1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved: Popups from Windows Security Centre - Help

Discussion in 'Virus & Other Malware Removal' started by kaycee72, Aug 7, 2006.

Thread Status:
Not open for further replies.
Advertisement
  1. kaycee72

    kaycee72 Thread Starter

    Joined:
    Aug 5, 2006
    Messages:
    11
    Hi,

    I keep getting popups from Windows Security Centre about every 5 minutes. It is so annoying. I don't know how to stop this. Here is my HJT logfile. Can anyone help! Thanks in advance.

    Logfile of HijackThis v1.99.1
    Scan saved at 5:32:35 PM, on 7/08/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    C:\windows\system\hpsysdrv.exe
    C:\WINDOWS\System32\hphmon05.exe
    C:\HP\KBD\KBD.EXE
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\Multimedia Card Reader\shwicon2k.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\ALCXMNTR.EXE
    C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\PROGRA~1\MYWEBS~1\bar\5.bin\mwsoemon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\PROGRA~1\PRESAR~1\Presario\XPHWWRP4\plugin\bin\pchbutton.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak

    Software Updater.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\WINDOWS\system32\drivers\KodakCCS.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
    C:\Program Files\LimeWire\LimeWire.exe
    C:\WINDOWS\System32\svchost.exe
    C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
    C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\smartdrv.exe
    C:\WINDOWS\system32\officescan.exe
    C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\WinRAR\WinRAR.exe
    C:\DOCUME~1\Owner\LOCALS~1\Temp\Rar$EX02.718\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

    http://qau10.hpwis.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

    http://qau10.hpwis.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet

    Settings,ProxyOverride = localhost
    R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D}

    - C:\Program Files\MyWebSearch\SrchAstt\5.bin\MWSSRCAS.DLL
    O2 - BHO: (no name) - {00000000-59D4-4008-9058-080011001200} - (no

    file)
    O2 - BHO: (no name) - {00000000-C1EC-0345-6EC2-4D0300000000} - (no

    file)
    O2 - BHO: (no name) - {00000000-F09C-02B4-6EC2-AD0300000000} - (no

    file)
    O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-

    5838F569A31D} - C:\Program

    Files\MyWebSearch\SrchAstt\5.bin\MWSSRCAS.DLL
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-

    7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-

    784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0

    \ActiveX\AcroIEHelper.dll
    O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} -

    C:\Program Files\MyWebSearch\bar\5.bin\MWSBAR.DLL
    O2 - BHO: (no name) - {3ceff6cd-6f08-4e4d-bccd-ff7415288c3b} - (no

    file)
    O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no

    file)
    O2 - BHO: (no name) - {77701e16-9bfe-4b63-a5b4-7bd156758a37} - (no

    file)
    O2 - BHO: (no name) - {7b55bb05-0b4d-44fd-81a6-b136188f5deb} - (no

    file)
    O2 - BHO: (no name) - {8333c319-0669-4893-a418-f56d9249fca6} - (no

    file)
    O2 - BHO: (no name) - {9c691a33-7dda-4c2f-be4c-c176083f35cf} - (no

    file)
    O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} -

    C:\PROGRA~1\FlashGet\jccatch.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-

    CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: office_pnl.office_panel - {B53455DB-5527-4041-AC41-

    F86E6947AA47} - C:\WINDOWS\system32\office_pnl.dll
    O2 - BHO: (no name) - {e52dedbb-d168-4bdb-b229-c48160800e81} - (no

    file)
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no

    file)
    O2 - BHO: (no name) - {ffd2825e-0785-40c5-9a41-518f53a8261f} - (no

    file)
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} -

    C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} -

    C:\PROGRA~1\FlashGet\fgiebar.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} -

    c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -

    C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE"

    /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32

    \IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32

    \IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32

    \IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program

    Files\Java\j2re1.4.2_03\bin\jusched.exe
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-

    8EE8-6164457517F0}\hphupd05.exe
    O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common

    Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32

    \NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
    O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card

    Reader\shwicon2k.exe
    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
    O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0

    \OpwareSE2.exe"
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program

    Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet

    Security 2005\pccguide.exe"
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program

    Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common

    Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program

    Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program

    Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [BearShare] "C:\Program

    Files\BearShare\BearShare.exe" /pause
    O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1

    \bar\5.bin\MWSBAR.DLL,S
    O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1

    \bar\5.bin\mwsoemon.exe
    O4 - HKLM\..\Run: [Adware.Srv32] C:\WINDOWS\system32\runsrv32.exe
    O4 - HKLM\..\Run: [Transponder] C:\WINDOWS\system32\susp.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe"

    /background
    O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\PRESAR~1

    \Presario\XPHWWRP4\plugin\bin\pchbutton.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN

    Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0

    \Reader\AdobeUpdateManager.exe AcRdB7_0_8
    O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1

    \bar\5.bin\mwsoemon.exe
    O4 - Startup: antispysoldier.lnk = C:\Program Files\Antispyware

    Soldier\antispysoldier.exe
    O4 - Startup: LimeWire On Startup.lnk = C:\Program

    Files\LimeWire\LimeWire.exe
    O4 - Startup: PowerReg Scheduler V3.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program

    Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq

    Connections\1940576\Program\BackWeb-1940576.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program

    Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program

    Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    O4 - Global Startup: Kodak software updater.lnk = C:\Program

    Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software

    Updater.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft

    Office\Office\OSA9.EXE
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program

    Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: &Google Search - res://C:\Program

    Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: &Search -

    http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZB
    O8 - Extra context menu item: &Translate English Word -

    res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://C:\Program

    Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page -

    res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: Download All by FlashGet - C:\Program

    Files\FlashGet\jc_all.htm
    O8 - Extra context menu item: Download using FlashGet - C:\Program

    Files\FlashGet\jc_link.htm
    O8 - Extra context menu item: Easy-WebPrint Add To Print List -

    res://C:\Program Files\Canon\Easy-

    WebPrint\Resource.dll/RC_AddToList.html
    O8 - Extra context menu item: Easy-WebPrint High Speed Print -

    res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
    O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program

    Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
    O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program

    Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
    O8 - Extra context menu item: Similar Pages - res://C:\Program

    Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English -

    res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

    C:\WINDOWS\System32\msjava.dll (file missing)
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-

    AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} -

    C:\PROGRA~1\FlashGet\flashget.exe
    O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-

    0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

    C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-

    BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet

    Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} (MediaGatewayX) -

    http://static.zangocash.com/cab/Zango/ie/bridge-c8.cab?

    9b91da394bb089c426c4c8fcb2032040a0984db8ccad09aad24d7ebc200f0941a5b810e

    6eae0e4827334f18e895434b50ff31e0c2b0e8f858ddc2e736e:e3eb4becbb5c1ba39dd

    084361d36488e
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} -

    "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision

    Corporation - C:\Program Files\Common Files\InstallShield\Driver\11

    \Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program

    Files\iPod\bin\iPodService.exe
    O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman

    Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA

    Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend

    Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
    O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro

    Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
    O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc.

    - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
    O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. -

    C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
     
  2. khazars

    khazars

    Joined:
    Feb 15, 2004
    Messages:
    12,302
    hi, welcome to TSG.

    repost your log again as it is difficult to read, in notepad click format and click wordwrap and that should do it!



    Click Start > Run > and type in:

    services.msc

    Click OK.

    In the services window find security centre
    Right click and choose "Properties". On the "General" tab under "Service
    Status" click the "Stop" button to stop the service. Beside "Startup Type"
    in the dropdown menu select "Disabled". Click Apply then OK. Exit the
    Services utility.

    Note: You may get an error here when trying to access the properties of the
    service. If you do get an error, just select the service and look there in
    the top left of the main service window and click "Stop" to stop the service. If that gives an error or it is already stopped, just skip this step and proceed with the rest.


    go to add/remove and uninstall antispysoldier, MyWebSearch and bearshare, delete their folders from c:\program files!


    Please download SmitfraudFix (by S!Ri)
    Extract the content (a folder named SmitfraudFix) to your Desktop.


    Download the pocket killbox

    http://www.bleepingcomputer.com/files/killbox.php



    Download ewido!


    http://www.ewido.net/en/


    * Once you have downloaded Ewido Anti-spyware, locate the icon on the desktop and double-click it to launch the set up program.
    * Once the setup is complete you will need run Ewido and update the definition files.
    * On the main screen select the icon "Update" then select the "Update now" link.
    * Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
    * Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
    * Once in the Settings screen click on "Recommended actions" and then select "Delete"
    * Under "Reports"
    * Select "Automatically generate report after every scan"
    * Un-Select "Only if threats were found"


    Close Ewido Anti-spyware, Do NOT run a scan yet. We will do that later in safe mode.



    * Click here to download ATF Cleaner by Atribune and save it to your desktop.

    http://majorgeeks.com/ATF_Cleaner_d4949.html


    * Double-click ATF-Cleaner.exe to run the program.
    * Under Main choose: Select All
    * Click the Empty Selected button.
    o If you use Firefox:
    + Click Firefox at the top and choose: Select All
    + Click the Empty Selected button.
    + NOTE: If you would like to keep your saved passwords, please click No at the prompt.
    o If you use Opera:
    + Click Opera at the top and choose: Select All
    + Click the Empty Selected button.
    + NOTE: If you would like to keep your saved passwords, please click No at the prompt.
    * Click Exit on the Main menu to close the program.


    * Click here for info on how to boot to safe mode if you don't already know
    how.

    http://service1.symantec.com/SUPPOR...2001052409420406?OpenDocument&src=sec_doc_nam



    * Now copy these instructions to notepad and save them to your desktop. You
    will need them to refer to in safe mode.


    * Restart your computer into safe mode now. Perform the following steps in
    safe mode:



    have hijack this fix these entries. close all browsers and programmes before
    clicking FIX.


    O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} -
    C:\Program Files\MyWebSearch\bar\5.bin\MWSBAR.DLL
    O2 - BHO: (no name) - {3ceff6cd-6f08-4e4d-bccd-ff7415288c3b} - (nofile)
    O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (nofile)
    O2 - BHO: (no name) - {77701e16-9bfe-4b63-a5b4-7bd156758a37} - (nofile)
    O2 - BHO: (no name) - {7b55bb05-0b4d-44fd-81a6-b136188f5deb} - (nofile)
    O2 - BHO: (no name) - {8333c319-0669-4893-a418-f56d9249fca6} - (nofile)
    O2 - BHO: (no name) - {9c691a33-7dda-4c2f-be4c-c176083f35cf} - (nofile)
    O2 - BHO: (no name) - {e52dedbb-d168-4bdb-b229-c48160800e81} - (nofile)
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (nofile)
    O2 - BHO: (no name) - {ffd2825e-0785-40c5-9a41-518f53a8261f} - (nofile)
    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
    O4 - HKLM\..\Run: [BearShare] "C:\ProgramFiles\BearShare\BearShare.exe" /pause
    O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1
    \bar\5.bin\MWSBAR.DLL,S
    O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1
    \bar\5.bin\mwsoemon.exe
    O4 - HKLM\..\Run: [Adware.Srv32] C:\WINDOWS\system32\runsrv32.exe
    O4 - HKLM\..\Run: [Transponder] C:\WINDOWS\system32\susp.exe
    O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\5.bin\mwsoemon.exe
    O4 - Startup: antispysoldier.lnk = C:\Program Files\Antispyware\AntispywareSoldier
    O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...rch.jhtml?p=ZB



    Double-click on Killbox.exe to run it. Now put a tick by Standard File Kill.
    In the Full Path of File to Delete box, copy and paste each of the following
    lines one at a time then click on the button that has the red circle with the
    X in the middle after you enter each file. It will ask for confirmation to
    delete the file. Click Yes. Continue with that same procedure until you have
    copied and pasted all of these in the Paste Full Path of File to Delete box.



    Note: It is possible that Killbox will tell you that one or more files do not
    exist. If that happens, just continue on with all the files. Be sure you
    don't miss any.


    C:\Program Files\MyWebSearch\bar\5.bin\MWSBAR.DLL
    C:\ProgramFiles\BearShare\BearShare.exe
    C:\ProgramFiles\BearShare
    C:\PROGRA~1\MYWEBS~1\bar\5.bin\mwsoemon.exe
    C:\PROGRA~1\MYWEBS~1
    C:\WINDOWS\system32\runsrv32.exe
    C:\WINDOWS\system32\susp.exe
    C:\PROGRA~1\MYWEBS~1\bar\5.bin\mwsoemon.exe
    C:\Program Files\AntispywareSoldier\antispysoldier.exe
    C:\Program Files\AntispywareSoldier




    Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmd
    Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

    You will be prompted: "Registry cleaning - Do you want to clean the registry?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

    The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

    The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.

    A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.

    The report can also be found at the root of the system drive, usually at C:\rapport.txt

    Warning: running option #2 on a non infected computer will remove your Desktop background.





    Run Ewido!

    # IMPORTANT: Do not open any other windows or programs while Ewido is scanning as it may interfere with the scanning process:
    # Launch Ewido Anti-spyware by double-clicking the icon on your desktop.
    # Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
    # Ewido will now begin the scanning process. Be patient this may take a little time.
    Once the scan is complete do the following:
    # If you have any infections you will prompted, then select "Apply all actions"
    # Next select the "Reports" icon at the top.
    # Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
    # Close Ewido and reboot your system back into Normal Mode.



    reboot to normal mode and run a few online scans!


    Make sure your ActiveX controls are set as follows:

    Go to Internet Options - Security - Internet, press 'default level', then OK.
    Now press "Custom Level."

    In the ActiveX section, set the first two options (Download signed and
    unsigned ActiveX controls) to 'prompt', and 'Initialize and Script ActiveX
    controls not marked as safe" to 'disable'.


    Active X settings

    http://www.compu-docs.com/activex.htm



    Run ActiveScan online virus scan here

    http://www.pandasoftware.com/products/activescan.htm

    When the scan is finished, anything that it cannot clean have it delete it.
    Make a note of the file location of anything that cannot be deleted so you
    can delete it yourself.
    - Save the results from the scan!



    post another hijack this log, the ewido, smitfraud and active scan logs
     
  3. kerryprance

    kerryprance

    Joined:
    Nov 26, 2004
    Messages:
    43
    I'm having the same problem. These hijackers always seem to find me the miniute I get out of work & need web access the most. I can't get ANY of my spyware/malware killer programs to touch this thing. I have even used (new edition) of Ad aware in normal & safe mode with no luck. The main reason I am commenting here is that - in my situation anyway - this has an unusual effect. It has made my System Restore inoperative.??? ( running XP pro) & up till now, thats been my last ditch fix.
     
  4. khazars

    khazars

    Joined:
    Feb 15, 2004
    Messages:
    12,302
    kerry, start your own thread as it is a bad idea to tag onto someone else's thread. Also post a hijakc this log!
     
  5. kaycee72

    kaycee72 Thread Starter

    Joined:
    Aug 5, 2006
    Messages:
    11
    Here is the same hijack this logfile.

    Logfile of HijackThis v1.99.1
    Scan saved at 5:32:35 PM, on 7/08/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    C:\windows\system\hpsysdrv.exe
    C:\WINDOWS\System32\hphmon05.exe
    C:\HP\KBD\KBD.EXE
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\Multimedia Card Reader\shwicon2k.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\ALCXMNTR.EXE
    C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\PROGRA~1\MYWEBS~1\bar\5.bin\mwsoemon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\PROGRA~1\PRESAR~1\Presario\XPHWWRP4\plugin\bin\pchbutton.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\WINDOWS\system32\drivers\KodakCCS.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
    C:\Program Files\LimeWire\LimeWire.exe
    C:\WINDOWS\System32\svchost.exe
    C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
    C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\smartdrv.exe
    C:\WINDOWS\system32\officescan.exe
    C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\WinRAR\WinRAR.exe
    C:\DOCUME~1\Owner\LOCALS~1\Temp\Rar$EX02.718\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qau10.hpwis.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://qau10.hpwis.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\5.bin\MWSSRCAS.DLL
    O2 - BHO: (no name) - {00000000-59D4-4008-9058-080011001200} - (no file)
    O2 - BHO: (no name) - {00000000-C1EC-0345-6EC2-4D0300000000} - (no file)
    O2 - BHO: (no name) - {00000000-F09C-02B4-6EC2-AD0300000000} - (no file)
    O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\5.bin\MWSSRCAS.DLL
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\5.bin\MWSBAR.DLL
    O2 - BHO: (no name) - {3ceff6cd-6f08-4e4d-bccd-ff7415288c3b} - (no file)
    O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
    O2 - BHO: (no name) - {77701e16-9bfe-4b63-a5b4-7bd156758a37} - (no file)
    O2 - BHO: (no name) - {7b55bb05-0b4d-44fd-81a6-b136188f5deb} - (no file)
    O2 - BHO: (no name) - {8333c319-0669-4893-a418-f56d9249fca6} - (no file)
    O2 - BHO: (no name) - {9c691a33-7dda-4c2f-be4c-c176083f35cf} - (no file)
    O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: office_pnl.office_panel - {B53455DB-5527-4041-AC41-F86E6947AA47} - C:\WINDOWS\system32\office_pnl.dll
    O2 - BHO: (no name) - {e52dedbb-d168-4bdb-b229-c48160800e81} - (no file)
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
    O2 - BHO: (no name) - {ffd2825e-0785-40c5-9a41-518f53a8261f} - (no file)
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
    O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
    O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
    O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe"
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
    O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\5.bin\MWSBAR.DLL,S
    O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\5.bin\mwsoemon.exe
    O4 - HKLM\..\Run: [Adware.Srv32] C:\WINDOWS\system32\runsrv32.exe
    O4 - HKLM\..\Run: [Transponder] C:\WINDOWS\system32\susp.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\PRESAR~1\Presario\XPHWWRP4\plugin\bin\pchbutton.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_8
    O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\5.bin\mwsoemon.exe
    O4 - Startup: antispysoldier.lnk = C:\Program Files\Antispyware Soldier\antispysoldier.exe
    O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
    O4 - Startup: PowerReg Scheduler V3.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZB
    O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
    O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
    O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
    O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
    O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
    O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
    O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
    O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} (MediaGatewayX) - http://static.zangocash.com/cab/Zan...858ddc2e736e:e3eb4becbb5c1ba39dd084361d36488e
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
    O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
    O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
    O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
     
  6. khazars

    khazars

    Joined:
    Feb 15, 2004
    Messages:
    12,302
    ok do the tasks in post 2 and post all the logs!
     
  7. kaycee72

    kaycee72 Thread Starter

    Joined:
    Aug 5, 2006
    Messages:
    11
    I did all the tasks the best I could but I couldn't do the Smitfraud scan as it didn't download properly. Here are the other logs though.

    Logfile of HijackThis v1.99.1
    Scan saved at 9:56:43 AM, on 10/08/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    C:\windows\system\hpsysdrv.exe
    C:\WINDOWS\System32\hphmon05.exe
    C:\HP\KBD\KBD.EXE
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\Multimedia Card Reader\shwicon2k.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\ewido anti-spyware 4.0\ewido.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\PROGRA~1\PRESAR~1\Presario\XPHWWRP4\plugin\bin\pchbutton.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
    C:\Program Files\SHARP\OZ_ZQ-590\sync.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\Program Files\LimeWire\LimeWire.exe
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\WINDOWS\system32\drivers\KodakCCS.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
    C:\WINDOWS\System32\svchost.exe
    C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
    C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\WinRAR\WinRAR.exe
    C:\DOCUME~1\Owner\LOCALS~1\Temp\Rar$EX00.328\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qau10.hpwis.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://qau10.hpwis.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
    O2 - BHO: (no name) - {00000000-59D4-4008-9058-080011001200} - (no file)
    O2 - BHO: (no name) - {00000000-C1EC-0345-6EC2-4D0300000000} - (no file)
    O2 - BHO: (no name) - {00000000-F09C-02B4-6EC2-AD0300000000} - (no file)
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
    O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
    O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
    O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe"
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\PRESAR~1\Presario\XPHWWRP4\plugin\bin\pchbutton.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_8
    O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
    O4 - Startup: PowerReg Scheduler V3.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: OZ_ZQ-590 Synchronization Software.lnk = C:\Program Files\SHARP\OZ_ZQ-590\sync.exe
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
    O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
    O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
    O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
    O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
    O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
    O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
    O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
    O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
    O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
    O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe



    Incident Status Location

    Adware:adware/superspider Not disinfected c:\windows\system32\a.exe
    Adware:adware/alexa-toolbar Not disinfected c:\windows\system32\alxres.dll
    Spyware:spyware/bridge Not disinfected c:\windows\system32\bridge.dll
    Adware:adware/dailytoolbar Not disinfected c:\windows\system32\dailytoolbar.dll
    Adware:adware/admess Not disinfected c:\windows\system32\tcpservice2.exe
    Adware:adware/topspyware Not disinfected c:\windows\system32\txfdb32.dll
    Adware:adware/btgrab Not disinfected c:\windows\BTGrab.dll
    Adware:adware/transponder Not disinfected c:\windows\dlmax.dll
    Spyware:spyware/betterinet Not disinfected c:\windows\susp.exe
    Potentially unwanted tool:application/funweb Not disinfected c:\program files\FunWebProducts
    Potentially unwanted tool:application/adwaresheriff Not disinfected hkey_current_user\software\ADV
    Spyware:spyware/searchcentrix Not disinfected Windows Registry
    Potentially unwanted tool:application/mywebsearch Not disinfected hkey_current_user\software\MyWebSearch
    Adware:adware/savenow Not disinfected Windows Registry
    Adware:adware/wupd Not disinfected Windows Registry
    Adware:adware/clocksync Not disinfected Windows Registry
    Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Owner\Desktop\SmitfraudFix.zip[SmitfraudFix/Process.exe]
    Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Owner\My Documents\Backup\DAD\Cookies\[email protected][1].txt
    Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Owner\My Documents\Backup\DAD\Cookies\[email protected][2].txt
    Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Owner\My Documents\Backup\DAD\Cookies\[email protected][1].txt
    Spyware:Cookie/Barelylegal Not disinfected C:\Documents and Settings\Owner\My Documents\Backup\DAD\Cookies\[email protected][1].txt
    Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\Owner\My Documents\Backup\DAD\Cookies\[email protected][2].txt
    Spyware:Cookie/Ccbill Not disinfected C:\Documents and Settings\Owner\My Documents\Backup\DAD\Cookies\[email protected][2].txt
    Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Owner\My Documents\Backup\DAD\Cookies\[email protected][3].txt
    Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Owner\My Documents\Backup\DAD\Cookies\[email protected][1].txt
    Spyware:Cookie/DomainSponsor Not disinfected C:\Documents and Settings\Owner\My Documents\Backup\DAD\Cookies\[email protected][2].txt
    Spyware:Cookie/Humanclick Not disinfected C:\Documents and Settings\Owner\My Documents\Backup\DAD\Cookies\[email protected][2].txt
    Spyware:Cookie/MediaTickets Not disinfected C:\Documents and Settings\Owner\My Documents\Backup\DAD\Cookies\[email protected][2].txt
    Spyware:Cookie/Kount Not disinfected C:\Documents and Settings\Owner\My Documents\Backup\DAD\Cookies\[email protected][2].txt
    Spyware:Cookie/DomainSponsor Not disinfected C:\Documents and Settings\Owner\My Documents\Backup\DAD\Cookies\[email protected]onsor[1].txt
    Spyware:Cookie/Outster Not disinfected C:\Documents and Settings\Owner\My Documents\Backup\DAD\Cookies\[email protected][2].txt
    Spyware:Cookie/TeensForCash Not disinfected C:\Documents and Settings\Owner\My Documents\Backup\DAD\Cookies\[email protected][1].txt
    Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Owner\My Documents\Backup\DAD\Cookies\[email protected][1].txt
    Spyware:Cookie/WebPower Not disinfected C:\Documents and Settings\Owner\My Documents\Backup\DAD\Cookies\[email protected][2].txt
    Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Owner\My Documents\Backup\DAD\Cookies\[email protected][1].txt
    Virus:Bck/CrackBox Disinfected C:\Documents and Settings\Owner\My Documents\Backup\DAD\Desktop\GAMES\Boogaloopers\Boogaloopers trial kids space game.exe
    Virus:Bck/CrackBox Disinfected C:\Documents and Settings\Owner\My Documents\Backup\DAD\Desktop\GENERAL GAMES\My Documents\Downloads\Games\Boogaloopers trial kids space game.exe
    Virus:Exploit/Mhtredir.gen Disinfected C:\Documents and Settings\Owner\My Documents\Backup\DAD\Local Settings\Temporary Internet Files\Content.IE5\6HSBAT25\CAAN0TMJ.HTM
    Virus:JS/Exploit.A Disinfected C:\Documents and Settings\Owner\My Documents\Backup\DAD\Local Settings\Temporary Internet Files\Content.IE5\6HSBAT25\our[1].htm
     
  8. kaycee72

    kaycee72 Thread Starter

    Joined:
    Aug 5, 2006
    Messages:
    11
    Here is the ewido log.

    ---------------------------------------------------------
    ewido anti-spyware - Scan Report
    ---------------------------------------------------------

    + Created at: 3:42:18 PM 8/08/2006

    + Scan result:



    HKLM\SOFTWARE\Alexa Internet -> Adware.Alexa : Cleaned.
    HKLM\SOFTWARE\Classes\AlxTB.BHO -> Adware.Alexa : Cleaned.
    HKLM\SOFTWARE\Classes\PopMenu.Menu -> Adware.Alexa : Cleaned.
    HKLM\SOFTWARE\Classes\Popup.PopupKiller -> Adware.Alexa : Cleaned.
    HKLM\SOFTWARE\Classes\Bridge.brdg -> Adware.BlazeFind : Cleaned.
    HKLM\SOFTWARE\Classes\jao.jao -> Adware.BlazeFind : Cleaned.
    C:\WINDOWS\system32\AdCache -> Adware.Cydoor : Cleaned.
    C:\WINDOWS\system32\AdCache\B_434_0_0_445900.htm -> Adware.Cydoor : Cleaned.
    C:\WINDOWS\system32\AdCache\B_434_0_0_446000.htm -> Adware.Cydoor : Cleaned.
    C:\WINDOWS\system32\AdCache\B_434_1_0_448500.gif -> Adware.Cydoor : Cleaned.
    C:\WINDOWS\system32\AdCache\B_434_1_0_448500.htm -> Adware.Cydoor : Cleaned.
    C:\WINDOWS\system32\AdCache\B_434_1_0_448600.gif -> Adware.Cydoor : Cleaned.
    C:\WINDOWS\system32\AdCache\B_434_1_0_448600.htm -> Adware.Cydoor : Cleaned.
    C:\WINDOWS\system32\AdCache\B_434_1_0_453800.htm -> Adware.Cydoor : Cleaned.
    C:\WINDOWS\system32\AdCache\B_434_2_0_814200.htm -> Adware.Cydoor : Cleaned.
    C:\WINDOWS\system32\AdCache\B_434_2_0_815600.htm -> Adware.Cydoor : Cleaned.
    C:\WINDOWS\system32\AdCache\B_434_2_0_815900.htm -> Adware.Cydoor : Cleaned.
    HKLM\SOFTWARE\Classes\AppID\DailyToolbar.DLL -> Adware.DailyToolbar : Cleaned.
    HKLM\SOFTWARE\Classes\DailyToolbar.IEBand -> Adware.DailyToolbar : Cleaned.
    HKLM\SOFTWARE\Classes\DailyToolbar.SysMgr -> Adware.DailyToolbar : Cleaned.
    HKLM\SOFTWARE\Classes\IEToolbar.AffiliateCtl -> Adware.DailyToolbar : Cleaned.
    HKLM\SOFTWARE\DailyToolbar -> Adware.DailyToolbar : Cleaned.
    HKLM\SOFTWARE\NIX Solutions -> Adware.DailyToolbar : Cleaned.
    HKLM\SOFTWARE\NIX Solutions\DailyToolbar -> Adware.DailyToolbar : Cleaned.
    HKLM\SOFTWARE\Classes\CLSID\{B53455DB-5527-4041-AC41-F86E6947AA47} -> Adware.Generic : Cleaned.
    HKLM\SOFTWARE\Classes\Interface\{900FBC20-6AEE-4E05-ABA9-AC46E309C029} -> Adware.Generic : Cleaned.
    HKLM\SOFTWARE\Classes\TypeLib\{8B076501-1D1B-4B26-9492-FDB8EEE00D7F} -> Adware.Generic : Cleaned.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B53455DB-5527-4041-AC41-F86E6947AA47} -> Adware.Generic : Cleaned.
    HKU\S-1-5-21-1171913271-592178611-3987825678-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B53455DB-5527-4041-AC41-F86E6947AA47} -> Adware.Generic : Cleaned.
    HKU\S-1-5-21-1171913271-592178611-3987825678-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B53455DB-5527-4041-AC41-F86E6947AA47} -> Adware.Generic : Cleaned.
    C:\Documents and Settings\Owner\My Documents\Backup\DAD\Local Settings\Temp\ICD1.tmp\hbinstie.dll -> Adware.HotBar : Cleaned.
    C:\Documents and Settings\Owner\My Documents\Backup\DAD\Local Settings\Temp\ICD2.tmp\hbinstie.dll -> Adware.HotBar : Cleaned.
    C:\Program Files\Common Files\Sandlot Shared\slghex.dll -> Adware.SpywareStorm : Cleaned.
    HKLM\SOFTWARE\RespondMiter -> Adware.VX2 : Cleaned.
    C:\Documents and Settings\Owner\Local Settings\Temp\Remover.exe -> Adware.Winad : Cleaned.
    C:\Program Files\Mozilla Firefox\plugins\npclntax.dll -> Adware.Zango : Cleaned.
    D:\I386\SYSTEM32\notepad.exe.bak -> Downloader.CWS : Cleaned.
    C:\Documents and Settings\Owner\My Documents\Backup\DAD\Local Settings\Temporary Internet Files\Content.IE5\0DCFCVSN\connect[1].htm -> Downloader.Small.ac : Cleaned.
    C:\Documents and Settings\Owner\My Documents\Backup\DAD\Local Settings\Temporary Internet Files\Content.IE5\672ZALMJ\connect[1].htm -> Downloader.Small.ac : Cleaned.
    C:\Documents and Settings\Owner\My Documents\Backup\DAD\Local Settings\Temporary Internet Files\Content.IE5\GRD7YERD\connect[1].htm -> Downloader.Small.ac : Cleaned.
    C:\WINDOWS\system32\voxvkebp.exe -> Downloader.Small.cjk : Cleaned.
    C:\WINDOWS\system32\scvkjjig.exe -> Downloader.Small.djm : Cleaned.
    C:\WINDOWS\system32\thuoetcf.exe -> Downloader.VB.ajp : Cleaned.
    HKU\S-1-5-21-1171913271-592178611-3987825678-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E52DEDBB-D168-4BDB-B229-C48160800E81} -> Hijacker.Generic : Cleaned.
    C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\1ZFF1X4E\send_ocx_sof[1].htm -> Not-A-Virus.Exploit.HTML.CodeBaseExec : Cleaned.
    C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\4D4H2Z4L\send_ocx_sof[1].htm -> Not-A-Virus.Exploit.HTML.CodeBaseExec : Cleaned.
    C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\X4GJPDWL\send_car_int[1].htm -> Not-A-Virus.Exploit.HTML.CodeBaseExec : Cleaned.
    C:\WINDOWS\system32\office_pnl.dll -> Not-A-Virus.Hoax.Win32.Renos.dm : Cleaned.
    :mozilla.115:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\q529t5gr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.11:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\q529t5gr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.12:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\q529t5gr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.370:C:\Documents and Settings\Owner\My Documents\Backup\DAD\Application Data\Mozilla\Firefox\Profiles\ex6mltgy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.375:C:\Documents and Settings\Owner\My Documents\Backup\DAD\Application Data\Mozilla\Firefox\Profiles\ex6mltgy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.376:C:\Documents and Settings\Owner\My Documents\Backup\DAD\Application Data\Mozilla\Firefox\Profiles\ex6mltgy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.377:C:\Documents and Settings\Owner\My Documents\Backup\DAD\Application Data\Mozilla\Firefox\Profiles\ex6mltgy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.378:C:\Documents and Settings\Owner\My Documents\Backup\DAD\Application Data\Mozilla\Firefox\Profiles\ex6mltgy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.379:C:\Documents and Settings\Owner\My Documents\Backup\DAD\Application Data\Mozilla\Firefox\Profiles\ex6mltgy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.60:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\q529t5gr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.6:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\q529t5gr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    C:\Documents and Settings\Owner\My Documents\Backup\DAD\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
    C:\Documents and Settings\Owner\My Documents\Backup\DAD\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.133:C:\Documents and Settings\Owner\My Documents\Backup\DAD\Application Data\Mozilla\Firefox\Profiles\ex6mltgy.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
    :mozilla.282:C:\Documents and Settings\Owner\My Documents\Backup\DAD\Application Data\Mozilla\Firefox\Profiles\ex6mltgy.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
    C:\Documents and Settings\Owner\My Documents\Backup\DAD\Cookies\[email protected][1].txt -> TrackingCookie.Advertising : Cleaned.
    C:\Documents and Settings\Owner\My Documents\Backup\DAD\Cookies\[email protected][1].txt -> TrackingCookie.Advertising : Cleaned.
    :mozilla.150:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\q529t5gr.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
    :mozilla.332:C:\Documents and Settings\Owner\My Documents\Backup\DAD\Application Data\Mozilla\Firefox\Profiles\ex6mltgy.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
    C:\Documents and Settings\Owner\My Documents\Backup\DAD\Cookies\[email protected][2].txt -> TrackingCookie.Atdmt : Cleaned.
    C:\Documents and Settings\Owner\My Documents\Backup\DAD\Cookies\[email protected][1].txt -> TrackingCookie.Bfast : Cleaned.
    C:\Documents and Settings\Owner\My Documents\Backup\DAD\Cookies\[email protected][2].txt -> TrackingCookie.Burstnet : Cleaned.
    :mozilla.35:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\q529t5gr.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
    :mozilla.36:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\q529t5gr.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
    C:\Documents and Settings\Owner\My Documents\Backup\DAD\Cookies\[email protected][1].txt -> TrackingCookie.Casalemedia : Cleaned.
    :mozilla.242:C:\Documents and Settings\Owner\My Documents\Backup\DAD\Application Data\Mozilla\Firefox\Profiles\ex6mltgy.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
    :mozilla.262:C:\Documents and Settings\Owner\My Documents\Backup\DAD\Application Data\Mozilla\Firefox\Profiles\ex6mltgy.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
    :mozilla.276:C:\Documents and Settings\Owner\My Documents\Backup\DAD\Application Data\Mozilla\Firefox\Profiles\ex6mltgy.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
    C:\Documents and Settings\Owner\My Documents\Backup\DAD\Cookies\[email protected][1].txt -> TrackingCookie.Clickzs : Cleaned.
    C:\Documents and Settings\Owner\My Documents\Backup\DAD\Cookies\[email protected][1].txt -> TrackingCookie.Clickzs : Cleaned.
    C:\Documents and Settings\Owner\My Documents\Backup\DAD\Cookies\[email protected][2].txt -> TrackingCookie.Clickzs : Cleaned.
    :mozilla.292:C:\Documents and Settings\Owner\My Documents\Backup\DAD\Application Data\Mozilla\Firefox\Profiles\ex6mltgy.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
    C:\Documents and Settings\Owner\My Documents\Backup\DAD\Cookies\[email protected][2].txt -> TrackingCookie.Doubleclick : Cleaned.
    C:\Documents and Settings\Owner\My Documents\Backup\DAD\Cookies\[email protected][1].txt -> TrackingCookie.Enhance : Cleaned.
    :mozilla.107:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\q529t5gr.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
    :mozilla.114:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\q529t5gr.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
    :mozilla.119:C:\Documents and Settings\Owner\My Documents\Backup\DAD\Application Data\Mozilla\Firefox\Profiles\ex6mltgy.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
    :mozilla.120:C:\Documents and Settings\Owner\My Documents\Backup\DAD\Application Data\Mozilla\Firefox\Profiles\ex6mltgy.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
    :mozilla.121:C:\Documents and Settings\Owner\My Documents\Backup\DAD\Application Data\Mozilla\Firefox\Profiles\ex6mltgy.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
    :mozilla.122:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\q529t5gr.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
    :mozilla.122:C:\Documents and Settings\Owner\My Documents\Backup\DAD\Application Data\Mozilla\Firefox\Profiles\ex6mltgy.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
    :mozilla.123:C:\Documents and Settings\Owner\My Documents\Backup\DAD\Application Data\Mozilla\Firefox\Profiles\ex6mltgy.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
    :mozilla.124:C:\Documents and Settings\Owner\My Documents\Backup\DAD\Application Data\Mozilla\Firefox\Profiles\ex6mltgy.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
    :mozilla.125:C:\Documents and Settings\Owner\My Documents\Backup\DAD\Application Data\Mozilla\Firefox\Profiles\ex6mltgy.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
    :mozilla.126:C:\Documents and Settings\Owner\My Documents\Backup\DAD\Application Data\Mozilla\Firefox\Profiles\ex6mltgy.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
    :mozilla.127:C:\Documents and Settings\Owner\My Documents\Backup\DAD\Application Data\Mozilla\Firefox\Profiles\ex6mltgy.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
    :mozilla.128:C:\Documents and Settings\Owner\My Documents\Backup\DAD\Application Data\Mozilla\Firefox\Profiles\ex6mltgy.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
    :mozilla.129:C:\Documents and Settings\Owner\My Documents\Backup\DAD\Application Data\Mozilla\Firefox\Profiles\ex6mltgy.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
    :mozilla.130:C:\Documents and Settings\Owner\My Documents\Backup\DAD\Application Data\Mozilla\Firefox\Profiles\ex6mltgy.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
    :mozilla.131:C:\Documents and Settings\Owner\My Documents\Backup\DAD\Application Data\Mozilla\Firefox\Profiles\ex6mltgy.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
    :mozilla.132:C:\Documents and Settings\Owner\My Documents\Backup\DAD\Application Data\Mozilla\Firefox\Profiles\ex6mltgy.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
    :mozilla.147:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\q529t5gr.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
    :mozilla.151:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\q529t5gr.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
    :mozilla.29:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\q529t5gr.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
    :mozilla.30:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\q529t5gr.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
    :mozilla.31:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\q529t5gr.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
    :mozilla.77:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\q529t5gr.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
    :mozilla.78:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\q529t5gr.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
    :mozilla.79:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\q529t5gr.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
    :mozilla.80:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\q529t5gr.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
    :mozilla.84:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\q529t5gr.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
    :mozilla.85:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\q529t5gr.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
    :mozilla.86:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\q529t5gr.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
    :mozilla.87:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\q529t5gr.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
    :mozilla.88:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\q529t5gr.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
    :mozilla.89:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\q529t5gr.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Owner\My Documents\Backup\DAD\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Owner\My Documents\Backup\DAD\Cookies\[email protected][2].txt -> TrackingCookie.Falkag : Cleaned.
    C:\Documents and Settings\Owner\My Documents\Backup\DAD\Cookies\[email protected][1].txt -> TrackingCookie.Fastclick : Cleaned.
    C:\Documents and Settings\Owner\My Documents\Backup\DAD\Cookies\[email protected][1].txt -> TrackingCookie.Findwhat : Cleaned.
    C:\Documents and Settings\Owner\My Documents\Backup\DAD\Cookies\[email protected]****-access[1].txt -> TrackingCookie.****-access : Cleaned.
    :mozilla.372:C:\Documents and Settings\Owner\My Documents\Backup\DAD\Application Data\Mozilla\Firefox\Profiles\ex6mltgy.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
    :mozilla.373:C:\Documents and Settings\Owner\My Documents\Backup\DAD\Application Data\Mozilla\Firefox\Profiles\ex6mltgy.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
    :mozilla.374:C:\Documents and Settings\Owner\My Documents\Backup\DAD\Application Data\Mozilla\Firefox\Profiles\ex6mltgy.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
    :mozilla.75:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\q529t5gr.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
    :mozilla.269:C:\Documents and Settings\Owner\My Documents\Backup\DAD\Application Data\Mozilla\Firefox\Profiles\ex6mltgy.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
    :mozilla.277:C:\Documents and Settings\Owner\My Documents\Backup\DAD\Application Data\Mozilla\Firefox\Profiles\ex6mltgy.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
    C:\Documents and Settings\Owner\My Documents\Backup\DAD\Cookies\[email protected][1].txt -> TrackingCookie.Hitbox : Cleaned.
    C:\Documents and Settings\Owner\My Documents\Backup\DAD\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : Cleaned.
    C:\Documents and Settings\Owner\My Documents\Backup\DAD\Cookies\[email protected][1].txt -> TrackingCookie.Hitbox : Cleaned.
    :mozilla.319:C:\Documents and Settings\Owner\My Documents\Backup\DAD\Application Data\Mozilla\Firefox\Profiles\ex6mltgy.default\cookies.txt -> TrackingCookie.Hypertracker : Cleaned.
    C:\Documents and Settings\Owner\My Documents\Backup\DAD\Cookies\[email protected][2].txt -> TrackingCookie.Hypertracker : Cleaned.
    :mozilla.116:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\q529t5gr.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
    :mozilla.117:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\q529t5gr.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
    :mozilla.118:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\q529t5gr.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
    :mozilla.176:C:\Documents and Settings\Owner\My Documents\Backup\DAD\Application Data\Mozilla\Firefox\Profiles\ex6mltgy.default\cookies.txt -> TrackingCookie.Mainentrypoint : Cleaned.
    C:\Documents and Settings\Owner\My Documents\Backup\DAD\Cookies\[email protected][2].txt -> TrackingCookie.Mainentrypoint : Cleaned.
    :mozilla.252:C:\Documents and Settings\Owner\My Documents\Backup\DAD\Application Data\Mozilla\Firefox\Profiles\ex6mltgy.default\cookies.txt -> TrackingCookie.Masterstats : Cleaned.
    C:\Documents and Settings\Owner\My Documents\Backup\DAD\Cookies\[email protected][1].txt -> TrackingCookie.Masterstats : Cleaned.
    :mozilla.27:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\q529t5gr.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
    :mozilla.28:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\q529t5gr.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
    :mozilla.346:C:\Documents and Settings\Owner\My Documents\Backup\DAD\Application Data\Mozilla\Firefox\Profiles\ex6mltgy.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
    :mozilla.347:C:\Documents and Settings\Owner\My Documents\Backup\DAD\Application Data\Mozilla\Firefox\Profiles\ex6mltgy.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
    C:\Documents and Settings\Owner\My Documents\Backup\DAD\Cookies\[email protected][1].txt -> TrackingCookie.Mediaplex : Cleaned.
    C:\Documents and Settings\Owner\My Documents\Backup\DAD\Cookies\[email protected][2].txt -> TrackingCookie.Onestat : Cleaned.
    :mozilla.148:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\q529t5gr.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
    :mozilla.163:C:\Documents and Settings\Owner\My Documents\Backup\DAD\Application Data\Mozilla\Firefox\Profiles\ex6mltgy.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
    C:\Documents and Settings\Owner\My Documents\Backup\DAD\Cookies\[email protected][2].txt -> TrackingCookie.Overture : Cleaned.
    :mozilla.184:C:\Documents and Settings\Owner\My Documents\Backup\DAD\Application Data\Mozilla\Firefox\Profiles\ex6mltgy.default\cookies.txt -> TrackingCookie.Paycounter : Cleaned.
    C:\Documents and Settings\Owner\My Documents\Backup\DAD\Cookies\[email protected][2].txt -> TrackingCookie.Paycounter : Cleaned.
    :mozilla.68:C:\Documents and Settings\Owner\My Documents\Backup\DAD\Application Data\Mozilla\Firefox\Profiles\ex6mltgy.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned.
    :mozilla.69:C:\Documents and Settings\Owner\My Documents\Backup\DAD\Application Data\Mozilla\Firefox\Profiles\ex6mltgy.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned.
    C:\Documents and Settings\Owner\My Documents\Backup\DAD\Cookies\[email protected][1].txt -> TrackingCookie.Qksrv : Cleaned.
    :mozilla.101:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\q529t5gr.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
    :mozilla.102:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\q529t5gr.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
    :mozilla.103:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\q529t5gr.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
    :mozilla.104:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\q529t5gr.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
    :mozilla.105:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\q529t5gr.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
    C:\Documents and Settings\Owner\My Documents\Backup\DAD\Cookies\[email protected][2].txt -> TrackingCookie.Revenue : Cleaned.
    :mozilla.133:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\q529t5gr.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
    :mozilla.134:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\q529t5gr.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
    :mozilla.135:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\q529t5gr.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
    :mozilla.136:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\q529t5gr.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
    :mozilla.112:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\q529t5gr.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
    :mozilla.113:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\q529t5gr.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
    :mozilla.249:C:\Documents and Settings\Owner\My Documents\Backup\DAD\Application Data\Mozilla\Firefox\Profiles\ex6mltgy.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
    :mozilla.253:C:\Documents and Settings\Owner\My Documents\Backup\DAD\Application Data\Mozilla\Firefox\Profiles\ex6mltgy.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
    :mozilla.256:C:\Documents and Settings\Owner\My Documents\Backup\DAD\Application Data\Mozilla\Firefox\Profiles\ex6mltgy.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
    :mozilla.257:C:\Documents and Settings\Owner\My Documents\Backup\DAD\Application Data\Mozilla\Firefox\Profiles\ex6mltgy.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
    :mozilla.258:C:\Documents and Settings\Owner\My Documents\Backup\DAD\Application Data\Mozilla\Firefox\Profiles\ex6mltgy.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
    :mozilla.263:C:\Documents and Settings\Owner\My Documents\Backup\DAD\Application Data\Mozilla\Firefox\Profiles\ex6mltgy.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
    :mozilla.270:C:\Documents and Settings\Owner\My Documents\Backup\DAD\Application Data\Mozilla\Firefox\Profiles\ex6mltgy.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.

    The rest of the log is in the next post as it wouldn't allow the whole log as it was too long.
     
  9. kaycee72

    kaycee72 Thread Starter

    Joined:
    Aug 5, 2006
    Messages:
    11
    Here is the rest of the ewido log.

    :mozilla.271:C:\Documents and Settings\Owner\My Documents\Backup\DAD\Application Data\Mozilla\Firefox\Profiles\ex6mltgy.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
    :mozilla.296:C:\Documents and Settings\Owner\My Documents\Backup\DAD\Application Data\Mozilla\Firefox\Profiles\ex6mltgy.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
    :mozilla.297:C:\Documents and Settings\Owner\My Documents\Backup\DAD\Application Data\Mozilla\Firefox\Profiles\ex6mltgy.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
    :mozilla.298:C:\Documents and Settings\Owner\My Documents\Backup\DAD\Application Data\Mozilla\Firefox\Profiles\ex6mltgy.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
    :mozilla.300:C:\Documents and Settings\Owner\My Documents\Backup\DAD\Application Data\Mozilla\Firefox\Profiles\ex6mltgy.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
    :mozilla.322:C:\Documents and Settings\Owner\My Documents\Backup\DAD\Application Data\Mozilla\Firefox\Profiles\ex6mltgy.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
    :mozilla.324:C:\Documents and Settings\Owner\My Documents\Backup\DAD\Application Data\Mozilla\Firefox\Profiles\ex6mltgy.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
    :mozilla.330:C:\Documents and Settings\Owner\My Documents\Backup\DAD\Application Data\Mozilla\Firefox\Profiles\ex6mltgy.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
    :mozilla.340:C:\Documents and Settings\Owner\My Documents\Backup\DAD\Application Data\Mozilla\Firefox\Profiles\ex6mltgy.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
    :mozilla.348:C:\Documents and Settings\Owner\My Documents\Backup\DAD\Application Data\Mozilla\Firefox\Profiles\ex6mltgy.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
    :mozilla.349:C:\Documents and Settings\Owner\My Documents\Backup\DAD\Application Data\Mozilla\Firefox\Profiles\ex6mltgy.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
    :mozilla.365:C:\Documents and Settings\Owner\My Documents\Backup\DAD\Application Data\Mozilla\Firefox\Profiles\ex6mltgy.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
    :mozilla.366:C:\Documents and Settings\Owner\My Documents\Backup\DAD\Application Data\Mozilla\Firefox\Profiles\ex6mltgy.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
    C:\Documents and Settings\Owner\My Documents\Backup\DAD\Cookies\[email protected][2].txt -> TrackingCookie.Sexcounter : Cleaned.
    :mozilla.128:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\q529t5gr.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned.
    :mozilla.46:C:\Documents and Settings\Owner\My Documents\Backup\DAD\Application Data\Mozilla\Firefox\Profiles\ex6mltgy.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned.
    :mozilla.77:C:\Documents and Settings\Owner\My Documents\Backup\DAD\Application Data\Mozilla\Firefox\Profiles\ex6mltgy.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned.
    :mozilla.78:C:\Documents and Settings\Owner\My Documents\Backup\DAD\Application Data\Mozilla\Firefox\Profiles\ex6mltgy.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned.
    :mozilla.79:C:\Documents and Settings\Owner\My Documents\Backup\DAD\Application Data\Mozilla\Firefox\Profiles\ex6mltgy.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned.
    :mozilla.80:C:\Documents and Settings\Owner\My Documents\Backup\DAD\Application Data\Mozilla\Firefox\Profiles\ex6mltgy.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned.
    :mozilla.81:C:\Documents and Settings\Owner\My Documents\Backup\DAD\Application Data\Mozilla\Firefox\Profiles\ex6mltgy.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned.
    :mozilla.82:C:\Documents and Settings\Owner\My Documents\Backup\DAD\Application Data\Mozilla\Firefox\Profiles\ex6mltgy.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned.
    :mozilla.83:C:\Documents and Settings\Owner\My Documents\Backup\DAD\Application Data\Mozilla\Firefox\Profiles\ex6mltgy.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned.
    :mozilla.84:C:\Documents and Settings\Owner\My Documents\Backup\DAD\Application Data\Mozilla\Firefox\Profiles\ex6mltgy.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned.
    :mozilla.85:C:\Documents and Settings\Owner\My Documents\Backup\DAD\Application Data\Mozilla\Firefox\Profiles\ex6mltgy.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned.
    :mozilla.86:C:\Documents and Settings\Owner\My Documents\Backup\DAD\Application Data\Mozilla\Firefox\Profiles\ex6mltgy.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned.
    :mozilla.87:C:\Documents and Settings\Owner\My Documents\Backup\DAD\Application Data\Mozilla\Firefox\Profiles\ex6mltgy.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned.
    C:\Documents and Settings\Owner\My Documents\Backup\DAD\Cookies\[email protected][2].txt -> TrackingCookie.Sexlist : Cleaned.
    :mozilla.111:C:\Documents and Settings\Owner\My Documents\Backup\DAD\Application Data\Mozilla\Firefox\Profiles\ex6mltgy.default\cookies.txt -> TrackingCookie.Sextracker : Cleaned.
    C:\Documents and Settings\Owner\My Documents\Backup\DAD\Cookies\[email protected][1].txt -> TrackingCookie.Sextracker : Cleaned.
    C:\Documents and Settings\Owner\My Documents\Backup\DAD\Cookies\[email protected][1].txt -> TrackingCookie.Sextracker : Cleaned.
    C:\Documents and Settings\Owner\My Documents\Backup\DAD\Cookies\[email protected][1].txt -> TrackingCookie.Sextracker : Cleaned.
    C:\Documents and Settings\Owner\My Documents\Backup\DAD\Cookies\[email protected][1].txt -> TrackingCookie.Sextracker : Cleaned.
    C:\Documents and Settings\Owner\My Documents\Backup\DAD\Cookies\[email protected][2].txt -> TrackingCookie.Sextracker : Cleaned.
    C:\Documents and Settings\Owner\My Documents\Backup\DAD\Cookies\[email protected][1].txt -> TrackingCookie.Sextracker : Cleaned.
    C:\Documents and Settings\Owner\My Documents\Backup\DAD\Cookies\[email protected][1].txt -> TrackingCookie.Sextracker : Cleaned.
    C:\Documents and Settings\Owner\My Documents\Backup\DAD\Cookies\[email protected][2].txt -> TrackingCookie.Sextracker : Cleaned.
    C:\Documents and Settings\Owner\My Documents\Backup\DAD\Cookies\[email protected][1].txt -> TrackingCookie.Sextracker : Cleaned.
    C:\Documents and Settings\Owner\My Documents\Backup\DAD\Cookies\[email protected][1].txt -> TrackingCookie.Sextracker : Cleaned.
    C:\Documents and Settings\Owner\My Documents\Backup\DAD\Cookies\[email protected][1].txt -> TrackingCookie.Sextracker : Cleaned.
    C:\Documents and Settings\Owner\My Documents\Backup\DAD\Cookies\[email protected][1].txt -> TrackingCookie.Sextracker : Cleaned.
    C:\Documents and Settings\Owner\My Documents\Backup\DAD\Cookies\[email protected][1].txt -> TrackingCookie.Sextracker : Cleaned.
    C:\Documents and Settings\Owner\My Documents\Backup\DAD\Cookies\[email protected][1].txt -> TrackingCookie.Sextracker : Cleaned.
    C:\Documents and Settings\Owner\My Documents\Backup\DAD\Cookies\[email protected][2].txt -> TrackingCookie.Sextracker : Cleaned.
    C:\Documents and Settings\Owner\My Documents\Backup\DAD\Cookies\[email protected][2].txt -> TrackingCookie.Sextracker : Cleaned.
    C:\Documents and Settings\Owner\My Documents\Backup\DAD\Cookies\[email protected][1].txt -> TrackingCookie.Sextracker : Cleaned.
    :mozilla.117:C:\Documents and Settings\Owner\My Documents\Backup\DAD\Application Data\Mozilla\Firefox\Profiles\ex6mltgy.default\cookies.txt -> TrackingCookie.Spylog : Cleaned.
    C:\Documents and Settings\Owner\My Documents\Backup\DAD\Cookies\[email protected][1].txt -> TrackingCookie.Spylog : Cleaned.
    :mozilla.233:C:\Documents and Settings\Owner\My Documents\Backup\DAD\Application Data\Mozilla\Firefox\Profiles\ex6mltgy.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.234:C:\Documents and Settings\Owner\My Documents\Backup\DAD\Application Data\Mozilla\Firefox\Profiles\ex6mltgy.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.75:C:\Documents and Settings\Owner\My Documents\Backup\DAD\Application Data\Mozilla\Firefox\Profiles\ex6mltgy.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.76:C:\Documents and Settings\Owner\My Documents\Backup\DAD\Application Data\Mozilla\Firefox\Profiles\ex6mltgy.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    C:\Documents and Settings\Owner\My Documents\Backup\DAD\Cookies\[email protected][2].txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.37:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\q529t5gr.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
    :mozilla.38:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\q529t5gr.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
    C:\Documents and Settings\Owner\My Documents\Backup\DAD\Cookies\[email protected][1].txt -> TrackingCookie.Tribalfusion : Cleaned.
    C:\Documents and Settings\Owner\My Documents\Backup\DAD\Cookies\[email protected][2].txt -> TrackingCookie.Wegcash : Cleaned.
    C:\Documents and Settings\Owner\My Documents\Backup\DAD\Cookies\[email protected][2].txt -> TrackingCookie.Wegcash : Cleaned.
    C:\Documents and Settings\Owner\My Documents\Backup\DAD\Cookies\[email protected][2].txt -> TrackingCookie.Wegcash : Cleaned.
    C:\Documents and Settings\Owner\My Documents\Backup\DAD\Cookies\[email protected][2].txt -> TrackingCookie.Xxxcounter : Cleaned.
    :mozilla.25:C:\Documents and Settings\Owner\My Documents\Backup\DAD\Application Data\Mozilla\Firefox\Profiles\ex6mltgy.default\cookies.txt -> TrackingCookie.Xxxtoolbar : Cleaned.
    C:\Documents and Settings\Owner\My Documents\Backup\DAD\Cookies\[email protected][1].txt -> TrackingCookie.Xxxtoolbar : Cleaned.
    :mozilla.24:C:\Documents and Settings\Owner\My Documents\Backup\DAD\Application Data\Mozilla\Firefox\Profiles\ex6mltgy.default\cookies.txt -> TrackingCookie.Yadro : Cleaned.
    C:\Documents and Settings\Owner\My Documents\Backup\DAD\Cookies\[email protected][1].txt -> TrackingCookie.Yadro : Cleaned.
    :mozilla.132:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\q529t5gr.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
    C:\WINDOWS\system32\aqhdvhvt.flu -> Trojan.Agent.qe : Cleaned.


    ::Report end
     
  10. khazars

    khazars

    Joined:
    Feb 15, 2004
    Messages:
    12,302
    Can you download smitfraud agian then and run it, even run it in normla mode if you can?



    Click Start > Run > and type in:

    services.msc

    Click OK.

    In the services window find Ewido
    Right click and choose "Properties". On the "General" tab under "Service
    Status" click the "Stop" button to stop the service. Beside "Startup Type"
    in the dropdown menu select "Disabled". Click Apply then OK. Exit the
    Services utility.

    Note: You may get an error here when trying to access the properties of the
    service. If you do get an error, just select the service and look there in
    the top left of the main service window and click "Stop" to stop the service. If that gives an error or it is already stopped, just skip this step and proceed with the rest.


    You can re-enable this after you are clean!



    * Go to Control Panel > Internet Options. On the General tab under
    "Temporary Internet Files" Click "Delete Files". Put a check by "Delete
    Offline Content" and click OK. Click on the "Delete Cookies" button to clear
    the cookies.


    To block cookies in IE.

    Go to view/privacy report/highlight the offending cookie/click summary/
    and choose never allow this site to use cookies/ click ok and exit!This
    will block all tracking cookies from being set on your computer!


    For Mozilla

    To block cookies in mozilla and stop them from coming back click on
    tools/ options/privacy/click view cookies, now you will now see a
    list of cookies, click on all the cookies to delete that you don't want
    to keep! You can view all the blocked cookies by clicking exceptions!



    have hijack this fix these entries. close all browsers and programmes before
    clicking FIX.


    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
    O2 - BHO: (no name) - {00000000-59D4-4008-9058-080011001200} - (no file)
    O2 - BHO: (no name) - {00000000-C1EC-0345-6EC2-4D0300000000} - (no file)
    O2 - BHO: (no name) - {00000000-F09C-02B4-6EC2-AD0300000000} - (no file)



    Double-click on Killbox.exe to run it. Now put a tick by Delete on
    Reboot. In the "Full Path of File to Delete" box, copy and paste each
    of the following lines one at a time then click on the button that has
    the red circle with the X in the middle after you enter each file.
    It will ask for confimation to delete the file on next reboot. Click
    Yes. It will then ask if you want to reboot now. Click No. Continue
    with that same procedure until you have copied and pasted all of
    these in the "Paste Full Path of File to Delete" box.Then click yes
    to reboot after you entered the last one.


    Note: It is possible that Killbox will tell you that one or more files do not
    exist. If that happens, just continue on with all the files. Be sure you
    don't miss any.



    c:\windows\system32\a.exe
    c:\windows\system32\alxres.dll
    c:\windows\system32\bridge.dll
    c:\windows\system32\dailytoolbar.dll
    c:\windows\system32\tcpservice2.exe
    c:\windows\system32\txfdb32.dll
    c:\windows\BTGrab.dll
    c:\windows\dlmax.dll
    c:\windows\susp.exe
    c:\program files\FunWebProducts




    go to this site and download these tools and once you get both
    adaware Se 1.6 and spybot, update both of them.

    Set adaware to do a full system scan and deselect, "search for neglible risk
    entries". Click next to start the scan. Delete everything adaware finds.

    reboot and now run spybot

    Spybot: Search and destroy.

    Delete what spybot finds marked in red. After updating spybot hit the
    immunize button.



    Download Superantispyware.

    http://www.superantispyware.com/


    Once downloaded and installed update the defintions
    and then run a full system scan quarantine what it finds!



    All tools can be downloaded at the link below and found on that page!

    . SUPERAntiSpyware
    . SpyBot search and destroy
    . AdAware SE personal


    http://www.majorgeeks.com/downloads31.html



    Run an online antivirus check from

    http://www.kaspersky.com/virusscanner

    choose extended database for the scan!


    post another log and the kaspersky log!
     
  11. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    112,060
    Can you tell me what the current situation is here? Do you still require assistance?
     
  12. kaycee72

    kaycee72 Thread Starter

    Joined:
    Aug 5, 2006
    Messages:
    11
    Sorry, but I have been away. I have done nearly everything that you suggested on the previous reply, but I still cannot download Smitfraud for whatever reason. But anyway, here are the two logs that you requested:

    Logfile of HijackThis v1.99.1
    Scan saved at 4:33:30 PM, on 20/08/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\drivers\KodakCCS.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
    C:\WINDOWS\System32\svchost.exe
    C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
    C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
    C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
    C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe
    C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    C:\windows\system\hpsysdrv.exe
    C:\WINDOWS\System32\hphmon05.exe
    C:\HP\KBD\KBD.EXE
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\Multimedia Card Reader\shwicon2k.exe
    C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\ewido anti-spyware 4.0\ewido.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\PROGRA~1\PRESAR~1\Presario\XPHWWRP4\plugin\bin\pchbutton.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
    C:\Program Files\SHARP\OZ_ZQ-590\sync.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\Program Files\LimeWire\LimeWire.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\WinRAR\WinRAR.exe
    C:\DOCUME~1\Owner\LOCALS~1\Temp\Rar$EX00.219\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qau10.hpwis.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://qau10.hpwis.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
    O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
    O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
    O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe"
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\PRESAR~1\Presario\XPHWWRP4\plugin\bin\pchbutton.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_8
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
    O4 - Startup: PowerReg Scheduler V3.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: OZ_ZQ-590 Synchronization Software.lnk = C:\Program Files\SHARP\OZ_ZQ-590\sync.exe
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
    O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
    O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
    O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
    O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
    O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
    O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
    O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O20 - Winlogon Notify: SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
    O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
    O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
    O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
     
  13. kaycee72

    kaycee72 Thread Starter

    Joined:
    Aug 5, 2006
    Messages:
    11
    Here is the second log.

    KASPERSKY ONLINE SCANNER REPORT
    Sunday, August 20, 2006 4:32:37 PM
    Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
    Kaspersky Online Scanner version: 5.0.83.0
    Kaspersky Anti-Virus database last update: 20/08/2006
    Kaspersky Anti-Virus database records: 216525


    Scan Settings
    Scan using the following antivirus database extended
    Scan Archives true
    Scan Mail Bases true

    Scan Target My Computer
    C:\
    D:\
    E:\
    F:\
    K:\
    L:\
    M:\
    N:\
    O:\

    Scan Statistics
    Total number of scanned objects 188266
    Number of viruses found 21
    Number of infected objects 60 / 0
    Number of suspicious objects 0
    Duration of the scan process 02:04:06

    Infected Object Name Virus Name Last Action
    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

    C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped

    C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped

    C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

    C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

    C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

    C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

    C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

    C:\Documents and Settings\Owner\Application Data\Motive\Acme\plugin\log\pchbtn.log Object is locked skipped

    C:\Documents and Settings\Owner\Cookies\index.dat Object is locked skipped

    C:\Documents and Settings\Owner\Desktop\SmitfraudFix.zip/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped

    C:\Documents and Settings\Owner\Desktop\SmitfraudFix.zip ZIP: infected - 1 skipped

    C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

    C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

    C:\Documents and Settings\Owner\Local Settings\History\History.IE5\index.dat Object is locked skipped

    C:\Documents and Settings\Owner\Local Settings\Temp\hsperfdata_Owner\1532 Object is locked skipped

    C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

    C:\Documents and Settings\Owner\My Documents\Backup\DAD\Local Settings\Temp\delwbi.tmp Infected: not-a-virus:Dialer.Win32.gen skipped

    C:\Documents and Settings\Owner\My Documents\Backup\DAD\Local Settings\Temporary Internet Files\Content.IE5\4L8XYZOL\prompt[2].php Infected: Trojan-Downloader.JS.IstBar.j skipped

    C:\Documents and Settings\Owner\My Documents\Backup\DAD\Local Settings\Temporary Internet Files\Content.IE5\6HSBAT25\prompt[1].htm Infected: Trojan-Downloader.JS.IstBar.b skipped

    C:\Documents and Settings\Owner\My Documents\Backup\DAD\Local Settings\Temporary Internet Files\Content.IE5\Z9XVGMXS\activ-x[1].htm Infected: Exploit.HTML.CodeBaseExec skipped

    C:\Documents and Settings\Owner\My Documents\SmitfraudFix.zip/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped

    C:\Documents and Settings\Owner\My Documents\SmitfraudFix.zip ZIP: infected - 1 skipped

    C:\Documents and Settings\Owner\NTUSER.DAT Object is locked skipped

    C:\Documents and Settings\Owner\ntuser.dat.LOG Object is locked skipped

    C:\Downloads\BSINSTALL.exe/WISE0023.BIN/clientax.dll Infected: not-a-virus:AdWare.Win32.180Solutions.ao skipped

    C:\Downloads\BSINSTALL.exe/WISE0023.BIN Infected: not-a-virus:AdWare.Win32.180Solutions.ao skipped

    C:\Downloads\BSINSTALL.exe WiseSFX: infected - 2 skipped

    C:\Downloads\BSINSTALL.exe WiseSFX Dropper: infected - 2 skipped

    C:\Downloads\SmitfraudFix.zip/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped

    C:\Downloads\SmitfraudFix.zip ZIP: infected - 1 skipped

    C:\hp\bin\KillWind.exe Infected: not-a-virus:RiskTool.Win32.PsKill.p skipped

    C:\Program Files\Compaq Connections\1940576\Users\Default\Data\chandir.dat Object is locked skipped

    C:\Program Files\Compaq Connections\1940576\Users\Default\Data\chandir.idx Object is locked skipped

    C:\Program Files\Compaq Connections\1940576\Users\Default\Data\chn.dat Object is locked skipped

    C:\Program Files\Compaq Connections\1940576\Users\Default\Data\chn.idx Object is locked skipped

    C:\Program Files\Compaq Connections\1940576\Users\Default\Data\D0000000.FCS Object is locked skipped

    C:\Program Files\Compaq Connections\1940576\Users\Default\Data\inuse.txt Object is locked skipped

    C:\Program Files\Compaq Connections\1940576\Users\Default\Data\L0000002.FCS Object is locked skipped

    C:\Program Files\Compaq Connections\1940576\Users\Default\Data\main.log Object is locked skipped

    C:\Program Files\Compaq Connections\1940576\Users\Default\Data\prs.dat Object is locked skipped

    C:\Program Files\Compaq Connections\1940576\Users\Default\Data\prs.idx Object is locked skipped

    C:\Program Files\Compaq Connections\1940576\Users\Default\Data\prs_die.dat Object is locked skipped

    C:\Program Files\Compaq Connections\1940576\Users\Default\Data\prs_die.idx Object is locked skipped

    C:\Program Files\Compaq Connections\1940576\Users\Default\Data\prs_dnd.dat Object is locked skipped

    C:\Program Files\Compaq Connections\1940576\Users\Default\Data\prs_dnd.idx Object is locked skipped

    C:\Program Files\Compaq Connections\1940576\Users\Default\Data\prs_ext.dat Object is locked skipped

    C:\Program Files\Compaq Connections\1940576\Users\Default\Data\prs_ext.idx Object is locked skipped

    C:\Program Files\Compaq Connections\1940576\Users\Default\Data\prs_rcv.dat Object is locked skipped

    C:\Program Files\Compaq Connections\1940576\Users\Default\Data\prs_rcv.idx Object is locked skipped

    C:\Program Files\Compaq Connections\1940576\Users\Default\Data\storydb.dat Object is locked skipped

    C:\Program Files\Compaq Connections\1940576\Users\Default\Data\storydb.idx Object is locked skipped

    C:\Program Files\Kodak\Kodak EasyShare software\Catalog\EasyShare.me Object is locked skipped

    C:\Program Files\Kodak\Kodak EasyShare software\Catalog\EasyShare.mm Object is locked skipped

    C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\BWKDLogs\BWTargetInf.log Object is locked skipped

    C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\chandir.dat Object is locked skipped

    C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\chandir.idx Object is locked skipped

    C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\chn.dat Object is locked skipped

    C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\chn.idx Object is locked skipped

    C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\D0000000.FCS Object is locked skipped

    C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\inuse.txt Object is locked skipped

    C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\L0000011.FCS Object is locked skipped

    C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\main.log Object is locked skipped

    C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs.dat Object is locked skipped

    C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs.idx Object is locked skipped

    C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_die.dat Object is locked skipped

    C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_die.idx Object is locked skipped

    C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_dnd.dat Object is locked skipped

    C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_dnd.idx Object is locked skipped

    C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_ext.dat Object is locked skipped

    C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_ext.idx Object is locked skipped

    C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_rcv.dat Object is locked skipped

    C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_rcv.idx Object is locked skipped

    C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\storydb.dat Object is locked skipped

    C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\storydb.idx Object is locked skipped

    C:\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll Infected: not-a-virus:AdWare.Win32.MyWebSearch.i skipped

    C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

    C:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP293\A0042839.exe/clientax.dll Infected: not-a-virus:AdWare.Win32.180Solutions.ao skipped

    C:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP293\A0042839.exe CAB: infected - 1 skipped

    C:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP293\A0042841.exe/WISE0023.BIN/clientax.dll Infected: not-a-virus:AdWare.Win32.180Solutions.ao skipped

    C:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP293\A0042841.exe/WISE0023.BIN Infected: not-a-virus:AdWare.Win32.180Solutions.ao skipped

    C:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP293\A0042841.exe WiseSFX: infected - 2 skipped

    C:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP293\A0042841.exe WiseSFX Dropper: infected - 2 skipped

    C:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP304\A0046111.exe/mwsSetup.CommonCodebase.exe Infected: not-a-virus:AdWare.Win32.MyWebSearch.as skipped

    C:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP304\A0046111.exe CAB: infected - 1 skipped

    C:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP308\A0047516.exe/mwsSetup.CommonCodebase.exe Infected: not-a-virus:AdWare.Win32.MyWebSearch.as skipped

    C:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP308\A0047516.exe CAB: infected - 1 skipped

    C:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP313\A0048550.scr Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped

    C:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP313\A0048551.EXE Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped

    C:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP313\A0048552.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped

    C:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP313\A0048553.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.ab skipped

    C:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP313\A0048554.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped

    C:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP313\A0048555.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.w skipped

    C:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP313\A0048556.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.an skipped

    C:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP313\A0048558.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.al skipped

    C:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP313\A0048559.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped

    C:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP313\A0048560.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.af skipped

    C:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP313\A0048562.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.an skipped

    C:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP313\A0048563.SCR Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped

    C:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP313\A0048564.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped

    C:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP313\A0048565.EXE Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped

    C:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP313\A0048566.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.an skipped

    C:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP313\A0048567.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.aq skipped

    C:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP313\A0048568.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped

    C:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP313\A0048570.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.w skipped

    C:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP313\A0048571.DLL Infected: not-a-virus:AdWare.Win32.IWon.a skipped

    C:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP313\A0048573.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped

    C:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP313\A0048574.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.as skipped

    C:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP313\A0048575.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.ad skipped

    C:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP313\A0048577.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.i skipped

    C:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP313\A0048590.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.aq skipped

    C:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP313\A0048591.dll Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped

    C:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP313\A0048592.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped

    C:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP313\A0048593.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.v skipped

    C:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP313\A0048594.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.an skipped

    C:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP313\A0048595.EXE Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped

    C:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP313\A0048596.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.ab skipped

    C:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP313\A0048597.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped

    C:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP313\A0048620.dll Infected: not-a-virus:AdWare.Win32.MyWebSearch.an skipped

    C:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP313\A0048627.exe Infected: Trojan-Downloader.Win32.VB.ajp skipped

    C:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP324\A0050438.exe Infected: not-virus:Hoax.Win32.Renos.eh skipped

    C:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP324\change.log Object is locked skipped

    C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

    C:\WINDOWS\SchedLgU.Txt Object is locked skipped

    C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

    C:\WINDOWS\Sti_Trace.log Object is locked skipped

    C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

    C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

    C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

    C:\WINDOWS\system32\config\default Object is locked skipped

    C:\WINDOWS\system32\config\default.LOG Object is locked skipped

    C:\WINDOWS\system32\config\SAM Object is locked skipped

    C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

    C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

    C:\WINDOWS\system32\config\SECURITY Object is locked skipped

    C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

    C:\WINDOWS\system32\config\software Object is locked skipped

    C:\WINDOWS\system32\config\software.LOG Object is locked skipped

    C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

    C:\WINDOWS\system32\config\system Object is locked skipped

    C:\WINDOWS\system32\config\system.LOG Object is locked skipped

    C:\WINDOWS\system32\h323log.txt Object is locked skipped

    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

    C:\WINDOWS\wiadebug.log Object is locked skipped

    C:\WINDOWS\wiaservc.log Object is locked skipped

    C:\WINDOWS\WindowsUpdate.log Object is locked skipped

    Scan process completed.
     
  14. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    112,060
    I see Smitfraudfix is downloaded to your desktop. What happens when you try to unzip it? Do you get an error message or does your anti-virus program pop up an alert? It's possible Trend may have deleted one of the core files.
     
  15. kaycee72

    kaycee72 Thread Starter

    Joined:
    Aug 5, 2006
    Messages:
    11
    Hi,

    When I open SmitfraudFix this is the message that I get:

    SmitFraudFix v2.81

    Fichier Process.exe absent !
    Dezippez la totalité de l'archive dans un dossier.

    Process.exe file missing !
    Unzip all the archive in a folder.

    Press any key to continue . . .

    this is when I open the SmitFraudFix.cmd file.

    I hope this helps.
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/490102

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice