilla.313:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i6scq8gh.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup
:mozilla.341:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i6scq8gh.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.342:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i6scq8gh.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.12:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.14:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.15:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.16:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.21:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.22:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.34:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.52:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\cookies.txt -> TrackingCookie.Bfast : Cleaned with backup
:mozilla.53:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\cookies.txt -> TrackingCookie.Bfast : Cleaned with backup
:mozilla.59:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.60:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.62:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.64:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.65:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.66:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.67:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.70:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.75:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.79:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.88:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.91:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.92:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\cookies.txt -> TrackingCookie.Bluestreak : Cleaned with backup
:mozilla.105:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.106:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.107:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
 

realmccoyDUI

Thread Starter
Joined
Mar 3, 2006
Messages
15
:mozilla.108:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.109:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.114:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.116:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.126:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.127:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.142:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.147:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.148:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.150:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.152:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.155:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.156:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.169:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.171:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.177:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.178:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.179:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.181:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup
:mozilla.182:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup
:mozilla.183:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.190:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.194:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.195:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.203:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.205:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.206:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.212:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.217:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.218:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.219:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.221:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.222:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.225:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.231:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\cookies.txt -> TrackingCookie.Coremetrics : Cleaned with backup
:mozilla.232:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup
:mozilla.233:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.245:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.246:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.247:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.261:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.262:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.263:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.268:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> TrackingCookie.Com : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> TrackingCookie.Estat : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> TrackingCookie.Statcounter : Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temp\112EF.exe -> Adware.FWN : Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temp\AcsProxyStub.exe -> Hijacker.Agent.di : Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temp\ATn2.exe -> Dropper.Agent.pd : Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\[email protected][1].txt -> TrackingCookie.Aavalue : Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\[email protected][1].txt -> TrackingCookie.Abetterinternet : Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\[email protected][1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\[email protected][2].txt -> TrackingCookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\[email protected][2].txt -> TrackingCookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\[email protected][1].txt -> TrackingCookie.Enhance : Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\[email protected][1].txt -> TrackingCookie.Cliks : Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\[email protected][2].txt -> TrackingCookie.Com : Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\[email protected][1].txt -> TrackingCookie.Tracking101 : Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\[email protected][1].txt -> TrackingCookie.Aavalue : Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\[email protected][2].txt -> TrackingCookie.Reliablestats : Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\[email protected][1].txt -> TrackingCookie.Burstbeacon : Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\[email protected][1].txt -> TrackingCookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\[email protected][1].txt -> TrackingCookie.Yadro : Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\[email protected][1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temp\i199.tmp -> Downloader.Small.wk : Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temp\iF4.tmp -> Downloader.Small.wk : Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temp\NewF9.tmp\upgrade.exe -> Adware.NewDotNet : Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temp\randreco.exe -> Adware.BetterInternet : Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temp\RemoteUpdate.exe -> Adware.PurityScan : Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temp\senh.exe -> Dropper.Delf.dj : Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temp\simpletraffic.exe -> Dropper.Small.nm : Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\CF4L6LYD\!update-1564[1].0000 -> Adware.PurityScan : Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temp\THI12C8.tmp\polall1b.exe -> Dropper.Small.pv : Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temp\THI3FEA.tmp\polall1b.exe -> Dropper.Small.pv : Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temp\THI743D.tmp\polall1b.exe -> Dropper.Small.pv : Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temp\thin.exe -> Adware.BetterInternet : Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temp\thnall1b.exe -> Adware.BetterInternet : Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temp\TMP10B.tmp -> Adware.SurfBuddy : Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\85U7KXQN\ErrorSafeFreeInstall[1].cab/UERS_0001_N68M1801NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.d : Cleaned with backup
C:\Documents and Settings\tricia\Local Settings\Temporary Internet Files\Content.IE5\XR9P6S54\HyperLinker[1].cab/HyperLinker.exe -> Adware.MDH : Cleaned with backup
C:\hjt\backups\backup-20040901-191558-653.dll -> Adware.Virtumonde : Cleaned with backup
C:\hjt\backups\backup-20040901-191558-986.dll -> Adware.Virtumonde : Cleaned with backup
C:\hjt\backups\backup-20060303-010232-376.dll -> Adware.PurityScan : Cleaned with backup
C:\Program Files\hjt\backups\backup-20040901-191558-653.dll -> Adware.Virtumonde : Cleaned with backup
C:\Program Files\hjt\backups\backup-20040901-191558-986.dll -> Adware.Virtumonde : Cleaned with backup
C:\Program Files\Lycos\IEagent\csAOLldr.exe -> Adware.ClearSearch : Cleaned with backup
C:\Program Files\Lycos\IEagent\CSBIINST.DLL -> Adware.ClearSearch : Cleaned with backup
C:\Program Files\Oemji\Toolbar\PopupBlocker\OemjiPopupBlocker.exe -> Adware.Nomeh : Cleaned with backup
C:\RECYCLER\S-1-5-21-1621911747-1873742695-1616138837-500\Dc2.dll -> Adware.PurityScan : Cleaned with backup
C:\RECYCLER\S-1-5-21-1621911747-1873742695-1616138837-500\Dc4.vxd/C:/WINNT/system32/nvms.dll -> Adware.BargainBuddy : Cleaned with backup
C:\RECYCLER\S-1-5-21-1621911747-1873742695-1616138837-500\Dc4.vxd/C:/Program Files/NaviSearch/bin/nls.exe -> Adware.BargainBuddy : Cleaned with backup
C:\WINNT\lasss.exe -> Hijacker.StartPage.nv : Cleaned with backup
C:\WINNT\mtuninst.exe -> Adware.MediaTickets : Cleaned with backup
C:\WINNT\NDNuninstall4_34.exe -> Adware.NewDotNet : Cleaned with backup
C:\WINNT\NDNuninstall6_38.exe -> Adware.NewDotNet : Cleaned with backup
C:\WINNT\NDNuninstall6_90.exe -> Adware.NewDotNet : Cleaned with backup
C:\WINNT\NDNuninstall6_98.exe -> Adware.NewDotNet : Cleaned with backup
C:\WINNT\snbho.exe -> Trojan.Imiserv.c : Cleaned with backup
C:\WINNT\SYSTEM32\atiupdate5.exe -> Adware.Adtomi : Cleaned with backup
C:\WINNT\SYSTEM32\bbtuwyt.dll -> Adware.PurityScan : Cleaned with backup
C:\WINNT\SYSTEM32\bH.dll -> Adware.BargainBuddy : Cleaned with backup
C:\WINNT\SYSTEM32\BO2802040113.dll -> Adware.BargainBuddy : Cleaned with backup
C:\WINNT\SYSTEM32\calsdr.dll -> Adware.F1Organizer : Cleaned with backup
C:\WINNT\SYSTEM32\calsdr.exe -> Dropper.Small.sc : Cleaned with backup
C:\WINNT\SYSTEM32\HyperLinker.exe -> Adware.MDH : Cleaned with backup
C:\WINNT\SYSTEM32\in10b6.dll -> Dropper.Small.abe : Cleaned with backup
C:\WINNT\SYSTEM32\oins.exe -> Adware.MediaTickets : Cleaned with backup
C:\WINNT\SYSTEM32\PreUninstall.exe -> Adware.Suggestor : Cleaned with backup
C:\WINNT\SYSTEM32\siae3123.exe -> Dropper.Small.sc : Cleaned with backup
C:\WINNT\SYSTEM32\unregister.exe -> Adware.VB : Cleaned with backup
C:\WINNT\SYSTEM32\сhkdsk.exe -> Adware.PurityScan : Cleaned with backup


::Report End
 
Joined
Sep 7, 2004
Messages
49,014
You have no active AntiVirus!

Get the free AVG 7 install it, check for updates and run a full scan

AVG 7 - http://free.grisoft.com/freeweb.php/doc/2/

============
Add remove programs – remove Viewpoint - Warez

Fix these with HJT – mark them, close IE, click fix checked

R3 - URLSearchHook: (no name) - {130D3B55-A9BD-D246-94A8-F88AD8D0F8C2} - C:\WINNT\system32\bbtuwyt.dll (file missing)

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

O2 - BHO: (no name) - {130D3B55-A9BD-D246-94A8-F88AD8D0F8C2} - C:\WINNT\system32\bbtuwyt.dll (file missing)

O2 - BHO: (no name) - {922B305F-3A3A-C7B3-FDA2-2A9B8B82B9EA} - C:\DOCUME~1\ADMINI~1\APPLIC~1\scrheck\flaponce.exe

O3 - Toolbar: (no name) - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - (no file)

O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

O4 - HKLM\..\Run: [Bolt Owns Deaf Kind] C:\Documents and Settings\All Users\Application Data\idol real bolt owns\Fast Default.exe

O4 - HKCU\..\Run: [warez] "C:\Program Files\Warez P2P Client\warez.exe" -h

O4 - HKCU\..\Run: [PileDownload] C:\DOCUME~1\ADMINI~1\APPLIC~1\TRANST~1\Dentthecool.exe

O4 - HKCU\..\Run: [Hela] "C:\DOCUME~1\ADMINI~1\APPLIC~1\WNSXS~1\userinit.exe" -vt rbnd

O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)

O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)

O16 - DPF: {9AC54695-69A4-46F1-BE10-10C74F9520D5} - http://cabs.elitemediagroup.net/cabs/mediaview.cab

DownLoad http://www.downloads.subratam.org/KillBox.zip

Restart your computer into safe mode now. (Tapping F8 at the first black screen) Perform the following steps in safe mode:

Double-click on Killbox.exe to run it. Now put a tick by Standard File Kill. In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time then click on the button that has the red circle with the X in the middle after you enter each file. It will ask for confimation to delete the file. Click Yes. Continue with that same procedure until you have copied and pasted all of these in the "Paste Full Path of File to Delete" box.

C:\Program Files\Viewpoint\Viewpoint Manager
C:\DOCUME~1\ADMINI~1\APPLIC~1\scrheck
C:\Documents and Settings\All Users\Application Data\idol real bolt owns
C:\Program Files\Warez P2P Client
C:\Program Files\Ebates_MoeMoneyMaker



Note: It is possible that Killbox will tell you that one or more files do not exist. If that happens, just continue on with all the files. Be sure you don't miss any.

START – RUN – type in %temp% OK - Edit – Select all – File – Delete

Delete everything in the C:\Windows\Temp folder or C:\WINNT\temp

Not all temp files will delete and that is normal
Empty the recycle bin
Boot and post a new log from normal NOT safe mode

Please give feedback on what worked/didn’t work and the current status of your system
 

realmccoyDUI

Thread Starter
Joined
Mar 3, 2006
Messages
15
(Installed Norton AV instead AVG 7)
Am I safe now? TIA.

Lee McCoy



Logfile of HijackThis v1.99.1
Scan saved at 11:37:47 PM, on 03/03/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
C:\WINNT\System32\cisvc.exe
C:\WINNT\Cpqdiag\Cpqdfwag.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINNT\System32\NMSSvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\msdtc.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\PDesk.exe
C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
C:\WINNT\SYSTEM32\starter.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\ICQLite\ICQLite.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEAKSYSTEMTRAY.EXE
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\WINNT\tppaldr.exe
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\Program Files\Iomega HotBurn Pro\Autolaunch.exe
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_FATI9LA.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Common Files\M?crosoft.NET\??plorer.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopMail.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINNT\system32\DllHost.exe
C:\WINNT\System32\cidaemon.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.google.com/mail/
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/bookmark/7_0/home.html"); (C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\prefs.js)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Matrox Powerdesk] C:\WINNT\System32\PDesk.exe /Autolaunch
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [EnsoniqMixer] C:\WINNT\SYSTEM32\starter.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\BRMFLPRO\SetDefPrt.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TPP Auto Loader] C:\WINNT\tppaldr.exe
O4 - HKLM\..\Run: [Drag'n'Drop_Autolaunch] "C:\Program Files\Iomega HotBurn Pro\Autolaunch.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINNT\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [EPSON Stylus Photo R1800] C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_FATI9LA.EXE /P24 "EPSON Stylus Photo R1800" /O12 "EP1394D3_001" /M "Stylus Photo R1800"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [PicasaNet] "C:\Program Files\Hello\Hello.exe" -b
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] "C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe"
O4 - HKLM\..\RunServices: [CPQDFWAG] C:\WINNT\Cpqdiag\CpqDfwAg.exe
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
O4 - HKCU\..\Run: [Ydv] C:\Program Files\Common Files\M?crosoft.NET\??plorer.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} - http://usercenter.cox.net/rsuite/sdccommon/download/tgctlcm.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z.net/content.inf...W/win/019-0312.20050111.MmVrT/iTunesSetup.exe
O16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E} (Install Class) - http://updates.lifescapeinc.com/installers/pinstall/pinstall.cab
O16 - DPF: {FC67BB52-AAB6-4282-9D51-2DAFFE73AFD0} - http://download.spyspotter.com/spyspotter/SpSp29952.22opt/SpySpotterInstall.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Compaq Remote Diagnostics Enabling Agent (CpqDfwWebAgent) - Compaq Computer Corporation - C:\WINNT\Cpqdiag\Cpqdfwag.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: jsdaemon - Unknown owner - c:\progra~1\jetsuite\jsdaemon.exe (file missing)
O23 - Service: Machine Debug Manager (MDM) - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe (file missing)
O23 - Service: MGABGEXE - Unknown owner - C:\WINNT\System32\mgabg.exe (file missing)
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINNT\System32\NMSSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
 
Joined
Sep 7, 2004
Messages
49,014
Fix these with HJT – mark them, close IE, click fix checked

O4 - HKCU\..\Run: [Ydv] C:\Program Files\Common Files\M?crosoft.NET\??plorer.exe

DownLoad http://www.downloads.subratam.org/KillBox.zip

Restart your computer into safe mode now. (Tapping F8 at the first black screen) Perform the following steps in safe mode:

Double-click on Killbox.exe to run it. Now put a tick by Standard File Kill. In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time then click on the button that has the red circle with the X in the middle after you enter each file. It will ask for confimation to delete the file. Click Yes. Continue with that same procedure until you have copied and pasted all of these in the "Paste Full Path of File to Delete" box.

C:\Program Files\Common Files\M?crosoft.NET

Note: It is possible that Killbox will tell you that one or more files do not exist. If that happens, just continue on with all the files. Be sure you don't miss any.

START – RUN – type in %temp% OK - Edit – Select all – File – Delete

Delete everything in the C:\Windows\Temp folder or C:\WINNT\temp

Not all temp files will delete and that is normal
Empty the recycle bin
Boot and post a new log from normal NOT safe mode

Please give feedback on what worked/didn’t work and the current status of your system
 

realmccoyDUI

Thread Starter
Joined
Mar 3, 2006
Messages
15
Okay, I've done that, except that Killbox said the Microsoft.NET file was not found.

On the reboot, Norton also caught bargain buddy and navisearch, which I had not seen before. I removed them, rebooted again, and got the following HJT log. Looks like Hela is back.

Lee McCoy



Logfile of HijackThis v1.99.1
Scan saved at 8:58:24 AM, on 03/04/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
C:\WINNT\System32\cisvc.exe
C:\WINNT\Cpqdiag\Cpqdfwag.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINNT\System32\NMSSvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\msdtc.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\PDesk.exe
C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
C:\WINNT\SYSTEM32\starter.exe
C:\Program Files\Brother\BRMFLPRO\SetDefPrt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEAKSYSTEMTRAY.EXE
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\WINNT\tppaldr.exe
C:\Program Files\Iomega HotBurn Pro\Autolaunch.exe
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_FATI9LA.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\DOCUME~1\ADMINI~1\APPLIC~1\WNSXS~1\userinit.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.google.com/mail/
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/bookmark/7_0/home.html"); (C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\prefs.js)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Matrox Powerdesk] C:\WINNT\System32\PDesk.exe /Autolaunch
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [EnsoniqMixer] C:\WINNT\SYSTEM32\starter.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\BRMFLPRO\SetDefPrt.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TPP Auto Loader] C:\WINNT\tppaldr.exe
O4 - HKLM\..\Run: [Drag'n'Drop_Autolaunch] "C:\Program Files\Iomega HotBurn Pro\Autolaunch.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINNT\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [EPSON Stylus Photo R1800] C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_FATI9LA.EXE /P24 "EPSON Stylus Photo R1800" /O12 "EP1394D3_001" /M "Stylus Photo R1800"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [PicasaNet] "C:\Program Files\Hello\Hello.exe" -b
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] "C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe"
O4 - HKLM\..\RunServices: [CPQDFWAG] C:\WINNT\Cpqdiag\CpqDfwAg.exe
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
O4 - HKCU\..\Run: [Hela] "C:\DOCUME~1\ADMINI~1\APPLIC~1\WNSXS~1\userinit.exe" -vt rbnd
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} - http://usercenter.cox.net/rsuite/sdccommon/download/tgctlcm.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z.net/content.inf...W/win/019-0312.20050111.MmVrT/iTunesSetup.exe
O16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E} (Install Class) - http://updates.lifescapeinc.com/installers/pinstall/pinstall.cab
O16 - DPF: {FC67BB52-AAB6-4282-9D51-2DAFFE73AFD0} - http://download.spyspotter.com/spyspotter/SpSp29952.22opt/SpySpotterInstall.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Compaq Remote Diagnostics Enabling Agent (CpqDfwWebAgent) - Compaq Computer Corporation - C:\WINNT\Cpqdiag\Cpqdfwag.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: jsdaemon - Unknown owner - c:\progra~1\jetsuite\jsdaemon.exe (file missing)
O23 - Service: Machine Debug Manager (MDM) - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe (file missing)
O23 - Service: MGABGEXE - Unknown owner - C:\WINNT\System32\mgabg.exe (file missing)
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINNT\System32\NMSSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
 

realmccoyDUI

Thread Starter
Joined
Mar 3, 2006
Messages
15
I have now done everything. Six temporary files refuse to be deleted, but I assume that's normal. Killbox would not delete the
M?crosoft.NET folder--I had to go in and manually and delete it.

Here is the new HJT log file:

Logfile of HijackThis v1.99.1
Scan saved at 9:41:49 AM, on 03/04/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
C:\WINNT\System32\cisvc.exe
C:\WINNT\Cpqdiag\Cpqdfwag.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\msdtc.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\PDesk.exe
C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
C:\WINNT\SYSTEM32\starter.exe
C:\Program Files\Brother\BRMFLPRO\SetDefPrt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEAKSYSTEMTRAY.EXE
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\WINNT\tppaldr.exe
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\Program Files\Iomega HotBurn Pro\Autolaunch.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_FATI9LA.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\DOCUME~1\ADMINI~1\APPLIC~1\WNSXS~1\userinit.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.google.com/mail/
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/bookmark/7_0/home.html"); (C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\prefs.js)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Matrox Powerdesk] C:\WINNT\System32\PDesk.exe /Autolaunch
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [EnsoniqMixer] C:\WINNT\SYSTEM32\starter.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\BRMFLPRO\SetDefPrt.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TPP Auto Loader] C:\WINNT\tppaldr.exe
O4 - HKLM\..\Run: [Drag'n'Drop_Autolaunch] "C:\Program Files\Iomega HotBurn Pro\Autolaunch.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINNT\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [EPSON Stylus Photo R1800] C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_FATI9LA.EXE /P24 "EPSON Stylus Photo R1800" /O12 "EP1394D3_001" /M "Stylus Photo R1800"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [PicasaNet] "C:\Program Files\Hello\Hello.exe" -b
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] "C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe"
O4 - HKLM\..\RunServices: [CPQDFWAG] C:\WINNT\Cpqdiag\CpqDfwAg.exe
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
O4 - HKCU\..\Run: [Hela] "C:\DOCUME~1\ADMINI~1\APPLIC~1\WNSXS~1\userinit.exe" -vt rbnd
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} - http://usercenter.cox.net/rsuite/sdccommon/download/tgctlcm.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z.net/content.inf...W/win/019-0312.20050111.MmVrT/iTunesSetup.exe
O16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E} (Install Class) - http://updates.lifescapeinc.com/installers/pinstall/pinstall.cab
O16 - DPF: {FC67BB52-AAB6-4282-9D51-2DAFFE73AFD0} - http://download.spyspotter.com/spyspotter/SpSp29952.22opt/SpySpotterInstall.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Compaq Remote Diagnostics Enabling Agent (CpqDfwWebAgent) - Compaq Computer Corporation - C:\WINNT\Cpqdiag\Cpqdfwag.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: jsdaemon - Unknown owner - c:\progra~1\jetsuite\jsdaemon.exe (file missing)
O23 - Service: Machine Debug Manager (MDM) - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe (file missing)
O23 - Service: MGABGEXE - Unknown owner - C:\WINNT\System32\mgabg.exe (file missing)
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINNT\System32\NMSSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
 
Joined
Sep 7, 2004
Messages
49,014
Yep fix this

O4 - HKCU\..\Run: [Hela] "C:\DOCUME~1\ADMINI~1\APPLIC~1\WNSXS~1\userinit.exe" -vt rbnd

Delete this folder starting with wnsxs....

C:\Documents and Settings\Administrator\Application Data\wnsxs
============
Run http://www.kaspersky.com/virusscanner - Online scan

When the scan is finished Save the results from the scan!

Post a new HiJackThis log along with the results from Kaspersky scan
 

realmccoyDUI

Thread Starter
Joined
Mar 3, 2006
Messages
15
Thanks again for the help! I "fixed" Hela with HJT and deleted the associated folder. I ran the Kaspersky scan and another HJT. The first part of the Kaspersky log follows:

-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Saturday, March 04, 2006 6:42:25 PM
Operating System: Microsoft Windows 2000 Professional, Service Pack 4 (Build 2195)
Kaspersky On-line Scanner version: 5.0.78.0
Kaspersky Anti-Virus database last update: 4/03/2006
Kaspersky Anti-Virus database records: 180114
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\

Scan Statistics:
Total number of scanned objects: 80668
Number of viruses found: 31
Number of infected objects: 116
Number of suspicious objects: 0
Duration of the scan process: 03:21:16

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\Mail\pop.west.cox-1.net\Trash/[From "Adolfo Tompkins" <[email protected]>][Date Wed, 05 Nov 03 01:24:45 GMT]/UNNAMED/[From "Annie Head" <[email protected]>][Date Sun, 16 Nov 2003 19:26:32 -0700]/UNNAMED/[From "Guy Bates" <[email protected]>][Date Wed, 12 Nov 2003 01:27:43 -0500]/UNNAMED/[From "Hal Talia" <[email protected]>][Date Wed, 12 Nov 2003 02:53:15 -0500]/UNNAMED/[From "Cary Kirkland" <[email protected]> ... ... /[From US Bank <[email protected]>][Date Sun, 27 Jun 2004 19:55:06 -030 ... /html Infected: Trojan-Spy.HTML.Usbankfraud.a skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\Mail\pop.west.cox-1.net\Trash/[From "Adolfo Tompkins" <[email protected]>][Date Wed, 05 Nov 03 01:24:45 GMT]/UNNAMED/[From "Annie Head" <[email protected]>][Date Sun, 16 Nov 2003 19:26:32 -0700]/UNNAMED/[From "Guy Bates" <[email protected]>][Date Wed, 12 Nov 2003 01:27:43 -0500]/UNNAMED/[From "Hal Talia" <[email protected]>][Date Wed, 12 Nov 2003 02:53:15 -0500]/UNNAMED/[From "Cary Kirkland" <[email protected]> ... ... /[From US Bank <[email protected]>][Date Sun, 27 Jun 2004 19:55:06 -0300]/UNNAMED Infected: Trojan-Spy.HTML.Usbankfraud.a skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\Mail\pop.west.cox-1.net\Trash/[From "Adolfo Tompkins" <[email protected]>][Date Wed, 05 Nov 03 01:24:45 GMT]/UNNAMED/[From "Annie Head" <[email protected]>][Date Sun, 16 Nov 2003 19:26:32 -0700]/UNNAMED/[From "Guy Bates" <[email protected]>][Date Wed, 12 Nov 2003 01:27:43 -0500]/UNNAMED/[From "Hal Talia" <[email protected]>][Date Wed, 12 Nov 2003 02:53:15 -0500]/UNNAMED/[From "Cary Kirkland" <[email protected]> ... /[ ... /[From "Chang Varner" <[email protected]>][Date Sat, 26 Jun 2004 20:39:15 -0100]/UNNAMED Infected: Trojan-Spy.HTML.Usbankfraud.a skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\Mail\pop.west.cox-1.net\Trash/[From "Adolfo Tompkins" <[email protected]>][Date Wed, 05 Nov 03 01:24:45 GMT]/UNNAMED/[From "Annie Head" <[email protected]>][Date Sun, 16 Nov 2003 19:26:32 -0700]/UNNAMED/[From "Guy Bates" <[email protected]>][Date Wed, 12 Nov 2003 01:27:43 -0500]/UNNAMED/[From "Hal Talia" <[email protected]>][Date Wed, 12 Nov 2003 02:53:15 -0500]/UNNAMED/[From "Cary Kirkland" <[email protected]> ... /[From "Gregorio Randle" <[email protected]>][Date Sun, 27 Jun 2004 02:38:26 +0200]/UNNAMED Infected: Trojan-Spy.HTML.Usbankfraud.a skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\Mail\pop.west.cox-1.net\Trash/[From "Adolfo Tompkins" <[email protected]>][Date Wed, 05 Nov 03 01:24:45 GMT]/UNNAMED/[From "Annie Head" <[email protected]>][Date Sun, 16 Nov 2003 19:26:32 -0700]/UNNAMED/[From "Guy Bates" <[email protected]>][Date Wed, 12 Nov 2003 01:27:43 -0500]/UNNAMED/[From "Hal Talia" <[email protected]>][Date Wed, 12 Nov 2003 02:53:15 -0500]/UNNAMED/[From "Cary Kirkland" <[email protected]>] . . ... /[From CitiBank <[email protected]>][Date Thu, 12 Aug 2004 04:03:53 +0600]/html Infected: Trojan-Spy.HTML.Citifraud.ae skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\Mail\pop.west.cox-1.net\Trash/[From "Adolfo Tompkins" <[email protected]>][Date Wed, 05 Nov 03 01:24:45 GMT]/UNNAMED/[From "Annie Head" <[email protected]>][Date Sun, 16 Nov 2003 19:26:32 -0700]/UNNAMED/[From "Guy Bates" <[email protected]>][Date Wed, 12 Nov 2003 01:27:43 -0500]/UNNAMED/[From "Hal Talia" <[email protected]>][Date Wed, 12 Nov 2003 02:53:15 -0500]/UNNAMED/[From "Cary Kirkland" <[email protected]>] . ... /[From "Charla" <[email protected]>][Date Wed, 11 Aug 2004 16:51:07 -0400 (EDT)]/text Infected: Trojan-Spy.HTML.Citifraud.ae skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\Mail\pop.west.cox-1.net\Trash/[From "Adolfo Tompkins" <[email protected]>][Date Wed, 05 Nov 03 01:24:45 GMT]/UNNAMED/[From "Annie Head" <[email protected]>][Date Sun, 16 Nov 2003 19:26:32 -0700]/UNNAMED/[From "Guy Bates" <[email protected]>][Date Wed, 12 Nov 2003 01:27:43 -0500]/UNNAMED/[From "Hal Talia" <[email protected]>][Date Wed, 12 Nov 2003 02:53:15 -0500]/UNNAMED/[From "Cary Kirkland" <[email protected]>] ... /[From "Homer Muller" <[email protected]>][Date Tue, 10 Aug 2004 14:15:04 +0400]/UNNAMED Infected: Trojan-Spy.HTML.Citifraud.ae skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\Mail\pop.west.cox-1.net\Trash/[From "Adolfo Tompkins" <[email protected]>][Date Wed, 05 Nov 03 01:24:45 GMT]/UNNAMED/[From "Annie Head" <[email protected]>][Date Sun, 16 Nov 2003 19:26:32 -0700]/UNNAMED/[From "Guy Bates" <[email protected]>][Date Wed, 12 Nov 2003 01:27:43 -0500]/UNNAMED/[From "Hal Talia" <[email protected]>][Date Wed, 12 Nov 2003 02:53:15 -0500]/UNNAMED/[From "Cary Kirkland" <[email protected]>][Date We .. ... /[From "Thurman" <[email protected]>][Date Sun, 29 Aug 2004 13:54:33 -0800]/text Infected: Trojan-Dropper.VBS.Zerolin skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\Mail\pop.west.cox-1.net\Trash/[From "Adolfo Tompkins" <[email protected]>][Date Wed, 05 Nov 03 01:24:45 GMT]/UNNAMED/[From "Annie Head" <[email protected]>][Date Sun, 16 Nov 2003 19:26:32 -0700]/UNNAMED/[From "Guy Bates" <[email protected]>][Date Wed, 12 Nov 2003 01:27:43 -0500]/UNNAMED/[From "Hal Talia" <[email protected]>][Date Wed, 12 Nov 2003 02:53:15 -0500]/UNNAMED/[From "Cary Kirkland" <[email protected]>][Date We ... /[From "Burrell" <[email protected]>][Date Sun, 29 Aug 2004 13:14:11 -0600]/html Infected: Trojan-Dropper.VBS.Zerolin skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\Mail\pop.west.cox-1.net\Trash/[From "Adolfo Tompkins" <[email protected]>][Date Wed, 05 Nov 03 01:24:45 GMT]/UNNAMED/[From "Annie Head" <[email protected]>][Date Sun, 16 Nov 2003 19:26:32 -0700]/UNNAMED/[From "Guy Bates" <[email protected]>][Date Wed, 12 Nov 2003 01:27:43 -0500]/UNNAMED/[From "Hal Talia" <[email protected]>][Date Wed, 12 Nov 2003 02:53:15 -0500]/UNNAMED/[From "Cary Kirkland" <z911uf ... /[Fr ... / ... /[From "Marlene Fran ... /[From "eBay Help"][Date Sat, 17 Jul 2004 11:04:45 -0700 (PDT)]/text Infected: Trojan-Spy.HTML.Bayfraud.s skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\Mail\pop.west.cox-1.net\Trash/[From "Adolfo Tompkins" <[email protected]>][Date Wed, 05 Nov 03 01:24:45 GMT]/UNNAMED/[From "Annie Head" <[email protected]>][Date Sun, 16 Nov 2003 19:26:32 -0700]/UNNAMED/[From "Guy Bates" <[email protected]>][Date Wed, 12 Nov 2003 01:27:43 -0500]/UNNAMED/[From "Hal Talia" <[email protected]>][Date Wed, 12 Nov 2003 02:53:15 -0500]/UNNAMED/[From "Cary Kirkland" <z911uf ... /[Fr ... / ... /[From "Marlene Franco" <[email protected]>][Date Sun, 31 Oct 2004 12:48:55 -0200]/text Infected: Trojan-Spy.HTML.Bayfraud.s skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\Mail\pop.west.cox-1.net\Trash/[From "Adolfo Tompkins" <[email protected]>][Date Wed, 05 Nov 03 01:24:45 GMT]/UNNAMED/[From "Annie Head" <[email protected]>][Date Sun, 16 Nov 2003 19:26:32 -0700]/UNNAMED/[From "Guy Bates" <[email protected]>][Date Wed, 12 Nov 2003 01:27:43 -0500]/UNNAMED/[From "Hal Talia" <[email protected]>][Date Wed, 12 Nov 2003 02:53:15 -0500]/UNNAMED/[From "Cary Kirkland" <z911uf ... /[Fr ... / ... /[From Mail Administrator <[email protected]>][Date Sun, 31 Oct 2004 09:50:16 -0500]/UNNAMED Infected: Trojan-Spy.HTML.Bayfraud.s skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\Mail\pop.west.cox-1.net\Trash/[From "Adolfo Tompkins" <[email protected]>][Date Wed, 05 Nov 03 01:24:45 GMT]/UNNAMED/[From "Annie Head" <[email protected]>][Date Sun, 16 Nov 2003 19:26:32 -0700]/UNNAMED/[From "Guy Bates" <[email protected]>][Date Wed, 12 Nov 2003 01:27:43 -0500]/UNNAMED/[From "Hal Talia" <[email protected]>][Date Wed, 12 Nov 2003 02:53:15 -0500]/UNNAMED/[From "Cary Kirkland" <z911uf ... /[Fr ... /[From "Antoinette Howard" <[email protected]>][Date Sun, 31 Oct 2004 03:04:36 -0400]/text Infected: Trojan-Spy.HTML.Bayfraud.s skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\Mail\pop.west.cox-1.net\Trash/[From "Adolfo Tompkins" <[email protected]>][Date Wed, 05 Nov 03 01:24:45 GMT]/UNNAMED/[From "Annie Head" <[email protected]>][Date Sun, 16 Nov 2003 19:26:32 -0700]/UNNAMED/[From "Guy Bates" <[email protected]>][Date Wed, 12 Nov 2003 01:27:43 -0500]/UNNAMED/[From "Hal Talia" <[email protected]>][Date Wed, 12 Nov 2003 02:53:15 -0500]/UNNAMED/[From "Cary Kirkland" <z911uf ... /[From "Salv ... ... /[From "Stewart Brock" <[email protected]>][Date Sun, 31 Oct 2004 08:17:21 +0400]/UNNAMED Infected: Trojan-Spy.HTML.Bayfraud.s skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\Mail\pop.west.cox-1.net\Trash/[From "Adolfo Tompkins" <[email protected]>][Date Wed, 05 Nov 03 01:24:45 GMT]/UNNAMED/[From "Annie Head" <[email protected]>][Date Sun, 16 Nov 2003 19:26:32 -0700]/UNNAMED/[From "Guy Bates" <[email protected]>][Date Wed, 12 Nov 2003 01:27:43 -0500]/UNNAMED/[From "Hal Talia" <[email protected]>][Date Wed, 12 Nov 2003 02:53:15 -0500]/UNNAMED/[From "Cary Kirkland" <z911uf ... /[From "Salv ... /[From "Roger U. Tanner" <[email protected]>][Date Sat, 30 Oct 2004 19:29:26 -0600]/text Infected: Trojan-Spy.HTML.Bayfraud.s skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\Mail\pop.west.cox-1.net\Trash/[From "Adolfo Tompkins" <[email protected]>][Date Wed, 05 Nov 03 01:24:45 GMT]/UNNAMED/[From "Annie Head" <[email protected]>][Date Sun, 16 Nov 2003 19:26:32 -0700]/UNNAMED/[From "Guy Bates" <[email protected]>][Date Wed, 12 Nov 2003 01:27:43 -0500]/UNNAMED/[From "Hal Talia" <[email protected]>][Date Wed, 12 Nov 2003 02:53:15 -0500]/UNNAMED/[From "Cary Kirkland" <z911uf ... /[From "Salvador Pritchard" <[email protected]>][Date Sat, 30 Oct 2004 18:36:00 -0500]/text Infected: Trojan-Spy.HTML.Bayfraud.s skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\Mail\pop.west.cox-1.net\Trash/[From "Adolfo Tompkins" <[email protected]>][Date Wed, 05 Nov 03 01:24:45 GMT]/UNNAMED/[From "Annie Head" <[email protected]>][Date Sun, 16 Nov 2003 19:26:32 -0700]/UNNAMED/[From "Guy Bates" <[email protected]>][Date Wed, 12 Nov 2003 01:27:43 -0500]/UNNAMED/[From "Hal Talia" <[email protected]>][Date Wed, 12 Nov 2003 02:53:15 -0500]/UNNAMED/[From "Cary Kirkland" <z911ufh ... /[ ... /[ . ... /[From Lauri Huggins <[email protected]>][Date Sat, 30 Oct 2004 18:51:23 -0500]/UNNAMED Infected: Trojan-Spy.HTML.Bayfraud.s skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\Mail\pop.west.cox-1.net\Trash/[From "Adolfo Tompkins" <[email protected]>][Date Wed, 05 Nov 03 01:24:45 GMT]/UNNAMED/[From "Annie Head" <[email protected]>][Date Sun, 16 Nov 2003 19:26:32 -0700]/UNNAMED/[From "Guy Bates" <[email protected]>][Date Wed, 12 Nov 2003 01:27:43 -0500]/UNNAMED/[From "Hal Talia" <[email protected]>][Date Wed, 12 Nov 2003 02:53:15 -0500]/UNNAMED/[From "Cary Kirkland" <z911ufh ... /[ ... /[ ... /[From "Body Antidote" <[email protected]>][Date Sun, 31 Oct 2004 03:34:11 -0500]/UNNAMED Infected: Trojan-Spy.HTML.Bayfraud.s skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\Mail\pop.west.cox-1.net\Trash/[From "Adolfo Tompkins" <[email protected]>][Date Wed, 05 Nov 03 01:24:45 GMT]/UNNAMED/[From "Annie Head" <[email protected]>][Date Sun, 16 Nov 2003 19:26:32 -0700]/UNNAMED/[From "Guy Bates" <[email protected]>][Date Wed, 12 Nov 2003 01:27:43 -0500]/UNNAMED/[From "Hal Talia" <[email protected]>][Date Wed, 12 Nov 2003 02:53:15 -0500]/UNNAMED/[From "Cary Kirkland" <z911ufh ... /[ ... /[F .. ... /[From "Mohamed George" <[email protected]>][Date Sat, 30 Oct 2004 08:21:54 -0200]/text Infected: Trojan-Spy.HTML.Bayfraud.s skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\Mail\pop.west.cox-1.net\Trash/[From "Adolfo Tompkins" <[email protected]>][Date Wed, 05 Nov 03 01:24:45 GMT]/UNNAMED/[From "Annie Head" <[email protected]>][Date Sun, 16 Nov 2003 19:26:32 -0700]/UNNAMED/[From "Guy Bates" <[email protected]>][Date Wed, 12 Nov 2003 01:27:43 -0500]/UNNAMED/[From "Hal Talia" <[email protected]>][Date Wed, 12 Nov 2003 02:53:15 -0500]/UNNAMED/[From "Cary Kirkland" <z911ufh ... /[ ... /[F ... /[From "Elvie Vicki" <[email protected]>][Date Sat, 30 Oct 2004 02:12:12 -0500]/UNNAMED Infected: Trojan-Spy.HTML.Bayfraud.s skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\Mail\pop.west.cox-1.net\Trash/[From "Adolfo Tompkins" <[email protected]>][Date Wed, 05 Nov 03 01:24:45 GMT]/UNNAMED/[From "Annie Head" <[email protected]>][Date Sun, 16 Nov 2003 19:26:32 -0700]/UNNAMED/[From "Guy Bates" <[email protected]>][Date Wed, 12 Nov 2003 01:27:43 -0500]/UNNAMED/[From "Hal Talia" <[email protected]>][Date Wed, 12 Nov 2003 02:53:15 -0500]/UNNAMED/[From "Cary Kirkland" <z911ufh ... /[ ... /[From "Eloise-Padgett" <[email protected]>][Date Fri, 29 Oct 2004 21:21:04 -0600]/UNNAMED Infected: Trojan-Spy.HTML.Bayfraud.s skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\Mail\pop.west.cox-1.net\Trash/[From "Adolfo Tompkins" <[email protected]>][Date Wed, 05 Nov 03 01:24:45 GMT]/UNNAMED/[From "Annie Head" <[email protected]>][Date Sun, 16 Nov 2003 19:26:32 -0700]/UNNAMED/[From "Guy Bates" <[email protected]>][Date Wed, 12 Nov 2003 01:27:43 -0500]/UNNAMED/[From "Hal Talia" <[email protected]>][Date Wed, 12 Nov 2003 02:53:15 -0500]/UNNAMED/[From "Cary Kirkland" <z911ufh ... /[From .. ... /[From German Triplett <[email protected]>][Date Sat, 30 Oct 2004 03:14:21 +0100]/UNNAMED Infected: Trojan-Spy.HTML.Bayfraud.s skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\Mail\pop.west.cox-1.net\Trash/[From "Adolfo Tompkins" <[email protected]>][Date Wed, 05 Nov 03 01:24:45 GMT]/UNNAMED/[From "Annie Head" <[email protected]>][Date Sun, 16 Nov 2003 19:26:32 -0700]/UNNAMED/[From "Guy Bates" <[email protected]>][Date Wed, 12 Nov 2003 01:27:43 -0500]/UNNAMED/[From "Hal Talia" <[email protected]>][Date Wed, 12 Nov 2003 02:53:15 -0500]/UNNAMED/[From "Cary Kirkland" <z911ufh ... /[From ... /[From "Huerta Lindsey" <[email protected]>][Date Fri, 15 Oct 2004 23:07:47 -0800]/text Infected: Trojan-Spy.HTML.Bayfraud.s skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\Mail\pop.west.cox-1.net\Trash/[From "Adolfo Tompkins" <[email protected]>][Date Wed, 05 Nov 03 01:24:45 GMT]/UNNAMED/[From "Annie Head" <[email protected]>][Date Sun, 16 Nov 2003 19:26:32 -0700]/UNNAMED/[From "Guy Bates" <[email protected]>][Date Wed, 12 Nov 2003 01:27:43 -0500]/UNNAMED/[From "Hal Talia" <[email protected]>][Date Wed, 12 Nov 2003 02:53:15 -0500]/UNNAMED/[From "Cary Kirkland" <z911ufh ... /[From ... /[From "Otto Higgins" <[email protected]>][Date Wed, 06 Oct 2004 05:50:55 +0200]/UNNAMED Infected: Trojan-Spy.HTML.Bayfraud.s skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\Mail\pop.west.cox-1.net\Trash/[From "Adolfo Tompkins" <[email protected]>][Date Wed, 05 Nov 03 01:24:45 GMT]/UNNAMED/[From "Annie Head" <[email protected]>][Date Sun, 16 Nov 2003 19:26:32 -0700]/UNNAMED/[From "Guy Bates" <[email protected]>][Date Wed, 12 Nov 2003 01:27:43 -0500]/UNNAMED/[From "Hal Talia" <[email protected]>][Date Wed, 12 Nov 2003 02:53:15 -0500]/UNNAMED/[From "Cary Kirkland" <z911ufh ... /[From "Irma William" <[email protected]>][Date Tue, 05 Oct 2004 14:42:13 -0500]/text Infected: Trojan-Spy.HTML.Bayfraud.s skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\Mail\pop.west.cox-1.net\Trash/[From "Adolfo Tompkins" <[email protected]>][Date Wed, 05 Nov 03 01:24:45 GMT]/UNNAMED/[From "Annie Head" <[email protected]>][Date Sun, 16 Nov 2003 19:26:32 -0700]/UNNAMED/[From "Guy Bates" <[email protected]>][Date Wed, 12 Nov 2003 01:27:43 -0500]/UNNAMED/[From "Hal Talia" <[email protected]>][Date Wed, 12 Nov 2003 02:53:15 -0500]/UNNAMED/[From "Cary Kirkland" <[email protected] ... /[F ... /[From "Kelsey Barrow" <[email protected]>][Date Sat, 26 Apr 2003 09:28:04 -0500]/UNNAMED Infected: Trojan-Spy.HTML.Bayfraud.s skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\Mail\pop.west.cox-1.net\Trash/[From "Adolfo Tompkins" <[email protected]>][Date Wed, 05 Nov 03 01:24:45 GMT]/UNNAMED/[From "Annie Head" <[email protected]>][Date Sun, 16 Nov 2003 19:26:32 -0700]/UNNAMED/[From "Guy Bates" <[email protected]>][Date Wed, 12 Nov 2003 01:27:43 -0500]/UNNAMED/[From "Hal Talia" <[email protected]>][Date Wed, 12 Nov 2003 02:53:15 -0500]/UNNAMED/[From "Cary Kirkland" <[email protected] ... /[From "Brittany Stapleton" <[email protected]>][Date Sun, 05 Sep 2004 21:49:09 -0400]/UNNAMED Infected: Trojan-Spy.HTML.Bayfraud.s skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\Mail\pop.west.cox-1.net\Trash/[From "Adolfo Tompkins" <[email protected]>][Date Wed, 05 Nov 03 01:24:45 GMT]/UNNAMED/[From "Annie Head" <[email protected]>][Date Sun, 16 Nov 2003 19:26:32 -0700]/UNNAMED/[From "Guy Bates" <[email protected]>][Date Wed, 12 Nov 2003 01:27:43 -0500]/UNNAMED/[From "Hal Talia" <[email protected]>][Date Wed, 12 Nov 2003 02:53:15 -0500]/UNNAMED/[From "Cary Kirkland" <[email protected]>] ... /[From "Danita Colleen" <[email protected]>][Date Sun, 05 Sep 2004 05:17:36 -060 ... /text Infected: Trojan-Spy.HTML.Bayfraud.s skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\Mail\pop.west.cox-1.net\Trash/[From "Adolfo Tompkins" <[email protected]>][Date Wed, 05 Nov 03 01:24:45 GMT]/UNNAMED/[From "Annie Head" <[email protected]>][Date Sun, 16 Nov 2003 19:26:32 -0700]/UNNAMED/[From "Guy Bates" <[email protected]>][Date Wed, 12 Nov 2003 01:27:43 -0500]/UNNAMED/[From "Hal Talia" <[email protected]>][Date Wed, 12 Nov 2003 02:53:15 -0500]/UNNAMED/[From "Cary Kirkland" <[email protected]>] ... /[From "Danita Colleen" <[email protected]>][Date Sun, 05 Sep 2004 05:17:36 -0600]/UNNAMED Infected: Trojan-Spy.HTML.Bayfraud.s skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\Mail\pop.west.cox-1.net\Trash/[From "Adolfo Tompkins" <[email protected]>][Date Wed, 05 Nov 03 01:24:45 GMT]/UNNAMED/[From "Annie Head" <[email protected]>][Date Sun, 16 Nov 2003 19:26:32 -0700]/UNNAMED/[From "Guy Bates" <[email protected]>][Date Wed, 12 Nov 2003 01:27:43 -0500]/UNNAMED/[From "Hal Talia" <[email protected]>][Date Wed, 12 Nov 2003 02:53:15 -0500]/UNNAMED/[From "Cary Kirkland" <[email protected]>][Date Wed, 12 Nov 03 22:58:32 GMT]/UNNAMED Infected: Trojan-Spy.HTML.Bayfraud.s skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\Mail\pop.west.cox-1.net\Trash/[From "Adolfo Tompkins" <[email protected]>][Date Wed, 05 Nov 03 01:24:45 GMT]/UNNAMED/[From "Annie Head" <[email protected]>][Date Sun, 16 Nov 2003 19:26:32 -0700]/UNNAMED/[From "Guy Bates" <[email protected]>][Date Wed, 12 Nov 2003 01:27:43 -0500]/UNNAMED/[From "Hal Talia" <[email protected]>][Date Wed, 12 Nov 2003 02:53:15 -0500]/UNNAMED Infected: Trojan-Spy.HTML.Bayfraud.s skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\Mail\pop.west.cox-1.net\Trash/[From "Adolfo Tompkins" <[email protected]>][Date Wed, 05 Nov 03 01:24:45 GMT]/UNNAMED/[From "Annie Head" <[email protected]>][Date Sun, 16 Nov 2003 19:26:32 -0700]/UNNAMED/[From "Guy Bates" <[email protected]>][Date Wed, 12 Nov 2003 01:27:43 -0500]/UNNAMED Infected: Trojan-Spy.HTML.Bayfraud.s skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\Mail\pop.west.cox-1.net\Trash/[From "Adolfo Tompkins" <[email protected]>][Date Wed, 05 Nov 03 01:24:45 GMT]/UNNAMED/[From "Annie Head" <[email protected]>][Date Sun, 16 Nov 2003 19:26:32 -0700]/UNNAMED Infected: Trojan-Spy.HTML.Bayfraud.s skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\Mail\pop.west.cox-1.net\Trash/[From "Adolfo Tompkins" <[email protected]>][Date Wed, 05 Nov 03 01:24:45 GMT]/UNNAMED Infected: Trojan-Spy.HTML.Bayfraud.s skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\Mail\pop.west.cox-1.net\Trash Mail Berkeley mbox: infected - 34 skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Identities\{A35FB336-A4FD-4B06-867B-9C262F262093}\Microsoft\Outlook Express\Deleted Items.dbx/[From [email protected]][Date Sun, 02 May 2004 21:11:20 -0600]/UNNAMED/Details.com Infected: Email-Worm.Win32.Bagle.y skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Identities\{A35FB336-A4FD-4B06-867B-9C262F262093}\Microsoft\Outlook Express\Deleted Items.dbx/[From [email protected]][Date Sun, 02 May 2004 21:11:20 -0600]/UNNAMED Infected: Email-Worm.Win32.Bagle.y skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Identities\{A35FB336-A4FD-4B06-867B-9C262F262093}\Microsoft\Outlook Express\Deleted Items.dbx/[From [email protected]][Date Sun, 02 May 2004 20:38:48 -0600]/UNNAMED/Information.com Infected: Email-Worm.Win32.Bagle.y skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Identities\{A35FB336-A4FD-4B06-867B-9C262F262093}\Microsoft\Outlook Express\Deleted Items.dbx/[From [email protected]][Date Sun, 02 May 2004 20:38:48 -0600]/UNNAMED Infected: Email-Worm.Win32.Bagle.y skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Identities\{A35FB336-A4FD-4B06-867B-9C262F262093}\Microsoft\Outlook Express\Deleted Items.dbx/[From [email protected]][Date Sun, 02 May 2004 20:14:30 -0600]/UNNAMED/Document.com Infected: Email-Worm.Win32.Bagle.y skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Identities\{A35FB336-A4FD-4B06-867B-9C262F262093}\Microsoft\Outlook Express\Deleted Items.dbx/[From [email protected]][Date Sun, 02 May 2004 20:14:30 -0600]/UNNAMED Infected: Email-Worm.Win32.Bagle.y skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Identities\{A35FB336-A4FD-4B06-867B-9C262F262093}\Microsoft\Outlook Express\Deleted Items.dbx/[From [email protected]][Date Tue, 04 May 2004 12:01:07 -0500]/UNNAMED/MoreInfo.com Infected: Email-Worm.Win32.Bagle.y skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Identities\{A35FB336-A4FD-4B06-867B-9C262F262093}\Microsoft\Outlook Express\Deleted Items.dbx/[From [email protected]][Date Tue, 04 May 2004 12:01:07 -0500]/UNNAMED Infected: Email-Worm.Win32.Bagle.y skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Identities\{A35FB336-A4FD-4B06-867B-9C262F262093}\Microsoft\Outlook Express\Deleted Items.dbx Mail MS Outlook 5: infected - 8 skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Identities\{A35FB336-A4FD-4B06-867B-9C262F262093}\Microsoft\Outlook Express\Old NCDD.dbx/[From [email protected]][Date Thu, 13 May 2004 08:59:32 -0500]/UNNAMED/Details.exe Infected: Email-Worm.Win32.Bagle.y skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Identities\{A35FB336-A4FD-4B06-867B-9C262F262093}\Microsoft\Outlook Express\Old NCDD.dbx/[From [email protected]][Date Thu, 13 May 2004 08:59:32 -0500]/UNNAMED Infected: Email-Worm.Win32.Bagle.y skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Identities\{A35FB336-A4FD-4B06-867B-9C262F262093}\Microsoft\Outlook Express\Old NCDD.dbx/[From [email protected]][Date Wed, 05 May 2004 09:38:43 -0500]/UNNAMED/Readme.com Infected: Email-Worm.Win32.Bagle.y skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Identities\{A35FB336-A4FD-4B06-867B-9C262F262093}\Microsoft\Outlook Express\Old NCDD.dbx/[From [email protected]][Date Wed, 05 May 2004 09:38:43 -0500]/UNNAMED Infected: Email-Worm.Win32.Bagle.y skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Identities\{A35FB336-A4FD-4B06-867B-9C262F262093}\Microsoft\Outlook Express\Old NCDD.dbx Mail MS Outlook 5: infected - 4 skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Identities\{A35FB336-A4FD-4B06-867B-9C262F262093}\Microsoft\Outlook Express\[email protected]/[From "Ee" <[email protected]>][Date Fri, 22 Oct 2004 09:41:36 -0800]/UNNAMED/Joke.scr Infected: Email-Worm.Win32.Bagle.as skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Identities\{A35FB336-A4FD-4B06-867B-9C262F262093}\Microsoft\Outlook Express\[email protected]/[From "Ee" <[email protected]>][Date Fri, 22 Oct 2004 09:41:36 -0800]/UNNAMED Infected: Email-Worm.Win32.Bagle.as skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Identities\{A35FB336-A4FD-4B06-867B-9C262F262093}\Microsoft\Outlook Express\[email protected] Mail MS Outlook 5: infected - 2 skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Deleted Items/29 Aug 2004 21:06 from Willie Newton:-- Spam -- improve your son.rtf Infected: Trojan-Dropper.VBS.Zerolin skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Deleted Items/25 Aug 2004 22:57 from Chad Jorgensen:-- Spam -- Life experiance.rtf Infected: Trojan-Dropper.VBS.Zerolin skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Deleted Items/25 Aug 2004 22:58 from Chad Jorgensen:-- Spam -- Life experiance.rtf Infected: Trojan-Dropper.VBS.Zerolin skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Deleted Items/09 Aug 2004 02:07 from U.S. Bank:-- Spam -- Official Information.rtf Infected: Trojan-Spy.HTML.Usbankfraud.p skipped
 

realmccoyDUI

Thread Starter
Joined
Mar 3, 2006
Messages
15
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Deleted Items/26 Jul 2004 19:02 from U S Bank:-- Spam -- US Bank info! [%RND_D.rtf Infected: Trojan-Spy.HTML.Usbankfraud.i skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Deleted Items/10 Apr 2004 12:44 from Casino:YOU WON A FREE VACATION!!!!.rtf Infected: Trojan.HTML.Qrap skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Outlook\archive.pst Mail MS Mail: infected - 6 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\056562FE.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.MegaSearch.a skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\056562FE.exe/stream Infected: not-a-virus:AdWare.Win32.MegaSearch.a skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\056562FE.exe NSIS: infected - 2 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\056562FE.exe CryptFF: infected - 2 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\065605F4.exe Infected: not-a-virus:AdWare.Win32.Lop.ag skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\07457EEE.dll Infected: not-a-virus:AdWare.Win32.PurityScan.ak skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\076278CD.exe Infected: not-a-virus:AdWare.Win32.Lop.ag skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\07AD3E7B.dll Infected: not-a-virus:AdWare.Win32.Suggestor.f skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0CB132F6.zip/BlackBox.class Infected: Exploit.Java.ByteVerify skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0CB132F6.zip/VerifierBug.class Infected: Exploit.Java.ByteVerify skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0CB132F6.zip/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0CB132F6.zip ZIP: infected - 3 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0CB132F6.zip CryptFF: infected - 3 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\18CF01A0.dll Infected: not-a-virus:AdWare.Win32.IWon.e skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1D981A12.exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1DAC15FD.dll Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1FF12FC8.dll Infected: not-a-virus:AdWare.Win32.IWon.e skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2966475E.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.b skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\36590043.exe/stream/data0001 Infected: Trojan.Win32.Delf.gh skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\36590043.exe/stream Infected: Trojan.Win32.Delf.gh skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\36590043.exe NSIS: infected - 2 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\36590043.exe CryptFF: infected - 2 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\365F543C.exe/data0002 Infected: Trojan-PSW.Win32.Agent.h skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\365F543C.exe/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.w skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\365F543C.exe NSIS: infected - 2 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\365F543C.exe CryptFF: infected - 2 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\389433CE.exe/stream/data0001 Infected: not-a-virus:AdWare.Win32.BargainBuddy.l skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\389433CE.exe/stream/data0002 Infected: not-a-virus:AdWare.Win32.BargainBuddy.q skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\389433CE.exe/stream/data0003 Infected: not-a-virus:AdWare.Win32.BargainBuddy.q skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\389433CE.exe/stream/data0005 Infected: Trojan-Clicker.Win32.VB.ex skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\389433CE.exe/stream/data0006/stream/data0001 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\389433CE.exe/stream/data0006/stream Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\389433CE.exe/stream/data0006 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\389433CE.exe/stream/data0007/stream/data0005 Infected: not-a-virus:AdWare.Win32.BargainBuddy.l skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\389433CE.exe/stream/data0007/stream/data0006 Infected: not-a-virus:AdWare.Win32.BargainBuddy.p skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\389433CE.exe/stream/data0007/stream/data0007 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\389433CE.exe/stream/data0007/stream/data0008 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\389433CE.exe/stream/data0007/stream Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\389433CE.exe/stream/data0007 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\389433CE.exe/stream Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\389433CE.exe NSIS: infected - 14 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\389433CE.exe CryptFF: infected - 14 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\389B07C7.exe/data0004 Infected: not-a-virus:AdWare.Win32.WebRebates.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\389B07C7.exe/data0005 Infected: not-a-virus:AdWare.Win32.WebRebates.h skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\389B07C7.exe/data0006 Infected: not-a-virus:AdWare.Win32.WebRebates.c skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\389B07C7.exe NSIS: infected - 3 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\389B07C7.exe CryptFF: infected - 3 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\50E12311.exe Infected: not-a-virus:AdWare.Win32.Lop.ag skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\522B33A6.exe/data0002 Infected: not-a-virus:AdWare.Win32.Sahat.z skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\522B33A6.exe NSIS: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\522B33A6.exe CryptFF: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5A210AE3.exe Infected: not-a-virus:AdWare.Win32.Lop.ag skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5FCE2612.exe Infected: not-a-virus:AdWare.Win32.Lop.ag skipped
C:\Program Files\Lycos\IEagent\CSSSINST.DLL Infected: not-a-virus:AdWare.Win32.ClearSearch.c skipped
C:\Program Files\Oemji\OemjiSearchPlus\OemjiPls.dll Infected: not-a-virus:AdWare.Win32.Nomeh.a skipped
C:\Program Files\Oemji\OemjiSearchPlus\sfbnsp.dll Infected: not-a-virus:AdWare.Win32.Nomeh.a skipped
C:\Program Files\Oemji\Toolbar\OemjiSrc.dll Infected: not-a-virus:AdWare.Win32.Nomeh.a skipped

Scan process completed.
 

realmccoyDUI

Thread Starter
Joined
Mar 3, 2006
Messages
15
Logfile of HijackThis v1.99.1
Scan saved at 6:52:10 PM, on 03/04/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
C:\WINNT\System32\cisvc.exe
C:\WINNT\Cpqdiag\Cpqdfwag.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\msdtc.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\PDesk.exe
C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
C:\WINNT\SYSTEM32\starter.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEAKSYSTEMTRAY.EXE
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\WINNT\tppaldr.exe
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\Program Files\Iomega HotBurn Pro\Autolaunch.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_FATI9LA.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktopMail.exe
C:\WINNT\system32\DllHost.exe
C:\WINNT\System32\cidaemon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Symantec Shared\NMain.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.google.com/mail/
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/bookmark/7_0/home.html"); (C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\prefs.js)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Matrox Powerdesk] C:\WINNT\System32\PDesk.exe /Autolaunch
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [EnsoniqMixer] C:\WINNT\SYSTEM32\starter.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\BRMFLPRO\SetDefPrt.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TPP Auto Loader] C:\WINNT\tppaldr.exe
O4 - HKLM\..\Run: [Drag'n'Drop_Autolaunch] "C:\Program Files\Iomega HotBurn Pro\Autolaunch.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINNT\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [EPSON Stylus Photo R1800] C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_FATI9LA.EXE /P24 "EPSON Stylus Photo R1800" /O12 "EP1394D3_001" /M "Stylus Photo R1800"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [PicasaNet] "C:\Program Files\Hello\Hello.exe" -b
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] "C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe"
O4 - HKLM\..\RunServices: [CPQDFWAG] C:\WINNT\Cpqdiag\CpqDfwAg.exe
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} - http://usercenter.cox.net/rsuite/sdccommon/download/tgctlcm.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z.net/content.inf...W/win/019-0312.20050111.MmVrT/iTunesSetup.exe
O16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E} (Install Class) - http://updates.lifescapeinc.com/installers/pinstall/pinstall.cab
O16 - DPF: {FC67BB52-AAB6-4282-9D51-2DAFFE73AFD0} - http://download.spyspotter.com/spyspotter/SpSp29952.22opt/SpySpotterInstall.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Compaq Remote Diagnostics Enabling Agent (CpqDfwWebAgent) - Compaq Computer Corporation - C:\WINNT\Cpqdiag\Cpqdfwag.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: jsdaemon - Unknown owner - c:\progra~1\jetsuite\jsdaemon.exe (file missing)
O23 - Service: Machine Debug Manager (MDM) - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe (file missing)
O23 - Service: MGABGEXE - Unknown owner - C:\WINNT\System32\mgabg.exe (file missing)
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINNT\System32\NMSSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top