1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Pop-ups after spybot, ad-aware & defender

Discussion in 'Virus & Other Malware Removal' started by realmccoyDUI, Mar 3, 2006.

Thread Status:
Not open for further replies.
Advertisement
  1. realmccoyDUI

    realmccoyDUI Thread Starter

    Joined:
    Mar 3, 2006
    Messages:
    15
    I cannot seem to stop these pop-ups. Any help would be appreciated TIA!

    Lee McCoy



    Here is my hijackthis! log:

    Logfile of HijackThis v1.98.2
    Scan saved at 7:40:02 AM, on 03/03/2006
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
    C:\WINNT\System32\cisvc.exe
    C:\WINNT\Cpqdiag\Cpqdfwag.exe
    C:\WINNT\System32\svchost.exe
    C:\PROGRA~1\Iomega\System32\AppServices.exe
    C:\WINNT\System32\NMSSvc.exe
    C:\WINNT\system32\regsvc.exe
    C:\WINNT\system32\MSTask.exe
    C:\WINNT\system32\stisvc.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\System32\msdtc.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINNT\Explorer.EXE
    C:\WINNT\System32\PDesk.exe
    C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
    C:\WINNT\SYSTEM32\starter.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\Compaq\Easy Access Button Support\CPQEAKSYSTEMTRAY.EXE
    C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
    C:\Compaq\EAKDRV\EAUSBKBD.EXE
    C:\WINNT\tppaldr.exe
    C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
    C:\Program Files\Iomega HotBurn Pro\Autolaunch.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_FATI9LA.EXE
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\WINNT\system32\ctfmon.exe
    C:\WINNT\system32\?hkdsk.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
    C:\Program Files\Warez P2P Client\warez.exe
    C:\DOCUME~1\ADMINI~1\APPLIC~1\WNSXS~1\userinit.exe
    C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
    c:\progra~1\intern~1\iexplore.exe
    C:\Program Files\SpywareGuard\sgmain.exe
    C:\Program Files\SpywareGuard\sgbhp.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopMail.exe
    C:\WINNT\system32\DllHost.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\WINNT\System32\cidaemon.exe
    C:\Program Files\Netscape\Netscape\Netscp.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\hjt\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.google.com/mail/?auth=D...R6m4u_LpybW9q9IzJXzytdrAfBKxAT2bdfWXd6HVHNf3k
    R3 - URLSearchHook: (no name) - {130D3B55-A9BD-D246-94A8-F88AD8D0F8C2} - C:\WINNT\system32\bbtuwyt.dll
    R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
    N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/bookmark/7_0/home.html"); (C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\prefs.js)
    N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\prefs.js)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {130D3B55-A9BD-D246-94A8-F88AD8D0F8C2} - C:\WINNT\system32\bbtuwyt.dll
    O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
    O2 - BHO: (no name) - {922B305F-3A3A-C7B3-FDA2-2A9B8B82B9EA} - C:\DOCUME~1\ADMINI~1\APPLIC~1\scrheck\flaponce.exe
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
    O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
    O3 - Toolbar: (no name) - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - (no file)
    O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [Matrox Powerdesk] C:\WINNT\System32\PDesk.exe /Autolaunch
    O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
    O4 - HKLM\..\Run: [EnsoniqMixer] C:\WINNT\SYSTEM32\starter.exe
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\BRMFLPRO\SetDefPrt.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -minimize
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [TPP Auto Loader] C:\WINNT\tppaldr.exe
    O4 - HKLM\..\Run: [Drag'n'Drop_Autolaunch] "C:\Program Files\Iomega HotBurn Pro\Autolaunch.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
    O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINNT\system32\PSDrvCheck.exe -CheckReg
    O4 - HKLM\..\Run: [EPSON Stylus Photo R1800] C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_FATI9LA.EXE /P24 "EPSON Stylus Photo R1800" /O12 "EP1394D3_001" /M "Stylus Photo R1800"
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [Bolt Owns Deaf Kind] C:\Documents and Settings\All Users\Application Data\idol real bolt owns\Fast Default.exe
    O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
    O4 - HKLM\..\Run: [PicasaNet] "C:\Program Files\Hello\Hello.exe" -b
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\RunServices: [CPQDFWAG] C:\WINNT\Cpqdiag\CpqDfwAg.exe
    O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
    O4 - HKCU\..\Run: [Plutl] C:\WINNT\system32\?hkdsk.exe
    O4 - HKCU\..\Run: [warez] "C:\Program Files\Warez P2P Client\warez.exe" -h
    O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
    O4 - HKCU\..\Run: [PileDownload] C:\DOCUME~1\ADMINI~1\APPLIC~1\TRANST~1\Dentthecool.exe
    O4 - HKCU\..\Run: [Hela] "C:\DOCUME~1\ADMINI~1\APPLIC~1\WNSXS~1\userinit.exe" -vt rbnd
    O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
    O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
    O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
    O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
    O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
    O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
    O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
    O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
    O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
    O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
    O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} - http://usercenter.cox.net/rsuite/sdccommon/download/tgctlcm.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z.net/content.inf...W/win/019-0312.20050111.MmVrT/iTunesSetup.exe
    O16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E} (Install Class) - http://updates.lifescapeinc.com/installers/pinstall/pinstall.cab
    O16 - DPF: {9AC54695-69A4-46F1-BE10-10C74F9520D5} - http://cabs.elitemediagroup.net/cabs/mediaview.cab
    O16 - DPF: {FC67BB52-AAB6-4282-9D51-2DAFFE73AFD0} - http://download.spyspotter.com/spyspotter/SpSp29952.22opt/SpySpotterInstall.cab
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
     
  2. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    Old version of HiJack

    Click here to download HJTsetup.exe: http://www.thespykiller.co.uk/files/HJTSetup.exe
    Save HJTsetup.exe to your desktop.

    Double click on the HJTsetup.exe icon on your desktop.
    By default it will install to C:\Program Files\Hijack This.
    Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
    Put a check by Create a desktop icon then click Next again.
    Continue to follow the rest of the prompts from there.
    At the final dialogue box click Finish and it will launch Hijack This.
    Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
    Click Save to save the log file and then the log will open in notepad.
    Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
    Come back here to this thread and Paste the log in your next reply.
    DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.

    ==============
    Do this before you post a new log

    Download the trial version of Ewido Security Suite http://www.ewido.net/en/download/ (W2K/XP Only)
    · Install ewido.
    · During the installation, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
    · Launch ewido
    · It will prompt you to update click the OK button and it will go to the main screen
    · On the left side of the main screen click update
    · Click on Start and let it update.
    · DO NOT run a scan yet. You will do that later in safe mode.

    Restart your computer into safe mode now. Perform the following steps in safe mode:
    (Start tapping F8 at the first black screen after power up)

    Run Ewido:
    · Click on scanner
    · Click Complete System Scan and the scan will begin.
    · During the scan it will prompt you to clean files, click OK
    · When the scan is finished, look at the bottom of the screen and click the Save report button.
    · Save the report to your C: Drive
    This will take some time to run!
    Boot to normal mode
    Post that log and a new HiJack log
     
  3. realmccoyDUI

    realmccoyDUI Thread Starter

    Joined:
    Mar 3, 2006
    Messages:
    15
    Done.


    Logfile of HijackThis v1.99.1
    Scan saved at 9:10:36 AM, on 03/03/2006
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
    C:\WINNT\System32\cisvc.exe
    C:\WINNT\Cpqdiag\Cpqdfwag.exe
    C:\WINNT\System32\svchost.exe
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\PROGRA~1\Iomega\System32\AppServices.exe
    C:\WINNT\System32\NMSSvc.exe
    C:\WINNT\system32\regsvc.exe
    C:\WINNT\system32\MSTask.exe
    C:\WINNT\system32\stisvc.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\System32\msdtc.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINNT\Explorer.EXE
    C:\WINNT\System32\PDesk.exe
    C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
    C:\WINNT\SYSTEM32\starter.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\WINNT\tppaldr.exe
    C:\Program Files\Compaq\Easy Access Button Support\CPQEAKSYSTEMTRAY.EXE
    C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
    C:\Compaq\EAKDRV\EAUSBKBD.EXE
    C:\Program Files\Iomega HotBurn Pro\Autolaunch.exe
    C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_FATI9LA.EXE
    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\WINNT\system32\ctfmon.exe
    C:\Program Files\Warez P2P Client\warez.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
    C:\DOCUME~1\ADMINI~1\APPLIC~1\WNSXS~1\userinit.exe
    c:\progra~1\intern~1\iexplore.exe
    C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
    C:\Program Files\SpywareGuard\sgmain.exe
    C:\Program Files\SpywareGuard\sgbhp.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopMail.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\WINNT\system32\DllHost.exe
    C:\WINNT\System32\cidaemon.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.google.com/mail/?auth=D...R6m4u_LpybW9q9IzJXzytdrAfBKxAT2bdfWXd6HVHNf3k
    R3 - URLSearchHook: (no name) - {130D3B55-A9BD-D246-94A8-F88AD8D0F8C2} - C:\WINNT\system32\bbtuwyt.dll (file missing)
    R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
    N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/bookmark/7_0/home.html"); (C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\prefs.js)
    N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\prefs.js)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {130D3B55-A9BD-D246-94A8-F88AD8D0F8C2} - C:\WINNT\system32\bbtuwyt.dll (file missing)
    O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
    O2 - BHO: (no name) - {922B305F-3A3A-C7B3-FDA2-2A9B8B82B9EA} - C:\DOCUME~1\ADMINI~1\APPLIC~1\scrheck\flaponce.exe
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
    O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
    O3 - Toolbar: (no name) - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - (no file)
    O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [Matrox Powerdesk] C:\WINNT\System32\PDesk.exe /Autolaunch
    O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
    O4 - HKLM\..\Run: [EnsoniqMixer] C:\WINNT\SYSTEM32\starter.exe
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\BRMFLPRO\SetDefPrt.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -minimize
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [TPP Auto Loader] C:\WINNT\tppaldr.exe
    O4 - HKLM\..\Run: [Drag'n'Drop_Autolaunch] "C:\Program Files\Iomega HotBurn Pro\Autolaunch.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
    O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINNT\system32\PSDrvCheck.exe -CheckReg
    O4 - HKLM\..\Run: [EPSON Stylus Photo R1800] C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_FATI9LA.EXE /P24 "EPSON Stylus Photo R1800" /O12 "EP1394D3_001" /M "Stylus Photo R1800"
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [Bolt Owns Deaf Kind] C:\Documents and Settings\All Users\Application Data\idol real bolt owns\Fast Default.exe
    O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
    O4 - HKLM\..\Run: [PicasaNet] "C:\Program Files\Hello\Hello.exe" -b
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\RunServices: [CPQDFWAG] C:\WINNT\Cpqdiag\CpqDfwAg.exe
    O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
    O4 - HKCU\..\Run: [warez] "C:\Program Files\Warez P2P Client\warez.exe" -h
    O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
    O4 - HKCU\..\Run: [PileDownload] C:\DOCUME~1\ADMINI~1\APPLIC~1\TRANST~1\Dentthecool.exe
    O4 - HKCU\..\Run: [Hela] "C:\DOCUME~1\ADMINI~1\APPLIC~1\WNSXS~1\userinit.exe" -vt rbnd
    O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
    O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
    O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
    O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
    O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
    O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
    O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
    O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
    O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
    O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
    O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} - http://usercenter.cox.net/rsuite/sdccommon/download/tgctlcm.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z.net/content.inf...W/win/019-0312.20050111.MmVrT/iTunesSetup.exe
    O16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E} (Install Class) - http://updates.lifescapeinc.com/installers/pinstall/pinstall.cab
    O16 - DPF: {9AC54695-69A4-46F1-BE10-10C74F9520D5} - http://cabs.elitemediagroup.net/cabs/mediaview.cab
    O16 - DPF: {FC67BB52-AAB6-4282-9D51-2DAFFE73AFD0} - http://download.spyspotter.com/spyspotter/SpSp29952.22opt/SpySpotterInstall.cab
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
    O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
    O23 - Service: Compaq Remote Diagnostics Enabling Agent (CpqDfwWebAgent) - Compaq Computer Corporation - C:\WINNT\Cpqdiag\Cpqdfwag.exe
    O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
    O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: jsdaemon - Unknown owner - c:\progra~1\jetsuite\jsdaemon.exe (file missing)
    O23 - Service: Machine Debug Manager (MDM) - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe (file missing)
    O23 - Service: MGABGEXE - Unknown owner - C:\WINNT\System32\mgabg.exe (file missing)
    O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINNT\System32\NMSSvc.exe
     
  4. realmccoyDUI

    realmccoyDUI Thread Starter

    Joined:
    Mar 3, 2006
    Messages:
    15
    ---------------------------------------------------------
    ewido anti-malware - Scan report
    ---------------------------------------------------------

    + Created on: 8:56:44 AM, 03/03/2006
    + Report-Checksum: 37756E7A

    + Scan result:

    HKLM\SOFTWARE\Classes\ImgConv.clsImgConv -> Adware.WebRebates : Cleaned with backup
    HKLM\SOFTWARE\Classes\ImgConv.clsImgConv\Clsid -> Adware.WebRebates : Cleaned with backup
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Adware.WebRebates : Cleaned with backup
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows SR 3.0 -> Adware.BlazeFind : Cleaned with backup
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows SR 3.0\- -> Adware.BlazeFind : Cleaned with backup
    HKU\.DEFAULT\Software\MxTarget -> Adware.BetterInternet : Cleaned with backup
    :mozilla.6:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i6scq8gh.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
    :mozilla.7:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i6scq8gh.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
    :mozilla.8:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i6scq8gh.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
    :mozilla.9:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i6scq8gh.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
    :mozilla.12:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i6scq8gh.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
    :mozilla.37:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i6scq8gh.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
    :mozilla.38:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i6scq8gh.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
    :mozilla.39:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i6scq8gh.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
    :mozilla.40:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i6scq8gh.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
    :mozilla.41:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i6scq8gh.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
    :mozilla.42:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i6scq8gh.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
    :mozilla.58:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i6scq8gh.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
    :mozilla.92:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i6scq8gh.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
    :mozilla.95:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i6scq8gh.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
    :mozilla.99:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i6scq8gh.default\cookies.txt -> TrackingCookie.Coremetrics : Cleaned with backup
    :mozilla.100:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i6scq8gh.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
    :mozilla.104:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i6scq8gh.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
    :mozilla.108:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i6scq8gh.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
    :mozilla.109:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i6scq8gh.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
    :mozilla.110:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i6scq8gh.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
    :mozilla.111:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i6scq8gh.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
    :mozilla.113:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i6scq8gh.default\cookies.txt -> TrackingCookie.Linksynergy : Cleaned with backup
    :mozilla.114:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i6scq8gh.default\cookies.txt -> TrackingCookie.Linksynergy : Cleaned with backup
    :mozilla.115:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i6scq8gh.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned with backup
    :mozilla.116:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i6scq8gh.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
    :mozilla.118:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i6scq8gh.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
    :mozilla.121:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i6scq8gh.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
    :mozilla.122:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i6scq8gh.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup
    :mozilla.124:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i6scq8gh.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
    :mozilla.126:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i6scq8gh.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
    :mozilla.129:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i6scq8gh.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
    :mozilla.132:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i6scq8gh.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
    :mozilla.140:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i6scq8gh.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
    :mozilla.144:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i6scq8gh.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
    :mozilla.146:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i6scq8gh.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
    :mozilla.147:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i6scq8gh.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
    :mozilla.154:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i6scq8gh.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
    :mozilla.156:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i6scq8gh.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
    :mozilla.157:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i6scq8gh.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
    :mozilla.160:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i6scq8gh.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
    :mozilla.186:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i6scq8gh.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
    :mozilla.190:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i6scq8gh.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned with backup
    :mozilla.191:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i6scq8gh.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned with backup
    :mozilla.192:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i6scq8gh.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned with backup
    :mozilla.228:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i6scq8gh.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
    :mozilla.229:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i6scq8gh.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
    :mozilla.230:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i6scq8gh.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
    :mozilla.231:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i6scq8gh.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
    :mozilla.265:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i6scq8gh.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
    :mozilla.266:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i6scq8gh.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
    :mozilla.276:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i6scq8gh.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
    :mozilla.309:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i6scq8gh.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup
    :mozilla.310:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i6scq8gh.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup
    :mozilla.311:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i6scq8gh.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup
    :mozilla.312:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i6scq8gh.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup
    :mozilla.313:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i6scq8gh.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup
    :mozilla.341:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i6scq8gh.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
    :mozilla.342:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i6scq8gh.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
    :mozilla.12:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
    :mozilla.14:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
    :mozilla.15:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
    :mozilla.16:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
    :mozilla.21:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
    :mozilla.22:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
    :mozilla.34:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
    :mozilla.52:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\cookies.txt -> TrackingCookie.Bfast : Cleaned with backup
    :mozilla.53:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\cookies.txt -> TrackingCookie.Bfast : Cleaned with backup
    :mozilla.59:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
    :mozilla.60:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
    :mozilla.62:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
    :mozilla.64:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
    :mozilla.65:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
    :mozilla.66:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
    :mozilla.67:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
    :mozilla.70:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
    :mozilla.75:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
    :mozilla.79:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
    :mozilla.88:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
    :mozilla.91:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
    :mozilla.92:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\cookies.txt -> TrackingCookie.Bluestreak : Cleaned with backup
    :mozilla.105:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
    :mozilla.106:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
    :mozilla.107:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
     
  5. realmccoyDUI

    realmccoyDUI Thread Starter

    Joined:
    Mar 3, 2006
    Messages:
    15
    :mozilla.108:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
    :mozilla.109:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
    :mozilla.114:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
    :mozilla.116:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
    :mozilla.126:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
    :mozilla.127:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
    :mozilla.142:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
    :mozilla.147:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
    :mozilla.148:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
    :mozilla.150:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
    :mozilla.152:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
    :mozilla.155:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
    :mozilla.156:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
    :mozilla.169:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
    :mozilla.171:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\cookies.txt -> TrackingCookie.Com : Cleaned with backup
    :mozilla.177:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
    :mozilla.178:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\cookies.txt -> TrackingCookie.Com : Cleaned with backup
    :mozilla.179:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
    :mozilla.181:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup
    :mozilla.182:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup
    :mozilla.183:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
    :mozilla.190:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
    :mozilla.194:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
    :mozilla.195:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
    :mozilla.203:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
    :mozilla.205:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
    :mozilla.206:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
    :mozilla.212:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\cookies.txt -> TrackingCookie.Com : Cleaned with backup
    :mozilla.217:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
    :mozilla.218:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
    :mozilla.219:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
    :mozilla.221:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
    :mozilla.222:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
    :mozilla.225:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
    :mozilla.231:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\cookies.txt -> TrackingCookie.Coremetrics : Cleaned with backup
    :mozilla.232:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup
    :mozilla.233:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
    :mozilla.245:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
    :mozilla.246:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
    :mozilla.247:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
    :mozilla.261:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
    :mozilla.262:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
    :mozilla.263:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
    :mozilla.268:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
    C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
    C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> TrackingCookie.Com : Cleaned with backup
    C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> TrackingCookie.Estat : Cleaned with backup
    C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> TrackingCookie.Statcounter : Cleaned with backup
    C:\Documents and Settings\Administrator\Local Settings\Temp\112EF.exe -> Adware.FWN : Cleaned with backup
    C:\Documents and Settings\Administrator\Local Settings\Temp\AcsProxyStub.exe -> Hijacker.Agent.di : Cleaned with backup
    C:\Documents and Settings\Administrator\Local Settings\Temp\ATn2.exe -> Dropper.Agent.pd : Cleaned with backup
    C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\[email protected][1].txt -> TrackingCookie.Aavalue : Cleaned with backup
    C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\[email protected][1].txt -> TrackingCookie.Abetterinternet : Cleaned with backup
    C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\[email protected][1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
    C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\[email protected][2].txt -> TrackingCookie.Specificclick : Cleaned with backup
    C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\[email protected][2].txt -> TrackingCookie.Burstnet : Cleaned with backup
    C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\[email protected][1].txt -> TrackingCookie.Enhance : Cleaned with backup
    C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\[email protected][1].txt -> TrackingCookie.Cliks : Cleaned with backup
    C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\[email protected][2].txt -> TrackingCookie.Com : Cleaned with backup
    C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\[email protected][1].txt -> TrackingCookie.Tracking101 : Cleaned with backup
    C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\[email protected][1].txt -> TrackingCookie.Aavalue : Cleaned with backup
    C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\[email protected][2].txt -> TrackingCookie.Reliablestats : Cleaned with backup
    C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\[email protected][1].txt -> TrackingCookie.Burstbeacon : Cleaned with backup
    C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\[email protected][1].txt -> TrackingCookie.Burstnet : Cleaned with backup
    C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\[email protected][1].txt -> TrackingCookie.Yadro : Cleaned with backup
    C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\[email protected][1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
    C:\Documents and Settings\Administrator\Local Settings\Temp\i199.tmp -> Downloader.Small.wk : Cleaned with backup
    C:\Documents and Settings\Administrator\Local Settings\Temp\iF4.tmp -> Downloader.Small.wk : Cleaned with backup
    C:\Documents and Settings\Administrator\Local Settings\Temp\NewF9.tmp\upgrade.exe -> Adware.NewDotNet : Cleaned with backup
    C:\Documents and Settings\Administrator\Local Settings\Temp\randreco.exe -> Adware.BetterInternet : Cleaned with backup
    C:\Documents and Settings\Administrator\Local Settings\Temp\RemoteUpdate.exe -> Adware.PurityScan : Cleaned with backup
    C:\Documents and Settings\Administrator\Local Settings\Temp\senh.exe -> Dropper.Delf.dj : Cleaned with backup
    C:\Documents and Settings\Administrator\Local Settings\Temp\simpletraffic.exe -> Dropper.Small.nm : Cleaned with backup
    C:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\CF4L6LYD\!update-1564[1].0000 -> Adware.PurityScan : Cleaned with backup
    C:\Documents and Settings\Administrator\Local Settings\Temp\THI12C8.tmp\polall1b.exe -> Dropper.Small.pv : Cleaned with backup
    C:\Documents and Settings\Administrator\Local Settings\Temp\THI3FEA.tmp\polall1b.exe -> Dropper.Small.pv : Cleaned with backup
    C:\Documents and Settings\Administrator\Local Settings\Temp\THI743D.tmp\polall1b.exe -> Dropper.Small.pv : Cleaned with backup
    C:\Documents and Settings\Administrator\Local Settings\Temp\thin.exe -> Adware.BetterInternet : Cleaned with backup
    C:\Documents and Settings\Administrator\Local Settings\Temp\thnall1b.exe -> Adware.BetterInternet : Cleaned with backup
    C:\Documents and Settings\Administrator\Local Settings\Temp\TMP10B.tmp -> Adware.SurfBuddy : Cleaned with backup
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\85U7KXQN\ErrorSafeFreeInstall[1].cab/UERS_0001_N68M1801NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.d : Cleaned with backup
    C:\Documents and Settings\tricia\Local Settings\Temporary Internet Files\Content.IE5\XR9P6S54\HyperLinker[1].cab/HyperLinker.exe -> Adware.MDH : Cleaned with backup
    C:\hjt\backups\backup-20040901-191558-653.dll -> Adware.Virtumonde : Cleaned with backup
    C:\hjt\backups\backup-20040901-191558-986.dll -> Adware.Virtumonde : Cleaned with backup
    C:\hjt\backups\backup-20060303-010232-376.dll -> Adware.PurityScan : Cleaned with backup
    C:\Program Files\hjt\backups\backup-20040901-191558-653.dll -> Adware.Virtumonde : Cleaned with backup
    C:\Program Files\hjt\backups\backup-20040901-191558-986.dll -> Adware.Virtumonde : Cleaned with backup
    C:\Program Files\Lycos\IEagent\csAOLldr.exe -> Adware.ClearSearch : Cleaned with backup
    C:\Program Files\Lycos\IEagent\CSBIINST.DLL -> Adware.ClearSearch : Cleaned with backup
    C:\Program Files\Oemji\Toolbar\PopupBlocker\OemjiPopupBlocker.exe -> Adware.Nomeh : Cleaned with backup
    C:\RECYCLER\S-1-5-21-1621911747-1873742695-1616138837-500\Dc2.dll -> Adware.PurityScan : Cleaned with backup
    C:\RECYCLER\S-1-5-21-1621911747-1873742695-1616138837-500\Dc4.vxd/C:/WINNT/system32/nvms.dll -> Adware.BargainBuddy : Cleaned with backup
    C:\RECYCLER\S-1-5-21-1621911747-1873742695-1616138837-500\Dc4.vxd/C:/Program Files/NaviSearch/bin/nls.exe -> Adware.BargainBuddy : Cleaned with backup
    C:\WINNT\lasss.exe -> Hijacker.StartPage.nv : Cleaned with backup
    C:\WINNT\mtuninst.exe -> Adware.MediaTickets : Cleaned with backup
    C:\WINNT\NDNuninstall4_34.exe -> Adware.NewDotNet : Cleaned with backup
    C:\WINNT\NDNuninstall6_38.exe -> Adware.NewDotNet : Cleaned with backup
    C:\WINNT\NDNuninstall6_90.exe -> Adware.NewDotNet : Cleaned with backup
    C:\WINNT\NDNuninstall6_98.exe -> Adware.NewDotNet : Cleaned with backup
    C:\WINNT\snbho.exe -> Trojan.Imiserv.c : Cleaned with backup
    C:\WINNT\SYSTEM32\atiupdate5.exe -> Adware.Adtomi : Cleaned with backup
    C:\WINNT\SYSTEM32\bbtuwyt.dll -> Adware.PurityScan : Cleaned with backup
    C:\WINNT\SYSTEM32\bH.dll -> Adware.BargainBuddy : Cleaned with backup
    C:\WINNT\SYSTEM32\BO2802040113.dll -> Adware.BargainBuddy : Cleaned with backup
    C:\WINNT\SYSTEM32\calsdr.dll -> Adware.F1Organizer : Cleaned with backup
    C:\WINNT\SYSTEM32\calsdr.exe -> Dropper.Small.sc : Cleaned with backup
    C:\WINNT\SYSTEM32\HyperLinker.exe -> Adware.MDH : Cleaned with backup
    C:\WINNT\SYSTEM32\in10b6.dll -> Dropper.Small.abe : Cleaned with backup
    C:\WINNT\SYSTEM32\oins.exe -> Adware.MediaTickets : Cleaned with backup
    C:\WINNT\SYSTEM32\PreUninstall.exe -> Adware.Suggestor : Cleaned with backup
    C:\WINNT\SYSTEM32\siae3123.exe -> Dropper.Small.sc : Cleaned with backup
    C:\WINNT\SYSTEM32\unregister.exe -> Adware.VB : Cleaned with backup
    C:\WINNT\SYSTEM32\сhkdsk.exe -> Adware.PurityScan : Cleaned with backup


    ::Report End
     
  6. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    You have no active AntiVirus!

    Get the free AVG 7 install it, check for updates and run a full scan

    AVG 7 - http://free.grisoft.com/freeweb.php/doc/2/

    ============
    Add remove programs – remove Viewpoint - Warez

    Fix these with HJT – mark them, close IE, click fix checked

    R3 - URLSearchHook: (no name) - {130D3B55-A9BD-D246-94A8-F88AD8D0F8C2} - C:\WINNT\system32\bbtuwyt.dll (file missing)

    R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

    O2 - BHO: (no name) - {130D3B55-A9BD-D246-94A8-F88AD8D0F8C2} - C:\WINNT\system32\bbtuwyt.dll (file missing)

    O2 - BHO: (no name) - {922B305F-3A3A-C7B3-FDA2-2A9B8B82B9EA} - C:\DOCUME~1\ADMINI~1\APPLIC~1\scrheck\flaponce.exe

    O3 - Toolbar: (no name) - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - (no file)

    O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

    O4 - HKLM\..\Run: [Bolt Owns Deaf Kind] C:\Documents and Settings\All Users\Application Data\idol real bolt owns\Fast Default.exe

    O4 - HKCU\..\Run: [warez] "C:\Program Files\Warez P2P Client\warez.exe" -h

    O4 - HKCU\..\Run: [PileDownload] C:\DOCUME~1\ADMINI~1\APPLIC~1\TRANST~1\Dentthecool.exe

    O4 - HKCU\..\Run: [Hela] "C:\DOCUME~1\ADMINI~1\APPLIC~1\WNSXS~1\userinit.exe" -vt rbnd

    O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)

    O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)

    O16 - DPF: {9AC54695-69A4-46F1-BE10-10C74F9520D5} - http://cabs.elitemediagroup.net/cabs/mediaview.cab

    DownLoad http://www.downloads.subratam.org/KillBox.zip

    Restart your computer into safe mode now. (Tapping F8 at the first black screen) Perform the following steps in safe mode:

    Double-click on Killbox.exe to run it. Now put a tick by Standard File Kill. In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time then click on the button that has the red circle with the X in the middle after you enter each file. It will ask for confimation to delete the file. Click Yes. Continue with that same procedure until you have copied and pasted all of these in the "Paste Full Path of File to Delete" box.

    C:\Program Files\Viewpoint\Viewpoint Manager
    C:\DOCUME~1\ADMINI~1\APPLIC~1\scrheck
    C:\Documents and Settings\All Users\Application Data\idol real bolt owns
    C:\Program Files\Warez P2P Client
    C:\Program Files\Ebates_MoeMoneyMaker



    Note: It is possible that Killbox will tell you that one or more files do not exist. If that happens, just continue on with all the files. Be sure you don't miss any.

    START – RUN – type in %temp% OK - Edit – Select all – File – Delete

    Delete everything in the C:\Windows\Temp folder or C:\WINNT\temp

    Not all temp files will delete and that is normal
    Empty the recycle bin
    Boot and post a new log from normal NOT safe mode

    Please give feedback on what worked/didn’t work and the current status of your system
     
  7. realmccoyDUI

    realmccoyDUI Thread Starter

    Joined:
    Mar 3, 2006
    Messages:
    15
    (Installed Norton AV instead AVG 7)
    Am I safe now? TIA.

    Lee McCoy



    Logfile of HijackThis v1.99.1
    Scan saved at 11:37:47 PM, on 03/03/2006
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINNT\system32\spoolsv.exe
    C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
    C:\WINNT\System32\cisvc.exe
    C:\WINNT\Cpqdiag\Cpqdfwag.exe
    C:\WINNT\System32\svchost.exe
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\PROGRA~1\Iomega\System32\AppServices.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\WINNT\System32\NMSSvc.exe
    C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    C:\WINNT\system32\regsvc.exe
    C:\WINNT\system32\MSTask.exe
    C:\WINNT\system32\stisvc.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\System32\msdtc.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINNT\Explorer.EXE
    C:\WINNT\System32\PDesk.exe
    C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
    C:\WINNT\SYSTEM32\starter.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\ICQLite\ICQLite.exe
    C:\Program Files\Compaq\Easy Access Button Support\CPQEAKSYSTEMTRAY.EXE
    C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
    C:\WINNT\tppaldr.exe
    C:\Compaq\EAKDRV\EAUSBKBD.EXE
    C:\Program Files\Iomega HotBurn Pro\Autolaunch.exe
    C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_FATI9LA.EXE
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\WINNT\system32\ctfmon.exe
    C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
    C:\Program Files\Common Files\M?crosoft.NET\??plorer.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
    C:\Program Files\SpywareGuard\sgmain.exe
    C:\Program Files\SpywareGuard\sgbhp.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopMail.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
    C:\WINNT\system32\DllHost.exe
    C:\WINNT\System32\cidaemon.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.google.com/mail/
    N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/bookmark/7_0/home.html"); (C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\prefs.js)
    N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\prefs.js)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
    O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
    O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
    O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [Matrox Powerdesk] C:\WINNT\System32\PDesk.exe /Autolaunch
    O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
    O4 - HKLM\..\Run: [EnsoniqMixer] C:\WINNT\SYSTEM32\starter.exe
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\BRMFLPRO\SetDefPrt.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -minimize
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [TPP Auto Loader] C:\WINNT\tppaldr.exe
    O4 - HKLM\..\Run: [Drag'n'Drop_Autolaunch] "C:\Program Files\Iomega HotBurn Pro\Autolaunch.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINNT\system32\PSDrvCheck.exe -CheckReg
    O4 - HKLM\..\Run: [EPSON Stylus Photo R1800] C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_FATI9LA.EXE /P24 "EPSON Stylus Photo R1800" /O12 "EP1394D3_001" /M "Stylus Photo R1800"
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
    O4 - HKLM\..\Run: [PicasaNet] "C:\Program Files\Hello\Hello.exe" -b
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [SSC_UserPrompt] "C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe"
    O4 - HKLM\..\RunServices: [CPQDFWAG] C:\WINNT\Cpqdiag\CpqDfwAg.exe
    O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
    O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
    O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
    O4 - HKCU\..\Run: [Ydv] C:\Program Files\Common Files\M?crosoft.NET\??plorer.exe
    O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
    O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
    O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
    O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
    O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
    O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
    O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
    O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} - http://usercenter.cox.net/rsuite/sdccommon/download/tgctlcm.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z.net/content.inf...W/win/019-0312.20050111.MmVrT/iTunesSetup.exe
    O16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E} (Install Class) - http://updates.lifescapeinc.com/installers/pinstall/pinstall.cab
    O16 - DPF: {FC67BB52-AAB6-4282-9D51-2DAFFE73AFD0} - http://download.spyspotter.com/spyspotter/SpSp29952.22opt/SpySpotterInstall.cab
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
    O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Compaq Remote Diagnostics Enabling Agent (CpqDfwWebAgent) - Compaq Computer Corporation - C:\WINNT\Cpqdiag\Cpqdfwag.exe
    O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
    O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: jsdaemon - Unknown owner - c:\progra~1\jetsuite\jsdaemon.exe (file missing)
    O23 - Service: Machine Debug Manager (MDM) - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe (file missing)
    O23 - Service: MGABGEXE - Unknown owner - C:\WINNT\System32\mgabg.exe (file missing)
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINNT\System32\NMSSvc.exe
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
    O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
     
  8. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    Fix these with HJT – mark them, close IE, click fix checked

    O4 - HKCU\..\Run: [Ydv] C:\Program Files\Common Files\M?crosoft.NET\??plorer.exe

    DownLoad http://www.downloads.subratam.org/KillBox.zip

    Restart your computer into safe mode now. (Tapping F8 at the first black screen) Perform the following steps in safe mode:

    Double-click on Killbox.exe to run it. Now put a tick by Standard File Kill. In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time then click on the button that has the red circle with the X in the middle after you enter each file. It will ask for confimation to delete the file. Click Yes. Continue with that same procedure until you have copied and pasted all of these in the "Paste Full Path of File to Delete" box.

    C:\Program Files\Common Files\M?crosoft.NET

    Note: It is possible that Killbox will tell you that one or more files do not exist. If that happens, just continue on with all the files. Be sure you don't miss any.

    START – RUN – type in %temp% OK - Edit – Select all – File – Delete

    Delete everything in the C:\Windows\Temp folder or C:\WINNT\temp

    Not all temp files will delete and that is normal
    Empty the recycle bin
    Boot and post a new log from normal NOT safe mode

    Please give feedback on what worked/didn’t work and the current status of your system
     
  9. realmccoyDUI

    realmccoyDUI Thread Starter

    Joined:
    Mar 3, 2006
    Messages:
    15
    Okay, I've done that, except that Killbox said the Microsoft.NET file was not found.

    On the reboot, Norton also caught bargain buddy and navisearch, which I had not seen before. I removed them, rebooted again, and got the following HJT log. Looks like Hela is back.

    Lee McCoy



    Logfile of HijackThis v1.99.1
    Scan saved at 8:58:24 AM, on 03/04/2006
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINNT\system32\spoolsv.exe
    C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
    C:\WINNT\System32\cisvc.exe
    C:\WINNT\Cpqdiag\Cpqdfwag.exe
    C:\WINNT\System32\svchost.exe
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\PROGRA~1\Iomega\System32\AppServices.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\WINNT\System32\NMSSvc.exe
    C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    C:\WINNT\system32\regsvc.exe
    C:\WINNT\system32\MSTask.exe
    C:\WINNT\system32\stisvc.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\System32\msdtc.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINNT\Explorer.EXE
    C:\WINNT\System32\PDesk.exe
    C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
    C:\WINNT\SYSTEM32\starter.exe
    C:\Program Files\Brother\BRMFLPRO\SetDefPrt.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\Compaq\Easy Access Button Support\CPQEAKSYSTEMTRAY.EXE
    C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
    C:\Compaq\EAKDRV\EAUSBKBD.EXE
    C:\WINNT\tppaldr.exe
    C:\Program Files\Iomega HotBurn Pro\Autolaunch.exe
    C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_FATI9LA.EXE
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
    C:\WINNT\system32\ctfmon.exe
    C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
    C:\DOCUME~1\ADMINI~1\APPLIC~1\WNSXS~1\userinit.exe
    C:\Program Files\SpywareGuard\sgmain.exe
    C:\Program Files\SpywareGuard\sgbhp.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.google.com/mail/
    N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/bookmark/7_0/home.html"); (C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\prefs.js)
    N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\prefs.js)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
    O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
    O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
    O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [Matrox Powerdesk] C:\WINNT\System32\PDesk.exe /Autolaunch
    O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
    O4 - HKLM\..\Run: [EnsoniqMixer] C:\WINNT\SYSTEM32\starter.exe
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\BRMFLPRO\SetDefPrt.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -minimize
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [TPP Auto Loader] C:\WINNT\tppaldr.exe
    O4 - HKLM\..\Run: [Drag'n'Drop_Autolaunch] "C:\Program Files\Iomega HotBurn Pro\Autolaunch.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINNT\system32\PSDrvCheck.exe -CheckReg
    O4 - HKLM\..\Run: [EPSON Stylus Photo R1800] C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_FATI9LA.EXE /P24 "EPSON Stylus Photo R1800" /O12 "EP1394D3_001" /M "Stylus Photo R1800"
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
    O4 - HKLM\..\Run: [PicasaNet] "C:\Program Files\Hello\Hello.exe" -b
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [SSC_UserPrompt] "C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe"
    O4 - HKLM\..\RunServices: [CPQDFWAG] C:\WINNT\Cpqdiag\CpqDfwAg.exe
    O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
    O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
    O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
    O4 - HKCU\..\Run: [Hela] "C:\DOCUME~1\ADMINI~1\APPLIC~1\WNSXS~1\userinit.exe" -vt rbnd
    O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
    O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
    O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
    O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
    O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
    O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
    O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} - http://usercenter.cox.net/rsuite/sdccommon/download/tgctlcm.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z.net/content.inf...W/win/019-0312.20050111.MmVrT/iTunesSetup.exe
    O16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E} (Install Class) - http://updates.lifescapeinc.com/installers/pinstall/pinstall.cab
    O16 - DPF: {FC67BB52-AAB6-4282-9D51-2DAFFE73AFD0} - http://download.spyspotter.com/spyspotter/SpSp29952.22opt/SpySpotterInstall.cab
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
    O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Compaq Remote Diagnostics Enabling Agent (CpqDfwWebAgent) - Compaq Computer Corporation - C:\WINNT\Cpqdiag\Cpqdfwag.exe
    O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
    O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: jsdaemon - Unknown owner - c:\progra~1\jetsuite\jsdaemon.exe (file missing)
    O23 - Service: Machine Debug Manager (MDM) - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe (file missing)
    O23 - Service: MGABGEXE - Unknown owner - C:\WINNT\System32\mgabg.exe (file missing)
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINNT\System32\NMSSvc.exe
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
    O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
     
  10. realmccoyDUI

    realmccoyDUI Thread Starter

    Joined:
    Mar 3, 2006
    Messages:
    15
    Ignore that previous post. I made a mistake . . .

    Lee McCoy
     
  11. realmccoyDUI

    realmccoyDUI Thread Starter

    Joined:
    Mar 3, 2006
    Messages:
    15
    I have now done everything. Six temporary files refuse to be deleted, but I assume that's normal. Killbox would not delete the
    M?crosoft.NET folder--I had to go in and manually and delete it.

    Here is the new HJT log file:

    Logfile of HijackThis v1.99.1
    Scan saved at 9:41:49 AM, on 03/04/2006
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINNT\system32\spoolsv.exe
    C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
    C:\WINNT\System32\cisvc.exe
    C:\WINNT\Cpqdiag\Cpqdfwag.exe
    C:\WINNT\System32\svchost.exe
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\PROGRA~1\Iomega\System32\AppServices.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    C:\WINNT\system32\regsvc.exe
    C:\WINNT\system32\MSTask.exe
    C:\WINNT\system32\stisvc.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\System32\msdtc.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINNT\Explorer.EXE
    C:\WINNT\System32\PDesk.exe
    C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
    C:\WINNT\SYSTEM32\starter.exe
    C:\Program Files\Brother\BRMFLPRO\SetDefPrt.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\Compaq\Easy Access Button Support\CPQEAKSYSTEMTRAY.EXE
    C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
    C:\Compaq\EAKDRV\EAUSBKBD.EXE
    C:\WINNT\tppaldr.exe
    C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
    C:\Program Files\Iomega HotBurn Pro\Autolaunch.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_FATI9LA.EXE
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
    C:\WINNT\system32\ctfmon.exe
    C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
    C:\DOCUME~1\ADMINI~1\APPLIC~1\WNSXS~1\userinit.exe
    C:\Program Files\SpywareGuard\sgmain.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\SpywareGuard\sgbhp.exe
    C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
    C:\Program Files\Hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.google.com/mail/
    N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/bookmark/7_0/home.html"); (C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\prefs.js)
    N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\prefs.js)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
    O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
    O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
    O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [Matrox Powerdesk] C:\WINNT\System32\PDesk.exe /Autolaunch
    O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
    O4 - HKLM\..\Run: [EnsoniqMixer] C:\WINNT\SYSTEM32\starter.exe
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\BRMFLPRO\SetDefPrt.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -minimize
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [TPP Auto Loader] C:\WINNT\tppaldr.exe
    O4 - HKLM\..\Run: [Drag'n'Drop_Autolaunch] "C:\Program Files\Iomega HotBurn Pro\Autolaunch.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINNT\system32\PSDrvCheck.exe -CheckReg
    O4 - HKLM\..\Run: [EPSON Stylus Photo R1800] C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_FATI9LA.EXE /P24 "EPSON Stylus Photo R1800" /O12 "EP1394D3_001" /M "Stylus Photo R1800"
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
    O4 - HKLM\..\Run: [PicasaNet] "C:\Program Files\Hello\Hello.exe" -b
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [SSC_UserPrompt] "C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe"
    O4 - HKLM\..\RunServices: [CPQDFWAG] C:\WINNT\Cpqdiag\CpqDfwAg.exe
    O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
    O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
    O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
    O4 - HKCU\..\Run: [Hela] "C:\DOCUME~1\ADMINI~1\APPLIC~1\WNSXS~1\userinit.exe" -vt rbnd
    O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
    O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
    O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
    O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
    O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
    O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
    O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
    O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} - http://usercenter.cox.net/rsuite/sdccommon/download/tgctlcm.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z.net/content.inf...W/win/019-0312.20050111.MmVrT/iTunesSetup.exe
    O16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E} (Install Class) - http://updates.lifescapeinc.com/installers/pinstall/pinstall.cab
    O16 - DPF: {FC67BB52-AAB6-4282-9D51-2DAFFE73AFD0} - http://download.spyspotter.com/spyspotter/SpSp29952.22opt/SpySpotterInstall.cab
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
    O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Compaq Remote Diagnostics Enabling Agent (CpqDfwWebAgent) - Compaq Computer Corporation - C:\WINNT\Cpqdiag\Cpqdfwag.exe
    O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
    O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: jsdaemon - Unknown owner - c:\progra~1\jetsuite\jsdaemon.exe (file missing)
    O23 - Service: Machine Debug Manager (MDM) - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe (file missing)
    O23 - Service: MGABGEXE - Unknown owner - C:\WINNT\System32\mgabg.exe (file missing)
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINNT\System32\NMSSvc.exe
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
    O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
     
  12. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    Yep fix this

    O4 - HKCU\..\Run: [Hela] "C:\DOCUME~1\ADMINI~1\APPLIC~1\WNSXS~1\userinit.exe" -vt rbnd

    Delete this folder starting with wnsxs....

    C:\Documents and Settings\Administrator\Application Data\wnsxs
    ============
    Run http://www.kaspersky.com/virusscanner - Online scan

    When the scan is finished Save the results from the scan!

    Post a new HiJackThis log along with the results from Kaspersky scan
     
  13. realmccoyDUI

    realmccoyDUI Thread Starter

    Joined:
    Mar 3, 2006
    Messages:
    15
    Thanks again for the help! I "fixed" Hela with HJT and deleted the associated folder. I ran the Kaspersky scan and another HJT. The first part of the Kaspersky log follows:

    -------------------------------------------------------------------------------
    KASPERSKY ON-LINE SCANNER REPORT
    Saturday, March 04, 2006 6:42:25 PM
    Operating System: Microsoft Windows 2000 Professional, Service Pack 4 (Build 2195)
    Kaspersky On-line Scanner version: 5.0.78.0
    Kaspersky Anti-Virus database last update: 4/03/2006
    Kaspersky Anti-Virus database records: 180114
    -------------------------------------------------------------------------------

    Scan Settings:
    Scan using the following antivirus database: extended
    Scan Archives: true
    Scan Mail Bases: true

    Scan Target - My Computer:
    A:\
    C:\
    D:\
    E:\
    F:\

    Scan Statistics:
    Total number of scanned objects: 80668
    Number of viruses found: 31
    Number of infected objects: 116
    Number of suspicious objects: 0
    Duration of the scan process: 03:21:16

    Infected Object Name / Virus Name / Last Action
    C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\Mail\pop.west.cox-1.net\Trash/[From "Adolfo Tompkins" <[email protected]>][Date Wed, 05 Nov 03 01:24:45 GMT]/UNNAMED/[From "Annie Head" <[email protected]>][Date Sun, 16 Nov 2003 19:26:32 -0700]/UNNAMED/[From "Guy Bates" <[email protected]>][Date Wed, 12 Nov 2003 01:27:43 -0500]/UNNAMED/[From "Hal Talia" <[email protected]>][Date Wed, 12 Nov 2003 02:53:15 -0500]/UNNAMED/[From "Cary Kirkland" <[email protected]> ... ... /[From US Bank <[email protected]>][Date Sun, 27 Jun 2004 19:55:06 -030 ... /html Infected: Trojan-Spy.HTML.Usbankfraud.a skipped
    C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\Mail\pop.west.cox-1.net\Trash/[From "Adolfo Tompkins" <[email protected]>][Date Wed, 05 Nov 03 01:24:45 GMT]/UNNAMED/[From "Annie Head" <[email protected]>][Date Sun, 16 Nov 2003 19:26:32 -0700]/UNNAMED/[From "Guy Bates" <[email protected]>][Date Wed, 12 Nov 2003 01:27:43 -0500]/UNNAMED/[From "Hal Talia" <[email protected]>][Date Wed, 12 Nov 2003 02:53:15 -0500]/UNNAMED/[From "Cary Kirkland" <[email protected]> ... ... /[From US Bank <[email protected]>][Date Sun, 27 Jun 2004 19:55:06 -0300]/UNNAMED Infected: Trojan-Spy.HTML.Usbankfraud.a skipped
    C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\Mail\pop.west.cox-1.net\Trash/[From "Adolfo Tompkins" <[email protected]>][Date Wed, 05 Nov 03 01:24:45 GMT]/UNNAMED/[From "Annie Head" <[email protected]>][Date Sun, 16 Nov 2003 19:26:32 -0700]/UNNAMED/[From "Guy Bates" <[email protected]>][Date Wed, 12 Nov 2003 01:27:43 -0500]/UNNAMED/[From "Hal Talia" <[email protected]>][Date Wed, 12 Nov 2003 02:53:15 -0500]/UNNAMED/[From "Cary Kirkland" <[email protected]> ... /[ ... /[From "Chang Varner" <[email protected]>][Date Sat, 26 Jun 2004 20:39:15 -0100]/UNNAMED Infected: Trojan-Spy.HTML.Usbankfraud.a skipped
    C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\Mail\pop.west.cox-1.net\Trash/[From "Adolfo Tompkins" <[email protected]>][Date Wed, 05 Nov 03 01:24:45 GMT]/UNNAMED/[From "Annie Head" <[email protected]>][Date Sun, 16 Nov 2003 19:26:32 -0700]/UNNAMED/[From "Guy Bates" <[email protected]>][Date Wed, 12 Nov 2003 01:27:43 -0500]/UNNAMED/[From "Hal Talia" <[email protected]>][Date Wed, 12 Nov 2003 02:53:15 -0500]/UNNAMED/[From "Cary Kirkland" <[email protected]> ... /[From "Gregorio Randle" <[email protected]>][Date Sun, 27 Jun 2004 02:38:26 +0200]/UNNAMED Infected: Trojan-Spy.HTML.Usbankfraud.a skipped
    C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\Mail\pop.west.cox-1.net\Trash/[From "Adolfo Tompkins" <[email protected]>][Date Wed, 05 Nov 03 01:24:45 GMT]/UNNAMED/[From "Annie Head" <[email protected]>][Date Sun, 16 Nov 2003 19:26:32 -0700]/UNNAMED/[From "Guy Bates" <[email protected]>][Date Wed, 12 Nov 2003 01:27:43 -0500]/UNNAMED/[From "Hal Talia" <[email protected]>][Date Wed, 12 Nov 2003 02:53:15 -0500]/UNNAMED/[From "Cary Kirkland" <[email protected]>] . . ... /[From CitiBank <[email protected]>][Date Thu, 12 Aug 2004 04:03:53 +0600]/html Infected: Trojan-Spy.HTML.Citifraud.ae skipped
    C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\Mail\pop.west.cox-1.net\Trash/[From "Adolfo Tompkins" <[email protected]>][Date Wed, 05 Nov 03 01:24:45 GMT]/UNNAMED/[From "Annie Head" <[email protected]>][Date Sun, 16 Nov 2003 19:26:32 -0700]/UNNAMED/[From "Guy Bates" <[email protected]>][Date Wed, 12 Nov 2003 01:27:43 -0500]/UNNAMED/[From "Hal Talia" <[email protected]>][Date Wed, 12 Nov 2003 02:53:15 -0500]/UNNAMED/[From "Cary Kirkland" <[email protected]>] . ... /[From "Charla" <[email protected]>][Date Wed, 11 Aug 2004 16:51:07 -0400 (EDT)]/text Infected: Trojan-Spy.HTML.Citifraud.ae skipped
    C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\Mail\pop.west.cox-1.net\Trash/[From "Adolfo Tompkins" <[email protected]>][Date Wed, 05 Nov 03 01:24:45 GMT]/UNNAMED/[From "Annie Head" <[email protected]>][Date Sun, 16 Nov 2003 19:26:32 -0700]/UNNAMED/[From "Guy Bates" <[email protected]>][Date Wed, 12 Nov 2003 01:27:43 -0500]/UNNAMED/[From "Hal Talia" <[email protected]>][Date Wed, 12 Nov 2003 02:53:15 -0500]/UNNAMED/[From "Cary Kirkland" <[email protected]>] ... /[From "Homer Muller" <[email protected]>][Date Tue, 10 Aug 2004 14:15:04 +0400]/UNNAMED Infected: Trojan-Spy.HTML.Citifraud.ae skipped
    C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\Mail\pop.west.cox-1.net\Trash/[From "Adolfo Tompkins" <[email protected]>][Date Wed, 05 Nov 03 01:24:45 GMT]/UNNAMED/[From "Annie Head" <[email protected]>][Date Sun, 16 Nov 2003 19:26:32 -0700]/UNNAMED/[From "Guy Bates" <[email protected]>][Date Wed, 12 Nov 2003 01:27:43 -0500]/UNNAMED/[From "Hal Talia" <[email protected]>][Date Wed, 12 Nov 2003 02:53:15 -0500]/UNNAMED/[From "Cary Kirkland" <[email protected]>][Date We .. ... /[From "Thurman" <[email protected]>][Date Sun, 29 Aug 2004 13:54:33 -0800]/text Infected: Trojan-Dropper.VBS.Zerolin skipped
    C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\Mail\pop.west.cox-1.net\Trash/[From "Adolfo Tompkins" <[email protected]>][Date Wed, 05 Nov 03 01:24:45 GMT]/UNNAMED/[From "Annie Head" <[email protected]>][Date Sun, 16 Nov 2003 19:26:32 -0700]/UNNAMED/[From "Guy Bates" <[email protected]>][Date Wed, 12 Nov 2003 01:27:43 -0500]/UNNAMED/[From "Hal Talia" <[email protected]>][Date Wed, 12 Nov 2003 02:53:15 -0500]/UNNAMED/[From "Cary Kirkland" <[email protected]>][Date We ... /[From "Burrell" <[email protected]>][Date Sun, 29 Aug 2004 13:14:11 -0600]/html Infected: Trojan-Dropper.VBS.Zerolin skipped
    C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\Mail\pop.west.cox-1.net\Trash/[From "Adolfo Tompkins" <[email protected]>][Date Wed, 05 Nov 03 01:24:45 GMT]/UNNAMED/[From "Annie Head" <[email protected]>][Date Sun, 16 Nov 2003 19:26:32 -0700]/UNNAMED/[From "Guy Bates" <[email protected]>][Date Wed, 12 Nov 2003 01:27:43 -0500]/UNNAMED/[From "Hal Talia" <[email protected]>][Date Wed, 12 Nov 2003 02:53:15 -0500]/UNNAMED/[From "Cary Kirkland" <z911uf ... /[Fr ... / ... /[From "Marlene Fran ... /[From "eBay Help"][Date Sat, 17 Jul 2004 11:04:45 -0700 (PDT)]/text Infected: Trojan-Spy.HTML.Bayfraud.s skipped
    C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\Mail\pop.west.cox-1.net\Trash/[From "Adolfo Tompkins" <[email protected]>][Date Wed, 05 Nov 03 01:24:45 GMT]/UNNAMED/[From "Annie Head" <[email protected]>][Date Sun, 16 Nov 2003 19:26:32 -0700]/UNNAMED/[From "Guy Bates" <[email protected]>][Date Wed, 12 Nov 2003 01:27:43 -0500]/UNNAMED/[From "Hal Talia" <[email protected]>][Date Wed, 12 Nov 2003 02:53:15 -0500]/UNNAMED/[From "Cary Kirkland" <z911uf ... /[Fr ... / ... /[From "Marlene Franco" <[email protected]>][Date Sun, 31 Oct 2004 12:48:55 -0200]/text Infected: Trojan-Spy.HTML.Bayfraud.s skipped
    C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\Mail\pop.west.cox-1.net\Trash/[From "Adolfo Tompkins" <[email protected]>][Date Wed, 05 Nov 03 01:24:45 GMT]/UNNAMED/[From "Annie Head" <[email protected]>][Date Sun, 16 Nov 2003 19:26:32 -0700]/UNNAMED/[From "Guy Bates" <[email protected]>][Date Wed, 12 Nov 2003 01:27:43 -0500]/UNNAMED/[From "Hal Talia" <[email protected]>][Date Wed, 12 Nov 2003 02:53:15 -0500]/UNNAMED/[From "Cary Kirkland" <z911uf ... /[Fr ... / ... /[From Mail Administrator <[email protected]>][Date Sun, 31 Oct 2004 09:50:16 -0500]/UNNAMED Infected: Trojan-Spy.HTML.Bayfraud.s skipped
    C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\Mail\pop.west.cox-1.net\Trash/[From "Adolfo Tompkins" <[email protected]>][Date Wed, 05 Nov 03 01:24:45 GMT]/UNNAMED/[From "Annie Head" <[email protected]>][Date Sun, 16 Nov 2003 19:26:32 -0700]/UNNAMED/[From "Guy Bates" <[email protected]>][Date Wed, 12 Nov 2003 01:27:43 -0500]/UNNAMED/[From "Hal Talia" <[email protected]>][Date Wed, 12 Nov 2003 02:53:15 -0500]/UNNAMED/[From "Cary Kirkland" <z911uf ... /[Fr ... /[From "Antoinette Howard" <[email protected]>][Date Sun, 31 Oct 2004 03:04:36 -0400]/text Infected: Trojan-Spy.HTML.Bayfraud.s skipped
    C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\Mail\pop.west.cox-1.net\Trash/[From "Adolfo Tompkins" <[email protected]>][Date Wed, 05 Nov 03 01:24:45 GMT]/UNNAMED/[From "Annie Head" <[email protected]>][Date Sun, 16 Nov 2003 19:26:32 -0700]/UNNAMED/[From "Guy Bates" <[email protected]>][Date Wed, 12 Nov 2003 01:27:43 -0500]/UNNAMED/[From "Hal Talia" <[email protected]>][Date Wed, 12 Nov 2003 02:53:15 -0500]/UNNAMED/[From "Cary Kirkland" <z911uf ... /[From "Salv ... ... /[From "Stewart Brock" <[email protected]>][Date Sun, 31 Oct 2004 08:17:21 +0400]/UNNAMED Infected: Trojan-Spy.HTML.Bayfraud.s skipped
    C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\Mail\pop.west.cox-1.net\Trash/[From "Adolfo Tompkins" <[email protected]>][Date Wed, 05 Nov 03 01:24:45 GMT]/UNNAMED/[From "Annie Head" <[email protected]>][Date Sun, 16 Nov 2003 19:26:32 -0700]/UNNAMED/[From "Guy Bates" <[email protected]>][Date Wed, 12 Nov 2003 01:27:43 -0500]/UNNAMED/[From "Hal Talia" <[email protected]>][Date Wed, 12 Nov 2003 02:53:15 -0500]/UNNAMED/[From "Cary Kirkland" <z911uf ... /[From "Salv ... /[From "Roger U. Tanner" <[email protected]>][Date Sat, 30 Oct 2004 19:29:26 -0600]/text Infected: Trojan-Spy.HTML.Bayfraud.s skipped
    C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\Mail\pop.west.cox-1.net\Trash/[From "Adolfo Tompkins" <[email protected]>][Date Wed, 05 Nov 03 01:24:45 GMT]/UNNAMED/[From "Annie Head" <[email protected]>][Date Sun, 16 Nov 2003 19:26:32 -0700]/UNNAMED/[From "Guy Bates" <[email protected]>][Date Wed, 12 Nov 2003 01:27:43 -0500]/UNNAMED/[From "Hal Talia" <[email protected]>][Date Wed, 12 Nov 2003 02:53:15 -0500]/UNNAMED/[From "Cary Kirkland" <z911uf ... /[From "Salvador Pritchard" <[email protected]>][Date Sat, 30 Oct 2004 18:36:00 -0500]/text Infected: Trojan-Spy.HTML.Bayfraud.s skipped
    C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\Mail\pop.west.cox-1.net\Trash/[From "Adolfo Tompkins" <[email protected]>][Date Wed, 05 Nov 03 01:24:45 GMT]/UNNAMED/[From "Annie Head" <[email protected]>][Date Sun, 16 Nov 2003 19:26:32 -0700]/UNNAMED/[From "Guy Bates" <[email protected]>][Date Wed, 12 Nov 2003 01:27:43 -0500]/UNNAMED/[From "Hal Talia" <[email protected]>][Date Wed, 12 Nov 2003 02:53:15 -0500]/UNNAMED/[From "Cary Kirkland" <z911ufh ... /[ ... /[ . ... /[From Lauri Huggins <[email protected]>][Date Sat, 30 Oct 2004 18:51:23 -0500]/UNNAMED Infected: Trojan-Spy.HTML.Bayfraud.s skipped
    C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\Mail\pop.west.cox-1.net\Trash/[From "Adolfo Tompkins" <[email protected]>][Date Wed, 05 Nov 03 01:24:45 GMT]/UNNAMED/[From "Annie Head" <[email protected]>][Date Sun, 16 Nov 2003 19:26:32 -0700]/UNNAMED/[From "Guy Bates" <[email protected]>][Date Wed, 12 Nov 2003 01:27:43 -0500]/UNNAMED/[From "Hal Talia" <[email protected]>][Date Wed, 12 Nov 2003 02:53:15 -0500]/UNNAMED/[From "Cary Kirkland" <z911ufh ... /[ ... /[ ... /[From "Body Antidote" <[email protected]>][Date Sun, 31 Oct 2004 03:34:11 -0500]/UNNAMED Infected: Trojan-Spy.HTML.Bayfraud.s skipped
    C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\Mail\pop.west.cox-1.net\Trash/[From "Adolfo Tompkins" <[email protected]>][Date Wed, 05 Nov 03 01:24:45 GMT]/UNNAMED/[From "Annie Head" <[email protected]>][Date Sun, 16 Nov 2003 19:26:32 -0700]/UNNAMED/[From "Guy Bates" <[email protected]>][Date Wed, 12 Nov 2003 01:27:43 -0500]/UNNAMED/[From "Hal Talia" <[email protected]>][Date Wed, 12 Nov 2003 02:53:15 -0500]/UNNAMED/[From "Cary Kirkland" <z911ufh ... /[ ... /[F .. ... /[From "Mohamed George" <[email protected]>][Date Sat, 30 Oct 2004 08:21:54 -0200]/text Infected: Trojan-Spy.HTML.Bayfraud.s skipped
    C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\Mail\pop.west.cox-1.net\Trash/[From "Adolfo Tompkins" <[email protected]>][Date Wed, 05 Nov 03 01:24:45 GMT]/UNNAMED/[From "Annie Head" <[email protected]>][Date Sun, 16 Nov 2003 19:26:32 -0700]/UNNAMED/[From "Guy Bates" <[email protected]>][Date Wed, 12 Nov 2003 01:27:43 -0500]/UNNAMED/[From "Hal Talia" <[email protected]>][Date Wed, 12 Nov 2003 02:53:15 -0500]/UNNAMED/[From "Cary Kirkland" <z911ufh ... /[ ... /[F ... /[From "Elvie Vicki" <[email protected]>][Date Sat, 30 Oct 2004 02:12:12 -0500]/UNNAMED Infected: Trojan-Spy.HTML.Bayfraud.s skipped
    C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\Mail\pop.west.cox-1.net\Trash/[From "Adolfo Tompkins" <[email protected]>][Date Wed, 05 Nov 03 01:24:45 GMT]/UNNAMED/[From "Annie Head" <[email protected]>][Date Sun, 16 Nov 2003 19:26:32 -0700]/UNNAMED/[From "Guy Bates" <[email protected]>][Date Wed, 12 Nov 2003 01:27:43 -0500]/UNNAMED/[From "Hal Talia" <[email protected]>][Date Wed, 12 Nov 2003 02:53:15 -0500]/UNNAMED/[From "Cary Kirkland" <z911ufh ... /[ ... /[From "Eloise-Padgett" <[email protected]>][Date Fri, 29 Oct 2004 21:21:04 -0600]/UNNAMED Infected: Trojan-Spy.HTML.Bayfraud.s skipped
    C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\Mail\pop.west.cox-1.net\Trash/[From "Adolfo Tompkins" <[email protected]>][Date Wed, 05 Nov 03 01:24:45 GMT]/UNNAMED/[From "Annie Head" <[email protected]>][Date Sun, 16 Nov 2003 19:26:32 -0700]/UNNAMED/[From "Guy Bates" <[email protected]>][Date Wed, 12 Nov 2003 01:27:43 -0500]/UNNAMED/[From "Hal Talia" <[email protected]>][Date Wed, 12 Nov 2003 02:53:15 -0500]/UNNAMED/[From "Cary Kirkland" <z911ufh ... /[From .. ... /[From German Triplett <[email protected]>][Date Sat, 30 Oct 2004 03:14:21 +0100]/UNNAMED Infected: Trojan-Spy.HTML.Bayfraud.s skipped
    C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\Mail\pop.west.cox-1.net\Trash/[From "Adolfo Tompkins" <[email protected]>][Date Wed, 05 Nov 03 01:24:45 GMT]/UNNAMED/[From "Annie Head" <[email protected]>][Date Sun, 16 Nov 2003 19:26:32 -0700]/UNNAMED/[From "Guy Bates" <[email protected]>][Date Wed, 12 Nov 2003 01:27:43 -0500]/UNNAMED/[From "Hal Talia" <[email protected]>][Date Wed, 12 Nov 2003 02:53:15 -0500]/UNNAMED/[From "Cary Kirkland" <z911ufh ... /[From ... /[From "Huerta Lindsey" <[email protected]>][Date Fri, 15 Oct 2004 23:07:47 -0800]/text Infected: Trojan-Spy.HTML.Bayfraud.s skipped
    C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\Mail\pop.west.cox-1.net\Trash/[From "Adolfo Tompkins" <[email protected]>][Date Wed, 05 Nov 03 01:24:45 GMT]/UNNAMED/[From "Annie Head" <[email protected]>][Date Sun, 16 Nov 2003 19:26:32 -0700]/UNNAMED/[From "Guy Bates" <[email protected]>][Date Wed, 12 Nov 2003 01:27:43 -0500]/UNNAMED/[From "Hal Talia" <[email protected]>][Date Wed, 12 Nov 2003 02:53:15 -0500]/UNNAMED/[From "Cary Kirkland" <z911ufh ... /[From ... /[From "Otto Higgins" <[email protected]>][Date Wed, 06 Oct 2004 05:50:55 +0200]/UNNAMED Infected: Trojan-Spy.HTML.Bayfraud.s skipped
    C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\Mail\pop.west.cox-1.net\Trash/[From "Adolfo Tompkins" <[email protected]>][Date Wed, 05 Nov 03 01:24:45 GMT]/UNNAMED/[From "Annie Head" <[email protected]>][Date Sun, 16 Nov 2003 19:26:32 -0700]/UNNAMED/[From "Guy Bates" <[email protected]>][Date Wed, 12 Nov 2003 01:27:43 -0500]/UNNAMED/[From "Hal Talia" <[email protected]>][Date Wed, 12 Nov 2003 02:53:15 -0500]/UNNAMED/[From "Cary Kirkland" <z911ufh ... /[From "Irma William" <[email protected]>][Date Tue, 05 Oct 2004 14:42:13 -0500]/text Infected: Trojan-Spy.HTML.Bayfraud.s skipped
    C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\Mail\pop.west.cox-1.net\Trash/[From "Adolfo Tompkins" <[email protected]>][Date Wed, 05 Nov 03 01:24:45 GMT]/UNNAMED/[From "Annie Head" <[email protected]>][Date Sun, 16 Nov 2003 19:26:32 -0700]/UNNAMED/[From "Guy Bates" <[email protected]>][Date Wed, 12 Nov 2003 01:27:43 -0500]/UNNAMED/[From "Hal Talia" <[email protected]>][Date Wed, 12 Nov 2003 02:53:15 -0500]/UNNAMED/[From "Cary Kirkland" <[email protected] ... /[F ... /[From "Kelsey Barrow" <[email protected]>][Date Sat, 26 Apr 2003 09:28:04 -0500]/UNNAMED Infected: Trojan-Spy.HTML.Bayfraud.s skipped
    C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\Mail\pop.west.cox-1.net\Trash/[From "Adolfo Tompkins" <[email protected]>][Date Wed, 05 Nov 03 01:24:45 GMT]/UNNAMED/[From "Annie Head" <[email protected]>][Date Sun, 16 Nov 2003 19:26:32 -0700]/UNNAMED/[From "Guy Bates" <[email protected]>][Date Wed, 12 Nov 2003 01:27:43 -0500]/UNNAMED/[From "Hal Talia" <[email protected]>][Date Wed, 12 Nov 2003 02:53:15 -0500]/UNNAMED/[From "Cary Kirkland" <[email protected] ... /[From "Brittany Stapleton" <[email protected]>][Date Sun, 05 Sep 2004 21:49:09 -0400]/UNNAMED Infected: Trojan-Spy.HTML.Bayfraud.s skipped
    C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\Mail\pop.west.cox-1.net\Trash/[From "Adolfo Tompkins" <[email protected]>][Date Wed, 05 Nov 03 01:24:45 GMT]/UNNAMED/[From "Annie Head" <[email protected]>][Date Sun, 16 Nov 2003 19:26:32 -0700]/UNNAMED/[From "Guy Bates" <[email protected]>][Date Wed, 12 Nov 2003 01:27:43 -0500]/UNNAMED/[From "Hal Talia" <[email protected]>][Date Wed, 12 Nov 2003 02:53:15 -0500]/UNNAMED/[From "Cary Kirkland" <[email protected]>] ... /[From "Danita Colleen" <[email protected]>][Date Sun, 05 Sep 2004 05:17:36 -060 ... /text Infected: Trojan-Spy.HTML.Bayfraud.s skipped
    C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\Mail\pop.west.cox-1.net\Trash/[From "Adolfo Tompkins" <[email protected]>][Date Wed, 05 Nov 03 01:24:45 GMT]/UNNAMED/[From "Annie Head" <[email protected]>][Date Sun, 16 Nov 2003 19:26:32 -0700]/UNNAMED/[From "Guy Bates" <[email protected]>][Date Wed, 12 Nov 2003 01:27:43 -0500]/UNNAMED/[From "Hal Talia" <[email protected]>][Date Wed, 12 Nov 2003 02:53:15 -0500]/UNNAMED/[From "Cary Kirkland" <[email protected]>] ... /[From "Danita Colleen" <[email protected]>][Date Sun, 05 Sep 2004 05:17:36 -0600]/UNNAMED Infected: Trojan-Spy.HTML.Bayfraud.s skipped
    C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\Mail\pop.west.cox-1.net\Trash/[From "Adolfo Tompkins" <[email protected]>][Date Wed, 05 Nov 03 01:24:45 GMT]/UNNAMED/[From "Annie Head" <[email protected]>][Date Sun, 16 Nov 2003 19:26:32 -0700]/UNNAMED/[From "Guy Bates" <[email protected]>][Date Wed, 12 Nov 2003 01:27:43 -0500]/UNNAMED/[From "Hal Talia" <[email protected]>][Date Wed, 12 Nov 2003 02:53:15 -0500]/UNNAMED/[From "Cary Kirkland" <[email protected]>][Date Wed, 12 Nov 03 22:58:32 GMT]/UNNAMED Infected: Trojan-Spy.HTML.Bayfraud.s skipped
    C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\Mail\pop.west.cox-1.net\Trash/[From "Adolfo Tompkins" <[email protected]>][Date Wed, 05 Nov 03 01:24:45 GMT]/UNNAMED/[From "Annie Head" <[email protected]>][Date Sun, 16 Nov 2003 19:26:32 -0700]/UNNAMED/[From "Guy Bates" <[email protected]>][Date Wed, 12 Nov 2003 01:27:43 -0500]/UNNAMED/[From "Hal Talia" <[email protected]>][Date Wed, 12 Nov 2003 02:53:15 -0500]/UNNAMED Infected: Trojan-Spy.HTML.Bayfraud.s skipped
    C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\Mail\pop.west.cox-1.net\Trash/[From "Adolfo Tompkins" <[email protected]>][Date Wed, 05 Nov 03 01:24:45 GMT]/UNNAMED/[From "Annie Head" <[email protected]>][Date Sun, 16 Nov 2003 19:26:32 -0700]/UNNAMED/[From "Guy Bates" <[email protected]>][Date Wed, 12 Nov 2003 01:27:43 -0500]/UNNAMED Infected: Trojan-Spy.HTML.Bayfraud.s skipped
    C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\Mail\pop.west.cox-1.net\Trash/[From "Adolfo Tompkins" <[email protected]>][Date Wed, 05 Nov 03 01:24:45 GMT]/UNNAMED/[From "Annie Head" <[email protected]>][Date Sun, 16 Nov 2003 19:26:32 -0700]/UNNAMED Infected: Trojan-Spy.HTML.Bayfraud.s skipped
    C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\Mail\pop.west.cox-1.net\Trash/[From "Adolfo Tompkins" <[email protected]>][Date Wed, 05 Nov 03 01:24:45 GMT]/UNNAMED Infected: Trojan-Spy.HTML.Bayfraud.s skipped
    C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\Mail\pop.west.cox-1.net\Trash Mail Berkeley mbox: infected - 34 skipped
    C:\Documents and Settings\Administrator\Local Settings\Application Data\Identities\{A35FB336-A4FD-4B06-867B-9C262F262093}\Microsoft\Outlook Express\Deleted Items.dbx/[From [email protected]][Date Sun, 02 May 2004 21:11:20 -0600]/UNNAMED/Details.com Infected: Email-Worm.Win32.Bagle.y skipped
    C:\Documents and Settings\Administrator\Local Settings\Application Data\Identities\{A35FB336-A4FD-4B06-867B-9C262F262093}\Microsoft\Outlook Express\Deleted Items.dbx/[From [email protected]][Date Sun, 02 May 2004 21:11:20 -0600]/UNNAMED Infected: Email-Worm.Win32.Bagle.y skipped
    C:\Documents and Settings\Administrator\Local Settings\Application Data\Identities\{A35FB336-A4FD-4B06-867B-9C262F262093}\Microsoft\Outlook Express\Deleted Items.dbx/[From [email protected]][Date Sun, 02 May 2004 20:38:48 -0600]/UNNAMED/Information.com Infected: Email-Worm.Win32.Bagle.y skipped
    C:\Documents and Settings\Administrator\Local Settings\Application Data\Identities\{A35FB336-A4FD-4B06-867B-9C262F262093}\Microsoft\Outlook Express\Deleted Items.dbx/[From [email protected]][Date Sun, 02 May 2004 20:38:48 -0600]/UNNAMED Infected: Email-Worm.Win32.Bagle.y skipped
    C:\Documents and Settings\Administrator\Local Settings\Application Data\Identities\{A35FB336-A4FD-4B06-867B-9C262F262093}\Microsoft\Outlook Express\Deleted Items.dbx/[From [email protected]][Date Sun, 02 May 2004 20:14:30 -0600]/UNNAMED/Document.com Infected: Email-Worm.Win32.Bagle.y skipped
    C:\Documents and Settings\Administrator\Local Settings\Application Data\Identities\{A35FB336-A4FD-4B06-867B-9C262F262093}\Microsoft\Outlook Express\Deleted Items.dbx/[From [email protected]][Date Sun, 02 May 2004 20:14:30 -0600]/UNNAMED Infected: Email-Worm.Win32.Bagle.y skipped
    C:\Documents and Settings\Administrator\Local Settings\Application Data\Identities\{A35FB336-A4FD-4B06-867B-9C262F262093}\Microsoft\Outlook Express\Deleted Items.dbx/[From [email protected]][Date Tue, 04 May 2004 12:01:07 -0500]/UNNAMED/MoreInfo.com Infected: Email-Worm.Win32.Bagle.y skipped
    C:\Documents and Settings\Administrator\Local Settings\Application Data\Identities\{A35FB336-A4FD-4B06-867B-9C262F262093}\Microsoft\Outlook Express\Deleted Items.dbx/[From [email protected]][Date Tue, 04 May 2004 12:01:07 -0500]/UNNAMED Infected: Email-Worm.Win32.Bagle.y skipped
    C:\Documents and Settings\Administrator\Local Settings\Application Data\Identities\{A35FB336-A4FD-4B06-867B-9C262F262093}\Microsoft\Outlook Express\Deleted Items.dbx Mail MS Outlook 5: infected - 8 skipped
    C:\Documents and Settings\Administrator\Local Settings\Application Data\Identities\{A35FB336-A4FD-4B06-867B-9C262F262093}\Microsoft\Outlook Express\Old NCDD.dbx/[From [email protected]][Date Thu, 13 May 2004 08:59:32 -0500]/UNNAMED/Details.exe Infected: Email-Worm.Win32.Bagle.y skipped
    C:\Documents and Settings\Administrator\Local Settings\Application Data\Identities\{A35FB336-A4FD-4B06-867B-9C262F262093}\Microsoft\Outlook Express\Old NCDD.dbx/[From [email protected]][Date Thu, 13 May 2004 08:59:32 -0500]/UNNAMED Infected: Email-Worm.Win32.Bagle.y skipped
    C:\Documents and Settings\Administrator\Local Settings\Application Data\Identities\{A35FB336-A4FD-4B06-867B-9C262F262093}\Microsoft\Outlook Express\Old NCDD.dbx/[From [email protected]][Date Wed, 05 May 2004 09:38:43 -0500]/UNNAMED/Readme.com Infected: Email-Worm.Win32.Bagle.y skipped
    C:\Documents and Settings\Administrator\Local Settings\Application Data\Identities\{A35FB336-A4FD-4B06-867B-9C262F262093}\Microsoft\Outlook Express\Old NCDD.dbx/[From [email protected]][Date Wed, 05 May 2004 09:38:43 -0500]/UNNAMED Infected: Email-Worm.Win32.Bagle.y skipped
    C:\Documents and Settings\Administrator\Local Settings\Application Data\Identities\{A35FB336-A4FD-4B06-867B-9C262F262093}\Microsoft\Outlook Express\Old NCDD.dbx Mail MS Outlook 5: infected - 4 skipped
    C:\Documents and Settings\Administrator\Local Settings\Application Data\Identities\{A35FB336-A4FD-4B06-867B-9C262F262093}\Microsoft\Outlook Express\[email protected]/[From "Ee" <[email protected]>][Date Fri, 22 Oct 2004 09:41:36 -0800]/UNNAMED/Joke.scr Infected: Email-Worm.Win32.Bagle.as skipped
    C:\Documents and Settings\Administrator\Local Settings\Application Data\Identities\{A35FB336-A4FD-4B06-867B-9C262F262093}\Microsoft\Outlook Express\[email protected]/[From "Ee" <[email protected]>][Date Fri, 22 Oct 2004 09:41:36 -0800]/UNNAMED Infected: Email-Worm.Win32.Bagle.as skipped
    C:\Documents and Settings\Administrator\Local Settings\Application Data\Identities\{A35FB336-A4FD-4B06-867B-9C262F262093}\Microsoft\Outlook Express\[email protected] Mail MS Outlook 5: infected - 2 skipped
    C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Deleted Items/29 Aug 2004 21:06 from Willie Newton:-- Spam -- improve your son.rtf Infected: Trojan-Dropper.VBS.Zerolin skipped
    C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Deleted Items/25 Aug 2004 22:57 from Chad Jorgensen:-- Spam -- Life experiance.rtf Infected: Trojan-Dropper.VBS.Zerolin skipped
    C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Deleted Items/25 Aug 2004 22:58 from Chad Jorgensen:-- Spam -- Life experiance.rtf Infected: Trojan-Dropper.VBS.Zerolin skipped
    C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Deleted Items/09 Aug 2004 02:07 from U.S. Bank:-- Spam -- Official Information.rtf Infected: Trojan-Spy.HTML.Usbankfraud.p skipped
     
  14. realmccoyDUI

    realmccoyDUI Thread Starter

    Joined:
    Mar 3, 2006
    Messages:
    15
    C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Deleted Items/26 Jul 2004 19:02 from U S Bank:-- Spam -- US Bank info! [%RND_D.rtf Infected: Trojan-Spy.HTML.Usbankfraud.i skipped
    C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Deleted Items/10 Apr 2004 12:44 from Casino:YOU WON A FREE VACATION!!!!.rtf Infected: Trojan.HTML.Qrap skipped
    C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Outlook\archive.pst Mail MS Mail: infected - 6 skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\056562FE.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.MegaSearch.a skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\056562FE.exe/stream Infected: not-a-virus:AdWare.Win32.MegaSearch.a skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\056562FE.exe NSIS: infected - 2 skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\056562FE.exe CryptFF: infected - 2 skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\065605F4.exe Infected: not-a-virus:AdWare.Win32.Lop.ag skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\07457EEE.dll Infected: not-a-virus:AdWare.Win32.PurityScan.ak skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\076278CD.exe Infected: not-a-virus:AdWare.Win32.Lop.ag skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\07AD3E7B.dll Infected: not-a-virus:AdWare.Win32.Suggestor.f skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0CB132F6.zip/BlackBox.class Infected: Exploit.Java.ByteVerify skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0CB132F6.zip/VerifierBug.class Infected: Exploit.Java.ByteVerify skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0CB132F6.zip/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0CB132F6.zip ZIP: infected - 3 skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0CB132F6.zip CryptFF: infected - 3 skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\18CF01A0.dll Infected: not-a-virus:AdWare.Win32.IWon.e skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1D981A12.exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1DAC15FD.dll Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1FF12FC8.dll Infected: not-a-virus:AdWare.Win32.IWon.e skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2966475E.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.b skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\36590043.exe/stream/data0001 Infected: Trojan.Win32.Delf.gh skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\36590043.exe/stream Infected: Trojan.Win32.Delf.gh skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\36590043.exe NSIS: infected - 2 skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\36590043.exe CryptFF: infected - 2 skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\365F543C.exe/data0002 Infected: Trojan-PSW.Win32.Agent.h skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\365F543C.exe/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.w skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\365F543C.exe NSIS: infected - 2 skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\365F543C.exe CryptFF: infected - 2 skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\389433CE.exe/stream/data0001 Infected: not-a-virus:AdWare.Win32.BargainBuddy.l skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\389433CE.exe/stream/data0002 Infected: not-a-virus:AdWare.Win32.BargainBuddy.q skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\389433CE.exe/stream/data0003 Infected: not-a-virus:AdWare.Win32.BargainBuddy.q skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\389433CE.exe/stream/data0005 Infected: Trojan-Clicker.Win32.VB.ex skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\389433CE.exe/stream/data0006/stream/data0001 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\389433CE.exe/stream/data0006/stream Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\389433CE.exe/stream/data0006 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\389433CE.exe/stream/data0007/stream/data0005 Infected: not-a-virus:AdWare.Win32.BargainBuddy.l skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\389433CE.exe/stream/data0007/stream/data0006 Infected: not-a-virus:AdWare.Win32.BargainBuddy.p skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\389433CE.exe/stream/data0007/stream/data0007 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\389433CE.exe/stream/data0007/stream/data0008 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\389433CE.exe/stream/data0007/stream Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\389433CE.exe/stream/data0007 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\389433CE.exe/stream Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\389433CE.exe NSIS: infected - 14 skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\389433CE.exe CryptFF: infected - 14 skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\389B07C7.exe/data0004 Infected: not-a-virus:AdWare.Win32.WebRebates.d skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\389B07C7.exe/data0005 Infected: not-a-virus:AdWare.Win32.WebRebates.h skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\389B07C7.exe/data0006 Infected: not-a-virus:AdWare.Win32.WebRebates.c skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\389B07C7.exe NSIS: infected - 3 skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\389B07C7.exe CryptFF: infected - 3 skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\50E12311.exe Infected: not-a-virus:AdWare.Win32.Lop.ag skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\522B33A6.exe/data0002 Infected: not-a-virus:AdWare.Win32.Sahat.z skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\522B33A6.exe NSIS: infected - 1 skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\522B33A6.exe CryptFF: infected - 1 skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5A210AE3.exe Infected: not-a-virus:AdWare.Win32.Lop.ag skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5FCE2612.exe Infected: not-a-virus:AdWare.Win32.Lop.ag skipped
    C:\Program Files\Lycos\IEagent\CSSSINST.DLL Infected: not-a-virus:AdWare.Win32.ClearSearch.c skipped
    C:\Program Files\Oemji\OemjiSearchPlus\OemjiPls.dll Infected: not-a-virus:AdWare.Win32.Nomeh.a skipped
    C:\Program Files\Oemji\OemjiSearchPlus\sfbnsp.dll Infected: not-a-virus:AdWare.Win32.Nomeh.a skipped
    C:\Program Files\Oemji\Toolbar\OemjiSrc.dll Infected: not-a-virus:AdWare.Win32.Nomeh.a skipped

    Scan process completed.
     
  15. realmccoyDUI

    realmccoyDUI Thread Starter

    Joined:
    Mar 3, 2006
    Messages:
    15
    Logfile of HijackThis v1.99.1
    Scan saved at 6:52:10 PM, on 03/04/2006
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINNT\system32\spoolsv.exe
    C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
    C:\WINNT\System32\cisvc.exe
    C:\WINNT\Cpqdiag\Cpqdfwag.exe
    C:\WINNT\System32\svchost.exe
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\PROGRA~1\Iomega\System32\AppServices.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    C:\WINNT\system32\regsvc.exe
    C:\WINNT\system32\MSTask.exe
    C:\WINNT\system32\stisvc.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\System32\msdtc.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINNT\Explorer.EXE
    C:\WINNT\System32\PDesk.exe
    C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
    C:\WINNT\SYSTEM32\starter.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\Compaq\Easy Access Button Support\CPQEAKSYSTEMTRAY.EXE
    C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
    C:\Compaq\EAKDRV\EAUSBKBD.EXE
    C:\WINNT\tppaldr.exe
    C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
    C:\Program Files\Iomega HotBurn Pro\Autolaunch.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_FATI9LA.EXE
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\WINNT\system32\ctfmon.exe
    C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopMail.exe
    C:\WINNT\system32\DllHost.exe
    C:\WINNT\System32\cidaemon.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Common Files\Symantec Shared\NMain.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.google.com/mail/
    R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
    N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/bookmark/7_0/home.html"); (C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\prefs.js)
    N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\yhllqh5v.slt\prefs.js)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
    O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
    O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
    O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [Matrox Powerdesk] C:\WINNT\System32\PDesk.exe /Autolaunch
    O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
    O4 - HKLM\..\Run: [EnsoniqMixer] C:\WINNT\SYSTEM32\starter.exe
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\BRMFLPRO\SetDefPrt.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -minimize
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [TPP Auto Loader] C:\WINNT\tppaldr.exe
    O4 - HKLM\..\Run: [Drag'n'Drop_Autolaunch] "C:\Program Files\Iomega HotBurn Pro\Autolaunch.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINNT\system32\PSDrvCheck.exe -CheckReg
    O4 - HKLM\..\Run: [EPSON Stylus Photo R1800] C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_FATI9LA.EXE /P24 "EPSON Stylus Photo R1800" /O12 "EP1394D3_001" /M "Stylus Photo R1800"
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
    O4 - HKLM\..\Run: [PicasaNet] "C:\Program Files\Hello\Hello.exe" -b
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [SSC_UserPrompt] "C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe"
    O4 - HKLM\..\RunServices: [CPQDFWAG] C:\WINNT\Cpqdiag\CpqDfwAg.exe
    O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
    O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
    O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
    O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
    O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
    O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
    O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
    O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
    O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
    O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
    O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} - http://usercenter.cox.net/rsuite/sdccommon/download/tgctlcm.cab
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z.net/content.inf...W/win/019-0312.20050111.MmVrT/iTunesSetup.exe
    O16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E} (Install Class) - http://updates.lifescapeinc.com/installers/pinstall/pinstall.cab
    O16 - DPF: {FC67BB52-AAB6-4282-9D51-2DAFFE73AFD0} - http://download.spyspotter.com/spyspotter/SpSp29952.22opt/SpySpotterInstall.cab
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
    O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Compaq Remote Diagnostics Enabling Agent (CpqDfwWebAgent) - Compaq Computer Corporation - C:\WINNT\Cpqdiag\Cpqdfwag.exe
    O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
    O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: jsdaemon - Unknown owner - c:\progra~1\jetsuite\jsdaemon.exe (file missing)
    O23 - Service: Machine Debug Manager (MDM) - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe (file missing)
    O23 - Service: MGABGEXE - Unknown owner - C:\WINNT\System32\mgabg.exe (file missing)
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINNT\System32\NMSSvc.exe
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
    O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/447031

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice