Help with Hijack This Log

Discussion in 'Computer Support' started by mjryan@firstinsurancefunding.com, Aug 24, 2005.

  1. Guest

    My friends computer has been rendered useless by spyware and other
    junk. It has gotten so bad that she can not even boot her XP machine in
    normal mode. I booted it up in safe mode and ran hijack this. Can
    someone look at the log file and see if you can spot anything that
    should be removed. Thanks.

    Logfile of HijackThis v1.99.1
    Scan saved at 7:03:03 PM, on 8/22/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\Explorer.exe
    C:\DOCUME~1\ADMINI~1.000\LOCALS~1\Temp\Temporary Directory 1 for
    hijackthis.zip\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
    about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    http://us9.hpwis.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    about:blank
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
    Settings,ProxyOverride = localhost
    R3 - Default URLSearchHook is missing
    F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
    C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital
    Imaging\\Unload\hpqcmon.exe
    O4 - HKLM\..\Run: [HPHUPD05] c:\Program
    Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
    O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
    Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [AutoTKit] C:\hp\bin\AUTOTKIT.EXE
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
    C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
    O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card
    Reader\shwicon2k.exe
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility]
    C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
    O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH
    Jukebox\mmtask.exe
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [Windows Media Player] MediaPIayer.exe
    O4 - HKLM\..\Run: [2zm] C:\documents and settings\owner\local
    settings\temp\2zm.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
    O4 - HKLM\..\Run: [HE] C:\documents and settings\owner\local
    settings\temp\HE.exe
    O4 - HKLM\..\Run: [SyAL] C:\documents and settings\owner\local
    settings\temp\SyAL.exe
    O4 - HKLM\..\Run: [anJXbHi] C:\documents and settings\owner\local
    settings\temp\anJXbHi.exe
    O4 - HKLM\..\Run: [zzzHPSETUP] F:\Setup.exe \RESET
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software
    Update\HPWuSchd2.exe"
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program
    Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [0nt] C:\documents and settings\owner\local
    settings\temp\0nt.exe
    O4 - HKLM\..\Run: [9yEl] C:\documents and settings\owner\local
    settings\temp\9yEl.exe
    O4 - HKLM\..\Run: [Yx] C:\documents and settings\owner\local
    settings\temp\Yx.exe
    O4 - HKLM\..\Run: [o0zEGl] C:\documents and settings\owner\local
    settings\temp\o0zEGl.exe
    O4 - HKLM\..\Run: [zUkpoi5] C:\documents and settings\owner\local
    settings\temp\zUkpoi5.exe
    O4 - HKLM\..\Run: [xaKi7Ry] C:\documents and settings\owner\local
    settings\temp\xaKi7Ry.exe
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common
    Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor]
    C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
    Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program
    Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [checkrun] C:\windows\system32\elitegdz32.exe
    O4 - HKLM\..\Run: [exp] C:\WINDOWS\system32\exp
    O4 - HKLM\..\Run: [cfgmgr52] RunDLL32.EXE
    C:\WINDOWS\cfgmgr52.dll,DllRun
    O4 - HKLM\..\Run: [AUNPS2] RUNDLL32 AUNPS2.DLL,_Run@16
    O4 - HKLM\..\Run: [A70F6A1D-0195-42a2-934C-D8AC0F7C08EB] rundll32.exe
    E6F1873B.DLL,D9EBC318C
    O4 - HKLM\..\Run: [dfef79cb44d3] C:\WINDOWS\system32\cards169.exe
    O4 - HKLM\..\Run: [System service62] C:\WINDOWS\etb\pokapoka63.exe
    O4 - HKLM\..\Run: [uFmV3tT] hpvntfy.exe
    O4 - HKLM\..\Run: [sp2update] C:\windows\sp2update.exe
    O4 - HKLM\..\Run: [vidctrl] C:\WINDOWS\system32\vidctrl\vidctrl.exe
    O4 - HKLM\..\Run: [NI.UWFX5LP_0001_0803] "C:\WINDOWS\Downloaded Program
    Files\UWFX5LP_0001_0803NetInstaller.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
    Shared\ccApp.exe"
    O4 - HKLM\..\Run: [winsync] C:\WINDOWS\system32\kpksps.exe reg_run
    O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    O4 - HKLM\..\Run: [System service63] C:\WINDOWS\etb\pokapoka63.exe
    O4 - HKLM\..\Run: [ssjvfwu] C:\WINDOWS\system32\jmibhw.exe r
    O4 - HKLM\..\RunServices: [Windows Media Player] MediaPIayer.exe
    O4 - HKCU\..\Run: [BackupNotify] c:\Program
    Files\Hewlett-Packard\Digital Imaging\bin\backupnotify.exe
    O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
    O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
    O4 - Startup: AutoTBar.exe
    O4 - Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe
    O4 - Startup: spamsubtract.lnk = C:\Program
    Files\interMute\SpamSubtract\SpamSubtract.exe
    O4 - Global Startup: dadi.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program
    Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates
    from HP\137903\Program\BackWeb-137903.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
    C:\WINDOWS\System32\msjava.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console -
    {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} -
    C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger -
    {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program
    Files\Yahoo!\Messenger\yhexbmes0521.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
    C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} -
    C:\Program Files\AIM\aim.exe
    O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} -
    C:\Program Files\Microsoft Money\System\mnyside.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
    C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger -
    {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
    Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine
    Advantage Validation Tool) -
    http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {4208FB4D-4E53-4F5A-BF7A-3E047DDB5281} (ActiveX Control) -
    http://www.icannnews.com/app/ST/ActiveX.ocx
    O16 - DPF: {4EC8E993-32C1-47F5-A07A-5B0574655AD4} (WXcom Class) -
    http://us.dl1.yimg.com/download.yahoo.com/dl/controls/ysftcntr/ysftcntr_current.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class)
    -
    http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1096838000857
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class)
    -
    http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1123255882328
    O16 - DPF: {6FDB0065-2787-11D6-B1D8-0001023916FC} (CLOActiveXInstaller
    Control) - http://www.igl.net/clo/install/CLOActiveXInstallerProj1.cab
    O16 - DPF: {972BB342-14A7-4660-83C1-51DDBEE171DB} -
    http://www.pacimedia.com/install/pcs_0023.exe
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) -
    http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
    O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX
    Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
    O18 - Filter: text/html - {8293D547-38DD-4325-B35A-F1817EDFA5FC} -
    C:\Program Files\Cas\Client\casmf.dll
    O20 - Winlogon Notify: SideBySide - C:\WINDOWS\system32\aticap32.dll
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation
    - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation
    - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec
    Corporation - C:\Program Files\Common Files\Symantec
    Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec
    Corporation - C:\Program Files\Common Files\Symantec
    Shared\ccSetMgr.exe
    O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. -
    C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program
    Files\Norton Internet Security\ISSVC.exe
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) -
    Symantec Corporation - C:\Program Files\Norton Internet Security\Norton
    AntiVirus\navapsvc.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA
    Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton
    Internet Security\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec
    Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec
    Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation -
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program
    Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    , Aug 24, 2005
    #1
    1. Advertising

  2. Guest

    wrote:

    |>My friends computer has been rendered useless by spyware and other
    |>junk. It has gotten so bad that she can not even boot her XP machine in
    |>normal mode. I booted it up in safe mode and ran hijack this. Can
    |>someone look at the log file and see if you can spot anything that
    |>should be removed. Thanks.

    |>F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe

    Friends got nail - a bad one

    If you wait a bit it's likely pcbutts1 will give detail'd instructions
    for it's removal.

    --

    http://www.albinoblacksheep.com/flash/bunny.php
    , Aug 24, 2005
    #2
    1. Advertising

  3. pcbutts1 Guest

    Follow the instructions below, when finished post another hjt log.
    Please download ewido security suite it is a free version of the program.
    http://www.pcbutts1.com/downloads/ewidosetup.exe
    Install ewido security suite
    When installing, under "Additional Options" uncheck..
    Install background guard
    Install scan via context menu
    Launch ewido, there should be an icon on your desktop, double-click it.
    The program will now open to the main screen.
    When you run ewido for the first time, you will get a warning "Database
    could not be found!". Click OK. We will fix this in a moment.
    You will need to update ewido to the latest definition files.
    On the left hand side of the main screen click update.
    Then click on Start Update.
    The update will start and a progress bar will show the updates being
    installed.
    (the status bar at the bottom will display "Update successful")
    Exit ewido. DO NOT SCAN YET.

    Download CCleaner and install it, but do not run it yet.
    http://www.pcbutts1.com/downloads/ccsetup122.exe

    Please download this file: Revised Installer for the Nailfix Utility
    http://www.pcbutts1.com/downloads/nailfix1.exe
    Save it to your desktop.
    DO NOT RUN IT YET.

    Next configure Windows to show all files

    Do one of the following:
    In Windows XP, on the taskbar, click Start > My Computer.
    In Windows 2000/Me/98, on the Windows desktop, double-click the My Computer
    icon.
    Do one of the following:
    In Windows XP/2000/Me, on the Tools menu, click Folder Options.
    In Windows 98, on the View menu, click Folder Options.
    On the View tab, uncheck Hide file extensions for known file types.
    Do one of the following:
    In Windows XP/2000/Me, uncheck Hide protected operating system files. Then,
    under the "Hidden files" folder, click Show hidden files and folders.
    In Windows 98, in the Advanced Settings box, under the "Hidden files"
    folder, click Show all files.
    If you see a warning message, click Yes.
    Click Apply.
    Click OK.

    Next, please reboot your computer in SafeMode by doing the following:
    Restart your computer.After hearing your computer beep once during startup,
    but before the Windows icon appears, press F8.Instead of Windows loading as
    normal, a menu should appear
    Select the first option, to run Windows in Safe Mode.
    Once in Safe Mode, please double-click on nailfix.exe.
    Click "Next" in the setup
    Make sure "Run Nailfix" is checked and click "Finish".
    Your desktop and icons will disappear and reappear, and a window should open
    and close very quickly --- this is normal.

    Now open ewido and do a scan of your system.
    Click on scanner
    Click on Complete System Scan and the scan will begin.
    NOTE: During some scans with ewido it is finding cases of false positives.**
    You will need to step through the process of cleaning files one-by-one.
    If ewido detects a file you KNOW to be legitimate, select none as the
    action.
    DO NOT select "Perform action on all infections"
    If you are unsure of any entry found select none for now as the action.
    Once the scan has completed, there will be a button located on the bottom of
    the screen named Save report
    Click Save report.
    Save the report .txt file to your desktop or a location where you can find
    it easily.
    **(Ewido for example has been flagging parts of AVG Anti-Virus, pcAnywhere
    and the game "Risk")

    Download HijackThis http://www.pcbutts1.com/downloads/HijackThis.zip
    Now run HijackThis, click Scan, and place a checkmark next to each of the
    following items:

    F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe

    Close all open windows except for HJT, then click the Fix Checked button.
    Close HJT.

    Locate and delete the following File
    C:\WINDOWS\Nail.exe
    For Windows NT or 2000 it would be
    C:\winnt\Nail.exe

    Now run CCleaner
    Uncheck "Cookies" under "Internet Explorer".
    If running Firefox: click on the "Applications" tab and uncheck "Cookies"
    under "Firefox".
    Click on Run Cleaner in the lower right-hand corner. This can take quite a
    while to run.

    Finally, restart your computer in normal mode and please post a new
    HijackThis log, as well as the report log from the Ewido scan by using Add
    Reply.

    If IE is not working, the links I gave you are direct download links and
    should work. If they don't then paste them into another browser or explorer
    window. If you have no other browser then email me with a valid email
    address and I will send you one. We will fix IE after all the spyware is
    gone.



    --


    The best live web video on the internet http://www.seedsv.com/webdemo.htm
    NEW Embedded system W/Linux. We now sell DVR cards.
    See it all at http://www.seedsv.com/products.htm
    Sharpvision simply the best http://www.seedsv.com



    <> wrote in message
    news:...
    > My friends computer has been rendered useless by spyware and other
    > junk. It has gotten so bad that she can not even boot her XP machine in
    > normal mode. I booted it up in safe mode and ran hijack this. Can
    > someone look at the log file and see if you can spot anything that
    > should be removed. Thanks.
    >
    > Logfile of HijackThis v1.99.1
    > Scan saved at 7:03:03 PM, on 8/22/2005
    > Platform: Windows XP SP2 (WinNT 5.01.2600)
    > MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    >
    pcbutts1, Aug 24, 2005
    #3
  4. 7 Guest

    wrote:

    > My friends computer has been rendered useless by spyware and other
    > junk. It has gotten so bad that she can not even boot her XP machine in



    You just get drawn into it deeper and deeper until you re-install.
    Instead of all the hassle, try liveCDs http://www.livecdlist.com/
    LiveCDs like Mepis, knoppix, DSL, Kanotix are all free and allow you
    to boot up and surf without all that hard work involved in fixing
    your PC which is only gonna get broken a few minutes later.
    And if you start learning how it all works, then you
    can install to hard disk, and then you can have dual boot.
    7, Aug 24, 2005
    #4
  5. pcbutts1 Guest

    7, do you want gay sex again?


    --

    "Instead of trying to bash me you should try to learn from me and
    archive my posts so you can better help people in the future. If you don't
    understand something I post then ask me my email is valid."

    -
    -




    7 wrote:
    > wrote:
    >
    >> My friends computer has been rendered useless by spyware and other
    >> junk. It has gotten so bad that she can not even boot her XP machine
    >> in

    >
    >
    > You just get drawn into it deeper and deeper until you re-install.
    > Instead of all the hassle, try liveCDs http://www.livecdlist.com/
    > LiveCDs like Mepis, knoppix, DSL, Kanotix are all free and allow you
    > to boot up and surf without all that hard work involved in fixing
    > your PC which is only gonna get broken a few minutes later.
    > And if you start learning how it all works, then you
    > can install to hard disk, and then you can have dual boot.


    --
    pcbutts1, Aug 24, 2005
    #5
  6. Rebecca Guest

    wrote:
    > wrote:
    >
    >>> My friends computer has been rendered useless by spyware and other
    >>> junk. It has gotten so bad that she can not even boot her XP
    >>> machine in normal mode. I booted it up in safe mode and ran hijack
    >>> this. Can someone look at the log file and see if you can spot
    >>> anything that should be removed. Thanks.

    >
    >>> F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe

    >
    > Friends got nail - a bad one


    http://netrn.net/spywareblog/archives/2005/05/10/got-aurora-nailexe/

    >
    > If you wait a bit it's likely pcbutts1 will give detail'd instructions
    > for it's removal.


    **** the butthead, do it yourself.

    --
    Rebecca, Aug 24, 2005
    #6
  7. pcbutts1 Guest

    You posted a link to a site that uses my fix instructions thank you very
    much Rebitcha.

    --


    The best live web video on the internet http://www.seedsv.com/webdemo.htm
    NEW Embedded system W/Linux. We now sell DVR cards.
    See it all at http://www.seedsv.com/products.htm
    Sharpvision simply the best http://www.seedsv.com



    "Rebecca" <> wrote in message
    news:dejt4h.3so.1@133.256.1.103.MISMATCH...
    > wrote:
    >> wrote:
    >>
    >>>> My friends computer has been rendered useless by spyware and other
    >>>> junk. It has gotten so bad that she can not even boot her XP
    >>>> machine in normal mode. I booted it up in safe mode and ran hijack
    >>>> this. Can someone look at the log file and see if you can spot
    >>>> anything that should be removed. Thanks.

    >>
    >>>> F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe

    >>
    >> Friends got nail - a bad one

    >
    > http://netrn.net/spywareblog/archives/2005/05/10/got-aurora-nailexe/
    >
    >>
    >> If you wait a bit it's likely pcbutts1 will give detail'd instructions
    >> for it's removal.

    >
    > **** the butthead, do it yourself.
    >
    > --
    >
    >
    pcbutts1, Aug 24, 2005
    #7
  8. PC Guest

    <> wrote in message
    news:...
    > My friends computer has been rendered useless by spyware and other
    > junk. It has gotten so bad that she can not even boot her XP machine in
    > normal mode. I booted it up in safe mode and ran hijack this. Can
    > someone look at the log file and see if you can spot anything that
    > should be removed. Thanks.
    >

    big snip
    >



    PCbutts1 has given you some excellent advice to counter the 'spyware'
    affecting your friends PC.

    However may I suggest the alternative option of using the recovery disk and
    starting afresh.
    (it is an HP isn't it?)

    Reasoning is:
    1 If the PC is that badly affected it is going to take a lot of work to get
    it right, meaning hours and possibly days.
    2 Even if you do 'clean it out' the PC is still likely to be 'tender' (think
    of a rebuilt car after a bad smash)
    3 Restoring from the recovery disks is usually under an hour and fairly
    automated.
    4 You are able to boot to Safe mode to rescue any data.

    I would suggest trying PCbutts1 techniques for (say) half an hour, if you
    haven't 'nailed it' (pun intended) in that time you are heading for a long
    session.

    Cheers
    Paul.
    PC, Aug 25, 2005
    #8
  9. Guest

    PCBUTTS,
    I tried your solutions and this is where we are. See below:

    Hi Mike,

    Where to begin...

    Okay, so I ran Lavasoft which really didn't find anything. Then I ran
    Spybot which found and 'fixed' 2 more, "CallingHome.biz" and
    Adware.zioCom.B".

    Then I rebooted the machine normally and the desktop icons actually
    appeared!!!, and then a bunch of errors:

    3 RUNDLL errors in loading programs:

    E6F18738.DLL
    c:\windows\cfgmgr52.dll
    AUNPS2.DLL

    Then the following programs had errors and needed to close:

    cards169.exe
    winlogon.exe
    Internet Explorer

    In the meanitme, Ewido found 4 more problems and "blocked" them.

    Then I got a message about the System Configuration Utility which said
    I made changes to the way windows starts. Currently in Diagnostic or
    Selective Startup. Choose normal start up to undo changes in the
    system configuration utility. Should I do that?

    Now, new windows keeping popping up and freezing the machine.

    Just re-ran Spybot and it found 8 problems including AbetterInternet
    and Tango.

    Hmm...

    Here are the log files:

    Logfile of HijackThis v1.99.1
    Scan saved at 11:28:42 AM, on 8/27/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\explorer.exe
    C:\DOCUME~1\ADMINI~1.000\LOCALS~1\Temp\Temporary Directory 1 for
    hijackthis.zip\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
    about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    http://us9.hpwis.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    about:blank
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
    Settings,ProxyOverride = localhost
    R3 - Default URLSearchHook is missing
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
    C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital
    Imaging\\Unload\hpqcmon.exe
    O4 - HKLM\..\Run: [HPHUPD05] c:\Program
    Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
    O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
    Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [AutoTKit] C:\hp\bin\AUTOTKIT.EXE
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
    C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
    O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card
    Reader\shwicon2k.exe
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility]
    C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
    O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH
    Jukebox\mmtask.exe
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [Windows Media Player] MediaPIayer.exe
    O4 - HKLM\..\Run: [2zm] C:\documents and settings\owner\local
    settings\temp\2zm.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
    O4 - HKLM\..\Run: [HE] C:\documents and settings\owner\local
    settings\temp\HE.exe
    O4 - HKLM\..\Run: [SyAL] C:\documents and settings\owner\local
    settings\temp\SyAL.exe
    O4 - HKLM\..\Run: [anJXbHi] C:\documents and settings\owner\local
    settings\temp\anJXbHi.exe
    O4 - HKLM\..\Run: [zzzHPSETUP] F:\Setup.exe \RESET
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software
    Update\HPWuSchd2.exe"
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program
    Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [0nt] C:\documents and settings\owner\local
    settings\temp\0nt.exe
    O4 - HKLM\..\Run: [9yEl] C:\documents and settings\owner\local
    settings\temp\9yEl.exe
    O4 - HKLM\..\Run: [Yx] C:\documents and settings\owner\local
    settings\temp\Yx.exe
    O4 - HKLM\..\Run: [o0zEGl] C:\documents and settings\owner\local
    settings\temp\o0zEGl.exe
    O4 - HKLM\..\Run: [zUkpoi5] C:\documents and settings\owner\local
    settings\temp\zUkpoi5.exe
    O4 - HKLM\..\Run: [xaKi7Ry] C:\documents and settings\owner\local
    settings\temp\xaKi7Ry.exe
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common
    Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor]
    C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
    Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program
    Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [checkrun] C:\windows\system32\elitegdz32.exe
    O4 - HKLM\..\Run: [exp] C:\WINDOWS\system32\exp
    O4 - HKLM\..\Run: [cfgmgr52] RunDLL32.EXE
    C:\WINDOWS\cfgmgr52.dll,DllRun
    O4 - HKLM\..\Run: [AUNPS2] RUNDLL32 AUNPS2.DLL,_Run@16
    O4 - HKLM\..\Run: [A70F6A1D-0195-42a2-934C-D8AC0F7C08EB] rundll32.exe
    E6F1873B.DLL,D9EBC318C
    O4 - HKLM\..\Run: [dfef79cb44d3] C:\WINDOWS\system32\cards169.exe
    O4 - HKLM\..\Run: [System service62] C:\WINDOWS\etb\pokapoka63.exe
    O4 - HKLM\..\Run: [uFmV3tT] hpvntfy.exe
    O4 - HKLM\..\Run: [sp2update] C:\windows\sp2update.exe
    O4 - HKLM\..\Run: [vidctrl] C:\WINDOWS\system32\vidctrl\vidctrl.exe
    O4 - HKLM\..\Run: [NI.UWFX5LP_0001_0803] "C:\WINDOWS\Downloaded Program
    Files\UWFX5LP_0001_0803NetInstaller.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
    Shared\ccApp.exe"
    O4 - HKLM\..\Run: [winsync] C:\WINDOWS\system32\kpksps.exe reg_run
    O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    O4 - HKLM\..\Run: [System service63] C:\WINDOWS\etb\pokapoka63.exe
    O4 - HKLM\..\Run: [ssjvfwu] C:\WINDOWS\system32\jmibhw.exe r
    O4 - HKLM\..\Run: [MSConfig]
    C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O4 - HKLM\..\Run: [wmgmin] C:\WINDOWS\system32\w130713.Stub.EXE
    O4 - HKLM\..\RunServices: [Windows Media Player] MediaPIayer.exe
    O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
    O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
    O4 - Startup: AutoTBar.exe
    O4 - Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe
    O4 - Startup: spamsubtract.lnk = C:\Program
    Files\interMute\SpamSubtract\SpamSubtract.exe
    O4 - Global Startup: dadi.exe
    O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates
    from HP\137903\Program\BackWeb-137903.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
    C:\WINDOWS\System32\msjava.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console -
    {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} -
    C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger -
    {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program
    Files\Yahoo!\Messenger\yhexbmes0521.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
    C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} -
    C:\Program Files\AIM\aim.exe
    O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} -
    C:\Program Files\Microsoft Money\System\mnyside.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
    C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger -
    {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
    Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine
    Advantage Validation Tool) -
    http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {4208FB4D-4E53-4F5A-BF7A-3E047DDB5281} (ActiveX Control) -
    http://www.icannnews.com/app/ST/ActiveX.ocx
    O16 - DPF: {4EC8E993-32C1-47F5-A07A-5B0574655AD4} (WXcom Class) -
    http://us.dl1.yimg.com/download.yahoo.com/dl/controls/ysftcntr/ysftcntr_current.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class)
    -
    http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1096838000857
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class)
    -
    http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1123255882328
    O16 - DPF: {6FDB0065-2787-11D6-B1D8-0001023916FC} (CLOActiveXInstaller
    Control) - http://www.igl.net/clo/install/CLOActiveXInstallerProj1.cab
    O16 - DPF: {972BB342-14A7-4660-83C1-51DDBEE171DB} -
    http://www.pacimedia.com/install/pcs_0023.exe
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) -
    http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
    O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX
    Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
    O18 - Filter: text/html - {8293D547-38DD-4325-B35A-F1817EDFA5FC} -
    C:\Program Files\Cas\Client\casmf.dll
    O20 - Winlogon Notify: StillImage - C:\WINDOWS\system32\aticap32.dll
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation
    - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation
    - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec
    Corporation - C:\Program Files\Common Files\Symantec
    Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec
    Corporation - C:\Program Files\Common Files\Symantec
    Shared\ccSetMgr.exe
    O23 - Service: ewido security suite control - ewido networks -
    C:\Program Files\ewido\security suite\ewidoctrl.exe
    O23 - Service: ewido security suite guard - ewido networks - C:\Program
    Files\ewido\security suite\ewidoguard.exe
    O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. -
    C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program
    Files\Norton Internet Security\ISSVC.exe
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) -
    Symantec Corporation - C:\Program Files\Norton Internet Security\Norton
    AntiVirus\navapsvc.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA
    Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton
    Internet Security\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec
    Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec
    Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation -
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program
    Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

    I am trying to get a copy of the ewido logs and will post when I get
    it. Please advise thanks.
    , Aug 27, 2005
    #9
  10. Guest

    I have also tried to run the A better Internet fix from Symantec. It
    said that it did not find anything.
    , Aug 27, 2005
    #10
  11. pcbutts1 Guest

    Nail is gone but it does not look like you ran Crap cleaner. Have hijackthis
    fix the following lines then run Crap Cleaner before you reboot.

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
    about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    http://us9.hpwis.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    about:blank
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
    Settings,ProxyOverride = localhost
    R3 - Default URLSearchHook is missing
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [Windows Media Player] MediaPIayer.exe
    O4 - HKLM\..\Run: [2zm] C:\documents and settings\owner\local
    settings\temp\2zm.exe
    O4 - HKLM\..\Run: [HE] C:\documents and settings\owner\local
    settings\temp\HE.exe
    O4 - HKLM\..\Run: [SyAL] C:\documents and settings\owner\local
    settings\temp\SyAL.exe
    O4 - HKLM\..\Run: [anJXbHi] C:\documents and settings\owner\local
    settings\temp\anJXbHi.exe
    O4 - HKLM\..\Run: [zzzHPSETUP] F:\Setup.exe \RESET
    O4 - HKLM\..\Run: [0nt] C:\documents and settings\owner\local
    settings\temp\0nt.exe
    O4 - HKLM\..\Run: [9yEl] C:\documents and settings\owner\local
    settings\temp\9yEl.exe
    O4 - HKLM\..\Run: [Yx] C:\documents and settings\owner\local
    settings\temp\Yx.exe
    O4 - HKLM\..\Run: [o0zEGl] C:\documents and settings\owner\local
    settings\temp\o0zEGl.exe
    O4 - HKLM\..\Run: [zUkpoi5] C:\documents and settings\owner\local
    settings\temp\zUkpoi5.exe
    O4 - HKLM\..\Run: [xaKi7Ry] C:\documents and settings\owner\local
    settings\temp\xaKi7Ry.exe
    O4 - HKLM\..\Run: [checkrun] C:\windows\system32\elitegdz32.exe
    O4 - HKLM\..\Run: [exp] C:\WINDOWS\system32\exp
    O4 - HKLM\..\Run: [cfgmgr52] RunDLL32.EXE
    C:\WINDOWS\cfgmgr52.dll,DllRun
    O4 - HKLM\..\Run: [AUNPS2] RUNDLL32 AUNPS2.DLL,_Run@16
    O4 - HKLM\..\Run: [A70F6A1D-0195-42a2-934C-D8AC0F7C08EB] rundll32.exe
    E6F1873B.DLL,D9EBC318C
    O4 - HKLM\..\Run: [dfef79cb44d3] C:\WINDOWS\system32\cards169.exe
    O4 - HKLM\..\Run: [System service62] C:\WINDOWS\etb\pokapoka63.exe
    O4 - HKLM\..\Run: [uFmV3tT] hpvntfy.exe
    O4 - HKLM\..\Run: [sp2update] C:\windows\sp2update.exe
    O4 - HKLM\..\Run: [vidctrl] C:\WINDOWS\system32\vidctrl\vidctrl.exe
    O4 - HKLM\..\Run: [NI.UWFX5LP_0001_0803] "C:\WINDOWS\Downloaded Program
    Files\UWFX5LP_0001_0803NetInstaller.exe"
    O4 - HKLM\..\Run: [winsync] C:\WINDOWS\system32\kpksps.exe reg_run
    O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    O4 - HKLM\..\Run: [System service63] C:\WINDOWS\etb\pokapoka63.exe
    O4 - HKLM\..\Run: [ssjvfwu] C:\WINDOWS\system32\jmibhw.exe r
    O4 - HKLM\..\Run: [MSConfig]
    C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O4 - HKLM\..\Run: [wmgmin] C:\WINDOWS\system32\w130713.Stub.EXE
    O4 - HKLM\..\RunServices: [Windows Media Player] MediaPIayer.exe
    O4 - Startup: spamsubtract.lnk = C:\Program
    Files\interMute\SpamSubtract\SpamSubtract.exe
    O4 - Global Startup: dadi.exe

    O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine
    Advantage Validation Tool) -
    http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {4208FB4D-4E53-4F5A-BF7A-3E047DDB5281} (ActiveX Control) -
    http://www.icannnews.com/app/ST/ActiveX.ocx
    O16 - DPF: {4EC8E993-32C1-47F5-A07A-5B0574655AD4} (WXcom Class) -
    O16 - DPF: {6FDB0065-2787-11D6-B1D8-0001023916FC} (CLOActiveXInstaller
    Control) - http://www.igl.net/clo/install/CLOActiveXInstallerProj1.cab
    O16 - DPF: {972BB342-14A7-4660-83C1-51DDBEE171DB} -
    http://www.pacimedia.com/install/pcs_0023.exe
    O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX
    Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab

    Post another hjt log and make sure you run Crap Cleaner, most of that stuff
    is loading from your temp files.
    http://www.pcbutts1.com/downloads/ccsetup122.exe

    --


    The best live web video on the internet http://www.seedsv.com/webdemo.htm
    NEW Embedded system W/Linux. We now sell DVR cards.
    See it all at http://www.seedsv.com/products.htm
    Sharpvision simply the best http://www.seedsv.com



    <> wrote in message
    news:...
    > PCBUTTS,
    > I tried your solutions and this is where we are. See below:
    >
    > Hi Mike,
    >
    > Where to begin...
    >
    > Okay, so I ran Lavasoft which really didn't find anything. Then I ran
    > Spybot which found and 'fixed' 2 more, "CallingHome.biz" and
    > Adware.zioCom.B".
    >
    > Then I rebooted the machine normally and the desktop icons actually
    > appeared!!!, and then a bunch of errors:
    >
    > 3 RUNDLL errors in loading programs:
    >
    > E6F18738.DLL
    > c:\windows\cfgmgr52.dll
    > AUNPS2.DLL
    >
    > Then the following programs had errors and needed to close:
    >
    > cards169.exe
    > winlogon.exe
    > Internet Explorer
    >
    > In the meanitme, Ewido found 4 more problems and "blocked" them.
    >
    > Then I got a message about the System Configuration Utility which said
    > I made changes to the way windows starts. Currently in Diagnostic or
    > Selective Startup. Choose normal start up to undo changes in the
    > system configuration utility. Should I do that?
    >
    > Now, new windows keeping popping up and freezing the machine.
    >
    > Just re-ran Spybot and it found 8 problems including AbetterInternet
    > and Tango.
    >
    > Hmm...
    >
    > Here are the log files:
    >
    > Logfile of HijackThis v1.99.1
    > Scan saved at 11:28:42 AM, on 8/27/2005
    > Platform: Windows XP SP2 (WinNT 5.01.2600)
    > MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    >
    > Running processes:
    > C:\WINDOWS\System32\smss.exe
    > C:\WINDOWS\system32\winlogon.exe
    > C:\WINDOWS\system32\services.exe
    > C:\WINDOWS\system32\lsass.exe
    > C:\WINDOWS\system32\svchost.exe
    > C:\WINDOWS\system32\svchost.exe
    > C:\WINDOWS\system32\rundll32.exe
    > C:\WINDOWS\explorer.exe
    > C:\DOCUME~1\ADMINI~1.000\LOCALS~1\Temp\Temporary Directory 1 for
    > hijackthis.zip\HijackThis.exe
    >
    > R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
    > about:blank
    > R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    > http://us9.hpwis.com/
    > R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    > about:blank
    > R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    > about:blank
    > R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
    > Settings,ProxyOverride = localhost
    > R3 - Default URLSearchHook is missing
    > O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
    > C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    > O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    > O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    > O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital
    > Imaging\\Unload\hpqcmon.exe
    > O4 - HKLM\..\Run: [HPHUPD05] c:\Program
    > Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
    > O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
    > O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
    > Files\Real\Update_OB\realsched.exe" -osboot
    > O4 - HKLM\..\Run: [AutoTKit] C:\hp\bin\AUTOTKIT.EXE
    > O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    > O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
    > C:\WINDOWS\System32\NvCpl.dll,NvStartup
    > O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
    > O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card
    > Reader\shwicon2k.exe
    > O4 - HKLM\..\Run: [HPDJ Taskbar Utility]
    > C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
    > O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH
    > Jukebox\mmtask.exe
    > O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    > O4 - HKLM\..\Run: [Windows Media Player] MediaPIayer.exe
    > O4 - HKLM\..\Run: [2zm] C:\documents and settings\owner\local
    > settings\temp\2zm.exe
    > O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    > O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
    > O4 - HKLM\..\Run: [HE] C:\documents and settings\owner\local
    > settings\temp\HE.exe
    > O4 - HKLM\..\Run: [SyAL] C:\documents and settings\owner\local
    > settings\temp\SyAL.exe
    > O4 - HKLM\..\Run: [anJXbHi] C:\documents and settings\owner\local
    > settings\temp\anJXbHi.exe
    > O4 - HKLM\..\Run: [zzzHPSETUP] F:\Setup.exe \RESET
    > O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software
    > Update\HPWuSchd2.exe"
    > O4 - HKLM\..\Run: [HP Component Manager] "C:\Program
    > Files\HP\hpcoretech\hpcmpmgr.exe"
    > O4 - HKLM\..\Run: [0nt] C:\documents and settings\owner\local
    > settings\temp\0nt.exe
    > O4 - HKLM\..\Run: [9yEl] C:\documents and settings\owner\local
    > settings\temp\9yEl.exe
    > O4 - HKLM\..\Run: [Yx] C:\documents and settings\owner\local
    > settings\temp\Yx.exe
    > O4 - HKLM\..\Run: [o0zEGl] C:\documents and settings\owner\local
    > settings\temp\o0zEGl.exe
    > O4 - HKLM\..\Run: [zUkpoi5] C:\documents and settings\owner\local
    > settings\temp\zUkpoi5.exe
    > O4 - HKLM\..\Run: [xaKi7Ry] C:\documents and settings\owner\local
    > settings\temp\xaKi7Ry.exe
    > O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common
    > Files\Sonic\Update Manager\sgtray.exe" /r
    > O4 - HKLM\..\Run: [Symantec NetDriver Monitor]
    > C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    > O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
    > Files\QuickTime\qttask.exe" -atboottime
    > O4 - HKLM\..\Run: [iTunesHelper] "C:\Program
    > Files\iTunes\iTunesHelper.exe"
    > O4 - HKLM\..\Run: [checkrun] C:\windows\system32\elitegdz32.exe
    > O4 - HKLM\..\Run: [exp] C:\WINDOWS\system32\exp
    > O4 - HKLM\..\Run: [cfgmgr52] RunDLL32.EXE
    > C:\WINDOWS\cfgmgr52.dll,DllRun
    > O4 - HKLM\..\Run: [AUNPS2] RUNDLL32 AUNPS2.DLL,_Run@16
    > O4 - HKLM\..\Run: [A70F6A1D-0195-42a2-934C-D8AC0F7C08EB] rundll32.exe
    > E6F1873B.DLL,D9EBC318C
    > O4 - HKLM\..\Run: [dfef79cb44d3] C:\WINDOWS\system32\cards169.exe
    > O4 - HKLM\..\Run: [System service62] C:\WINDOWS\etb\pokapoka63.exe
    > O4 - HKLM\..\Run: [uFmV3tT] hpvntfy.exe
    > O4 - HKLM\..\Run: [sp2update] C:\windows\sp2update.exe
    > O4 - HKLM\..\Run: [vidctrl] C:\WINDOWS\system32\vidctrl\vidctrl.exe
    > O4 - HKLM\..\Run: [NI.UWFX5LP_0001_0803] "C:\WINDOWS\Downloaded Program
    > Files\UWFX5LP_0001_0803NetInstaller.exe"
    > O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
    > Shared\ccApp.exe"
    > O4 - HKLM\..\Run: [winsync] C:\WINDOWS\system32\kpksps.exe reg_run
    > O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    > O4 - HKLM\..\Run: [System service63] C:\WINDOWS\etb\pokapoka63.exe
    > O4 - HKLM\..\Run: [ssjvfwu] C:\WINDOWS\system32\jmibhw.exe r
    > O4 - HKLM\..\Run: [MSConfig]
    > C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    > O4 - HKLM\..\Run: [wmgmin] C:\WINDOWS\system32\w130713.Stub.EXE
    > O4 - HKLM\..\RunServices: [Windows Media Player] MediaPIayer.exe
    > O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
    > O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
    > O4 - Startup: AutoTBar.exe
    > O4 - Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe
    > O4 - Startup: spamsubtract.lnk = C:\Program
    > Files\interMute\SpamSubtract\SpamSubtract.exe
    > O4 - Global Startup: dadi.exe
    > O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates
    > from HP\137903\Program\BackWeb-137903.exe
    > O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
    > C:\WINDOWS\System32\msjava.dll
    > O9 - Extra 'Tools' menuitem: Sun Java Console -
    > {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    > O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} -
    > C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
    > O9 - Extra 'Tools' menuitem: Yahoo! Messenger -
    > {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program
    > Files\Yahoo!\Messenger\yhexbmes0521.dll
    > O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
    > C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    > O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} -
    > C:\Program Files\AIM\aim.exe
    > O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} -
    > C:\Program Files\Microsoft Money\System\mnyside.dll
    > O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
    > C:\Program Files\Messenger\msmsgs.exe
    > O9 - Extra 'Tools' menuitem: Windows Messenger -
    > {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
    > Files\Messenger\msmsgs.exe
    > O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
    > O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine
    > Advantage Validation Tool) -
    > http://go.microsoft.com/fwlink/?linkid=39204
    > O16 - DPF: {4208FB4D-4E53-4F5A-BF7A-3E047DDB5281} (ActiveX Control) -
    > http://www.icannnews.com/app/ST/ActiveX.ocx
    > O16 - DPF: {4EC8E993-32C1-47F5-A07A-5B0574655AD4} (WXcom Class) -
    > http://us.dl1.yimg.com/download.yahoo.com/dl/controls/ysftcntr/ysftcntr_current.cab
    > O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class)
    > -
    > http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1096838000857
    > O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class)
    > -
    > http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1123255882328
    > O16 - DPF: {6FDB0065-2787-11D6-B1D8-0001023916FC} (CLOActiveXInstaller
    > Control) - http://www.igl.net/clo/install/CLOActiveXInstallerProj1.cab
    > O16 - DPF: {972BB342-14A7-4660-83C1-51DDBEE171DB} -
    > http://www.pacimedia.com/install/pcs_0023.exe
    > O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) -
    > http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
    > O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX
    > Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
    > O18 - Filter: text/html - {8293D547-38DD-4325-B35A-F1817EDFA5FC} -
    > C:\Program Files\Cas\Client\casmf.dll
    > O20 - Winlogon Notify: StillImage - C:\WINDOWS\system32\aticap32.dll
    > O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation
    > - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    > O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation
    > - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    > O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec
    > Corporation - C:\Program Files\Common Files\Symantec
    > Shared\ccPwdSvc.exe
    > O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec
    > Corporation - C:\Program Files\Common Files\Symantec
    > Shared\ccSetMgr.exe
    > O23 - Service: ewido security suite control - ewido networks -
    > C:\Program Files\ewido\security suite\ewidoctrl.exe
    > O23 - Service: ewido security suite guard - ewido networks - C:\Program
    > Files\ewido\security suite\ewidoguard.exe
    > O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. -
    > C:\Program Files\iPod\bin\iPodService.exe
    > O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program
    > Files\Norton Internet Security\ISSVC.exe
    > O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) -
    > Symantec Corporation - C:\Program Files\Norton Internet Security\Norton
    > AntiVirus\navapsvc.exe
    > O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA
    > Corporation - C:\WINDOWS\System32\nvsvc32.exe
    > O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton
    > Internet Security\Norton AntiVirus\SAVScan.exe
    > O23 - Service: ScriptBlocking Service (SBService) - Symantec
    > Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    > O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec
    > Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    > O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation -
    > C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    > O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program
    > Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    >
    > I am trying to get a copy of the ewido logs and will post when I get
    > it. Please advise thanks.
    >
    pcbutts1, Aug 27, 2005
    #11
  12. Guest

    Here is the ewido report

    ---------------------------------------------------------
    ewido security suite - Scan report
    ---------------------------------------------------------
    + Created on: 11:14:57 AM, 8/27/2005
    + Report-Checksum: 4E755819
    + Scan result:
    HKLM\SOFTWARE\Classes\CLSID\{9A9C9B69-F908-4AAB-8D0C-10EA8997F37E} ->
    Spyware.NetNucleus : Cleaned with backup
    HKLM\SOFTWARE\Classes\CLSID\{B5AB638F-D76C-415B-A8F2-F3CEAC502212} ->
    Spyware.AproposMedia : Cleaned with backup
    HKLM\SOFTWARE\Classes\CLSID\{BC333116-6EA1-40A1-9D07-ECB192DB8CEA} ->
    Spyware.AproposMedia : Cleaned with backup
    HKLM\SOFTWARE\Classes\Interface\{BC333116-6EA1-40A1-9D07-ECB192DB8CEA}
    -> Spyware.AproposMedia : Cleaned with backup
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins ->
    Spyware.WebRebates : Cleaned with backup
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App
    Management\ARPCache\{8A0DCBDA-6E20-489C-9041-C1E8A0352E75} ->
    Spyware.NetNucleus : Cleaned with backup

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DisplayUtility
    -> Spyware.Delfin : Cleaned with backup
    HKLM\SOFTWARE\motoin -> Spyware.Delfin : Cleaned with backup
    HKLM\SOFTWARE\Mvu -> Spyware.Delfin : Cleaned with backup
    C:\Documents and Settings\Administrator.MAIN\My Documents\Terra'z
    Folder\r3un10n.exe -> TrojanDownloader.Rameh.a : Cleaned with backup
    C:\Documents and Settings\Administrator.MAIN\My Documents\Terra'z
    Folder\r3un10n9.exe -> TrojanDownloader.Rameh.a : Cleaned with backup
    C:\Documents and Settings\Administrator.MAIN.000\My Documents\Terra'z
    Folder\r3un10n.exe -> TrojanDownloader.Rameh.a : Cleaned with backup
    C:\Documents and Settings\Administrator.MAIN.000\My Documents\Terra'z
    Folder\r3un10n9.exe -> TrojanDownloader.Rameh.a : Cleaned with backup
    C:\Documents and Settings\Default User\My Documents\Terra'z
    Folder\r3un10n.exe -> TrojanDownloader.Rameh.a : Cleaned with backup
    C:\Documents and Settings\Default User\My Documents\Terra'z
    Folder\r3un10n9.exe -> TrojanDownloader.Rameh.a : Cleaned with backup
    C:\Documents and Settings\Guest\My Documents\Terra'z
    Folder\r3un10n.exe -> TrojanDownloader.Rameh.a : Cleaned with backup
    C:\Documents and Settings\Guest\My Documents\Terra'z
    Folder\r3un10n9.exe -> TrojanDownloader.Rameh.a : Cleaned with backup
    :mozilla.7:C:\Documents and Settings\Owner\Application
    Data\Mozilla\Profiles\default\yh6d9aei.slt\cookies.txt ->
    Spyware.Cookie.Valueclick : Cleaned with backup
    :mozilla.8:C:\Documents and Settings\Owner\Application
    Data\Mozilla\Profiles\default\yh6d9aei.slt\cookies.txt ->
    Spyware.Cookie.Valueclick : Cleaned with backup
    :mozilla.9:C:\Documents and Settings\Owner\Application
    Data\Mozilla\Profiles\default\yh6d9aei.slt\cookies.txt ->
    Spyware.Cookie.Advertising : Cleaned with backup
    :mozilla.12:C:\Documents and Settings\Owner\Application
    Data\Mozilla\Profiles\default\yh6d9aei.slt\cookies.txt ->
    Spyware.Cookie.Advertising : Cleaned with backup
    :mozilla.28:C:\Documents and Settings\Owner\Application
    Data\Mozilla\Profiles\default\yh6d9aei.slt\cookies.txt ->
    Spyware.Cookie.Advertising : Cleaned with backup
    :mozilla.29:C:\Documents and Settings\Owner\Application
    Data\Mozilla\Profiles\default\yh6d9aei.slt\cookies.txt ->
    Spyware.Cookie.Advertising : Cleaned with backup
    :mozilla.30:C:\Documents and Settings\Owner\Application
    Data\Mozilla\Profiles\default\yh6d9aei.slt\cookies.txt ->
    Spyware.Cookie.Advertising : Cleaned with backup
    :mozilla.31:C:\Documents and Settings\Owner\Application
    Data\Mozilla\Profiles\default\yh6d9aei.slt\cookies.txt ->
    Spyware.Cookie.Advertising : Cleaned with backup
    :mozilla.32:C:\Documents and Settings\Owner\Application
    Data\Mozilla\Profiles\default\yh6d9aei.slt\cookies.txt ->
    Spyware.Cookie.Advertising : Cleaned with backup
    :mozilla.33:C:\Documents and Settings\Owner\Application
    Data\Mozilla\Profiles\default\yh6d9aei.slt\cookies.txt ->
    Spyware.Cookie.Advertising : Cleaned with backup
    :mozilla.34:C:\Documents and Settings\Owner\Application
    Data\Mozilla\Profiles\default\yh6d9aei.slt\cookies.txt ->
    Spyware.Cookie.Advertising : Cleaned with backup
    :mozilla.35:C:\Documents and Settings\Owner\Application
    Data\Mozilla\Profiles\default\yh6d9aei.slt\cookies.txt ->
    Spyware.Cookie.Advertising : Cleaned with backup
    :mozilla.36:C:\Documents and Settings\Owner\Application
    Data\Mozilla\Profiles\default\yh6d9aei.slt\cookies.txt ->
    Spyware.Cookie.Advertising : Cleaned with backup
    :mozilla.37:C:\Documents and Settings\Owner\Application
    Data\Mozilla\Profiles\default\yh6d9aei.slt\cookies.txt ->
    Spyware.Cookie.Advertising : Cleaned with backup
    :mozilla.40:C:\Documents and Settings\Owner\Application
    Data\Mozilla\Profiles\default\yh6d9aei.slt\cookies.txt ->
    Spyware.Cookie.Advertising : Cleaned with backup
    :mozilla.41:C:\Documents and Settings\Owner\Application
    Data\Mozilla\Profiles\default\yh6d9aei.slt\cookies.txt ->
    Spyware.Cookie.Advertising : Cleaned with backup
    :mozilla.42:C:\Documents and Settings\Owner\Application
    Data\Mozilla\Profiles\default\yh6d9aei.slt\cookies.txt ->
    Spyware.Cookie.Advertising : Cleaned with backup
    :mozilla.43:C:\Documents and Settings\Owner\Application
    Data\Mozilla\Profiles\default\yh6d9aei.slt\cookies.txt ->
    Spyware.Cookie.Advertising : Cleaned with backup
    :mozilla.44:C:\Documents and Settings\Owner\Application
    Data\Mozilla\Profiles\default\yh6d9aei.slt\cookies.txt ->
    Spyware.Cookie.Advertising : Cleaned with backup
    :mozilla.45:C:\Documents and Settings\Owner\Application
    Data\Mozilla\Profiles\default\yh6d9aei.slt\cookies.txt ->
    Spyware.Cookie.Advertising : Cleaned with backup
    :mozilla.46:C:\Documents and Settings\Owner\Application
    Data\Mozilla\Profiles\default\yh6d9aei.slt\cookies.txt ->
    Spyware.Cookie.Advertising : Cleaned with backup
    :mozilla.47:C:\Documents and Settings\Owner\Application
    Data\Mozilla\Profiles\default\yh6d9aei.slt\cookies.txt ->
    Spyware.Cookie.Advertising : Cleaned with backup
    :mozilla.48:C:\Documents and Settings\Owner\Application
    Data\Mozilla\Profiles\default\yh6d9aei.slt\cookies.txt ->
    Spyware.Cookie.Advertising : Cleaned with backup
    :mozilla.57:C:\Documents and Settings\Owner\Application
    Data\Mozilla\Profiles\default\yh6d9aei.slt\cookies.txt ->
    Spyware.Cookie.Atdmt : Cleaned with backup
    :mozilla.65:C:\Documents and Settings\Owner\Application
    Data\Mozilla\Profiles\default\yh6d9aei.slt\cookies.txt ->
    Spyware.Cookie.Fastclick : Cleaned with backup
    :mozilla.66:C:\Documents and Settings\Owner\Application
    Data\Mozilla\Profiles\default\yh6d9aei.slt\cookies.txt ->
    Spyware.Cookie.Fastclick : Cleaned with backup
    :mozilla.67:C:\Documents and Settings\Owner\Application
    Data\Mozilla\Profiles\default\yh6d9aei.slt\cookies.txt ->
    Spyware.Cookie.Fastclick : Cleaned with backup
    :mozilla.68:C:\Documents and Settings\Owner\Application
    Data\Mozilla\Profiles\default\yh6d9aei.slt\cookies.txt ->
    Spyware.Cookie.Fastclick : Cleaned with backup
    :mozilla.69:C:\Documents and Settings\Owner\Application
    Data\Mozilla\Profiles\default\yh6d9aei.slt\cookies.txt ->
    Spyware.Cookie.Fastclick : Cleaned with backup
    :mozilla.70:C:\Documents and Settings\Owner\Application
    Data\Mozilla\Profiles\default\yh6d9aei.slt\cookies.txt ->
    Spyware.Cookie.Targetnet : Cleaned with backup
    :mozilla.71:C:\Documents and Settings\Owner\Application
    Data\Mozilla\Profiles\default\yh6d9aei.slt\cookies.txt ->
    Spyware.Cookie.Targetnet : Cleaned with backup
    :mozilla.72:C:\Documents and Settings\Owner\Application
    Data\Mozilla\Profiles\default\yh6d9aei.slt\cookies.txt ->
    Spyware.Cookie.Doubleclick : Cleaned with backup
    :mozilla.73:C:\Documents and Settings\Owner\Application
    Data\Mozilla\Profiles\default\yh6d9aei.slt\cookies.txt ->
    Spyware.Cookie.Tribalfusion : Cleaned with backup
    :mozilla.74:C:\Documents and Settings\Owner\Application
    Data\Mozilla\Profiles\default\yh6d9aei.slt\cookies.txt ->
    Spyware.Cookie.Pointroll : Cleaned with backup
    :mozilla.75:C:\Documents and Settings\Owner\Application
    Data\Mozilla\Profiles\default\yh6d9aei.slt\cookies.txt ->
    Spyware.Cookie.Pointroll : Cleaned with backup
    :mozilla.76:C:\Documents and Settings\Owner\Application
    Data\Mozilla\Profiles\default\yh6d9aei.slt\cookies.txt ->
    Spyware.Cookie.Pointroll : Cleaned with backup
    :mozilla.77:C:\Documents and Settings\Owner\Application
    Data\Mozilla\Profiles\default\yh6d9aei.slt\cookies.txt ->
    Spyware.Cookie.Pointroll : Cleaned with backup
    :mozilla.79:C:\Documents and Settings\Owner\Application
    Data\Mozilla\Profiles\default\yh6d9aei.slt\cookies.txt ->
    Spyware.Cookie.Trafficmp : Cleaned with backup
    :mozilla.80:C:\Documents and Settings\Owner\Application
    Data\Mozilla\Profiles\default\yh6d9aei.slt\cookies.txt ->
    Spyware.Cookie.Trafficmp : Cleaned with backup
    :mozilla.81:C:\Documents and Settings\Owner\Application
    Data\Mozilla\Profiles\default\yh6d9aei.slt\cookies.txt ->
    Spyware.Cookie.Trafficmp : Cleaned with backup
    :mozilla.82:C:\Documents and Settings\Owner\Application
    Data\Mozilla\Profiles\default\yh6d9aei.slt\cookies.txt ->
    Spyware.Cookie.Trafficmp : Cleaned with backup
    :mozilla.83:C:\Documents and Settings\Owner\Application
    Data\Mozilla\Profiles\default\yh6d9aei.slt\cookies.txt ->
    Spyware.Cookie.Trafficmp : Cleaned with backup
    :mozilla.84:C:\Documents and Settings\Owner\Application
    Data\Mozilla\Profiles\default\yh6d9aei.slt\cookies.txt ->
    Spyware.Cookie.Trafficmp : Cleaned with backup
    :mozilla.85:C:\Documents and Settings\Owner\Application
    Data\Mozilla\Profiles\default\yh6d9aei.slt\cookies.txt ->
    Spyware.Cookie.Trafficmp : Cleaned with backup
    :mozilla.98:C:\Documents and Settings\Owner\Application
    Data\Mozilla\Profiles\default\yh6d9aei.slt\cookies.txt ->
    Spyware.Cookie.Ru4 : Cleaned with backup
    :mozilla.99:C:\Documents and Settings\Owner\Application
    Data\Mozilla\Profiles\default\yh6d9aei.slt\cookies.txt ->
    Spyware.Cookie.Ru4 : Cleaned with backup
    :mozilla.100:C:\Documents and Settings\Owner\Application
    Data\Mozilla\Profiles\default\yh6d9aei.slt\cookies.txt ->
    Spyware.Cookie.Ru4 : Cleaned with backup
    :mozilla.101:C:\Documents and Settings\Owner\Application
    Data\Mozilla\Profiles\default\yh6d9aei.slt\cookies.txt ->
    Spyware.Cookie.Mediaplex : Cleaned with backup
    :mozilla.102:C:\Documents and Settings\Owner\Application
    Data\Mozilla\Profiles\default\yh6d9aei.slt\cookies.txt ->
    Spyware.Cookie.2o7 : Cleaned with backup
    :mozilla.103:C:\Documents and Settings\Owner\Application
    Data\Mozilla\Profiles\default\yh6d9aei.slt\cookies.txt ->
    Spyware.Cookie.2o7 : Cleaned with backup
    :mozilla.104:C:\Documents and Settings\Owner\Application
    Data\Mozilla\Profiles\default\yh6d9aei.slt\cookies.txt ->
    Spyware.Cookie.2o7 : Cleaned with backup
    :mozilla.105:C:\Documents and Settings\Owner\Application
    Data\Mozilla\Profiles\default\yh6d9aei.slt\cookies.txt ->
    Spyware.Cookie.2o7 : Cleaned with backup
    :mozilla.106:C:\Documents and Settings\Owner\Application
    Data\Mozilla\Profiles\default\yh6d9aei.slt\cookies.txt ->
    Spyware.Cookie.2o7 : Cleaned with backup
    :mozilla.107:C:\Documents and Settings\Owner\Application
    Data\Mozilla\Profiles\default\yh6d9aei.slt\cookies.txt ->
    Spyware.Cookie.2o7 : Cleaned with backup
    :mozilla.108:C:\Documents and Settings\Owner\Application
    Data\Mozilla\Profiles\default\yh6d9aei.slt\cookies.txt ->
    Spyware.Cookie.2o7 : Cleaned with backup
    :mozilla.109:C:\Documents and Settings\Owner\Application
    Data\Mozilla\Profiles\default\yh6d9aei.slt\cookies.txt ->
    Spyware.Cookie.2o7 : Cleaned with backup
    :mozilla.110:C:\Documents and Settings\Owner\Application
    Data\Mozilla\Profiles\default\yh6d9aei.slt\cookies.txt ->
    Spyware.Cookie.2o7 : Cleaned with backup
    :mozilla.111:C:\Documents and Settings\Owner\Application
    Data\Mozilla\Profiles\default\yh6d9aei.slt\cookies.txt ->
    Spyware.Cookie.2o7 : Cleaned with backup
    :mozilla.112:C:\Documents and Settings\Owner\Application
    Data\Mozilla\Profiles\default\yh6d9aei.slt\cookies.txt ->
    Spyware.Cookie.2o7 : Cleaned with backup
    :mozilla.113:C:\Documents and Settings\Owner\Application
    Data\Mozilla\Profiles\default\yh6d9aei.slt\cookies.txt ->
    Spyware.Cookie.2o7 : Cleaned with backup
    :mozilla.114:C:\Documents and Settings\Owner\Application
    Data\Mozilla\Profiles\default\yh6d9aei.slt\cookies.txt ->
    Spyware.Cookie.2o7 : Cleaned with backup
    :mozilla.115:C:\Documents and Settings\Owner\Application
    Data\Mozilla\Profiles\default\yh6d9aei.slt\cookies.txt ->
    Spyware.Cookie.2o7 : Cleaned with backup
    :mozilla.116:C:\Documents and Settings\Owner\Application
    Data\Mozilla\Profiles\default\yh6d9aei.slt\cookies.txt ->
    Spyware.Cookie.2o7 : Cleaned with backup
    :mozilla.117:C:\Documents and Settings\Owner\Application
    Data\Mozilla\Profiles\default\yh6d9aei.slt\cookies.txt ->
    Spyware.Cookie.2o7 : Cleaned with backup
    :mozilla.118:C:\Documents and Settings\Owner\Application
    Data\Mozilla\Profiles\default\yh6d9aei.slt\cookies.txt ->
    Spyware.Cookie.2o7 : Cleaned with backup
    :mozilla.119:C:\Documents and Settings\Owner\Application
    Data\Mozilla\Profiles\default\yh6d9aei.slt\cookies.txt ->
    Spyware.Cookie.2o7 : Cleaned with backup
    :mozilla.120:C:\Documents and Settings\Owner\Application
    Data\Mozilla\Profiles\default\yh6d9aei.slt\cookies.txt ->
    Spyware.Cookie.2o7 : Cleaned with backup
    :mozilla.121:C:\Documents and Settings\Owner\Application
    Data\Mozilla\Profiles\default\yh6d9aei.slt\cookies.txt ->
    Spyware.Cookie.2o7 : Cleaned with backup
    :mozilla.122:C:\Documents and Settings\Owner\Application
    Data\Mozilla\Profiles\default\yh6d9aei.slt\cookies.txt ->
    Spyware.Cookie.Questionmarket : Cleaned with backup
    :mozilla.168:C:\Documents and Settings\Owner\Application
    Data\Mozilla\Profiles\default\yh6d9aei.slt\cookies.txt ->
    Spyware.Cookie.Bluestreak : Cleaned with backup
    :mozilla.173:C:\Documents and Settings\Owner\Application
    Data\Mozilla\Profiles\default\yh6d9aei.slt\cookies.txt ->
    Spyware.Cookie.Adserver : Cleaned with backup
    :mozilla.174:C:\Documents and Settings\Owner\Application
    Data\Mozilla\Profiles\default\yh6d9aei.slt\cookies.txt ->
    Spyware.Cookie.Adserver : Cleaned with backup
    :mozilla.201:C:\Documents and Settings\Owner\Application
    Data\Mozilla\Profiles\default\yh6d9aei.slt\cookies.txt ->
    Spyware.Cookie.Overture : Cleaned with backup
    :mozilla.202:C:\Documents and Settings\Owner\Application
    Data\Mozilla\Profiles\default\yh6d9aei.slt\cookies.txt ->
    Spyware.Cookie.Overture : Cleaned with backup
    :mozilla.250:C:\Documents and Settings\Owner\Application
    Data\Mozilla\Profiles\default\yh6d9aei.slt\cookies.txt ->
    Spyware.Cookie.Serving-sys : Cleaned with backup
    :mozilla.251:C:\Documents and Settings\Owner\Application
    Data\Mozilla\Profiles\default\yh6d9aei.slt\cookies.txt ->
    Spyware.Cookie.Serving-sys : Cleaned with backup
    :mozilla.252:C:\Documents and Settings\Owner\Application
    Data\Mozilla\Profiles\default\yh6d9aei.slt\cookies.txt ->
    Spyware.Cookie.Serving-sys : Cleaned with backup
    :mozilla.253:C:\Documents and Settings\Owner\Application
    Data\Mozilla\Profiles\default\yh6d9aei.slt\cookies.txt ->
    Spyware.Cookie.Serving-sys : Cleaned with backup
    :mozilla.262:C:\Documents and Settings\Owner\Application
    Data\Mozilla\Profiles\default\yh6d9aei.slt\cookies.txt ->
    Spyware.Cookie.Serving-sys : Cleaned with backup
    :mozilla.263:C:\Documents and Settings\Owner\Application
    Data\Mozilla\Profiles\default\yh6d9aei.slt\cookies.txt ->
    Spyware.Cookie.Bridgetrack : Cleaned with backup
    C:\Documents and Settings\Owner\Local
    Settings\Temp\180sainstaller.exe/clientax.dll -> Spyware.180Solutions :
    Cleaned with backup
    C:\Documents and Settings\Owner\Local
    Settings\Temp\180sainstallernusac.exe/clientax.dll ->
    Spyware.180Solutions : Cleaned with backup
    C:\Documents and Settings\Owner\Local Settings\Temp\b.com ->
    TrojanDropper.Agent.pb : Cleaned with backup
    C:\Documents and Settings\Owner\Local Settings\Temp\nst26E.EXE ->
    Spyware.SmartPops : Cleaned with backup
    C:\Documents and Settings\Owner\Local Settings\Temporary Internet
    Files\Content.IE5\2PHI1B80\AppWrap[10].exe -> TrojanDropper.Agent.pb :
    Cleaned with backup
    C:\Documents and Settings\Owner\Local Settings\Temporary Internet
    Files\Content.IE5\2PHI1B80\AppWrap[11].exe -> TrojanDropper.Agent.pb :
    Cleaned with backup
    C:\Documents and Settings\Owner\Local Settings\Temporary Internet
    Files\Content.IE5\2PHI1B80\AppWrap[12].exe -> TrojanDropper.Agent.pb :
    Cleaned with backup
    C:\Documents and Settings\Owner\Local Settings\Temporary Internet
    Files\Content.IE5\2PHI1B80\AppWrap[1].exe -> TrojanDropper.Agent.pb :
    Cleaned with backup
    C:\Documents and Settings\Owner\Local Settings\Temporary Internet
    Files\Content.IE5\2PHI1B80\AppWrap[3].exe -> TrojanDropper.Agent.pb :
    Cleaned with backup
    C:\Documents and Settings\Owner\Local Settings\Temporary Internet
    Files\Content.IE5\2PHI1B80\AppWrap[4].exe -> TrojanDropper.Agent.pb :
    Cleaned with backup
    C:\Documents and Settings\Owner\Local Settings\Temporary Internet
    Files\Content.IE5\2PHI1B80\AppWrap[5].exe -> TrojanDropper.Agent.pb :
    Cleaned with backup
    C:\Documents and Settings\Owner\Local Settings\Temporary Internet
    Files\Content.IE5\2PHI1B80\AppWrap[6].exe -> TrojanDropper.Agent.pb :
    Cleaned with backup
    C:\Documents and Settings\Owner\Local Settings\Temporary Internet
    Files\Content.IE5\2PHI1B80\AppWrap[7].exe -> TrojanDropper.Agent.pb :
    Cleaned with backup
    C:\Documents and Settings\Owner\Local Settings\Temporary Internet
    Files\Content.IE5\2PHI1B80\AppWrap[8].exe -> TrojanDropper.Agent.pb :
    Cleaned with backup
    C:\Documents and Settings\Owner\Local Settings\Temporary Internet
    Files\Content.IE5\2PHI1B80\AppWrap[9].exe -> TrojanDropper.Agent.pb :
    Cleaned with backup
    C:\Documents and Settings\Owner\Local Settings\Temporary Internet
    Files\Content.IE5\J4KZ6V9Z\AppWrap[1].exe -> TrojanDropper.Agent.pb :
    Cleaned with backup
    C:\Documents and Settings\Owner\Local Settings\Temporary Internet
    Files\Content.IE5\J4KZ6V9Z\AppWrap[2].exe -> TrojanDropper.Agent.pb :
    Cleaned with backup
    C:\Documents and Settings\Owner\Local Settings\Temporary Internet
    Files\Content.IE5\J4KZ6V9Z\AppWrap[3].exe -> TrojanDropper.Agent.pb :
    Cleaned with backup
    C:\Documents and Settings\Owner\Local Settings\Temporary Internet
    Files\Content.IE5\J4KZ6V9Z\AppWrap[5].exe -> TrojanDropper.Agent.pb :
    Cleaned with backup
    C:\Documents and Settings\Owner\Local Settings\Temporary Internet
    Files\Content.IE5\J4KZ6V9Z\AppWrap[6].exe -> TrojanDropper.Agent.pb :
    Cleaned with backup
    C:\Documents and Settings\Owner\Local Settings\Temporary Internet
    Files\Content.IE5\J4KZ6V9Z\upd206[1].exe -> Spyware.Look2Me : Cleaned
    with backup
    C:\Documents and Settings\Owner\Local Settings\Temporary Internet
    Files\Content.IE5\ML7HNUIO\AppWrap[1].exe -> TrojanDropper.Agent.pb :
    Cleaned with backup
    C:\Documents and Settings\Owner\Local Settings\Temporary Internet
    Files\Content.IE5\ML7HNUIO\AppWrap[2].exe -> TrojanDropper.Agent.pb :
    Cleaned with backup
    C:\Documents and Settings\Owner\Local Settings\Temporary Internet
    Files\Content.IE5\ML7HNUIO\AppWrap[3].exe -> TrojanDropper.Agent.pb :
    Cleaned with backup
    C:\Documents and Settings\Owner\Local Settings\Temporary Internet
    Files\Content.IE5\ML7HNUIO\AppWrap[4].exe -> TrojanDropper.Agent.pb :
    Cleaned with backup
    C:\Documents and Settings\Owner\Local Settings\Temporary Internet
    Files\Content.IE5\ML7HNUIO\AppWrap[5].exe -> TrojanDropper.Agent.pb :
    Cleaned with backup
    C:\Documents and Settings\Owner\Local Settings\Temporary Internet
    Files\Content.IE5\ML7HNUIO\AppWrap[6].exe -> TrojanDropper.Agent.pb :
    Cleaned with backup
    C:\Documents and Settings\Owner\Local Settings\Temporary Internet
    Files\Content.IE5\ML7HNUIO\AppWrap[7].exe -> TrojanDropper.Agent.pb :
    Cleaned with backup
    C:\Documents and Settings\Owner\Local Settings\Temporary Internet
    Files\Content.IE5\ML7HNUIO\AppWrap[8].exe -> TrojanDropper.Agent.pb :
    Cleaned with backup
    C:\Documents and Settings\Owner\Local Settings\Temporary Internet
    Files\Content.IE5\ML7HNUIO\AppWrap[9].exe -> TrojanDropper.Agent.pb :
    Cleaned with backup
    C:\Documents and Settings\Owner\Local Settings\Temporary Internet
    Files\Content.IE5\PM067ZIJ\AppWrap[10].exe -> TrojanDropper.Agent.pb :
    Cleaned with backup
    C:\Documents and Settings\Owner\Local Settings\Temporary Internet
    Files\Content.IE5\PM067ZIJ\AppWrap[11].exe -> TrojanDropper.Agent.pb :
    Cleaned with backup
    C:\Documents and Settings\Owner\Local Settings\Temporary Internet
    Files\Content.IE5\PM067ZIJ\AppWrap[1].exe -> TrojanDropper.Agent.pb :
    Cleaned with backup
    C:\Documents and Settings\Owner\Local Settings\Temporary Internet
    Files\Content.IE5\PM067ZIJ\AppWrap[2].exe -> TrojanDropper.Agent.pb :
    Cleaned with backup
    C:\Documents and Settings\Owner\Local Settings\Temporary Internet
    Files\Content.IE5\PM067ZIJ\AppWrap[3].exe -> TrojanDropper.Agent.pb :
    Cleaned with backup
    C:\Documents and Settings\Owner\Local Settings\Temporary Internet
    Files\Content.IE5\PM067ZIJ\AppWrap[4].exe -> Spyware.AdURL : Cleaned
    with backup
    C:\Documents and Settings\Owner\Local Settings\Temporary Internet
    Files\Content.IE5\PM067ZIJ\AppWrap[5].exe -> TrojanDropper.Agent.pb :
    Cleaned with backup
    C:\Documents and Settings\Owner\Local Settings\Temporary Internet
    Files\Content.IE5\PM067ZIJ\AppWrap[6].exe -> TrojanDropper.Agent.pb :
    Cleaned with backup
    C:\Documents and Settings\Owner\Local Settings\Temporary Internet
    Files\Content.IE5\PM067ZIJ\AppWrap[7].exe -> TrojanDropper.Agent.pb :
    Cleaned with backup
    C:\Documents and Settings\Owner\Local Settings\Temporary Internet
    Files\Content.IE5\PM067ZIJ\AppWrap[9].exe -> TrojanDropper.Agent.pb :
    Cleaned with backup
    C:\Documents and Settings\Owner\My Documents\Terra'z
    Folder\r3un10n.exe -> TrojanDownloader.Rameh.a : Cleaned with backup
    C:\Documents and Settings\Owner\My Documents\Terra'z
    Folder\r3un10n9.exe -> TrojanDownloader.Rameh.a : Cleaned with backup
    C:\Program Files\MSN Messenger\riched20.dll -> Spyware.MyWebSearch :
    Cleaned with backup
    C:\Program Files\Netscape\Netscape\plugins\npwthost.dll ->
    Spyware.WildTangent : Cleaned with backup
    C:\Program Files\Netscape\Netscape\plugins\npzango.dll ->
    Spyware.WinAD : Cleaned with backup
    C:\WINDOWS\prelimhanse.exe -> Spyware.WebHancer : Cleaned with backup
    C:\WINDOWS\ru.exe -> Spyware.PurityScan : Cleaned with backup
    C:\WINDOWS\system\jfoldxugie.exe -> TrojanDownloader.Small.ayh :
    Cleaned with backup
    C:\WINDOWS\system\UpdInst.exe -> Spyware.Look2Me : Cleaned with backup
    C:\WINDOWS\system32\adsnt702.exe -> Spyware.UrlSpy : Cleaned with
    backup
    C:\WINDOWS\system32\AUNPS2.dll -> Spyware.Hijacker.Generic : Cleaned
    with backup
    C:\WINDOWS\system32\config\systemprofile\My Documents\Terra'z
    Folder\r3un10n.exe -> TrojanDownloader.Rameh.a : Cleaned with backup
    C:\WINDOWS\system32\config\systemprofile\My Documents\Terra'z
    Folder\r3un10n9.exe -> TrojanDownloader.Rameh.a : Cleaned with backup
    C:\WINDOWS\system32\e6f1873b.dll -> TrojanDownloader.Braidupdate.d :
    Cleaned with backup
    C:\WINDOWS\system32\elitebda32.exe -> Spyware.Hijacker.Generic :
    Cleaned with backup
    C:\WINDOWS\system32\elitebjo32.exe -> Spyware.Hijacker.Generic :
    Cleaned with backup
    C:\WINDOWS\system32\elitebof32.exe -> Spyware.Hijacker.Generic :
    Cleaned with backup
    C:\WINDOWS\system32\elitecxb32.exe -> Spyware.Hijacker.Generic :
    Cleaned with backup
    C:\WINDOWS\system32\elitedft32.exe -> Spyware.Hijacker.Generic :
    Cleaned with backup
    C:\WINDOWS\system32\eliteeef32.exe -> Spyware.Hijacker.Generic :
    Cleaned with backup
    C:\WINDOWS\system32\elitefjt32.exe -> Spyware.Hijacker.Generic :
    Cleaned with backup
    C:\WINDOWS\system32\elitegdz32.exe -> Spyware.Hijacker.Generic :
    Cleaned with backup
    C:\WINDOWS\system32\eliteibz32.exe -> Spyware.Hijacker.Generic :
    Cleaned with backup
    C:\WINDOWS\system32\eliteifc32.exe -> Spyware.Hijacker.Generic :
    Cleaned with backup
    C:\WINDOWS\system32\elitejjj32.exe -> Spyware.Hijacker.Generic :
    Cleaned with backup
    C:\WINDOWS\system32\elitemij32.exe -> Spyware.Hijacker.Generic :
    Cleaned with backup
    C:\WINDOWS\system32\elitenuk32.exe -> Spyware.Hijacker.Generic :
    Cleaned with backup
    C:\WINDOWS\system32\eliteosm32.exe -> Spyware.Hijacker.Generic :
    Cleaned with backup
    C:\WINDOWS\system32\eliteowv32.exe -> Spyware.Hijacker.Generic :
    Cleaned with backup
    C:\WINDOWS\system32\elitepmi32.exe -> Spyware.Hijacker.Generic :
    Cleaned with backup
    C:\WINDOWS\system32\eliteppc32.exe -> Spyware.Hijacker.Generic :
    Cleaned with backup
    C:\WINDOWS\system32\elitesdk32.exe -> Spyware.Hijacker.Generic :
    Cleaned with backup
    C:\WINDOWS\system32\elitetcm32.exe -> Spyware.Hijacker.Generic :
    Cleaned with backup
    C:\WINDOWS\system32\elitetph32.exe -> Spyware.Hijacker.Generic :
    Cleaned with backup
    C:\WINDOWS\system32\eliteukr32.exe -> Spyware.Hijacker.Generic :
    Cleaned with backup
    C:\WINDOWS\system32\eliteuvo32.exe -> Spyware.Hijacker.Generic :
    Cleaned with backup
    C:\WINDOWS\system32\eliteved32.exe -> Spyware.Hijacker.Generic :
    Cleaned with backup
    C:\WINDOWS\system32\elitewrx32.exe -> Spyware.Hijacker.Generic :
    Cleaned with backup
    C:\WINDOWS\system32\eliteyro32.exe -> Spyware.Hijacker.Generic :
    Cleaned with backup
    C:\WINDOWS\system32\elitezhb32.exe -> Spyware.Hijacker.Generic :
    Cleaned with backup
    C:\WINDOWS\system32\elitezww32.exe -> Spyware.Hijacker.Generic :
    Cleaned with backup
    C:\WINDOWS\system32\vidctrl\vidctrl.exe -> Spyware.DelphinMediaViewer
    : Cleaned with backup
    C:\WINDOWS\system32\wtta.exe -> Spyware.PurityScan : Cleaned with
    backup
    C:\WINDOWS\ucmoreiex.exe/UCMTSAIE.DLL -> Spyware.UCmore : Cleaned with
    backup
    C:\WINDOWS\ucmoreiex.exe/IUCMORE.DLL -> Spyware.UCmore : Cleaned with
    backup

    ::Report End
    , Aug 27, 2005
    #12
  13. pcbutts1 Guest

    The log looks good, it cleaned out a bunch of stuff. What version of Adaware
    and spybot are you using?

    --


    The best live web video on the internet http://www.seedsv.com/webdemo.htm
    NEW Embedded system W/Linux. We now sell DVR cards.
    See it all at http://www.seedsv.com/products.htm
    Sharpvision simply the best http://www.seedsv.com



    <> wrote in message
    news:...
    > Here is the ewido report
    >
    > ---------------------------------------------------------
    > ewido security suite - Scan report
    > ---------------------------------------------------------
    > + Created on: 11:14:57 AM, 8/27/2005
    > + Report-Checksum: 4E755819
    > + Scan result:
    > HKLM\SOFTWARE\Classes\CLSID\{9A9C9B69-F908-4AAB-8D0C-10EA8997F37E} ->
    > Spyware.NetNucleus : Cleaned with backup
    > HKLM\SOFTWARE\Classes\CLSID\{B5AB638F-D76C-415B-A8F2-F3CEAC502212} ->
    > Spyware.AproposMedia : Cleaned with backup
    > HKLM\SOFTWARE\Classes\CLSID\{BC333116-6EA1-40A1-9D07-ECB192DB8CEA} ->
    > Spyware.AproposMedia : Cleaned with backup
    > HKLM\SOFTWARE\Classes\Interface\{BC333116-6EA1-40A1-9D07-ECB192DB8CEA}
    > -> Spyware.AproposMedia : Cleaned with backup
    > HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins ->
    > Spyware.WebRebates : Cleaned with backup
    > HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App
    > Management\ARPCache\{8A0DCBDA-6E20-489C-9041-C1E8A0352E75} ->
    > Spyware.NetNucleus : Cleaned with backup
    >
    > HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DisplayUtility
    > -> Spyware.Delfin : Cleaned with backup
    > HKLM\SOFTWARE\motoin -> Spyware.Delfin : Cleaned with backup
    > HKLM\SOFTWARE\Mvu -> Spyware.Delfin : Cleaned with backup
    > C:\Documents and Settings\Administrator.MAIN\My Documents\Terra'z
    > Folder\r3un10n.exe -> TrojanDownloader.Rameh.a : Cleaned with backup
    > C:\Documents and Settings\Administrator.MAIN\My Documents\Terra'z
    > Folder\r3un10n9.exe -> TrojanDownloader.Rameh.a : Cleaned with backup
    > C:\Documents and Settings\Administrator.MAIN.000\My Documents\Terra'z
    > Folder\r3un10n.exe -> TrojanDownloader.Rameh.a : Cleaned with backup
    > C:\Documents and Settings\Administrator.MAIN.000\My Documents\Terra'z
    > Folder\r3un10n9.exe -> TrojanDownloader.Rameh.a : Cleaned with backup
    > C:\Documents and Settings\Default User\My Documents\Terra'z
    > Folder\r3un10n.exe -> TrojanDownloader.Rameh.a : Cleaned with backup
    > C:\Documents and Settings\Default User\My Documents\Terra'z
    > Folder\r3un10n9.exe -> TrojanDownloader.Rameh.a : Cleaned with backup
    > C:\Documents and Settings\Guest\My Documents\Terra'z
    > Folder\r3un10n.exe -> TrojanDownloader.Rameh.a : Cleaned with backup
    > C:\Documents and Settings\Guest\My Documents\Terra'z
    > Folder\r3un10n9.exe -> TrojanDownloader.Rameh.a : Cleaned with backup
    > :mozilla.7:C:\Documents and Settings\Owner\Application
    > Data\Mozilla\Profiles\default\yh6d9aei.slt\cookies.txt ->
    > Spyware.Cookie.Valueclick : Cleaned with backup
    > :mozilla.8:C:\Documents and Settings\Owner\Application
    > Data\Mozilla\Profiles\default\yh6d9aei.slt\cookies.txt ->
    > Spyware.Cookie.Valueclick : Cleaned with backup
    > :mozilla.9:C:\Documents and Settings\Owner\Application
    > Data\Mozilla\Profiles\default\yh6d9aei.slt\cookies.txt ->
    > Spyware.Cookie.Advertising : Cleaned with backup
    > :mozilla.12:C:\Documents and Settings\Owner\Application
    > Data\Mozilla\Profiles\default\yh6d9aei.slt\cookies.txt ->
    > Spyware.Cookie.Advertising : Cleaned with backup
    > :mozilla.28:C:\Documents and Settings\Owner\Application
    > Data\Mozilla\Profiles\default\yh6d9aei.slt\cookies.txt ->
    > Spyware.Cookie.Advertising : Cleaned with backup
    > :mozilla.29:C:\Documents and Settings\Owner\Application
    > Data\Mozilla\Profiles\default\yh6d9aei.slt\cookies.txt ->
    > Spyware.Cookie.Advertising : Cleaned with backup
    > :mozilla.30:C:\Documents and Settings\Owner\Application
    > Data\Mozilla\Profiles\default\yh6d9aei.slt\cookies.txt ->
    > Spyware.Cookie.Advertising : Cleaned with backup
    > :mozilla.31:C:\Documents and Settings\Owner\Application
    > Data\Mozilla\Profiles\default\yh6d9aei.slt\cookies.txt ->
    > Spyware.Cookie.Advertising : Cleaned with backup
    > :mozilla.32:C:\Documents and Settings\Owner\Application
    > Data\Mozilla\Profiles\default\yh6d9aei.slt\cookies.txt ->
    > Spyware.Cookie.Advertising : Cleaned with backup
    > :mozilla.33:C:\Documents and Settings\Owner\Application
    > Data\Mozilla\Profiles\default\yh6d9aei.slt\cookies.txt ->
    > Spyware.Cookie.Advertising : Cleaned with backup
    > :mozilla.34:C:\Documents and Settings\Owner\Application
    > Data\Mozilla\Profiles\default\yh6d9aei.slt\cookies.txt ->
    > Spyware.Cookie.Advertising : Cleaned with backup
    > :mozilla.35:C:\Documents and Settings\Owner\Application
    > Data\Mozilla\Profiles\default\yh6d9aei.slt\cookies.txt ->
    > Spyware.Cookie.Advertising : Cleaned with backup
    > :mozilla.36:C:\Documents and Settings\Owner\Application
    > Data\Mozilla\Profiles\default\yh6d9aei.slt\cookies.txt ->
    > Spyware.Cookie.Advertising : Cleaned with backup
    > :mozilla.37:C:\Documents and Settings\Owner\Application
    > Data\Mozilla\Profiles\default\yh6d9aei.slt\cookies.txt ->
    > Spyware.Cookie.Advertising : Cleaned with backup
    > :mozilla.40:C:\Documents and Settings\Owner\Application
    > Data\Mozilla\Profiles\default\yh6d9aei.slt\cookies.txt ->
    > Spyware.Cookie.Advertising : Cleaned with backup
    > :mozilla.41:C:\Documents and Settings\Owner\Application
    > Data\Mozilla\Profiles\default\yh6d9aei.slt\cookies.txt ->
    > Spyware.Cookie.Advertising : Cleaned with backup
    > :mozilla.42:C:\Documents and Settings\Owner\Application
    > Data\Mozilla\Profiles\default\yh6d9aei.slt\cookies.txt ->
    > Spyware.Cookie.Advertising : Cleaned with backup
    > :mozilla.43:C:\Documents and Settings\Owner\Application
    > Data\Mozilla\Profiles\default\yh6d9aei.slt\cookies.txt ->
    > Spyware.Cookie.Advertising : Cleaned with backup
    > :mozilla.44:C:\Documents and Settings\Owner\Application
    > Data\Mozilla\Profiles\default\yh6d9aei.slt\cookies.txt ->
    > Spyware.Cookie.Advertising : Cleaned with backup
    > :mozilla.45:C:\Documents and Settings\Owner\Application
    > Data\Mozilla\Profiles\default\yh6d9aei.slt\cookies.txt ->
    > Spyware.Cookie.Advertising : Cleaned with backup
    > :mozilla.46:C:\Documents and Settings\Owner\Application
    > Data\Mozilla\Profiles\default\yh6d9aei.slt\cookies.txt ->
    > Spyware.Cookie.Advertising : Cleaned with backup
    > :mozilla.47:C:\Documents and Settings\Owner\Application
    > Data\Mozilla\Profiles\default\yh6d9aei.slt\cookies.txt ->
    > Spyware.Cookie.Advertising : Cleaned with backup
    > :mozilla.48:C:\Documents and Settings\Owner\Application
    > Data\Mozilla\Profiles\default\yh6d9aei.slt\cookies.txt ->
    > Spyware.Cookie.Advertising : Cleaned with backup
    > :mozilla.57:C:\Documents and Settings\Owner\Application
    > Data\Mozilla\Profiles\default\yh6d9aei.slt\cookies.txt ->
    > Spyware.Cookie.Atdmt : Cleaned with backup
    > :mozilla.65:C:\Documents and Settings\Owner\Application
    > Data\Mozilla\Profiles\default\yh6d9aei.slt\cookies.txt ->
    > Spyware.Cookie.Fastclick : Cleaned with backup
    > :mozilla.66:C:\Documents and Settings\Owner\Application
    > Data\Mozilla\Profiles\default\yh6d9aei.slt\cookies.txt ->
    > Spyware.Cookie.Fastclick : Cleaned with backup
    > :mozilla.67:C:\Documents and Settings\Owner\Application
    > Data\Mozilla\Profiles\default\yh6d9aei.slt\cookies.txt ->
    > Spyware.Cookie.Fastclick : Cleaned with backup
    > :mozilla.68:C:\Documents and Settings\Owner\Application
    > Data\Mozilla\Profiles\default\yh6d9aei.slt\cookies.txt ->
    > Spyware.Cookie.Fastclick : Cleaned with backup
    > :mozilla.69:C:\Documents and Settings\Owner\Application
    > Data\Mozilla\Profiles\default\yh6d9aei.slt\cookies.txt ->
    > Spyware.Cookie.Fastclick : Cleaned with backup
    > :mozilla.70:C:\Documents and Settings\Owner\Application
    > Data\Mozilla\Profiles\default\yh6d9aei.slt\cookies.txt ->
    > Spyware.Cookie.Targetnet : Cleaned with backup
    > :mozilla.71:C:\Documents and Settings\Owner\Application
    > Data\Mozilla\Profiles\default\yh6d9aei.slt\cookies.txt ->
    > Spyware.Cookie.Targetnet : Cleaned with backup
    > :mozilla.72:C:\Documents and Settings\Owner\Application
    > Data\Mozilla\Profiles\default\yh6d9aei.slt\cookies.txt ->
    > Spyware.Cookie.Doubleclick : Cleaned with backup
    > :mozilla.73:C:\Documents and Settings\Owner\Application
    > Data\Mozilla\Profiles\default\yh6d9aei.slt\cookies.txt ->
    > Spyware.Cookie.Tribalfusion : Cleaned with backup
    > :mozilla.74:C:\Documents and Settings\Owner\Application
    > Data\Mozilla\Profiles\default\yh6d9aei.slt\cookies.txt ->
    > Spyware.Cookie.Pointroll : Cleaned with backup
    > :mozilla.75:C:\Documents and Settings\Owner\Application
    > Data\Mozilla\Profiles\default\yh6d9aei.slt\cookies.txt ->
    > Spyware.Cookie.Pointroll : Cleaned with backup
    > :mozilla.76:C:\Documents and Settings\Owner\Application
    > Data\Mozilla\Profiles\default\yh6d9aei.slt\cookies.txt ->
    > Spyware.Cookie.Pointroll : Cleaned with backup
    > :mozilla.77:C:\Documents and Settings\Owner\Application
    > Data\Mozilla\Profiles\default\yh6d9aei.slt\cookies.txt ->
    > Spyware.Cookie.Pointroll : Cleaned with backup
    > :mozilla.79:C:\Documents and Settings\Owner\Application
    > Data\Mozilla\Profiles\default\yh6d9aei.slt\cookies.txt ->
    > Spyware.Cookie.Trafficmp : Cleaned with backup
    > :mozilla.80:C:\Documents and Settings\Owner\Application
    > Data\Mozilla\Profiles\default\yh6d9aei.slt\cookies.txt ->
    > Spyware.Cookie.Trafficmp : Cleaned with backup
    > :mozilla.81:C:\Documents and Settings\Owner\Application
    > Data\Mozilla\Profiles\default\yh6d9aei.slt\cookies.txt ->
    > Spyware.Cookie.Trafficmp : Cleaned with backup
    > :mozilla.82:C:\Documents and Settings\Owner\Application
    > Data\Mozilla\Profiles\default\yh6d9aei.slt\cookies.txt ->
    > Spyware.Cookie.Trafficmp : Cleaned with backup
    > :mozilla.83:C:\Documents and Settings\Owner\Application
    > Data\Mozilla\Profiles\default\yh6d9aei.slt\cookies.txt ->
    > Spyware.Cookie.Trafficmp : Cleaned with backup
    > :mozilla.84:C:\Documents and Settings\Owner\Application
    > Data\Mozilla\Profiles\default\yh6d9aei.slt\cookies.txt ->
    > Spyware.Cookie.Trafficmp : Cleaned with backup
    > :mozilla.85:C:\Documents and Settings\Owner\Application
    > Data\Mozilla\Profiles\default\yh6d9aei.slt\cookies.txt ->
    > Spyware.Cookie.Trafficmp : Cleaned with backup
    > :mozilla.98:C:\Documents and Settings\Owner\Application
    > Data\Mozilla\Profiles\default\yh6d9aei.slt\cookies.txt ->
    > Spyware.Cookie.Ru4 : Cleaned with backup
    > :mozilla.99:C:\Documents and Settings\Owner\Application
    > Data\Mozilla\Profiles\default\yh6d9aei.slt\cookies.txt ->
    > Spyware.Cookie.Ru4 : Cleaned with backup
    > :mozilla.100:C:\Documents and Settings\Owner\Application
    > Data\Mozilla\Profiles\default\yh6d9aei.slt\cookies.txt ->
    > Spyware.Cookie.Ru4 : Cleaned with backup
    > :mozilla.101:C:\Documents and Settings\Owner\Application
    > Data\Mozilla\Profiles\default\yh6d9aei.slt\cookies.txt ->
    > Spyware.Cookie.Mediaplex : Cleaned with backup
    > :mozilla.102:C:\Documents and Settings\Owner\Application
    > Data\Mozilla\Profiles\default\yh6d9aei.slt\cookies.txt ->
    > Spyware.Cookie.2o7 : Cleaned with backup
    > :mozilla.103:C:\Documents and Settings\Owner\Application
    > Data\Mozilla\Profiles\default\yh6d9aei.slt\cookies.txt ->
    > Spyware.Cookie.2o7 : Cleaned with backup
    > :mozilla.104:C:\Documents and Settings\Owner\Application
    > Data\Mozilla\Profiles\default\yh6d9aei.slt\cookies.txt ->
    > Spyware.Cookie.2o7 : Cleaned with backup
    > :mozilla.105:C:\Documents and Settings\Owner\Application
    > Data\Mozilla\Profiles\default\yh6d9aei.slt\cookies.txt ->
    > Spyware.Cookie.2o7 : Cleaned with backup
    > :mozilla.106:C:\Documents and Settings\Owner\Application
    > Data\Mozilla\Profiles\default\yh6d9aei.slt\cookies.txt ->
    > Spyware.Cookie.2o7 : Cleaned with backup
    > :mozilla.107:C:\Documents and Settings\Owner\Application
    > Data\Mozilla\Profiles\default\yh6d9aei.slt\cookies.txt ->
    > Spyware.Cookie.2o7 : Cleaned with backup
    > :mozilla.108:C:\Documents and Settings\Owner\Application
    > Data\Mozilla\Profiles\default\yh6d9aei.slt\cookies.txt ->
    > Spyware.Cookie.2o7 : Cleaned with backup
    > :mozilla.109:C:\Documents and Settings\Owner\Application
    > Data\Mozilla\Profiles\default\yh6d9aei.slt\cookies.txt ->
    > Spyware.Cookie.2o7 : Cleaned with backup
    > :mozilla.110:C:\Documents and Settings\Owner\Application
    > Data\Mozilla\Profiles\default\yh6d9aei.slt\cookies.txt ->
    > Spyware.Cookie.2o7 : Cleaned with backup
    > :mozilla.111:C:\Documents and Settings\Owner\Application
    > Data\Mozilla\Profiles\default\yh6d9aei.slt\cookies.txt ->
    > Spyware.Cookie.2o7 : Cleaned with backup
    > :mozilla.112:C:\Documents and Settings\Owner\Application
    > Data\Mozilla\Profiles\default\yh6d9aei.slt\cookies.txt ->
    > Spyware.Cookie.2o7 : Cleaned with backup
    > :mozilla.113:C:\Documents and Settings\Owner\Application
    > Data\Mozilla\Profiles\default\yh6d9aei.slt\cookies.txt ->
    > Spyware.Cookie.2o7 : Cleaned with backup
    > :mozilla.114:C:\Documents and Settings\Owner\Application
    > Data\Mozilla\Profiles\default\yh6d9aei.slt\cookies.txt ->
    > Spyware.Cookie.2o7 : Cleaned with backup
    > :mozilla.115:C:\Documents and Settings\Owner\Application
    > Data\Mozilla\Profiles\default\yh6d9aei.slt\cookies.txt ->
    > Spyware.Cookie.2o7 : Cleaned with backup
    > :mozilla.116:C:\Documents and Settings\Owner\Application
    > Data\Mozilla\Profiles\default\yh6d9aei.slt\cookies.txt ->
    > Spyware.Cookie.2o7 : Cleaned with backup
    > :mozilla.117:C:\Documents and Settings\Owner\Application
    > Data\Mozilla\Profiles\default\yh6d9aei.slt\cookies.txt ->
    > Spyware.Cookie.2o7 : Cleaned with backup
    > :mozilla.118:C:\Documents and Settings\Owner\Application
    > Data\Mozilla\Profiles\default\yh6d9aei.slt\cookies.txt ->
    > Spyware.Cookie.2o7 : Cleaned with backup
    > :mozilla.119:C:\Documents and Settings\Owner\Application
    > Data\Mozilla\Profiles\default\yh6d9aei.slt\cookies.txt ->
    > Spyware.Cookie.2o7 : Cleaned with backup
    > :mozilla.120:C:\Documents and Settings\Owner\Application
    > Data\Mozilla\Profiles\default\yh6d9aei.slt\cookies.txt ->
    > Spyware.Cookie.2o7 : Cleaned with backup
    > :mozilla.121:C:\Documents and Settings\Owner\Application
    > Data\Mozilla\Profiles\default\yh6d9aei.slt\cookies.txt ->
    > Spyware.Cookie.2o7 : Cleaned with backup
    > :mozilla.122:C:\Documents and Settings\Owner\Application
    > Data\Mozilla\Profiles\default\yh6d9aei.slt\cookies.txt ->
    > Spyware.Cookie.Questionmarket : Cleaned with backup
    > :mozilla.168:C:\Documents and Settings\Owner\Application
    > Data\Mozilla\Profiles\default\yh6d9aei.slt\cookies.txt ->
    > Spyware.Cookie.Bluestreak : Cleaned with backup
    > :mozilla.173:C:\Documents and Settings\Owner\Application
    > Data\Mozilla\Profiles\default\yh6d9aei.slt\cookies.txt ->
    > Spyware.Cookie.Adserver : Cleaned with backup
    > :mozilla.174:C:\Documents and Settings\Owner\Application
    > Data\Mozilla\Profiles\default\yh6d9aei.slt\cookies.txt ->
    > Spyware.Cookie.Adserver : Cleaned with backup
    > :mozilla.201:C:\Documents and Settings\Owner\Application
    > Data\Mozilla\Profiles\default\yh6d9aei.slt\cookies.txt ->
    > Spyware.Cookie.Overture : Cleaned with backup
    > :mozilla.202:C:\Documents and Settings\Owner\Application
    > Data\Mozilla\Profiles\default\yh6d9aei.slt\cookies.txt ->
    > Spyware.Cookie.Overture : Cleaned with backup
    > :mozilla.250:C:\Documents and Settings\Owner\Application
    > Data\Mozilla\Profiles\default\yh6d9aei.slt\cookies.txt ->
    > Spyware.Cookie.Serving-sys : Cleaned with backup
    > :mozilla.251:C:\Documents and Settings\Owner\Application
    > Data\Mozilla\Profiles\default\yh6d9aei.slt\cookies.txt ->
    > Spyware.Cookie.Serving-sys : Cleaned with backup
    > :mozilla.252:C:\Documents and Settings\Owner\Application
    > Data\Mozilla\Profiles\default\yh6d9aei.slt\cookies.txt ->
    > Spyware.Cookie.Serving-sys : Cleaned with backup
    > :mozilla.253:C:\Documents and Settings\Owner\Application
    > Data\Mozilla\Profiles\default\yh6d9aei.slt\cookies.txt ->
    > Spyware.Cookie.Serving-sys : Cleaned with backup
    > :mozilla.262:C:\Documents and Settings\Owner\Application
    > Data\Mozilla\Profiles\default\yh6d9aei.slt\cookies.txt ->
    > Spyware.Cookie.Serving-sys : Cleaned with backup
    > :mozilla.263:C:\Documents and Settings\Owner\Application
    > Data\Mozilla\Profiles\default\yh6d9aei.slt\cookies.txt ->
    > Spyware.Cookie.Bridgetrack : Cleaned with backup
    > C:\Documents and Settings\Owner\Local
    > Settings\Temp\180sainstaller.exe/clientax.dll -> Spyware.180Solutions :
    > Cleaned with backup
    > C:\Documents and Settings\Owner\Local
    > Settings\Temp\180sainstallernusac.exe/clientax.dll ->
    > Spyware.180Solutions : Cleaned with backup
    > C:\Documents and Settings\Owner\Local Settings\Temp\b.com ->
    > TrojanDropper.Agent.pb : Cleaned with backup
    > C:\Documents and Settings\Owner\Local Settings\Temp\nst26E.EXE ->
    > Spyware.SmartPops : Cleaned with backup
    > C:\Documents and Settings\Owner\Local Settings\Temporary Internet
    > Files\Content.IE5\2PHI1B80\AppWrap[10].exe -> TrojanDropper.Agent.pb :
    > Cleaned with backup
    > C:\Documents and Settings\Owner\Local Settings\Temporary Internet
    > Files\Content.IE5\2PHI1B80\AppWrap[11].exe -> TrojanDropper.Agent.pb :
    > Cleaned with backup
    > C:\Documents and Settings\Owner\Local Settings\Temporary Internet
    > Files\Content.IE5\2PHI1B80\AppWrap[12].exe -> TrojanDropper.Agent.pb :
    > Cleaned with backup
    > C:\Documents and Settings\Owner\Local Settings\Temporary Internet
    > Files\Content.IE5\2PHI1B80\AppWrap[1].exe -> TrojanDropper.Agent.pb :
    > Cleaned with backup
    > C:\Documents and Settings\Owner\Local Settings\Temporary Internet
    > Files\Content.IE5\2PHI1B80\AppWrap[3].exe -> TrojanDropper.Agent.pb :
    > Cleaned with backup
    > C:\Documents and Settings\Owner\Local Settings\Temporary Internet
    > Files\Content.IE5\2PHI1B80\AppWrap[4].exe -> TrojanDropper.Agent.pb :
    > Cleaned with backup
    > C:\Documents and Settings\Owner\Local Settings\Temporary Internet
    > Files\Content.IE5\2PHI1B80\AppWrap[5].exe -> TrojanDropper.Agent.pb :
    > Cleaned with backup
    > C:\Documents and Settings\Owner\Local Settings\Temporary Internet
    > Files\Content.IE5\2PHI1B80\AppWrap[6].exe -> TrojanDropper.Agent.pb :
    > Cleaned with backup
    > C:\Documents and Settings\Owner\Local Settings\Temporary Internet
    > Files\Content.IE5\2PHI1B80\AppWrap[7].exe -> TrojanDropper.Agent.pb :
    > Cleaned with backup
    > C:\Documents and Settings\Owner\Local Settings\Temporary Internet
    > Files\Content.IE5\2PHI1B80\AppWrap[8].exe -> TrojanDropper.Agent.pb :
    > Cleaned with backup
    > C:\Documents and Settings\Owner\Local Settings\Temporary Internet
    > Files\Content.IE5\2PHI1B80\AppWrap[9].exe -> TrojanDropper.Agent.pb :
    > Cleaned with backup
    > C:\Documents and Settings\Owner\Local Settings\Temporary Internet
    > Files\Content.IE5\J4KZ6V9Z\AppWrap[1].exe -> TrojanDropper.Agent.pb :
    > Cleaned with backup
    > C:\Documents and Settings\Owner\Local Settings\Temporary Internet
    > Files\Content.IE5\J4KZ6V9Z\AppWrap[2].exe -> TrojanDropper.Agent.pb :
    > Cleaned with backup
    > C:\Documents and Settings\Owner\Local Settings\Temporary Internet
    > Files\Content.IE5\J4KZ6V9Z\AppWrap[3].exe -> TrojanDropper.Agent.pb :
    > Cleaned with backup
    > C:\Documents and Settings\Owner\Local Settings\Temporary Internet
    > Files\Content.IE5\J4KZ6V9Z\AppWrap[5].exe -> TrojanDropper.Agent.pb :
    > Cleaned with backup
    > C:\Documents and Settings\Owner\Local Settings\Temporary Internet
    > Files\Content.IE5\J4KZ6V9Z\AppWrap[6].exe -> TrojanDropper.Agent.pb :
    > Cleaned with backup
    > C:\Documents and Settings\Owner\Local Settings\Temporary Internet
    > Files\Content.IE5\J4KZ6V9Z\upd206[1].exe -> Spyware.Look2Me : Cleaned
    > with backup
    > C:\Documents and Settings\Owner\Local Settings\Temporary Internet
    > Files\Content.IE5\ML7HNUIO\AppWrap[1].exe -> TrojanDropper.Agent.pb :
    > Cleaned with backup
    > C:\Documents and Settings\Owner\Local Settings\Temporary Internet
    > Files\Content.IE5\ML7HNUIO\AppWrap[2].exe -> TrojanDropper.Agent.pb :
    > Cleaned with backup
    > C:\Documents and Settings\Owner\Local Settings\Temporary Internet
    > Files\Content.IE5\ML7HNUIO\AppWrap[3].exe -> TrojanDropper.Agent.pb :
    > Cleaned with backup
    > C:\Documents and Settings\Owner\Local Settings\Temporary Internet
    > Files\Content.IE5\ML7HNUIO\AppWrap[4].exe -> TrojanDropper.Agent.pb :
    > Cleaned with backup
    > C:\Documents and Settings\Owner\Local Settings\Temporary Internet
    > Files\Content.IE5\ML7HNUIO\AppWrap[5].exe -> TrojanDropper.Agent.pb :
    > Cleaned with backup
    > C:\Documents and Settings\Owner\Local Settings\Temporary Internet
    > Files\Content.IE5\ML7HNUIO\AppWrap[6].exe -> TrojanDropper.Agent.pb :
    > Cleaned with backup
    > C:\Documents and Settings\Owner\Local Settings\Temporary Internet
    > Files\Content.IE5\ML7HNUIO\AppWrap[7].exe -> TrojanDropper.Agent.pb :
    > Cleaned with backup
    > C:\Documents and Settings\Owner\Local Settings\Temporary Internet
    > Files\Content.IE5\ML7HNUIO\AppWrap[8].exe -> TrojanDropper.Agent.pb :
    > Cleaned with backup
    > C:\Documents and Settings\Owner\Local Settings\Temporary Internet
    > Files\Content.IE5\ML7HNUIO\AppWrap[9].exe -> TrojanDropper.Agent.pb :
    > Cleaned with backup
    > C:\Documents and Settings\Owner\Local Settings\Temporary Internet
    > Files\Content.IE5\PM067ZIJ\AppWrap[10].exe -> TrojanDropper.Agent.pb :
    > Cleaned with backup
    > C:\Documents and Settings\Owner\Local Settings\Temporary Internet
    > Files\Content.IE5\PM067ZIJ\AppWrap[11].exe -> TrojanDropper.Agent.pb :
    > Cleaned with backup
    > C:\Documents and Settings\Owner\Local Settings\Temporary Internet
    > Files\Content.IE5\PM067ZIJ\AppWrap[1].exe -> TrojanDropper.Agent.pb :
    > Cleaned with backup
    > C:\Documents and Settings\Owner\Local Settings\Temporary Internet
    > Files\Content.IE5\PM067ZIJ\AppWrap[2].exe -> TrojanDropper.Agent.pb :
    > Cleaned with backup
    > C:\Documents and Settings\Owner\Local Settings\Temporary Internet
    > Files\Content.IE5\PM067ZIJ\AppWrap[3].exe -> TrojanDropper.Agent.pb :
    > Cleaned with backup
    > C:\Documents and Settings\Owner\Local Settings\Temporary Internet
    > Files\Content.IE5\PM067ZIJ\AppWrap[4].exe -> Spyware.AdURL : Cleaned
    > with backup
    > C:\Documents and Settings\Owner\Local Settings\Temporary Internet
    > Files\Content.IE5\PM067ZIJ\AppWrap[5].exe -> TrojanDropper.Agent.pb :
    > Cleaned with backup
    > C:\Documents and Settings\Owner\Local Settings\Temporary Internet
    > Files\Content.IE5\PM067ZIJ\AppWrap[6].exe -> TrojanDropper.Agent.pb :
    > Cleaned with backup
    > C:\Documents and Settings\Owner\Local Settings\Temporary Internet
    > Files\Content.IE5\PM067ZIJ\AppWrap[7].exe -> TrojanDropper.Agent.pb :
    > Cleaned with backup
    > C:\Documents and Settings\Owner\Local Settings\Temporary Internet
    > Files\Content.IE5\PM067ZIJ\AppWrap[9].exe -> TrojanDropper.Agent.pb :
    > Cleaned with backup
    > C:\Documents and Settings\Owner\My Documents\Terra'z
    > Folder\r3un10n.exe -> TrojanDownloader.Rameh.a : Cleaned with backup
    > C:\Documents and Settings\Owner\My Documents\Terra'z
    > Folder\r3un10n9.exe -> TrojanDownloader.Rameh.a : Cleaned with backup
    > C:\Program Files\MSN Messenger\riched20.dll -> Spyware.MyWebSearch :
    > Cleaned with backup
    > C:\Program Files\Netscape\Netscape\plugins\npwthost.dll ->
    > Spyware.WildTangent : Cleaned with backup
    > C:\Program Files\Netscape\Netscape\plugins\npzango.dll ->
    > Spyware.WinAD : Cleaned with backup
    > C:\WINDOWS\prelimhanse.exe -> Spyware.WebHancer : Cleaned with backup
    > C:\WINDOWS\ru.exe -> Spyware.PurityScan : Cleaned with backup
    > C:\WINDOWS\system\jfoldxugie.exe -> TrojanDownloader.Small.ayh :
    > Cleaned with backup
    > C:\WINDOWS\system\UpdInst.exe -> Spyware.Look2Me : Cleaned with backup
    > C:\WINDOWS\system32\adsnt702.exe -> Spyware.UrlSpy : Cleaned with
    > backup
    > C:\WINDOWS\system32\AUNPS2.dll -> Spyware.Hijacker.Generic : Cleaned
    > with backup
    > C:\WINDOWS\system32\config\systemprofile\My Documents\Terra'z
    > Folder\r3un10n.exe -> TrojanDownloader.Rameh.a : Cleaned with backup
    > C:\WINDOWS\system32\config\systemprofile\My Documents\Terra'z
    > Folder\r3un10n9.exe -> TrojanDownloader.Rameh.a : Cleaned with backup
    > C:\WINDOWS\system32\e6f1873b.dll -> TrojanDownloader.Braidupdate.d :
    > Cleaned with backup
    > C:\WINDOWS\system32\elitebda32.exe -> Spyware.Hijacker.Generic :
    > Cleaned with backup
    > C:\WINDOWS\system32\elitebjo32.exe -> Spyware.Hijacker.Generic :
    > Cleaned with backup
    > C:\WINDOWS\system32\elitebof32.exe -> Spyware.Hijacker.Generic :
    > Cleaned with backup
    > C:\WINDOWS\system32\elitecxb32.exe -> Spyware.Hijacker.Generic :
    > Cleaned with backup
    > C:\WINDOWS\system32\elitedft32.exe -> Spyware.Hijacker.Generic :
    > Cleaned with backup
    > C:\WINDOWS\system32\eliteeef32.exe -> Spyware.Hijacker.Generic :
    > Cleaned with backup
    > C:\WINDOWS\system32\elitefjt32.exe -> Spyware.Hijacker.Generic :
    > Cleaned with backup
    > C:\WINDOWS\system32\elitegdz32.exe -> Spyware.Hijacker.Generic :
    > Cleaned with backup
    > C:\WINDOWS\system32\eliteibz32.exe -> Spyware.Hijacker.Generic :
    > Cleaned with backup
    > C:\WINDOWS\system32\eliteifc32.exe -> Spyware.Hijacker.Generic :
    > Cleaned with backup
    > C:\WINDOWS\system32\elitejjj32.exe -> Spyware.Hijacker.Generic :
    > Cleaned with backup
    > C:\WINDOWS\system32\elitemij32.exe -> Spyware.Hijacker.Generic :
    > Cleaned with backup
    > C:\WINDOWS\system32\elitenuk32.exe -> Spyware.Hijacker.Generic :
    > Cleaned with backup
    > C:\WINDOWS\system32\eliteosm32.exe -> Spyware.Hijacker.Generic :
    > Cleaned with backup
    > C:\WINDOWS\system32\eliteowv32.exe -> Spyware.Hijacker.Generic :
    > Cleaned with backup
    > C:\WINDOWS\system32\elitepmi32.exe -> Spyware.Hijacker.Generic :
    > Cleaned with backup
    > C:\WINDOWS\system32\eliteppc32.exe -> Spyware.Hijacker.Generic :
    > Cleaned with backup
    > C:\WINDOWS\system32\elitesdk32.exe -> Spyware.Hijacker.Generic :
    > Cleaned with backup
    > C:\WINDOWS\system32\elitetcm32.exe -> Spyware.Hijacker.Generic :
    > Cleaned with backup
    > C:\WINDOWS\system32\elitetph32.exe -> Spyware.Hijacker.Generic :
    > Cleaned with backup
    > C:\WINDOWS\system32\eliteukr32.exe -> Spyware.Hijacker.Generic :
    > Cleaned with backup
    > C:\WINDOWS\system32\eliteuvo32.exe -> Spyware.Hijacker.Generic :
    > Cleaned with backup
    > C:\WINDOWS\system32\eliteved32.exe -> Spyware.Hijacker.Generic :
    > Cleaned with backup
    > C:\WINDOWS\system32\elitewrx32.exe -> Spyware.Hijacker.Generic :
    > Cleaned with backup
    > C:\WINDOWS\system32\eliteyro32.exe -> Spyware.Hijacker.Generic :
    > Cleaned with backup
    > C:\WINDOWS\system32\elitezhb32.exe -> Spyware.Hijacker.Generic :
    > Cleaned with backup
    > C:\WINDOWS\system32\elitezww32.exe -> Spyware.Hijacker.Generic :
    > Cleaned with backup
    > C:\WINDOWS\system32\vidctrl\vidctrl.exe -> Spyware.DelphinMediaViewer
    > : Cleaned with backup
    > C:\WINDOWS\system32\wtta.exe -> Spyware.PurityScan : Cleaned with
    > backup
    > C:\WINDOWS\ucmoreiex.exe/UCMTSAIE.DLL -> Spyware.UCmore : Cleaned with
    > backup
    > C:\WINDOWS\ucmoreiex.exe/IUCMORE.DLL -> Spyware.UCmore : Cleaned with
    > backup
    >
    > ::Report End
    >
    pcbutts1, Aug 27, 2005
    #13
  14. Guest

    Okay, I ran Hijack this, and fixed all of the items on the list (except
    for a few that were no longer there). Then I ran Crap Cleaner,
    rebooted the machine, and ran Hijackthis again. Here is the log from
    the last run of Hijackthis:

    Logfile of HijackThis v1.99.1
    Scan saved at 5:51:27 PM, on 8/27/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Norton Internet Security\ISSVC.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\Program Files\ewido\security suite\ewidoctrl.exe
    C:\Program Files\ewido\security suite\ewidoguard.exe
    C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\windows\system\hpsysdrv.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
    C:\WINDOWS\System32\hphmon05.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe
    C:\Program Files\Multimedia Card Reader\shwicon2k.exe
    C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Cas\Client\casclient.exe
    C:\DOCUME~1\Owner\LOCALS~1\Temp\Temporary Directory 1 for
    hijackthis.zip\HijackThis.exe
    C:\Program Files\Messenger\msmsgs.exe
    N3 - Netscape 7: user_pref("browser.startup.homepage",
    "http://home.netscape.com/bookmark/7_2/home.html"); (C:\Documents and
    Settings\Owner\Application
    Data\Mozilla\Profiles\default\yh6d9aei.slt\prefs.js)
    N3 - Netscape 7: user_pref("browser.search.defaultengine",
    "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src");
    (C:\Documents and Settings\Owner\Application
    Data\Mozilla\Profiles\default\yh6d9aei.slt\prefs.js)
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital
    Imaging\\Unload\hpqcmon.exe
    O4 - HKLM\..\Run: [HPHUPD05] c:\Program
    Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
    O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
    Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [AutoTKit] C:\hp\bin\AUTOTKIT.EXE
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
    C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
    O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card
    Reader\shwicon2k.exe
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility]
    C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
    O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH
    Jukebox\mmtask.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software
    Update\HPWuSchd2.exe"
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program
    Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common
    Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor]
    C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
    Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program
    Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
    Shared\ccApp.exe"
    O4 - HKCU\..\Run: [BackupNotify] c:\Program
    Files\Hewlett-Packard\Digital Imaging\bin\backupnotify.exe
    O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
    O4 - HKCU\..\Run: [CAS Client] "C:\Program
    Files\Cas\Client\casclient.exe"
    O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates
    from HP\137903\Program\BackWeb-137903.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel -
    res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
    C:\WINDOWS\System32\msjava.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console -
    {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} -
    C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger -
    {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program
    Files\Yahoo!\Messenger\yhexbmes0521.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
    C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} -
    C:\Program Files\AIM\aim.exe
    O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} -
    C:\Program Files\Microsoft Money\System\mnyside.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
    C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger -
    {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
    Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: *.cashproweb.com
    O15 - Trusted Zone: http://*.windowsupdate.com
    O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should
    be Internet Zone
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class)
    -
    http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1096838000857
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class)
    -
    http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1123255882328
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) -
    http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
    O18 - Filter: text/html - {8293D547-38DD-4325-B35A-F1817EDFA5FC} - (no
    file)
    O20 - Winlogon Notify: ShellScrap - C:\WINDOWS\system32\dvnhpast.dll
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation
    - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation
    - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec
    Corporation - C:\Program Files\Common Files\Symantec
    Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec
    Corporation - C:\Program Files\Common Files\Symantec
    Shared\ccSetMgr.exe
    O23 - Service: ewido security suite control - ewido networks -
    C:\Program Files\ewido\security suite\ewidoctrl.exe
    O23 - Service: ewido security suite guard - ewido networks - C:\Program
    Files\ewido\security suite\ewidoguard.exe
    O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. -
    C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program
    Files\Norton Internet Security\ISSVC.exe
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) -
    Symantec Corporation - C:\Program Files\Norton Internet Security\Norton
    AntiVirus\navapsvc.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA
    Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton
    Internet Security\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec
    Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec
    Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation -
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program
    Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    , Aug 28, 2005
    #14
  15. Guest

    The Adware version is se personal build 1.06R1. The definitions were
    updated today.
    The sybot version is 1.3 updated on 8/13.
    , Aug 28, 2005
    #15
  16. Guest

    Ewidow keeps finding something about every few minutes.
    C:\Windows\System32\kpksps.exe trojandownloader.qoologic.ac
    Anyidea what this is? We keeping clicking block and delete in ewido,
    but it keeps comming back.

    We are getting there though because now she can at least use her
    computer.
    , Aug 28, 2005
    #16
  17. pcbutts1 Guest

    Update spybot to version 1.4 and run it. Get it here
    http://www.pcbutts1.com/downloads/spybotsd14.exe

    Have hijackthis fix these lines
    O4 - HKCU\..\Run: [CAS Client] "C:\Program Files\Cas\Client\casclient.exe"
    O20 - Winlogon Notify: ShellScrap - C:\WINDOWS\system32\dvnhpast.dll

    That trojandownloader.qoologic is a pain in a*s to get rid of. Do the fix
    above and if Ewido keeps detecting it then download this cleaner and run it.
    Set a restore point before you run this.
    http://www.pcbutts1.com/downloads/CleanUp40.exe



    --


    The best live web video on the internet http://www.seedsv.com/webdemo.htm
    NEW Embedded system W/Linux. We now sell DVR cards.
    See it all at http://www.seedsv.com/products.htm
    Sharpvision simply the best http://www.seedsv.com



    <> wrote in message
    news:...
    > The Adware version is se personal build 1.06R1. The definitions were
    > updated today.
    > The sybot version is 1.3 updated on 8/13.
    >
    pcbutts1, Aug 28, 2005
    #17
  18. Guest

    Here is an update:
    The new Spybot version didn't find anything. The CleanUp40 seemed to
    finally get rid of the problem. The only problem I seem to be having
    now is constant popups (I have pop-up block on). The 4 most frequent
    sites are at the beginning of the attached word doc.

    I just ran Ad-Aware again and it found 144 new objects. How can that
    be??? The log-file for that is attached in the word doc.

    I think we are getting close...but then when the programs starting
    finding all these objects again I'm not so sure...

    Here is her adaware log:
    Constant pop-ups before running Ad-Aware


    www.210.paypopup.com

    http://www.partypoker.com/index20100_np_htm_ns.htm

    http://www.searc-h.com/normal/yyy26.html

    http://www.searc-h.com/normal/yyy53.html

    http://www.searc-h.com/normal/yyy65.html


    Ad-Aware SE Build 1.06r1
    Logfile Created on:Saturday, August 27, 2005 9:06:10 PM
    Created with Ad-Aware SE Personal, free for private use.
    Using definitions file:SE1R63 24.08.2005
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    References detected during the scan:
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    Adware.CasinoClient(TAC index:5):5 total references
    BargainBuddy(TAC index:8):10 total references
    ClickSpring(TAC index:6):54 total references
    Elitum.ElitebarBHO(TAC index:5):70 total references
    MRU List(TAC index:0):11 total references
    PeopleOnPage(TAC index:9):2 total references
    Possible Browser Hijack attempt(TAC index:3):1 total references
    SP2Update(TAC index:6):1 total references
    Tracking Cookie(TAC index:3):1 total references
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    Ad-Aware SE Settings
    ===========================
    Set : Search for negligible risk entries
    Set : Safe mode (always request confirmation)
    Set : Scan active processes
    Set : Scan registry
    Set : Deep-scan registry
    Set : Scan my IE Favorites for banned URLs
    Set : Scan within archives
    Set : Scan my Hosts file

    Extended Ad-Aware SE Settings
    ===========================
    Set : Unload recognized processes & modules during scan
    Set : Scan registry for all users instead of current user only
    Set : Always try to unload modules before deletion
    Set : During removal, unload Explorer and IE if necessary
    Set : Let Windows remove files in use at next reboot
    Set : Delete quarantined objects after restoring
    Set : Include basic Ad-Aware settings in log file
    Set : Include additional Ad-Aware settings in log file
    Set : Include reference summary in log file
    Set : Include alternate data stream details in log file
    Set : Play sound at scan completion if scan locates critical objects


    8-27-2005 9:06:10 PM - Scan started. (Full System Scan)

    MRU List Object Recognized!
    Location: : C:\Documents and Settings\Owner\Application
    Data\microsoft\office\recent
    Description : list of recently opened documents using
    microsoft office


    MRU List Object Recognized!
    Location: : C:\Documents and Settings\Owner\recent
    Description : list of recently opened documents


    MRU List Object Recognized!
    Location: :
    software\microsoft\direct3d\mostrecentapplication
    Description : most recent application to use microsoft
    direct3d


    MRU List Object Recognized!
    Location: :
    software\microsoft\direct3d\mostrecentapplication
    Description : most recent application to use microsoft
    direct X


    MRU List Object Recognized!
    Location: :
    software\microsoft\directdraw\mostrecentapplication
    Description : most recent application to use microsoft
    directdraw


    MRU List Object Recognized!
    Location: :
    S-1-5-21-1993641718-1277956880-2855678871-1003\software\microsoft\internet
    explorer
    Description : last download directory used in microsoft
    internet explorer


    MRU List Object Recognized!
    Location: :
    S-1-5-21-1993641718-1277956880-2855678871-1003\software\microsoft\windows\currentversion\applets\regedit
    Description : last key accessed using the microsoft registry
    editor


    MRU List Object Recognized!
    Location: :
    S-1-5-21-1993641718-1277956880-2855678871-1003\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
    Description : list of recent programs opened


    MRU List Object Recognized!
    Location: :
    S-1-5-21-1993641718-1277956880-2855678871-1003\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
    Description : list of recently saved files, stored according
    to file extension


    MRU List Object Recognized!
    Location: :
    S-1-5-21-1993641718-1277956880-2855678871-1003\software\microsoft\windows\currentversion\explorer\recentdocs
    Description : list of recent documents opened


    MRU List Object Recognized!
    Location: :
    S-1-5-21-1993641718-1277956880-2855678871-1003\software\nvidia
    corporation\global\nview\windowmanagement
    Description : nvidia nview cached application window
    positions


    Listing running processes
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    #:1 [smss.exe]
    FilePath : \SystemRoot\System32\
    ProcessID : 456
    ThreadCreationTime : 8-28-2005 1:57:48 AM
    BasePriority : Normal


    #:2 [winlogon.exe]
    FilePath : \??\C:\WINDOWS\system32\
    ProcessID : 540
    ThreadCreationTime : 8-28-2005 1:57:53 AM
    BasePriority : High


    #:3 [services.exe]
    FilePath : C:\WINDOWS\system32\
    ProcessID : 584
    ThreadCreationTime : 8-28-2005 1:57:53 AM
    BasePriority : Normal
    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion : 5.1.2600.2180
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : Services and Controller app
    InternalName : services.exe
    LegalCopyright : © Microsoft Corporation. All rights reserved.
    OriginalFilename : services.exe

    #:4 [lsass.exe]
    FilePath : C:\WINDOWS\system32\
    ProcessID : 596
    ThreadCreationTime : 8-28-2005 1:57:53 AM
    BasePriority : Normal
    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion : 5.1.2600.2180
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : LSA Shell (Export Version)
    InternalName : lsass.exe
    LegalCopyright : © Microsoft Corporation. All rights reserved.
    OriginalFilename : lsass.exe

    #:5 [svchost.exe]
    FilePath : C:\WINDOWS\system32\
    ProcessID : 764
    ThreadCreationTime : 8-28-2005 1:57:55 AM
    BasePriority : Normal
    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion : 5.1.2600.2180
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : Generic Host Process for Win32 Services
    InternalName : svchost.exe
    LegalCopyright : © Microsoft Corporation. All rights reserved.
    OriginalFilename : svchost.exe

    #:6 [svchost.exe]
    FilePath : C:\WINDOWS\System32\
    ProcessID : 880
    ThreadCreationTime : 8-28-2005 1:57:56 AM
    BasePriority : Normal
    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion : 5.1.2600.2180
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : Generic Host Process for Win32 Services
    InternalName : svchost.exe
    LegalCopyright : © Microsoft Corporation. All rights reserved.
    OriginalFilename : svchost.exe

    #:7 [ccproxy.exe]
    FilePath : C:\Program Files\Common Files\Symantec Shared\
    ProcessID : 1152
    ThreadCreationTime : 8-28-2005 1:57:58 AM
    BasePriority : Normal
    FileVersion : 103.0.4.3
    ProductVersion : 103.0.4.3
    ProductName : Client and Host Security Platform
    CompanyName : Symantec Corporation
    FileDescription : Symantec Network Proxy Service
    InternalName : ccProxy
    LegalCopyright : Copyright (c) 2000-2004 Symantec Corporation.
    All rights reserved.
    OriginalFilename : ccProxy.exe

    #:8 [ccsetmgr.exe]
    FilePath : C:\Program Files\Common Files\Symantec Shared\
    ProcessID : 1180
    ThreadCreationTime : 8-28-2005 1:57:58 AM
    BasePriority : Normal
    FileVersion : 103.0.5.2
    ProductVersion : 103.0.5.2
    ProductName : Client and Host Security Platform
    CompanyName : Symantec Corporation
    FileDescription : Symantec Settings Manager Service
    InternalName : ccSetMgr
    LegalCopyright : Copyright (c) 2000-2004 Symantec Corporation.
    All rights reserved.
    OriginalFilename : ccSetMgr.exe

    #:9 [rundll32.exe]
    FilePath : C:\WINDOWS\system32\
    ProcessID : 1192
    ThreadCreationTime : 8-28-2005 1:57:58 AM
    BasePriority : Normal
    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion : 5.1.2600.2180
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : Run a DLL as an App
    InternalName : rundll
    LegalCopyright : © Microsoft Corporation. All rights reserved.
    OriginalFilename : RUNDLL.EXE

    #:10 [issvc.exe]
    FilePath : C:\Program Files\Norton Internet Security\
    ProcessID : 1244
    ThreadCreationTime : 8-28-2005 1:57:58 AM
    BasePriority : Normal
    FileVersion : 8.0.5.14
    ProductVersion : 8.0
    ProductName : Norton Internet Security
    CompanyName : Symantec Corporation
    FileDescription : IS Service
    InternalName : ISSVC.exe
    LegalCopyright : Copyright (c) 2004 Symantec Corporation
    OriginalFilename : ISSVC.exe

    #:11 [sndsrvc.exe]
    FilePath : C:\Program Files\Common Files\Symantec Shared\
    ProcessID : 1256
    ThreadCreationTime : 8-28-2005 1:57:59 AM
    BasePriority : Normal
    FileVersion : 5.5.1.6
    ProductVersion : 5.5
    ProductName : Symantec Security Drivers
    CompanyName : Symantec Corporation
    FileDescription : Network Driver Service
    InternalName : SndSrvc
    LegalCopyright : Copyright 2002, 2003, 2004 Symantec
    Corporation
    OriginalFilename : SndSrvc.exe

    #:12 [ccevtmgr.exe]
    FilePath : C:\Program Files\Common Files\Symantec Shared\
    ProcessID : 1464
    ThreadCreationTime : 8-28-2005 1:58:00 AM
    BasePriority : Normal
    FileVersion : 103.0.2.10
    ProductVersion : 103.0.2.10
    ProductName : Client and Host Security Platform
    CompanyName : Symantec Corporation
    FileDescription : Symantec Event Manager Service
    InternalName : ccEvtMgr
    LegalCopyright : Copyright (c) 2000-2004 Symantec Corporation.
    All rights reserved.
    OriginalFilename : ccEvtMgr.exe

    #:13 [explorer.exe]
    FilePath : C:\WINDOWS\
    ProcessID : 1792
    ThreadCreationTime : 8-28-2005 1:58:02 AM
    BasePriority : Normal
    FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion : 6.00.2900.2180
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : Windows Explorer
    InternalName : explorer
    LegalCopyright : © Microsoft Corporation. All rights reserved.
    OriginalFilename : EXPLORER.EXE

    #:14 [spoolsv.exe]
    FilePath : C:\WINDOWS\system32\
    ProcessID : 1964
    ThreadCreationTime : 8-28-2005 1:58:04 AM
    BasePriority : Normal
    FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)
    ProductVersion : 5.1.2600.2696
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : Spooler SubSystem App
    InternalName : spoolsv.exe
    LegalCopyright : © Microsoft Corporation. All rights reserved.
    OriginalFilename : spoolsv.exe

    #:15 [cisvc.exe]
    FilePath : C:\WINDOWS\system32\
    ProcessID : 256
    ThreadCreationTime : 8-28-2005 1:58:10 AM
    BasePriority : Normal
    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion : 5.1.2600.2180
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : Content Index service
    InternalName : cisvc.exe
    LegalCopyright : © Microsoft Corporation. All rights reserved.
    OriginalFilename : cisvc.exe

    #:16 [ewidoctrl.exe]
    FilePath : C:\Program Files\ewido\security suite\
    ProcessID : 108
    ThreadCreationTime : 8-28-2005 1:58:11 AM
    BasePriority : Normal
    FileVersion : 3, 0, 0, 1
    ProductVersion : 3, 0, 0, 1
    ProductName : ewido control
    CompanyName : ewido networks
    FileDescription : ewido control
    InternalName : ewido control
    LegalCopyright : Copyright © 2004
    OriginalFilename : ewidoctrl.exe

    #:17 [ewidoguard.exe]
    FilePath : C:\Program Files\ewido\security suite\
    ProcessID : 336
    ThreadCreationTime : 8-28-2005 1:58:11 AM
    BasePriority : Normal
    FileVersion : 3, 0, 0, 1
    ProductVersion : 3, 0, 0, 1
    ProductName : guard
    CompanyName : ewido networks
    FileDescription : guard
    InternalName : guard
    LegalCopyright : Copyright © 2004
    OriginalFilename : guard.exe

    #:18 [navapsvc.exe]
    FilePath : C:\Program Files\Norton Internet
    Security\Norton AntiVirus\
    ProcessID : 392
    ThreadCreationTime : 8-28-2005 1:58:11 AM
    BasePriority : Normal
    FileVersion : 11.0.9.16
    ProductVersion : 11.0.9
    ProductName : Norton AntiVirus
    CompanyName : Symantec Corporation
    FileDescription : Norton AntiVirus Auto-Protect Service
    InternalName : NAVAPSVC
    LegalCopyright : Norton AntiVirus 2005 for Windows
    98/ME/2000/XP Copyright © 2004 Symantec Corporation. All rights
    reserved.
    OriginalFilename : NAVAPSVC.EXE

    #:19 [svchost.exe]
    FilePath : C:\WINDOWS\System32\
    ProcessID : 960
    ThreadCreationTime : 8-28-2005 1:58:16 AM
    BasePriority : Normal
    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion : 5.1.2600.2180
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : Generic Host Process for Win32 Services
    InternalName : svchost.exe
    LegalCopyright : © Microsoft Corporation. All rights reserved.
    OriginalFilename : svchost.exe

    #:20 [symlcsvc.exe]
    FilePath : C:\Program Files\Common Files\Symantec
    Shared\CCPD-LC\
    ProcessID : 1004
    ThreadCreationTime : 8-28-2005 1:58:16 AM
    BasePriority : Normal
    FileVersion : 1, 8, 54, 478
    ProductVersion : 1, 8, 54, 478
    ProductName : Symantec Core Component
    CompanyName : Symantec Corporation
    FileDescription : Symantec Core Component
    InternalName : symlcsvc
    LegalCopyright : Copyright (C) 2003
    OriginalFilename : symlcsvc.exe

    #:21 [hpsysdrv.exe]
    FilePath : C:\windows\system\
    ProcessID : 2872
    ThreadCreationTime : 8-28-2005 1:59:10 AM
    BasePriority : Normal
    FileVersion : 1, 7, 0, 0
    ProductVersion : 1, 7, 0, 0
    ProductName : hpsysdrv
    CompanyName : Hewlett-Packard Company
    FileDescription : hpsysdrv
    InternalName : hpsysdrv
    LegalCopyright : Copyright © 1998
    OriginalFilename : hpsysdrv.exe

    #:22 [hkcmd.exe]
    FilePath : C:\WINDOWS\system32\
    ProcessID : 2896
    ThreadCreationTime : 8-28-2005 1:59:15 AM
    BasePriority : Normal
    FileVersion : 3.0.0.3889
    ProductVersion : 7.0.0.3889
    ProductName : Intel(R) Common User Interface
    CompanyName : Intel Corporation
    FileDescription : hkcmd Module
    InternalName : HKCMD
    LegalCopyright : Copyright 1999-2002, Intel Corporation
    OriginalFilename : HKCMD.EXE

    #:23 [hpqcmon.exe]
    FilePath : C:\Program Files\Hewlett-Packard\Digital
    Imaging\Unload\
    ProcessID : 2904
    ThreadCreationTime : 8-28-2005 1:59:17 AM
    BasePriority : Normal
    FileVersion : 2.0.0.133
    ProductVersion : 2.0.0.133
    ProductName : HpqCmon Application
    FileDescription : HpqCmon MFC Application
    InternalName : HpqCmon
    LegalCopyright : Copyright (C) 2001
    OriginalFilename : HpqCmon.EXE

    #:24 [wuauclt.exe]
    FilePath : C:\WINDOWS\system32\
    ProcessID : 2948
    ThreadCreationTime : 8-28-2005 1:59:20 AM
    BasePriority : Normal
    FileVersion : 5.8.0.2469 built by: lab01_n(wmbla)
    ProductVersion : 5.8.0.2469
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : Automatic Updates
    InternalName : wuauclt.exe
    LegalCopyright : © Microsoft Corporation. All rights reserved.
    OriginalFilename : wuauclt.exe

    #:25 [hphmon05.exe]
    FilePath : C:\WINDOWS\System32\
    ProcessID : 3104
    ThreadCreationTime : 8-28-2005 1:59:21 AM
    BasePriority : Normal
    FileVersion : 5,0,84
    ProductVersion : 5,0,84
    ProductName : HP Photosmart
    CompanyName : Hewlett-Packard
    FileDescription : HPHmon05
    InternalName : HPHmon05
    LegalCopyright : Copyright (C) 2003
    OriginalFilename : HPHmon05.exe

    #:26 [realsched.exe]
    FilePath : C:\Program Files\Common Files\Real\Update_OB\
    ProcessID : 3124
    ThreadCreationTime : 8-28-2005 1:59:23 AM
    BasePriority : Normal
    FileVersion : 0.1.0.1622
    ProductVersion : 0.1.0.1622
    ProductName : RealOne Player (32-bit)
    CompanyName : RealNetworks, Inc.
    FileDescription : RealNetworks Scheduler
    InternalName : schedapp
    LegalCopyright : Copyright © RealNetworks, Inc. 1995-2002
    LegalTrademarks : RealAudio(tm) is a trademark of RealNetworks,
    Inc.
    OriginalFilename : realsched.exe

    #:27 [rnathchk.exe]
    FilePath : C:\Program Files\Common Files\Real\Update_OB\
    ProcessID : 3172
    ThreadCreationTime : 8-28-2005 1:59:25 AM
    BasePriority : Normal
    FileVersion : 7.0.0.1176
    ProductVersion : 7.0.0.1176
    ProductName : RealOne Player (32-bit)
    CompanyName : RealNetworks, Inc.
    FileDescription : RealNetworks ATH Check App
    InternalName : rnathchk
    LegalCopyright : Copyright © RealNetworks, Inc. 1995-2002
    LegalTrademarks : RealAudio(tm) is a trademark of RealNetworks,
    Inc.
    OriginalFilename : rnathchk.EXE

    #:28 [svchost.exe]
    FilePath : C:\WINDOWS\System32\
    ProcessID : 3180
    ThreadCreationTime : 8-28-2005 1:59:26 AM
    BasePriority : Normal
    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion : 5.1.2600.2180
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : Generic Host Process for Win32 Services
    InternalName : svchost.exe
    LegalCopyright : © Microsoft Corporation. All rights reserved.
    OriginalFilename : svchost.exe

    #:29 [shwicon2k.exe]
    FilePath : C:\Program Files\Multimedia Card Reader\
    ProcessID : 3332
    ThreadCreationTime : 8-28-2005 1:59:39 AM
    BasePriority : Idle
    FileVersion : 1, 0, 0, 6
    ProductVersion : 1, 0, 0, 6
    ProductName : Alcor Micro Sunkist
    CompanyName : Alcor Micro, Corp.
    FileDescription : Sunkist
    InternalName : Sunkist
    LegalCopyright : Copyright c 2002 - 2004
    OriginalFilename : Sunkist.exe

    #:30 [hpztsb08.exe]
    FilePath : C:\WINDOWS\System32\spool\drivers\w32x86\3\
    ProcessID : 3348
    ThreadCreationTime : 8-28-2005 1:59:41 AM
    BasePriority : Normal
    FileVersion : 2,224,2,0
    ProductVersion : 2,224,2,0
    ProductName : HP DeskJet
    CompanyName : HP
    LegalCopyright : Copyright (c) Hewlett-Packard Company
    1999-2003

    #:31 [igfxtray.exe]
    FilePath : C:\WINDOWS\system32\
    ProcessID : 3420
    ThreadCreationTime : 8-28-2005 1:59:44 AM
    BasePriority : Normal
    FileVersion : 3.0.0.3889
    ProductVersion : 7.0.0.3889
    ProductName : Intel(R) Common User Interface
    CompanyName : Intel Corporation
    FileDescription : igfxTray Module
    InternalName : IGFXTRAY
    LegalCopyright : Copyright 1999-2002, Intel Corporation
    OriginalFilename : IGFXTRAY.EXE

    #:32 [hpwuschd2.exe]
    FilePath : C:\Program Files\HP\HP Software Update\
    ProcessID : 3436
    ThreadCreationTime : 8-28-2005 1:59:47 AM
    BasePriority : Normal
    FileVersion : 3, 0, 38, 1
    ProductVersion : 3, 0, 38, 1
    ProductName : HP Software Update Application
    CompanyName : Hewlett-Packard Company
    FileDescription : hpwuSchd
    InternalName : hpwuSchd
    LegalCopyright : Copyright © 2003
    OriginalFilename : hpwuSchd.exe

    #:33 [hpcmpmgr.exe]
    FilePath : C:\Program Files\HP\hpcoretech\
    ProcessID : 3456
    ThreadCreationTime : 8-28-2005 1:59:49 AM
    BasePriority : Normal
    FileVersion : 2.1.1.0
    ProductVersion : 2.1.5
    ProductName : hp coretech (COmponent REuse TECHnology)
    CompanyName : Hewlett-Packard Company
    FileDescription : HP Framework Component Manager Service
    InternalName : HPComponentManagerService module
    LegalCopyright : Copyright (C) Hewlett-Packard. 2002-2004
    OriginalFilename : HpCmpMgr.exe

    #:34 [qttask.exe]
    FilePath : C:\Program Files\QuickTime\
    ProcessID : 3516
    ThreadCreationTime : 8-28-2005 1:59:56 AM
    BasePriority : Normal
    FileVersion : 6.5.1
    ProductVersion : QuickTime 6.5.1
    ProductName : QuickTime
    CompanyName : Apple Computer, Inc.
    InternalName : QuickTime Task
    LegalCopyright : © Apple Computer, Inc. 2001-2004
    OriginalFilename : QTTask.exe

    #:35 [ituneshelper.exe]
    FilePath : C:\Program Files\iTunes\
    ProcessID : 3528
    ThreadCreationTime : 8-28-2005 1:59:59 AM
    BasePriority : Normal
    FileVersion : 4.8.0.32
    ProductVersion : 4.8.0.32
    ProductName : iTunes
    CompanyName : Apple Computer, Inc.
    FileDescription : iTunesHelper Module
    InternalName : iTunesHelper
    LegalCopyright : © 2003-2005 Apple Computer, Inc. All Rights
    Reserved.
    OriginalFilename : iTunesHelper.exe

    #:36 [ccapp.exe]
    FilePath : C:\Program Files\Common Files\Symantec Shared\
    ProcessID : 3548
    ThreadCreationTime : 8-28-2005 2:00:01 AM
    BasePriority : Normal
    FileVersion : 103.0.2.10
    ProductVersion : 103.0.2.10
    ProductName : Client and Host Security Platform
    CompanyName : Symantec Corporation
    FileDescription : Symantec User Session
    InternalName : ccApp
    LegalCopyright : Copyright (c) 2000-2004 Symantec Corporation.
    All rights reserved.
    OriginalFilename : ccApp.exe

    #:37 [ipodservice.exe]
    FilePath : C:\Program Files\iPod\bin\
    ProcessID : 3644
    ThreadCreationTime : 8-28-2005 2:00:05 AM
    BasePriority : Normal
    FileVersion : 4.8.0.32
    ProductVersion : 4.8.0.32
    ProductName : iTunes
    CompanyName : Apple Computer, Inc.
    FileDescription : iPodService Module
    InternalName : iPodService
    LegalCopyright : © 2003-2005 Apple Computer, Inc. All Rights
    Reserved.
    OriginalFilename : iPodService.exe

    #:38 [ad-aware.exe]
    FilePath : C:\Program Files\Lavasoft\Ad-Aware SE
    Personal\
    ProcessID : 3116
    ThreadCreationTime : 8-28-2005 2:04:07 AM
    BasePriority : Normal
    FileVersion : 6.2.0.236
    ProductVersion : SE 106
    ProductName : Lavasoft Ad-Aware SE
    CompanyName : Lavasoft Sweden
    FileDescription : Ad-Aware SE Core application
    InternalName : Ad-Aware.exe
    LegalCopyright : Copyright © Lavasoft AB Sweden
    OriginalFilename : Ad-Aware.exe
    Comments : All Rights Reserved

    #:39 [cidaemon.exe]
    FilePath : C:\WINDOWS\system32\
    ProcessID : 2408
    ThreadCreationTime : 8-28-2005 2:05:33 AM
    BasePriority : Idle
    FileVersion : 5.1.2600.0 (xpclient.010817-1148)
    ProductVersion : 5.1.2600.0
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : Indexing Service filter daemon
    InternalName : cidaemon.exe
    LegalCopyright : © Microsoft Corporation. All rights reserved.
    OriginalFilename : cidaemon.exe

    Memory scan result:
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    New critical objects: 0
    Objects found so far: 11


    Started registry scan
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    Registry Scan result:
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    New critical objects: 0
    Objects found so far: 11


    Started deep registry scan
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    Deep registry scan result:
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    New critical objects: 0
    Objects found so far: 11


    Started Tracking Cookie scan
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


    Tracking cookie scan result:
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    New critical objects: 0
    Objects found so far: 11



    Deep scanning and examining files (C:)
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    PeopleOnPage Object Recognized!
    Type : File
    Data : libexpat.dll
    TAC Rating : 9
    Category : Data Miner
    Comment :
    Object : C:\Program
    Files\Yahoo!\YPSR\Quarantine\ppq2B.tmp\



    BargainBuddy Object Recognized!
    Type : File
    Data : A0038399.exe
    TAC Rating : 8
    Category : Malware
    Comment :
    Object : C:\System Volume
    Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP313\
    FileVersion : 1, 0, 0, 5
    ProductVersion : 1, 0, 0, 5
    ProductName : CashBack Module
    CompanyName : eXact Advertising
    FileDescription : CashBack Module
    InternalName : CashBack
    LegalCopyright : Copyright © 2003, 2004. eXact Advertising,
    LLC. All Rights Reserved.
    OriginalFilename : cashback.exe


    BargainBuddy Object Recognized!
    Type : File
    Data : A0038400.exe
    TAC Rating : 8
    Category : Malware
    Comment :
    Object : C:\System Volume
    Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP313\
    FileVersion : 1.00.0004
    ProductVersion : 1.00.0004
    ProductName : CashBack Program
    CompanyName : eXact Advertising
    InternalName : cb
    LegalCopyright : Copyright © 2003, 2004. eXact Advertising,
    LLC. All Rights Reserved.
    OriginalFilename : cb.exe


    BargainBuddy Object Recognized!
    Type : File
    Data : A0038401.exe
    TAC Rating : 8
    Category : Malware
    Comment :
    Object : C:\System Volume
    Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP313\
    FileVersion : 1.00.0006
    ProductVersion : 1.00.0006
    ProductName : CashBack Flash Notification Module
    CompanyName : eXact Advertising
    InternalName : flash
    LegalCopyright : Copyright © 2003, 2004. eXact Advertising,
    LLC. All Rights Reserved.
    OriginalFilename : flash.exe


    BargainBuddy Object Recognized!
    Type : File
    Data : A0038403.exe
    TAC Rating : 8
    Category : Malware
    Comment :
    Object : C:\System Volume
    Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP313\



    BargainBuddy Object Recognized!
    Type : File
    Data : A0038404.dll
    TAC Rating : 8
    Category : Malware
    Comment :
    Object : C:\System Volume
    Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP313\
    FileVersion : 2, 0, 0, 17
    ProductVersion : 2, 0, 0, 17
    ProductName : cbdll Module
    CompanyName : eXact Advertising
    FileDescription : cb.dll Module
    InternalName : cb.dll
    LegalCopyright : Copyright © 2003, 2004. eXact Advertising,
    LLC. All Rights Reserved.
    OriginalFilename : cb.dll


    ClickSpring Object Recognized!
    Type : File
    Data : A0039724.exe
    TAC Rating : 6
    Category : Malware
    Comment :
    Object : C:\System Volume
    Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP326\



    ClickSpring Object Recognized!
    Type : File
    Data : A0039746.exe
    TAC Rating : 6
    Category : Malware
    Comment :
    Object : C:\System Volume
    Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP326\



    ClickSpring Object Recognized!
    Type : File
    Data : A0039757.exe
    TAC Rating : 6
    Category : Malware
    Comment :
    Object : C:\System Volume
    Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP326\



    ClickSpring Object Recognized!
    Type : File
    Data : A0040750.exe
    TAC Rating : 6
    Category : Malware
    Comment :
    Object : C:\System Volume
    Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP329\



    ClickSpring Object Recognized!
    Type : File
    Data : A0040751.exe
    TAC Rating : 6
    Category : Malware
    Comment :
    Object : C:\System Volume
    Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP329\



    ClickSpring Object Recognized!
    Type : File
    Data : A0040822.exe
    TAC Rating : 6
    Category : Malware
    Comment :
    Object : C:\System Volume
    Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP331\



    ClickSpring Object Recognized!
    Type : File
    Data : A0041818.exe
    TAC Rating : 6
    Category : Malware
    Comment :
    Object : C:\System Volume
    Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP331\



    ClickSpring Object Recognized!
    Type : File
    Data : A0041820.exe
    TAC Rating : 6
    Category : Malware
    Comment :
    Object : C:\System Volume
    Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP331\



    ClickSpring Object Recognized!
    Type : File
    Data : A0042814.exe
    TAC Rating : 6
    Category : Malware
    Comment :
    Object : C:\System Volume
    Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP338\



    ClickSpring Object Recognized!
    Type : File
    Data : A0042815.exe
    TAC Rating : 6
    Category : Malware
    Comment :
    Object : C:\System Volume
    Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP338\



    ClickSpring Object Recognized!
    Type : File
    Data : A0042887.exe
    TAC Rating : 6
    Category : Malware
    Comment :
    Object : C:\System Volume
    Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP340\



    ClickSpring Object Recognized!
    Type : File
    Data : A0043187.exe
    TAC Rating : 6
    Category : Malware
    Comment :
    Object : C:\System Volume
    Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP344\



    ClickSpring Object Recognized!
    Type : File
    Data : A0043198.exe
    TAC Rating : 6
    Category : Malware
    Comment :
    Object : C:\System Volume
    Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP345\



    ClickSpring Object Recognized!
    Type : File
    Data : A0043199.exe
    TAC Rating : 6
    Category : Malware
    Comment :
    Object : C:\System Volume
    Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP345\



    ClickSpring Object Recognized!
    Type : File
    Data : A0043243.exe
    TAC Rating : 6
    Category : Malware
    Comment :
    Object : C:\System Volume
    Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP345\



    ClickSpring Object Recognized!
    Type : File
    Data : A0043258.exe
    TAC Rating : 6
    Category : Malware
    Comment :
    Object : C:\System Volume
    Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP346\



    ClickSpring Object Recognized!
    Type : File
    Data : A0043287.exe
    TAC Rating : 6
    Category : Malware
    Comment :
    Object : C:\System Volume
    Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP348\



    BargainBuddy Object Recognized!
    Type : File
    Data : A0045264.exe
    TAC Rating : 8
    Category : Malware
    Comment :
    Object : C:\System Volume
    Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP354\
    FileVersion : 1, 0, 0, 5
    ProductVersion : 1, 0, 0, 5
    ProductName : CashBack Module
    CompanyName : eXact Advertising
    FileDescription : CashBack Module
    InternalName : CashBack
    LegalCopyright : Copyright © 2003, 2004. eXact Advertising,
    LLC. All Rights Reserved.
    OriginalFilename : cashback.exe


    ClickSpring Object Recognized!
    Type : File
    Data : A0045270.exe
    TAC Rating : 6
    Category : Malware
    Comment :
    Object : C:\System Volume
    Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP354\



    ClickSpring Object Recognized!
    Type : File
    Data : A0045271.exe
    TAC Rating : 6
    Category : Malware
    Comment :
    Object : C:\System Volume
    Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP354\



    Elitum.ElitebarBHO Object Recognized!
    Type : File
    Data : A0045275.dll
    TAC Rating : 5
    Category : Data Miner
    Comment :
    Object : C:\System Volume
    Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP354\



    BargainBuddy Object Recognized!
    Type : File
    Data : A0045306.exe
    TAC Rating : 8
    Category : Malware
    Comment :
    Object : C:\System Volume
    Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP354\



    BargainBuddy Object Recognized!
    Type : File
    Data : A0045307.dll
    TAC Rating : 8
    Category : Malware
    Comment :
    Object : C:\System Volume
    Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP354\
    FileVersion : 2, 0, 0, 17
    ProductVersion : 2, 0, 0, 17
    ProductName : cbdll Module
    CompanyName : eXact Advertising
    FileDescription : cb.dll Module
    InternalName : cb.dll
    LegalCopyright : Copyright © 2003, 2004. eXact Advertising,
    LLC. All Rights Reserved.
    OriginalFilename : cb.dll


    ClickSpring Object Recognized!
    Type : File
    Data : A0045316.exe
    TAC Rating : 6
    Category : Malware
    Comment :
    Object : C:\System Volume
    Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP354\



    ClickSpring Object Recognized!
    Type : File
    Data : A0045317.exe
    TAC Rating : 6
    Category : Malware
    Comment :
    Object : C:\System Volume
    Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP354\



    Elitum.ElitebarBHO Object Recognized!
    Type : File
    Data : A0045321.dll
    TAC Rating : 5
    Category : Data Miner
    Comment :
    Object : C:\System Volume
    Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP354\



    ClickSpring Object Recognized!
    Type : File
    Data : A0045333.exe
    TAC Rating : 6
    Category : Malware
    Comment :
    Object : C:\System Volume
    Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP354\



    ClickSpring Object Recognized!
    Type : File
    Data : A0045334.exe
    TAC Rating : 6
    Category : Malware
    Comment :
    Object : C:\System Volume
    Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP354\



    Elitum.ElitebarBHO Object Recognized!
    Type : File
    Data : A0045338.dll
    TAC Rating : 5
    Category : Data Miner
    Comment :
    Object : C:\System Volume
    Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP354\



    ClickSpring Object Recognized!
    Type : File
    Data : A0045350.exe
    TAC Rating : 6
    Category : Malware
    Comment :
    Object : C:\System Volume
    Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP354\



    ClickSpring Object Recognized!
    Type : File
    Data : A0045351.exe
    TAC Rating : 6
    Category : Malware
    Comment :
    Object : C:\System Volume
    Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP354\



    Elitum.ElitebarBHO Object Recognized!
    Type : File
    Data : A0045357.dll
    TAC Rating : 5
    Category : Data Miner
    Comment :
    Object : C:\System Volume
    Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP354\



    ClickSpring Object Recognized!
    Type : File
    Data : A0046350.exe
    TAC Rating : 6
    Category : Malware
    Comment :
    Object : C:\System Volume
    Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP356\



    ClickSpring Object Recognized!
    Type : File
    Data : A0046351.exe
    TAC Rating : 6
    Category : Malware
    Comment :
    Object : C:\System Volume
    Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP356\



    Elitum.ElitebarBHO Object Recognized!
    Type : File
    Data : A0046357.dll
    TAC Rating : 5
    Category : Data Miner
    Comment :
    Object : C:\System Volume
    Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP356\



    Elitum.ElitebarBHO Object Recognized!
    Type : File
    Data : A0046394.dll
    TAC Rating : 5
    Category : Data Miner
    Comment :
    Object : C:\System Volume
    Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP357\



    ClickSpring Object Recognized!
    Type : File
    Data : A0046398.exe
    TAC Rating : 6
    Category : Malware
    Comment :
    Object : C:\System Volume
    Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP357\



    ClickSpring Object Recognized!
    Type : File
    Data : A0046490.exe
    TAC Rating : 6
    Category : Malware
    Comment :
    Object : C:\System Volume
    Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP357\



    ClickSpring Object Recognized!
    Type : File
    Data : A0046491.exe
    TAC Rating : 6
    Category : Malware
    Comment :
    Object : C:\System Volume
    Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP357\



    Elitum.ElitebarBHO Object Recognized!
    Type : File
    Data : A0046496.dll
    TAC Rating : 5
    Category : Data Miner
    Comment :
    Object : C:\System Volume
    Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP357\



    ClickSpring Object Recognized!
    Type : File
    Data : A0046508.exe
    TAC Rating : 6
    Category : Malware
    Comment :
    Object : C:\System Volume
    Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP357\



    ClickSpring Object Recognized!
    Type : File
    Data : A0046509.exe
    TAC Rating : 6
    Category : Malware
    Comment :
    Object : C:\System Volume
    Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP357\



    Elitum.ElitebarBHO Object Recognized!
    Type : File
    Data : A0046516.dll
    TAC Rating : 5
    Category : Data Miner
    Comment :
    Object : C:\System Volume
    Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP357\



    ClickSpring Object Recognized!
    Type : File
    Data : A0047508.exe
    TAC Rating : 6
    Category : Malware
    Comment :
    Object : C:\System Volume
    Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP357\



    ClickSpring Object Recognized!
    Type : File
    Data : A0047509.exe
    TAC Rating : 6
    Category : Malware
    Comment :
    Object : C:\System Volume
    Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP357\



    Elitum.ElitebarBHO Object Recognized!
    Type : File
    Data : A0047514.dll
    TAC Rating : 5
    Category : Data Miner
    Comment :
    Object : C:\System Volume
    Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP357\



    Elitum.ElitebarBHO Object Recognized!
    Type : File
    Data : A0047530.dll
    TAC Rating : 5
    Category : Data Miner
    Comment :
    Object : C:\System Volume
    Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP358\



    ClickSpring Object Recognized!
    Type : File
    Data : A0047533.exe
    TAC Rating : 6
    Category : Malware
    Comment :
    Object : C:\System Volume
    Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP358\



    ClickSpring Object Recognized!
    Type : File
    Data : A0047645.exe
    TAC Rating : 6
    Category : Malware
    Comment :
    Object : C:\System Volume
    Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP358\



    ClickSpring Object Recognized!
    Type : File
    Data : A0047646.exe
    TAC Rating : 6
    Category : Malware
    Comment :
    Object : C:\System Volume
    Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP358\



    Elitum.ElitebarBHO Object Recognized!
    Type : File
    Data : A0047651.dll
    TAC Rating : 5
    Category : Data Miner
    Comment :
    Object : C:\System Volume
    Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP358\



    ClickSpring Object Recognized!
    Type : File
    Data : A0048647.exe
    TAC Rating : 6
    Category : Malware
    Comment :
    Object : C:\System Volume
    Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP358\



    ClickSpring Object Recognized!
    Type : File
    Data : A0048648.exe
    TAC Rating : 6
    Category : Malware
    Comment :
    Object : C:\System Volume
    Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP358\



    Elitum.ElitebarBHO Object Recognized!
    Type : File
    Data : A0048653.dll
    TAC Rating : 5
    Category : Data Miner
    Comment :
    Object : C:\System Volume
    Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP358\



    ClickSpring Object Recognized!
    Type : File
    Data : A0048663.exe
    TAC Rating : 6
    Category : Malware
    Comment :
    Object : C:\System Volume
    Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP358\



    ClickSpring Object Recognized!
    Type : File
    Data : A0048664.exe
    TAC Rating : 6
    Category : Malware
    Comment :
    Object : C:\System Volume
    Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP358\



    Elitum.ElitebarBHO Object Recognized!
    Type : File
    Data : A0048669.dll
    TAC Rating : 5
    Category : Data Miner
    Comment :
    Object : C:\System Volume
    Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP358\



    ClickSpring Object Recognized!
    Type : File
    Data : A0048760.exe
    TAC Rating : 6
    Category : Malware
    Comment :
    Object : C:\System Volume
    Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP359\



    ClickSpring Object Recognized!
    Type : File
    Data : A0048761.exe
    TAC Rating : 6
    Category : Malware
    Comment :
    Object : C:\System Volume
    Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP359\



    Elitum.ElitebarBHO Object Recognized!
    Type : File
    Data : A0048766.dll
    TAC Rating : 5
    Category : Data Miner
    Comment :
    Object : C:\System Volume
    Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP359\



    ClickSpring Object Recognized!
    Type : File
    Data : A0049760.exe
    TAC Rating : 6
    Category : Malware
    Comment :
    Object : C:\System Volume
    Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP359\



    ClickSpring Object Recognized!
    Type : File
    Data : A0049761.exe
    TAC Rating : 6
    Category : Malware
    Comment :
    Object : C:\System Volume
    Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP359\



    Elitum.ElitebarBHO Object Recognized!
    Type : File
    Data : A0049766.dll
    TAC Rating : 5
    Category : Data Miner
    Comment :
    Object : C:\System Volume
    Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP359\



    ClickSpring Object Recognized!
    Type : File
    Data : A0049776.exe
    TAC Rating : 6
    Category : Malware
    Comment :
    Object : C:\System Volume
    Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP359\



    ClickSpring Object Recognized!
    Type : File
    Data : A0049777.exe
    TAC Rating : 6
    Category : Malware
    Comment :
    Object : C:\System Volume
    Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP359\



    Elitum.ElitebarBHO Object Recognized!
    Type : File
    Data : A0049782.dll
    TAC Rating : 5
    Category : Data Miner
    Comment :
    Object : C:\System Volume
    Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP359\



    ClickSpring Object Recognized!
    Type : File
    Data : A0049792.exe
    TAC Rating : 6
    Category : Malware
    Comment :
    Object : C:\System Volume
    Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP359\



    ClickSpring Object Recognized!
    Type : File
    Data : A0049793.exe
    TAC Rating : 6
    Category : Malware
    Comment :
    Object : C:\System Volume
    Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP359\



    Elitum.ElitebarBHO Object Recognized!
    Type : File
    Data : A0049798.dll
    TAC Rating : 5
    Category : Data Miner
    Comment :
    Object : C:\System Volume
    Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP359\



    Elitum.ElitebarBHO Object Recognized!
    Type : File
    Data : A0049831.dll
    TAC Rating : 5
    Category : Data Miner
    Comment :
    Object : C:\System Volume
    Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP359\



    Elitum.ElitebarBHO Object Recognized!
    Type : File
    Data : A0049845.dll
    TAC Rating : 5
    Category : Data Miner
    Comment :
    Object : C:\System Volume
    Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP359\



    Elitum.ElitebarBHO Object Recognized!
    Type : File
    Data : A0049860.dll
    TAC Rating : 5
    Category : Data Miner
    Comment :
    Object : C:\System Volume
    Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP360\



    Elitum.ElitebarBHO Object Recognized!
    Type : File
    Data : A0049876.dll
    TAC Rating : 5
    Category : Data Miner
    Comment :
    Object : C:\System Volume
    Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP360\



    Elitum.ElitebarBHO Object Recognized!
    Type : File
    Data : A0049889.dll
    TAC Rating : 5
    Category : Data Miner
    Comment :
    Object : C:\System Volume
    Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP360\



    Elitum.ElitebarBHO Object Recognized!
    Type : File
    Data : A0049902.dll
    TAC Rating : 5
    Category : Data Miner
    Comment :
    Object : C:\System Volume
    Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP360\



    Elitum.ElitebarBHO Object Recognized!
    Type : File
    Data : A0050903.dll
    TAC Rating : 5
    Category : Data Miner
    Comment :
    Object : C:\System Volume
    Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP360\



    Elitum.ElitebarBHO Object Recognized!
    Type : File
    Data : A0050945.dll
    TAC Rating : 5
    Category : Data Miner
    Comment :
    Object : C:\System Volume
    Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP362\



    Elitum.ElitebarBHO Object Recognized!
    Type : File
    Data : A0051061.dll
    TAC Rating : 5
    Category : Data Miner
    Comment :
    Object : C:\System Volume
    Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP363\



    Elitum.ElitebarBHO Object Recognized!
    Type : File
    Data : A0051073.dll
    TAC Rating : 5
    Category : Data Miner
    Comment :
    Object : C:\System Volume
    Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP363\



    Elitum.ElitebarBHO Object Recognized!
    Type : File
    Data : A0051101.dll
    TAC Rating : 5
    Category : Data Miner
    Comment :
    Object : C:\System Volume
    Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP363\



    ClickSpring Object Recognized!
    Type : File
    Data : A0051169.exe
    TAC Rating : 6
    Category : Malware
    Comment :
    Object : C:\System Volume
    Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP363\



    Elitum.ElitebarBHO Object Recognized!
    Type : File
    Data : A0051240.dll
    TAC Rating : 5
    Category : Data Miner
    Comment :
    Object : C:\System Volume
    Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP365\



    Elitum.ElitebarBHO Object Recognized!
    Type : File
    Data : A0052102.dll
    TAC Rating : 5
    Category : Data Miner
    Comment :
    Object : C:\System Volume
    Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP366\



    Elitum.ElitebarBHO Object Recognized!
    Type : File
    Data : A0052103.dll
    TAC Rating : 5
    Category : Data Miner
    Comment :
    Object : C:\System Volume
    Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP366\



    Elitum.ElitebarBHO Object Recognized!
    Type : File
    Data : A0052105.dll
    TAC Rating : 5
    Category : Data Miner
    Comment :
    Object : C:\System Volume
    Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP366\



    Elitum.ElitebarBHO Object Recognized!
    Type : File
    Data : A0053102.dll
    TAC Rating : 5
    Category : Data Miner
    Comment :
    Object : C:\System Volume
    Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP366\



    Elitum.ElitebarBHO Object Recognized!
    Type : File
    Data : A0053103.dll
    TAC Rating : 5
    Category : Data Miner
    Comment :
    Object : C:\System Volume
    Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP366\



    Elitum.ElitebarBHO Object Recognized!
    Type : File
    Data : A0054106.dll
    TAC Rating : 5
    Category : Data Miner
    Comment :
    Object : C:\System Volume
    Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP366\



    Elitum.ElitebarBHO Object Recognized!
    Type : File
    Data : A0054108.dll
    TAC Rating : 5
    Category : Data Miner
    Comment :
    Object : C:\System Volume
    Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP366\



    Elitum.ElitebarBHO Object Recognized!
    Type : File
    Data : A0054113.exe
    TAC Rating : 5
    Category : Data Miner
    Comment :
    Object : C:\System Volume
    Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP366\



    Elitum.ElitebarBHO Object Recognized!
    Type : File
    Data : A0054125.dll
    TAC Rating : 5
    Category : Data Miner
    Comment :
    Object : C:\System Volume
    Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP366\



    PeopleOnPage Object Recognized!
    Type : File
    Data : A0054212.dll
    TAC Rating : 9
    Category : Data Miner
    Comment :
    Object : C:\System Volume
    Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP368\



    BargainBuddy Object Recognized!
    Type : File
    Data : A0054249.exe
    TAC Rating : 8
    Category : Malware
    Comment :
    Object : C:\System Volume
    Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP368\



    Elitum.ElitebarBHO Object Recognized!
    Type : File
    Data : A0054262.dll
    TAC Rating : 5
    Category : Data Miner
    Comment :
    Object : C:\System Volume
    Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP368\



    Elitum.ElitebarBHO Object Recognized!
    Type : File
    Data : A0058516.dll
    TAC Rating : 5
    Category : Data Miner
    Comment :
    Object : C:\System Volume
    Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP370\



    Elitum.ElitebarBHO Object Recognized!
    Type : File
    Data : A0058518.dll
    TAC Rating : 5
    Category : Data Miner
    Comment :
    Object : C:\System Volume
    Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP370\



    Elitum.ElitebarBHO Object Recognized!
    Type : File
    Data : A0059521.dll
    TAC Rating : 5
    Category : Data Miner
    Comment :
    Object : C:\System Volume
    Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP370\



    Elitum.ElitebarBHO Object Recognized!
    Type : File
    Data : A0059522.dll
    TAC Rating : 5
    Category : Data Miner
    Comment :
    Object : C:\System Volume
    Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP370\



    Elitum.ElitebarBHO Object Recognized!
    Type : File
    Data : A0059553.dll
    TAC Rating : 5
    Category : Data Miner
    Comment :
    Object : C:\System Volume
    Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP370\



    Elitum.ElitebarBHO Object Recognized!
    Type : File
    Data : A0059554.dll
    TAC Rating : 5
    Category : Data Miner
    Comment :
    Object : C:\System Volume
    Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP370\



    Elitum.ElitebarBHO Object Recognized!
    Type : File
    Data : A0060314.dll
    TAC Rating : 5
    Category : Data Miner
    Comment :
    Object : C:\System Volume
    Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP370\



    Elitum.ElitebarBHO Object Recognized!
    Type : File
    Data : A0060315.dll
    TAC Rating : 5
    Category : Data Miner
    Comment :
    Object : C:\System Volume
    Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP370\



    Elitum.ElitebarBHO Object Recognized!
    Type : File
    Data : A0060395.dll
    TAC Rating : 5
    Category : Data Miner
    Comment :
    Object : C:\System Volume
    Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP370\



    Elitum.ElitebarBHO Object Recognized!
    Type : File
    Data : A0060396.dll
    TAC Rating : 5
    Category : Data Miner
    Comment :
    Object : C:\System Volume
    Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP370\



    Elitum.ElitebarBHO Object Recognized!
    Type : File
    Data : A0060429.dll
    TAC Rating : 5
    Category : Data Miner
    Comment :
    Object : C:\System Volume
    Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP370\



    Elitum.ElitebarBHO Object Recognized!
    Type : File
    Data : A0060430.dll
    TAC Rating : 5
    Category : Data Miner
    Comment :
    Object : C:\System Volume
    Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP370\



    Elitum.ElitebarBHO Object Recognized!
    Type : File
    Data : A0061010.dll
    TAC Rating : 5
    Category : Data Miner
    Comment :
    Object : C:\System Volume
    Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP370\



    Elitum.ElitebarBHO Object Recognized!
    Type : File
    Data : A0061013.dll
    TAC Rating : 5
    Category : Data Miner
    Comment :
    Object : C:\System Volume
    Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP370\



    Elitum.ElitebarBHO Object Recognized!
    Type : File
    Data : A0061049.dll
    TAC Rating : 5
    Category : Data Miner
    Comment :
    Object : C:\System Volume
    Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP370\



    Elitum.ElitebarBHO Object Recognized!
    Type : File
    Data : A0061050.dll
    TAC Rating : 5
    Category : Data Miner
    Comment :
    Object : C:\System Volume
    Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP370\



    Elitum.ElitebarBHO Object Recognized!
    Type : File
    Data : A0061211.dll
    TAC Rating : 5
    Category : Data Miner
    Comment :
    Object : C:\System Volume
    Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP370\



    Elitum.ElitebarBHO Object Recognized!
    Type : File
    Data : A0061212.dll
    TAC Rating : 5
    Category : Data Miner
    Comment :
    Object : C:\System Volume
    Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP370\



    Elitum.ElitebarBHO Object Recognized!
    Type : File
    Data : A0061226.dll
    TAC Rating : 5
    Category : Data Miner
    Comment :
    Object : C:\System Volume
    Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP370\



    Elitum.ElitebarBHO Object Recognized!
    Type : File
    Data : A0061228.dll
    TAC Rating : 5
    Category : Data Miner
    Comment :
    Object : C:\System Volume
    Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP370\



    Elitum.ElitebarBHO Object Recognized!
    Type : File
    Data : A0061271.dll
    TAC Rating : 5
    Category : Data Miner
    Comment :
    Object : C:\System Volume
    Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP372\



    Elitum.ElitebarBHO Object Recognized!
    Type : File
    Data : A0061272.dll
    TAC Rating : 5
    Category : Data Miner
    Comment :
    Object : C:\System Volume
    Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP372\



    Elitum.ElitebarBHO Object Recognized!
    Type : File
    Data : A0061297.dll
    TAC Rating : 5
    Category : Data Miner
    Comment :
    Object : C:\System Volume
    Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP372\



    Elitum.ElitebarBHO Object Recognized!
    Type : File
    Data : A0061300.dll
    TAC Rating : 5
    Category : Data Miner
    Comment :
    Object : C:\System Volume
    Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP372\



    Elitum.ElitebarBHO Object Recognized!
    Type : File
    Data : A0061327.dll
    TAC Rating : 5
    Category : Data Miner
    Comment :
    Object : C:\System Volume
    Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP372\



    Elitum.ElitebarBHO Object Recognized!
    Type : File
    Data : A0061328.dll
    TAC Rating : 5
    Category : Data Miner
    Comment :
    Object : C:\System Volume
    Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP372\



    Elitum.ElitebarBHO Object Recognized!
    Type : File
    Data : A0062327.dll
    TAC Rating : 5
    Category : Data Miner
    Comment :
    Object : C:\System Volume
    Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP373\



    Elitum.ElitebarBHO Object Recognized!
    Type : File
    Data : A0062328.dll
    TAC Rating : 5
    Category : Data Miner
    Comment :
    Object : C:\System Volume
    Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP373\



    Elitum.ElitebarBHO Object Recognized!
    Type : File
    Data : A0062341.exe
    TAC Rating : 5
    Category : Data Miner
    Comment :
    Object : C:\System Volume
    Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP373\



    Elitum.ElitebarBHO Object Recognized!
    Type : File
    Data : A0062359.dll
    TAC Rating : 5
    Category : Data Miner
    Comment :
    Object : C:\System Volume
    Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP373\



    ClickSpring Object Recognized!
    Type : File
    Data : A0081700.exe
    TAC Rating : 6
    Category : Malware
    Comment :
    Object : C:\System Volume
    Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP376\



    ClickSpring Object Recognized!
    Type : File
    Data : A0081734.exe
    TAC Rating : 6
    Category : Malware
    Comment :
    Object : C:\System Volume
    Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP376\



    SP2Update Object Recognized!
    Type : File
    Data : A0082796.exe
    TAC Rating : 6
    Category : Malware
    Comment :
    Object : C:\System Volume
    Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP377\
    FileVersion : 1.00
    ProductVersion : 1.00
    ProductName : sp2update
    CompanyName : ÄÂÃÌÀ
    InternalName : sp2update
    OriginalFilename : sp2update.exe


    Adware.CasinoClient Object Recognized!
    Type : File
    Data : A0082833.dll
    TAC Rating : 5
    Category : Adware
    Comment :
    Object : C:\System Volume
    Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP377\
    FileVersion : 1.0.0.1
    ProductVersion : 1.0.0.1
    ProductName : TODO: <Product name>
    CompanyName : TODO: <Company name>
    FileDescription : TODO: <File description>
    InternalName : Main.dll
    LegalCopyright : TODO: (c) <Company name>. All rights
    reserved.
    OriginalFilename : Main.dll


    Tracking Cookie Object Recognized!
    Type : IECache Entry
    Data : [2].txt
    TAC Rating : 3
    Category : Data Miner
    Comment :
    Value :
    C:\WINDOWS\Temp\Cookies\[2].txt

    Disk Scan Result for C:\
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    New critical objects: 0
    Objects found so far: 146


    Deep scanning and examining files (D:)
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    Disk Scan Result for D:\
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    New critical objects: 0
    Objects found so far: 146

    Hosts file scan result:
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    0 entries scanned.
    New critical objects:0
    Objects found so far: 146



    Possible Browser Hijack attempt Object Recognized!
    Type : File
    Data : .url
    TAC Rating : 3
    Category : Misc
    Comment : Problematic URL discovered:
    searchmiracle.com/links/?account=ventura5&domain=cb&cat=
    Object : C:\Documents and Settings\Owner\Favorites\




    Performing conditional scans...
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    BargainBuddy Object Recognized!
    Type : RegData
    Data : no
    TAC Rating : 8
    Category : Malware
    Comment :
    Rootkey : HKEY_CURRENT_USER
    Object : software\microsoft\internet explorer\main
    Value : Use Search Asst
    Data : no

    ClickSpring Object Recognized!
    Type : File
    Data : crash.txt
    TAC Rating : 6
    Category : Malware
    Comment :
    Object : c:\



    ClickSpring Object Recognized!
    Type : File
    Data : RUTASK.job
    TAC Rating : 6
    Category : Malware
    Comment :
    Object : C:\WINDOWS\tasks\



    Elitum.ElitebarBHO Object Recognized!
    Type : Folder
    TAC Rating : 5
    Category : Data Miner
    Comment : Elitum.ElitebarBHO
    Object : C:\WINDOWS\etb

    Adware.CasinoClient Object Recognized!
    Type : Regkey
    Data :
    TAC Rating : 5
    Category : Adware
    Comment :
    Rootkey : HKEY_CLASSES_ROOT
    Object : appid\main.dll

    Adware.CasinoClient Object Recognized!
    Type : Regkey
    Data :
    TAC Rating : 5
    Category : Adware
    Comment :
    Rootkey : HKEY_CLASSES_ROOT
    Object : main.mimefilter

    Adware.CasinoClient Object Recognized!
    Type : Regkey
    Data :
    TAC Rating : 5
    Category : Adware
    Comment :
    Rootkey : HKEY_CLASSES_ROOT
    Object : main.mimefilter.1

    Adware.CasinoClient Object Recognized!
    Type : Regkey
    Data :
    TAC Rating : 5
    Category : Adware
    Comment :
    Rootkey : HKEY_CURRENT_USER
    Object : software\cas

    Conditional scan result:
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    New critical objects: 8
    Objects found so far: 155

    9:49:34 PM Scan Complete

    Summary Of This Scan
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    Total scanning time:00:43:24.125
    Objects scanned:270645
    Objects identified:144
    Objects ignored:0
    New critical objects:144
    , Aug 28, 2005
    #18
  19. pcbutts1 Guest

    OK we got it now. Thanks for that log. Sorry I did not catch it the first
    time, I do so many of these things my eyes start to play tricks on me. Turn
    off system restore, run adaware, spybot and ewido again. Reboot turn on
    system restore and you should be good to go.

    --


    The best live web video on the internet http://www.seedsv.com/webdemo.htm
    NEW Embedded system W/Linux. We now sell DVR cards.
    See it all at http://www.seedsv.com/products.htm
    Sharpvision simply the best http://www.seedsv.com



    <> wrote in message
    news:...
    Here is an update:
    The new Spybot version didn't find anything. The CleanUp40 seemed to
    finally get rid of the problem. The only problem I seem to be having
    now is constant popups (I have pop-up block on). The 4 most frequent
    sites are at the beginning of the attached word doc.

    I just ran Ad-Aware again and it found 144 new objects. How can that
    be??? The log-file for that is attached in the word doc.

    I think we are getting close...but then when the programs starting
    finding all these objects again I'm not so sure...

    Here is her adaware log:
    Constant pop-ups before running Ad-Aware


    www.210.paypopup.com

    http://www.partypoker.com/index20100_np_htm_ns.htm

    http://www.searc-h.com/normal/yyy26.html

    http://www.searc-h.com/normal/yyy53.html

    http://www.searc-h.com/normal/yyy65.html
    pcbutts1, Aug 28, 2005
    #19
  20. Guest

    I turned system restore off and ran:

    Adware
    Spybot
    Ewido
    Hiighjackthis

    Here are the logs from Ewido and Hijackthis:

    ---------------------------------------------------------
    ewido security suite - Scan report
    ---------------------------------------------------------
    + Created on: 3:31:03 PM, 8/28/2005
    + Report-Checksum: 6AD6419
    + Scan result:
    [540] C:\WINDOWS\system32\dvnhpast.dll -> Spyware.Look2Me : Error
    during cleaning
    [1192] C:\WINDOWS\system32\aaledit.dll -> Spyware.Look2Me : Error
    during cleaning
    [1792] C:\WINDOWS\system32\aaledit.dll -> Spyware.Look2Me : Error
    during cleaning
    :mozilla.6:C:\Documents and Settings\Owner\Application
    Data\Mozilla\Profiles\default\yh6d9aei.slt\cookies.txt ->
    Spyware.Cookie.247realmedia : Cleaned with backup
    :mozilla.7:C:\Documents and Settings\Owner\Application
    Data\Mozilla\Profiles\default\yh6d9aei.slt\cookies.txt ->
    Spyware.Cookie.247realmedia : Cleaned with backup
    :mozilla.8:C:\Documents and Settings\Owner\Application
    Data\Mozilla\Profiles\default\yh6d9aei.slt\cookies.txt ->
    Spyware.Cookie.2o7 : Cleaned with backup
    :mozilla.9:C:\Documents and Settings\Owner\Application
    Data\Mozilla\Profiles\default\yh6d9aei.slt\cookies.txt ->
    Spyware.Cookie.2o7 : Cleaned with backup
    :mozilla.10:C:\Documents and Settings\Owner\Application
    Data\Mozilla\Profiles\default\yh6d9aei.slt\cookies.txt ->
    Spyware.Cookie.2o7 : Cleaned with backup
    :mozilla.17:C:\Documents and Settings\Owner\Application
    Data\Mozilla\Profiles\default\yh6d9aei.slt\cookies.txt ->
    Spyware.Cookie.Addynamix : Cleaned with backup
    :mozilla.18:C:\Documents and Settings\Owner\Application
    Data\Mozilla\Profiles\default\yh6d9aei.slt\cookies.txt ->
    Spyware.Cookie.Addynamix : Cleaned with backup
    :mozilla.21:C:\Documents and Settings\Owner\Application
    Data\Mozilla\Profiles\default\yh6d9aei.slt\cookies.txt ->
    Spyware.Cookie.Burstnet : Cleaned with backup
    :mozilla.29:C:\Documents and Settings\Owner\Application
    Data\Mozilla\Profiles\default\yh6d9aei.slt\cookies.txt ->
    Spyware.Cookie.Ru4 : Cleaned with backup
    :mozilla.30:C:\Documents and Settings\Owner\Application
    Data\Mozilla\Profiles\default\yh6d9aei.slt\cookies.txt ->
    Spyware.Cookie.Ru4 : Cleaned with backup
    :mozilla.31:C:\Documents and Settings\Owner\Application
    Data\Mozilla\Profiles\default\yh6d9aei.slt\cookies.txt ->
    Spyware.Cookie.Ru4 : Cleaned with backup
    :mozilla.60:C:\Documents and Settings\Owner\Application
    Data\Mozilla\Profiles\default\yh6d9aei.slt\cookies.txt ->
    Spyware.Cookie.Overture : Cleaned with backup
    :mozilla.61:C:\Documents and Settings\Owner\Application
    Data\Mozilla\Profiles\default\yh6d9aei.slt\cookies.txt ->
    Spyware.Cookie.Overture : Cleaned with backup
    :mozilla.62:C:\Documents and Settings\Owner\Application
    Data\Mozilla\Profiles\default\yh6d9aei.slt\cookies.txt ->
    Spyware.Cookie.Questionmarket : Cleaned with backup
    :mozilla.77:C:\Documents and Settings\Owner\Application
    Data\Mozilla\Profiles\default\yh6d9aei.slt\cookies.txt ->
    Spyware.Cookie.Trafficmp : Cleaned with backup
    :mozilla.78:C:\Documents and Settings\Owner\Application
    Data\Mozilla\Profiles\default\yh6d9aei.slt\cookies.txt ->
    Spyware.Cookie.Trafficmp : Cleaned with backup
    :mozilla.79:C:\Documents and Settings\Owner\Application
    Data\Mozilla\Profiles\default\yh6d9aei.slt\cookies.txt ->
    Spyware.Cookie.Trafficmp : Cleaned with backup
    :mozilla.80:C:\Documents and Settings\Owner\Application
    Data\Mozilla\Profiles\default\yh6d9aei.slt\cookies.txt ->
    Spyware.Cookie.Trafficmp : Cleaned with backup
    :mozilla.81:C:\Documents and Settings\Owner\Application
    Data\Mozilla\Profiles\default\yh6d9aei.slt\cookies.txt ->
    Spyware.Cookie.Trafficmp : Cleaned with backup
    :mozilla.82:C:\Documents and Settings\Owner\Application
    Data\Mozilla\Profiles\default\yh6d9aei.slt\cookies.txt ->
    Spyware.Cookie.Trafficmp : Cleaned with backup
    :mozilla.83:C:\Documents and Settings\Owner\Application
    Data\Mozilla\Profiles\default\yh6d9aei.slt\cookies.txt ->
    Spyware.Cookie.Tribalfusion : Cleaned with backup
    :mozilla.84:C:\Documents and Settings\Owner\Application
    Data\Mozilla\Profiles\default\yh6d9aei.slt\cookies.txt ->
    Spyware.Cookie.Tribalfusion : Cleaned with backup
    :mozilla.85:C:\Documents and Settings\Owner\Application
    Data\Mozilla\Profiles\default\yh6d9aei.slt\cookies.txt ->
    Spyware.Cookie.Adserver : Cleaned with backup
    :mozilla.86:C:\Documents and Settings\Owner\Application
    Data\Mozilla\Profiles\default\yh6d9aei.slt\cookies.txt ->
    Spyware.Cookie.Adserver : Cleaned with backup
    :mozilla.87:C:\Documents and Settings\Owner\Application
    Data\Mozilla\Profiles\default\yh6d9aei.slt\cookies.txt ->
    Spyware.Cookie.Adserver : Cleaned with backup
    C:\Documents and Settings\Owner\Local Settings\Temporary Internet
    Files\Content.IE5\5018LS5I\AppWrap[1].exe -> TrojanDropper.Agent.pb :
    Cleaned with backup
    C:\WINDOWS\cfgmgr52\EECH1.bsx -> Spyware.BookedSpace : Cleaned with
    backup
    C:\WINDOWS\icont.exe -> Spyware.AdURL : Cleaned with backup
    C:\WINDOWS\olsoswvau.exe -> Adware.BetterInternet : Cleaned with
    backup
    C:\WINDOWS\system32\khoogj.exe -> Trojan.Agent.gp : Cleaned with
    backup
    C:\WINDOWS\system32\MTE2ODM6ODoxNg.exe -> Spyware.ISearch : Cleaned
    with backup
    C:\WINDOWS\Temp\Cookies\[1].txt ->
    Spyware.Cookie.Yieldmanager : Cleaned with backup
    C:\WINDOWS\Temp\Cookies\[1].txt ->
    Spyware.Cookie.Addynamix : Cleaned with backup

    ::Report End
    --------------------------------------------------
    Logfile of HijackThis v1.99.1
    Scan saved at 3:32:31 PM, on 8/28/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Norton Internet Security\ISSVC.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\Program Files\ewido\security suite\ewidoctrl.exe
    C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\windows\system\hpsysdrv.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
    C:\WINDOWS\System32\hphmon05.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Multimedia Card Reader\shwicon2k.exe
    C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\Program Files\ewido\security suite\ewidoguard.exe
    C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe
    C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
    C:\Program Files\Messenger\msmsgs.exe
    C:\DOCUME~1\Owner\LOCALS~1\Temp\Temporary Directory 2 for
    hijackthis.zip\HijackThis.exe
    N3 - Netscape 7: user_pref("browser.startup.homepage",
    "http://home.netscape.com/bookmark/7_2/home.html"); (C:\Documents and
    Settings\Owner\Application
    Data\Mozilla\Profiles\default\yh6d9aei.slt\prefs.js)
    N3 - Netscape 7: user_pref("browser.search.defaultengine",
    "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src");
    (C:\Documents and Settings\Owner\Application
    Data\Mozilla\Profiles\default\yh6d9aei.slt\prefs.js)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
    C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital
    Imaging\\Unload\hpqcmon.exe
    O4 - HKLM\..\Run: [HPHUPD05] c:\Program
    Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
    O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
    Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [AutoTKit] C:\hp\bin\AUTOTKIT.EXE
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
    C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
    O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card
    Reader\shwicon2k.exe
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility]
    C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
    O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH
    Jukebox\mmtask.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software
    Update\HPWuSchd2.exe"
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program
    Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common
    Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor]
    C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
    Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program
    Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
    Shared\ccApp.exe"
    O4 - HKCU\..\Run: [BackupNotify] c:\Program
    Files\Hewlett-Packard\Digital Imaging\bin\backupnotify.exe
    O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
    O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates
    from HP\137903\Program\BackWeb-137903.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel -
    res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
    C:\WINDOWS\System32\msjava.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console -
    {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} -
    C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger -
    {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program
    Files\Yahoo!\Messenger\yhexbmes0521.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
    C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} -
    C:\Program Files\AIM\aim.exe
    O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} -
    C:\Program Files\Microsoft Money\System\mnyside.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
    C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger -
    {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
    Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: *.cashproweb.com
    O15 - Trusted Zone: http://*.windowsupdate.com
    O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should
    be Internet Zone
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class)
    -
    http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1096838000857
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class)
    -
    http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1123255882328
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) -
    http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
    O18 - Filter: text/html - {8293D547-38DD-4325-B35A-F1817EDFA5FC} - (no
    file)
    O20 - Winlogon Notify: Nls - C:\WINDOWS\system32\dvnhpast.dll
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation
    - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation
    - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec
    Corporation - C:\Program Files\Common Files\Symantec
    Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec
    Corporation - C:\Program Files\Common Files\Symantec
    Shared\ccSetMgr.exe
    O23 - Service: ewido security suite control - ewido networks -
    C:\Program Files\ewido\security suite\ewidoctrl.exe
    O23 - Service: ewido security suite guard - ewido networks - C:\Program
    Files\ewido\security suite\ewidoguard.exe
    O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. -
    C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program
    Files\Norton Internet Security\ISSVC.exe
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) -
    Symantec Corporation - C:\Program Files\Norton Internet Security\Norton
    AntiVirus\navapsvc.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA
    Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton
    Internet Security\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec
    Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec
    Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation -
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program
    Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

    I am going to reboot the sysem and turn the system resotre back on.
    , Aug 29, 2005
    #20
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Rich Gabriele

    Hijack This Log - Please Help

    Rich Gabriele, May 26, 2004, in forum: Computer Support
    Replies:
    1
    Views:
    391
    °Mike°
    May 26, 2004
  2. TyzNanny

    Need help on Hijack This log

    TyzNanny, Jun 10, 2004, in forum: Computer Support
    Replies:
    1
    Views:
    421
    °Mike°
    Jun 10, 2004
  3. woodlandplayer

    need help reading my hijack this log

    woodlandplayer, Aug 17, 2004, in forum: Computer Support
    Replies:
    6
    Views:
    541
    woodlandplayer
    Aug 20, 2004
  4. woodlandplayer

    Need help reading hijack this log

    woodlandplayer, Aug 18, 2004, in forum: Computer Support
    Replies:
    1
    Views:
    460
    °Mike°
    Aug 18, 2004
  5. joevan

    Hijack log- Help request

    joevan, Jun 19, 2005, in forum: Computer Support
    Replies:
    7
    Views:
    467
    pcbutts1
    Jun 19, 2005
Loading...

Share This Page