Logfile of HijackThis v1.99.1
Scan saved at 1:46:09 PM, on 10/25/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Roxio\GoBack\GBPoll.exe
C:\WINDOWS\System32\hffsrv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunThreatEngine.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\SunProtectionServer.e xe
C:\Program Files\Customizer XP\RAM_2K.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
C:\PROGRA~1\iolo\SYSTEM~2\PopupStopper.exe
C:\Program Files\iolo\System Mechanic 5\StartupGuard.exe
C:\Program Files\Roxio\GoBack\GBTray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
C:\Program Files\PopTray\PopTray.exe
C:\Program Files\Quick ShutDown\qsd.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\Program Files\Netscape\Netscape\Netscp.exe
C:\WINDOWS\explorer.exe
C:\Hijack This\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C|/Program%20Files/Netscape/Users/gw2001/bookmark.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.rr.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dellnet.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = http=proxy-server:8080;https=proxy-server:8080
R3 - URLSearchHook: (no name) - - (no file)
N1 - Netscape 4: user_pref("browser.startup.homepage", "C:\\Program Files\\Netscape\\Users\\gw2001\\bookmark.htm"); (C:\Program Files\Netscape\Users\gw2001\prefs.js)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: TollFreePhone.com - {F16E9E5F-92DD-4000-8701-FBDD48F24B86} - C:\WINDOWS\System32\iebarget.dll
O4 - HKLM\..\Run: [RAM Idle] C:\Program Files\Customizer XP\RAM_2K.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [SunServer] C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
O4 - HKCU\..\Run: [System Mechanic Popup Stopper] "C:\PROGRA~1\iolo\SYSTEM~2\PopupStopper.exe"
O4 - HKCU\..\Run: [System Mechanic Startup Guard] "C:\Program Files\iolo\System Mechanic 5\StartupGuard.exe"
O4 - Startup: PopTray.lnk = C:\Program Files\PopTray\PopTray.exe
O4 - Startup: Quick ShutDown.lnk = C:\Program Files\Quick ShutDown\qsd.exe
O4 - Startup: WinRescueXP.lnk = C:\Program Files\WinRescueXP\RescueXP.exe
O4 - Global Startup: GoBack.lnk = C:\Program Files\Roxio\GoBack\GBTray.exe
O4 - Global Startup: ZoneAlarm Pro.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Popup Stopper - Add to Black List - C:\Program Files\iolo\System Mechanic 5\AddToPSBlackList.htm
O8 - Extra context menu item: Popup Stopper - Add to White List - C:\Program Files\iolo\System Mechanic 5\AddToPSWhiteList.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Zoom &In - C:\Documents and Settings\Gary\Application Data\TuneUp Software\TuneUp Utilities\Web\tuzoomin.htm
O8 - Extra context menu item: Zoom &Out - C:\Documents and Settings\Gary\Application Data\TuneUp Software\TuneUp Utilities\Web\tuzoomout.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O10 - Unknown file in Winsock LSP: c:\program files\trackzapper.com\tz spyware-remover\apptoport.dll
O10 - Unknown file in Winsock LSP: c:\program files\trackzapper.com\tz spyware-remover\apptoport.dll
O10 - Unknown file in Winsock LSP: c:\program files\trackzapper.com\tz spyware-remover\apptoport.dll
O10 - Unknown file in Winsock LSP: c:\program files\trackzapper.com\tz spyware-remover\apptoport.dll
O10 - Unknown file in Winsock LSP: c:\program files\trackzapper.com\tz spyware-remover\apptoport.dll
O10 - Unknown file in Winsock LSP: c:\program files\trackzapper.com\tz spyware-remover\apptoport.dll
O10 - Unknown file in Winsock LSP: c:\program files\trackzapper.com\tz spyware-remover\apptoport.dll
O10 - Unknown file in Winsock LSP: c:\program files\trackzapper.com\tz spyware-remover\apptoport.dll
O10 - Unknown file in Winsock LSP: c:\program files\trackzapper.com\tz spyware-remover\apptoport.dll
O10 - Unknown file in Winsock LSP: c:\program files\trackzapper.com\tz spyware-remover\apptoport.dll
O10 - Unknown file in Winsock LSP: c:\program files\trackzapper.com\tz spyware-remover\apptoport.dll
O10 - Unknown file in Winsock LSP: c:\program files\trackzapper.com\tz spyware-remover\apptoport.dll
O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.rr.com
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - Unknown owner - C:\Program Files\PC Activity Monitor Professional\Firebird\bin\fbserver.exe" -s (file missing)
O23 - Service: GBPoll - Roxio, Inc. - C:\Program Files\Roxio\GoBack\GBPoll.exe
O23 - Service: Hide Files and Folders (HideFilesAndFolders_S) - Unknown owner - C:\WINDOWS\System32\hffsrv.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver - HP - C:\WINDOWS\System32\HPHipm09.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR1\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR1\RpcSandraSrv.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

Welcome to DAL,


Make sure you can see hidden files/folders
In Windows XP
Click Start.
Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab.
Under the Hidden files and folders heading select Show hidden files and folders.
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.
Click OK.
After you're cleaned, please "rehide" them again.


You have a program installed on your computer that is a rogue spyware remover program called Track Zapper and has hijacked your layered service provider(LSP)

These lines below are what I am talking about:



O10 - Unknown file in Winsock LSP: c:\program files\trackzapper.com\tz spyware-remover\apptoport.dll
O10 - Unknown file in Winsock LSP: c:\program files\trackzapper.com\tz spyware-remover\apptoport.dll
O10 - Unknown file in Winsock LSP: c:\program files\trackzapper.com\tz spyware-remover\apptoport.dll
O10 - Unknown file in Winsock LSP: c:\program files\trackzapper.com\tz spyware-remover\apptoport.dll
O10 - Unknown file in Winsock LSP: c:\program files\trackzapper.com\tz spyware-remover\apptoport.dll
O10 - Unknown file in Winsock LSP: c:\program files\trackzapper.com\tz spyware-remover\apptoport.dll
O10 - Unknown file in Winsock LSP: c:\program files\trackzapper.com\tz spyware-remover\apptoport.dll
O10 - Unknown file in Winsock LSP: c:\program files\trackzapper.com\tz spyware-remover\apptoport.dll
O10 - Unknown file in Winsock LSP: c:\program files\trackzapper.com\tz spyware-remover\apptoport.dll
O10 - Unknown file in Winsock LSP: c:\program files\trackzapper.com\tz spyware-remover\apptoport.dll
O10 - Unknown file in Winsock LSP: c:\program files\trackzapper.com\tz spyware-remover\apptoport.dll
O10 - Unknown file in Winsock LSP: c:\program files\trackzapper.com\tz spyware-remover\apptoport.dll

This needs to be fixed by doing the below:


Download and Unzip the LSP tool from

here:
http://www.snapfiles.com/get/lspfix.html
or here:
http://www.cexx.org/LSPFix.exe

CLOSE the internet connection and any programs that show in the taskbar, start the tool, check the box that says I know what I am doing, Check all instances of (and only those) of "apptoport.dll" move it/them to the remove window, click finish. Close the tool.

Now restart your computer, and delete---if found
c:\program files\track zapper < folder

Go get as many security updates that you can with the exception of Service Pack 2, do not install on an infected machine


Keep Windows and Internet Explorer current with the latest critical security updates from Microsoft. This will patch many of the security holes through which attackers can gain access to your computer. You CANNOT complete this update using an alternate browser.
http://v5.windowsupdate.microsoft.co....aspx?ln=en-us

http://www.microsoft.com/windows/ie/default.asp

Post a new HJT log please

Neal, I did all your instructions. How does it look now? And thank you for your speedy reply to my first post. I am new to this site. Gary
Logfile of HijackThis v1.99.1
Scan saved at 7:43:38 PM, on 10/25/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Roxio\GoBack\GBPoll.exe
C:\WINDOWS\System32\hffsrv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunThreatEngine.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\SunProtectionServer.e xe
C:\Program Files\Customizer XP\RAM_2K.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
C:\PROGRA~1\iolo\SYSTEM~2\PopupStopper.exe
C:\Program Files\iolo\System Mechanic 5\StartupGuard.exe
C:\Program Files\Roxio\GoBack\GBTray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
C:\Program Files\PopTray\PopTray.exe
C:\Program Files\Quick ShutDown\qsd.exe
C:\Program Files\Netscape\Netscape\Netscp.exe
C:\WINDOWS\explorer.exe
C:\Hijack This\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C|/Program%20Files/Netscape/Users/gw2001/bookmark.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.rr.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dellnet.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = http=proxy-server:8080;https=proxy-server:8080
R3 - URLSearchHook: (no name) - - (no file)
N1 - Netscape 4: user_pref("browser.startup.homepage", "C:\\Program Files\\Netscape\\Users\\gw2001\\bookmark.htm"); (C:\Program Files\Netscape\Users\gw2001\prefs.js)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: TollFreePhone.com - {F16E9E5F-92DD-4000-8701-FBDD48F24B86} - C:\WINDOWS\System32\iebarget.dll
O4 - HKLM\..\Run: [RAM Idle] C:\Program Files\Customizer XP\RAM_2K.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [SunServer] C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
O4 - HKCU\..\Run: [System Mechanic Popup Stopper] "C:\PROGRA~1\iolo\SYSTEM~2\PopupStopper.exe"
O4 - HKCU\..\Run: [System Mechanic Startup Guard] "C:\Program Files\iolo\System Mechanic 5\StartupGuard.exe"
O4 - Startup: PopTray.lnk = C:\Program Files\PopTray\PopTray.exe
O4 - Startup: Quick ShutDown.lnk = C:\Program Files\Quick ShutDown\qsd.exe
O4 - Startup: WinRescueXP.lnk = C:\Program Files\WinRescueXP\RescueXP.exe
O4 - Global Startup: GoBack.lnk = C:\Program Files\Roxio\GoBack\GBTray.exe
O4 - Global Startup: ZoneAlarm Pro.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Popup Stopper - Add to Black List - C:\Program Files\iolo\System Mechanic 5\AddToPSBlackList.htm
O8 - Extra context menu item: Popup Stopper - Add to White List - C:\Program Files\iolo\System Mechanic 5\AddToPSWhiteList.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Zoom &In - C:\Documents and Settings\Gary\Application Data\TuneUp Software\TuneUp Utilities\Web\tuzoomin.htm
O8 - Extra context menu item: Zoom &Out - C:\Documents and Settings\Gary\Application Data\TuneUp Software\TuneUp Utilities\Web\tuzoomout.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.rr.com
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1130272424186
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - Unknown owner - C:\Program Files\PC Activity Monitor Professional\Firebird\bin\fbserver.exe" -s (file missing)
O23 - Service: GBPoll - Roxio, Inc. - C:\Program Files\Roxio\GoBack\GBPoll.exe
O23 - Service: Hide Files and Folders (HideFilesAndFolders_S) - Unknown owner - C:\WINDOWS\System32\hffsrv.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver - HP - C:\WINDOWS\System32\HPHipm09.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR1\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR1\RpcSandraSrv.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

Nice job on getting rid of track zapper and getting SP1.


Your log is looking good but let's do some scans and see if we can flush anything out that is hiding in the bushes.


Get the stinger here:
http://vil.nai.com/vil/stinger/

Download it to another computer if need be, and bring it to the affected computer on floppy disk.

It will kill the top 53 virus files if any are found there

then,

Internet Explorer required
Run these two online virus scanners (Panda Activescan) following these instructions below:
http://www.pandasoftware.com/product..._principal.htm


Internet Explorer required
Also this excellent(BitDefender) scanner:http://www.bitdefender.com/scan8/ie.html


These scans will take more than an hour to complete, so make sure you have time to let them run thru. Save the Panda scan log and the BitDefender log and post them back here please with a new Hijackthis log.

Thanks.

Neal, I ran the Stinger - nothing found. Panda would not run. Ran Bitdefender and am posting the results. But the 1st time I ran it, it went most of the way thru the scan and IE shut off by itself. So I ran it again. So doesn't that mean the problem is still there?
Logfile of HijackThis v1.99.1
Scan saved at 11:50:04 AM, on 10/26/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Roxio\GoBack\GBPoll.exe
C:\WINDOWS\System32\hffsrv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunThreatEngine.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\SunProtectionServer.e xe
C:\Program Files\Customizer XP\RAM_2K.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
C:\Program Files\iolo\System Mechanic 5\StartupGuard.exe
C:\Program Files\Roxio\GoBack\GBTray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
C:\Program Files\Quick ShutDown\qsd.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Netscape\Netscape\Netscp.exe
C:\Hijack This\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C|/Program%20Files/Netscape/Users/gw2001/bookmark.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.rr.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dellnet.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = http=proxy-server:8080;https=proxy-server:8080
R3 - URLSearchHook: (no name) - - (no file)
N1 - Netscape 4: user_pref("browser.startup.homepage", "C:\\Program Files\\Netscape\\Users\\gw2001\\bookmark.htm"); (C:\Program Files\Netscape\Users\gw2001\prefs.js)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: TollFreePhone.com - {F16E9E5F-92DD-4000-8701-FBDD48F24B86} - C:\WINDOWS\System32\iebarget.dll
O4 - HKLM\..\Run: [RAM Idle] C:\Program Files\Customizer XP\RAM_2K.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [SunServer] C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
O4 - HKCU\..\Run: [System Mechanic Popup Stopper] "C:\PROGRA~1\iolo\SYSTEM~2\PopupStopper.exe"
O4 - HKCU\..\Run: [System Mechanic Startup Guard] "C:\Program Files\iolo\System Mechanic 5\StartupGuard.exe"
O4 - Startup: PopTray.lnk = C:\Program Files\PopTray\PopTray.exe
O4 - Startup: Quick ShutDown.lnk = C:\Program Files\Quick ShutDown\qsd.exe
O4 - Startup: WinRescueXP.lnk = C:\Program Files\WinRescueXP\RescueXP.exe
O4 - Global Startup: GoBack.lnk = C:\Program Files\Roxio\GoBack\GBTray.exe
O4 - Global Startup: ZoneAlarm Pro.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Popup Stopper - Add to Black List - C:\Program Files\iolo\System Mechanic 5\AddToPSBlackList.htm
O8 - Extra context menu item: Popup Stopper - Add to White List - C:\Program Files\iolo\System Mechanic 5\AddToPSWhiteList.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Zoom &In - C:\Documents and Settings\Gary\Application Data\TuneUp Software\TuneUp Utilities\Web\tuzoomin.htm
O8 - Extra context menu item: Zoom &Out - C:\Documents and Settings\Gary\Application Data\TuneUp Software\TuneUp Utilities\Web\tuzoomout.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.rr.com
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1130272424186
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - Unknown owner - C:\Program Files\PC Activity Monitor Professional\Firebird\bin\fbserver.exe" -s (file missing)
O23 - Service: GBPoll - Roxio, Inc. - C:\Program Files\Roxio\GoBack\GBPoll.exe
O23 - Service: Hide Files and Folders (HideFilesAndFolders_S) - Unknown owner - C:\WINDOWS\System32\hffsrv.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver - HP - C:\WINDOWS\System32\HPHipm09.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR1\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR1\RpcSandraSrv.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe



BitDefender Online Scanner







Scan report generated at: Wed, Oct 26, 2005 - 11:30:48









Scan path: C:\combst;C:\Comp;C:\Compwn;C:\DELL;C:\Documents and Settings;C:\Downloads;C:\DRIVERS;C:\Family pictures burned;C:\Family pictures new;C:\Gemslider3;C:\Gravity1;C:\hegames;C:\Hijack This;C:\Holly's songs & videos;C:\I386;C:\KA;C:\KUDOREAD;C:\mailcheck;C:\M usic;C:\My Download Files;C:\My Games;C:\My Music;C:\Program Files;C:\RRdialup;C:\Saved Zips;C:\Saved Zips 2;C:\SEGA;C:\StickIt;C:\temp;C:\tmp;C:\Toolbar;C:\ unzipped;C:\vallen;C:\Westwood;C:\WINDOWS;C:\WinZi p;C:\WOLF3D;















Statistics

Time


00:43:36

Files


146307

Folders


7084

Boot Sectors


3

Archives


3757

Packed Files


10004







Results

Identified Viruses


0

Infected Files


0

Suspect Files


0

Warnings


0

Disinfected


0

Deleted Files


0







Engines Info

Virus Definitions


228822

Engine build


AVCORE v1.0 (build 2292) (i386) (Mar 3 2005 11:57:29)

Scan plugins


13

Archive plugins


39

Unpack plugins


4

E-mail plugins


6

System plugins


1







Scan Settings

First Action


Prompt

Second Action


None

Heuristics


Yes

Enable Warnings


Yes

Scanned Extensions


exe;com;dll;ocx;scr;bin;dat;386;vxd;sys;wdm;cla;cl ass;ovl;ole;hlp;doc;dot;xls;ppt;wbk;wiz;pot;ppa;xl a;xlt;vbs;vbe;mdb;rtf;htm;hta;html;xml;xtp;php;asp ;js;shs;chm;lnk;pif;prc;url;smm;pfd;msi;ini;csc;cm d;bas;

Exclude Extensions




Scan Emails


Yes

Scan Archives


Yes

Scan Packed


Yes

Scan Files


Yes

Scan Boot


Yes








Scanned File


Status

No virus found.

Neal, Another problem I just discovered - in Control Panel I have no User Accounts listing. Why would this be? It used to be there. Gary

Hi,

Run Ewido and post a log from that scan also please, I see you have it.

Even if it is out of date check for updates and run the scan. Thanks.

Neal, Here's the scan report. Also, in Contol Panel, there is no User Accounts setting. Why would that be? I am not sure if the browser shutting off problem is fixed or not. IE shut off while running Bitdefender last night, but no browsers have shut down today. Gary


---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 9:41:32 PM, 10/26/2005
+ Report-Checksum: C693E639

+ Scan result:

:mozilla.17:C:\Documents and Settings\Gary\Application Data\Mozilla\Profiles\gw2001\oykq5gq7.slt\cookies. txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.18:C:\Documents and Settings\Gary\Application Data\Mozilla\Profiles\gw2001\oykq5gq7.slt\cookies. txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.19:C:\Documents and Settings\Gary\Application Data\Mozilla\Profiles\gw2001\oykq5gq7.slt\cookies. txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.20:C:\Documents and Settings\Gary\Application Data\Mozilla\Profiles\gw2001\oykq5gq7.slt\cookies. txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.39:C:\Documents and Settings\Gary\Application Data\Mozilla\Profiles\gw2001\oykq5gq7.slt\cookies. txt -> Spyware.Cookie.Trafic : Cleaned with backup
:mozilla.40:C:\Documents and Settings\Gary\Application Data\Mozilla\Profiles\gw2001\oykq5gq7.slt\cookies. txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.41:C:\Documents and Settings\Gary\Application Data\Mozilla\Profiles\gw2001\oykq5gq7.slt\cookies. txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.90:C:\Documents and Settings\Gary\Application Data\Mozilla\Profiles\gw2001\oykq5gq7.slt\cookies. txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.91:C:\Documents and Settings\Gary\Application Data\Mozilla\Profiles\gw2001\oykq5gq7.slt\cookies. txt -> Spyware.Cookie.Ru4 : Cleaned with backup
C:\Documents and Settings\Gary\Cookies\gary@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Gary\Cookies\gary@com[1].txt -> Spyware.Cookie.Com : Cleaned with backup
C:\Documents and Settings\Gary\Cookies\gary@www.burstbeacon[2].txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\BD88E1E7-5978-4776-828C-5CCAE5\B20B2C2A-9E18-49D7-9E66-75E684 -> Spyware.MyWebSearch : Cleaned with backup
C:\Program Files\mozilla.org\Mozilla\Plugins\npwthost.dll -> Spyware.WildTangent : Cleaned with backup
C:\Program Files\Netscape\Communicator\Program\Plugins\npwtho st.dll -> Spyware.WildTangent : Cleaned with backup
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\Advertisingcom.zip/gary@servedby.advertising[2].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\Advertisingcom1.zip/gary@advertising[2].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\AvenueAInc.zip/gary@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\BFast.zip/gary@bfast[1].txt -> Spyware.Cookie.Bfast : Cleaned with backup
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\CommissionJunction.zip/gary@www.commission-junction[2].txt -> Spyware.Cookie.Commission-junction : Cleaned with backup
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\CommissionJunction1.zip/gary@www.qksrv[1].txt -> Spyware.Cookie.Qksrv : Cleaned with backup
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\DoubleClick.zip/gary@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\FastClick.zip/gary@fastclick[2].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\HitBox.zip/gary@hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\HitBox1.zip/gary@ehg-dig.hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\MediaPlex.zip/gary@mediaplex[2].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\ValueClick.zip/gary@valueclick[2].txt -> Spyware.Cookie.Valueclick : Cleaned with backup


::Report End

Hi,

Please post a new HJT log each time you reply unless instructed to do other wise.

Thank you.