Hijack This Log- Please Help!(RESOLVED)
-
Hijack This Log- Please Help!(RESOLVED)
Hello, I came home today to find my computer acting very slow. I found out that my brother has been on it and when i run adaware I get a return of over 100 entries. Here is my HJT log. All help is greatly appreciated 
Logfile of HijackThis v1.99.1
Scan saved at 4:46:43 PM, on 5/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvfnnv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\userinit.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\efvrn.exe
C:\WINDOWS\system32\efvrn.exe
C:\WINDOWS\system32\efvrn.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\DOCUME~1\alex\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe
C:\Program Files\VentriloMIX\Ventrilo 2.3.0.exe
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\efvrn.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,pbduxbb. exe
O2 - BHO: (no name) - {033B2052-EEEF-9D67-EC2B-ECABCE45B2CB} - C:\WINDOWS\system32\wpq.dll
O2 - BHO: CFG32S - {7564B020-44E8-4c9b-A887-C6EC41AC67DA} - C:\WINDOWS\cfg32r.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O2 - BHO: Scaggy Insert - {C68AE9C0-0909-4DDC-B661-C1AFB9F59898} - C:\WINDOWS\cfg32o.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1146078616\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [sys10-396048788] C:\WINDOWS\sys10-396048788.exe
O4 - HKLM\..\Run: [Configuration Manager] C:\WINDOWS\cfg32.exe
O4 - HKLM\..\Run: [nnjent] C:\WINDOWS\system32\nvfnnv.exe reg_run
O4 - HKLM\..\Run: [w001b437.dll] RUNDLL32.EXE w001b437.dll,I2 000d2b7a0001b437
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKLM\..\RunOnce: [AAW] "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" "+b1"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [jkpgo] C:\WINDOWS\system32\nvfnnv.exe reg_run
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: gdqot.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: repairs303169584.dll
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\YWxleA\command.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Userinit Logon Verification (UsrInitVerif) - Unknown owner - C:\WINDOWS\userinit.exe
-
Welcome to DAL,
Your brother has been a bad boy alright, highly infected. 
I suggest you remove NewDotNet it has hijacked your internet access . It is extremely dubious and commercially sponsored.
First, please, go to Start > Settings > Control Panel > Add/Remove Programs and remove New.Net or NewDotNet if listed. If not listed, follow these instructions:
* From a computer that has Internet access, click on the following link:
http://www.new.net/support/uninstall6_76.exe.
* Download and save uninstall6_76.exe to Local Disc C
* Click on Start.
* Click on Run.
* In the Open window type, C:\uninstall6_76.exe
* Click on the OK button.
* After removal, you may be prompted to reboot/restart.
* Please Reboot/Restart if not prompted.
Please download Brute Force Uninstaller to your desktop. (rightclick on this link and choose save as, if using IE save target as)- Right click the BFU folder on your desktop, and choose Extract All
- Click "Next"
- In the box to choose where to extract the files to,
- Click "Browse"
- Click on the + sign next to "My Computer"
- Click on "Local Disk (C or whatever your primary drive is
- Click "Make New Folder"
- Type in BFU
- Click "Next", and Uncheck the "Show Extracted Files" box and then click "Finish".
- Download qoofix.bat (rightclick on this link and choose save as, if using IE save target as)
- Place qoofix.bat in your C:\BFU - folder. (Important!)
- Doubleclick qooFix.bat, Close all browsers and explorer folders.
- Choose option 1 (Qoolfix autofix) and follow the prompts.
- Please be patient, it will take about five minutes.
- After the PC has restarted please post another hijackthis log.
-
Thanks for taking the case Neal
Here is my most recent HJT log:
Logfile of HijackThis v1.99.1
Scan saved at 3:29:01 PM, on 5/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Common Files\AOL\1146078616\ee\AOLSoftware.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\cfg32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Xfire\Xfire.exe
c:\program files\common files\aol\1146078616\ee\aim6.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\cfg32a.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\alex\Desktop\HijackThis.exe
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll
O2 - BHO: CExtension Object - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\cfg32p.dll
O2 - BHO: (no name) - {033B2052-EEEF-9D67-EC2B-ECABCE45B2CB} - C:\WINDOWS\system32\wpq.dll
O2 - BHO: CFG32S - {7564B020-44E8-4c9b-A887-C6EC41AC67DA} - C:\WINDOWS\cfg32r.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O2 - BHO: Scaggy Insert - {C68AE9C0-0909-4DDC-B661-C1AFB9F59898} - C:\WINDOWS\cfg32o.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: Search - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\WINDOWS\cfg32s.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1146078616\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [Configuration Manager] C:\WINDOWS\cfg32.exe
O4 - HKLM\..\Run: [w001b437.dll] RUNDLL32.EXE w001b437.dll,I2 000d2b7a0001b437
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: repairs303169584.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Userinit Logon Verification (UsrInitVerif) - Unknown owner - C:\WINDOWS\userinit.exe (file missing)
-
Hi,
Next step...
To UNINSTALL Surf Sidekick 3
Go Start>>Run>>copy/paste the following into the box:
"C:\Program Files\SurfSidekick 3\Ssk.exe" /u
Note: (Quotation marks are required)
Press OK
REBOOT your system
I am not seeing an anti-virus program running on your computer. All I see is Ewido and it is a great tool but you need a anti-virus program running all the time.
Go to the link below and get AVG or Avast(BOTH ARE FREE) please or you will never be clean, constantly getting infected.
http://www.d-a-l.com/help/showthread.php?t=32403
May as well get spybot and adaware while at that link and run the scans.
Then post a new hijackthis log as there is more to do. Thansk.
-
Thanks for the tips, I ended up getting AVG. Here is my HJT log after I rebooted after removing Surfside
Logfile of HijackThis v1.99.1
Scan saved at 10:01:21 PM, on 5/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Common Files\AOL\1146078616\ee\AOLSoftware.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\cfg32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Xfire\Xfire.exe
c:\program files\common files\aol\1146078616\ee\aim6.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\cfg32a.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Grisoft\AVG Free\avgcc.exe
C:\Program Files\VentriloMIX\VentriloMIX.exe
C:\Program Files\VentriloMIX\Ventrilo 2.3.0.exe
C:\Documents and Settings\alex\Desktop\HijackThis.exe
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
O2 - BHO: CExtension Object - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\cfg32p.dll
O2 - BHO: (no name) - {033B2052-EEEF-9D67-EC2B-ECABCE45B2CB} - C:\WINDOWS\system32\wpq.dll
O2 - BHO: CFG32S - {7564B020-44E8-4c9b-A887-C6EC41AC67DA} - C:\WINDOWS\cfg32r.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O2 - BHO: Scaggy Insert - {C68AE9C0-0909-4DDC-B661-C1AFB9F59898} - C:\WINDOWS\cfg32o.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: Search - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\WINDOWS\cfg32s.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1146078616\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [Configuration Manager] C:\WINDOWS\cfg32.exe
O4 - HKLM\..\Run: [w001b437.dll] RUNDLL32.EXE w001b437.dll,I2 000d2b7a0001b437
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Userinit Logon Verification (UsrInitVerif) - Unknown owner - C:\WINDOWS\userinit.exe (file missing)
-
Excellent job you've done,
I see you have Ewido, what I need for you to do is scan with Ewido from safe mode explained below. Save the scan report and post it back here for me to see please.
Safe Mode:
Now reboot into safe mode by tapping your F8 key upon restart and safe mode screen appears, select safe mode and press enter. Now run Ewido and post the log it makes please.
Reboot normal mode after Ewido scan.
Also...
Open Hijackthis.
Click the "Open the Misc Tools" section Button.
Click the "Open Uninstall Manager" Button.
Click the "Save list..." Button.
Save it to your desktop. Copy and paste the contents into your reply. Thanks.
Last edited by Neal; 13-05-2006 at 03:52 AM.
-
Hey, here are both of my lists. First, the Ewido scan list:
---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------
+ Created on: 2:12:27 PM, 5/13/2006
+ Report-Checksum: C210CD1A
+ Scan result:
HKLM\SOFTWARE\Classes\AppID\BookedSpace.DLL -> Adware.BookedSpace : Cleaned with backup
HKLM\SOFTWARE\Classes\BookedSpace.Extension -> Adware.BookedSpace : Cleaned with backup
HKLM\SOFTWARE\Classes\BookedSpace.Extension\CLSID -> Adware.BookedSpace : Cleaned with backup
HKLM\SOFTWARE\Classes\BookedSpace.Extension\CurVer -> Adware.BookedSpace : Cleaned with backup
HKLM\SOFTWARE\Classes\BookedSpace.Extension.5 -> Adware.BookedSpace : Cleaned with backup
HKLM\SOFTWARE\Classes\KBBar.KBBarBand -> Adware.PowerStrip : Cleaned with backup
HKLM\SOFTWARE\Classes\KBBar.KBBarBand\CLSID -> Adware.PowerStrip : Cleaned with backup
HKLM\SOFTWARE\Classes\KBBar.KBBarBand\CurVer -> Adware.PowerStrip : Cleaned with backup
HKLM\SOFTWARE\Classes\KBBar.KBBarBand.1 -> Adware.PowerStrip : Cleaned with backup
HKLM\SOFTWARE\SurfSideKick3 -> Adware.SurfSide : Cleaned with backup
HKLM\SOFTWARE\SurfSideKick3\Internet Explorer -> Adware.SurfSide : Cleaned with backup
HKU\S-1-5-21-3057704224-2564294346-1321446302-1006\Software\SurfSideKick3 -> Adware.SurfSide : Cleaned with backup
HKU\S-1-5-21-3057704224-2564294346-1321446302-1006\Software\SurfSideKick3\Internet Explorer -> Adware.SurfSide : Cleaned with backup
:mozilla.12:C:\Documents and Settings\alex\Application Data\Mozilla\Firefox\Profiles\0j4vyedm.default\coo kies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.14:C:\Documents and Settings\alex\Application Data\Mozilla\Firefox\Profiles\0j4vyedm.default\coo kies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.15:C:\Documents and Settings\alex\Application Data\Mozilla\Firefox\Profiles\0j4vyedm.default\coo kies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.16:C:\Documents and Settings\alex\Application Data\Mozilla\Firefox\Profiles\0j4vyedm.default\coo kies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.17:C:\Documents and Settings\alex\Application Data\Mozilla\Firefox\Profiles\0j4vyedm.default\coo kies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.18:C:\Documents and Settings\alex\Application Data\Mozilla\Firefox\Profiles\0j4vyedm.default\coo kies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.19:C:\Documents and Settings\alex\Application Data\Mozilla\Firefox\Profiles\0j4vyedm.default\coo kies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.30:C:\Documents and Settings\alex\Application Data\Mozilla\Firefox\Profiles\0j4vyedm.default\coo kies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.37:C:\Documents and Settings\alex\Application Data\Mozilla\Firefox\Profiles\0j4vyedm.default\coo kies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.39:C:\Documents and Settings\alex\Application Data\Mozilla\Firefox\Profiles\0j4vyedm.default\coo kies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.40:C:\Documents and Settings\alex\Application Data\Mozilla\Firefox\Profiles\0j4vyedm.default\coo kies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.41:C:\Documents and Settings\alex\Application Data\Mozilla\Firefox\Profiles\0j4vyedm.default\coo kies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.42:C:\Documents and Settings\alex\Application Data\Mozilla\Firefox\Profiles\0j4vyedm.default\coo kies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.43:C:\Documents and Settings\alex\Application Data\Mozilla\Firefox\Profiles\0j4vyedm.default\coo kies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.45:C:\Documents and Settings\alex\Application Data\Mozilla\Firefox\Profiles\0j4vyedm.default\coo kies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.46:C:\Documents and Settings\alex\Application Data\Mozilla\Firefox\Profiles\0j4vyedm.default\coo kies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.47:C:\Documents and Settings\alex\Application Data\Mozilla\Firefox\Profiles\0j4vyedm.default\coo kies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.48:C:\Documents and Settings\alex\Application Data\Mozilla\Firefox\Profiles\0j4vyedm.default\coo kies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.49:C:\Documents and Settings\alex\Application Data\Mozilla\Firefox\Profiles\0j4vyedm.default\coo kies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.50:C:\Documents and Settings\alex\Application Data\Mozilla\Firefox\Profiles\0j4vyedm.default\coo kies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.51:C:\Documents and Settings\alex\Application Data\Mozilla\Firefox\Profiles\0j4vyedm.default\coo kies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.52:C:\Documents and Settings\alex\Application Data\Mozilla\Firefox\Profiles\0j4vyedm.default\coo kies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.53:C:\Documents and Settings\alex\Application Data\Mozilla\Firefox\Profiles\0j4vyedm.default\coo kies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.54:C:\Documents and Settings\alex\Application Data\Mozilla\Firefox\Profiles\0j4vyedm.default\coo kies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.55:C:\Documents and Settings\alex\Application Data\Mozilla\Firefox\Profiles\0j4vyedm.default\coo kies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.56:C:\Documents and Settings\alex\Application Data\Mozilla\Firefox\Profiles\0j4vyedm.default\coo kies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.57:C:\Documents and Settings\alex\Application Data\Mozilla\Firefox\Profiles\0j4vyedm.default\coo kies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.58:C:\Documents and Settings\alex\Application Data\Mozilla\Firefox\Profiles\0j4vyedm.default\coo kies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.59:C:\Documents and Settings\alex\Application Data\Mozilla\Firefox\Profiles\0j4vyedm.default\coo kies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.60:C:\Documents and Settings\alex\Application Data\Mozilla\Firefox\Profiles\0j4vyedm.default\coo kies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.61:C:\Documents and Settings\alex\Application Data\Mozilla\Firefox\Profiles\0j4vyedm.default\coo kies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.62:C:\Documents and Settings\alex\Application Data\Mozilla\Firefox\Profiles\0j4vyedm.default\coo kies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.63:C:\Documents and Settings\alex\Application Data\Mozilla\Firefox\Profiles\0j4vyedm.default\coo kies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.64:C:\Documents and Settings\alex\Application Data\Mozilla\Firefox\Profiles\0j4vyedm.default\coo kies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.65:C:\Documents and Settings\alex\Application Data\Mozilla\Firefox\Profiles\0j4vyedm.default\coo kies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.66:C:\Documents and Settings\alex\Application Data\Mozilla\Firefox\Profiles\0j4vyedm.default\coo kies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.72:C:\Documents and Settings\alex\Application Data\Mozilla\Firefox\Profiles\0j4vyedm.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.73:C:\Documents and Settings\alex\Application Data\Mozilla\Firefox\Profiles\0j4vyedm.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.74:C:\Documents and Settings\alex\Application Data\Mozilla\Firefox\Profiles\0j4vyedm.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.76:C:\Documents and Settings\alex\Application Data\Mozilla\Firefox\Profiles\0j4vyedm.default\coo kies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.77:C:\Documents and Settings\alex\Application Data\Mozilla\Firefox\Profiles\0j4vyedm.default\coo kies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.78:C:\Documents and Settings\alex\Application Data\Mozilla\Firefox\Profiles\0j4vyedm.default\coo kies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.79:C:\Documents and Settings\alex\Application Data\Mozilla\Firefox\Profiles\0j4vyedm.default\coo kies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.80:C:\Documents and Settings\alex\Application Data\Mozilla\Firefox\Profiles\0j4vyedm.default\coo kies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.81:C:\Documents and Settings\alex\Application Data\Mozilla\Firefox\Profiles\0j4vyedm.default\coo kies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.82:C:\Documents and Settings\alex\Application Data\Mozilla\Firefox\Profiles\0j4vyedm.default\coo kies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.83:C:\Documents and Settings\alex\Application Data\Mozilla\Firefox\Profiles\0j4vyedm.default\coo kies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.84:C:\Documents and Settings\alex\Application Data\Mozilla\Firefox\Profiles\0j4vyedm.default\coo kies.txt -> TrackingCookie.Adjuggler : Cleaned with backup
:mozilla.85:C:\Documents and Settings\alex\Application Data\Mozilla\Firefox\Profiles\0j4vyedm.default\coo kies.txt -> TrackingCookie.Adjuggler : Cleaned with backup
:mozilla.86:C:\Documents and Settings\alex\Application Data\Mozilla\Firefox\Profiles\0j4vyedm.default\coo kies.txt -> TrackingCookie.Adbrite : Cleaned with backup
:mozilla.87:C:\Documents and Settings\alex\Application Data\Mozilla\Firefox\Profiles\0j4vyedm.default\coo kies.txt -> TrackingCookie.Adbrite : Cleaned with backup
:mozilla.88:C:\Documents and Settings\alex\Application Data\Mozilla\Firefox\Profiles\0j4vyedm.default\coo kies.txt -> TrackingCookie.Adjuggler : Cleaned with backup
:mozilla.89:C:\Documents and Settings\alex\Application Data\Mozilla\Firefox\Profiles\0j4vyedm.default\coo kies.txt -> TrackingCookie.Adjuggler : Cleaned with backup
:mozilla.90:C:\Documents and Settings\alex\Application Data\Mozilla\Firefox\Profiles\0j4vyedm.default\coo kies.txt -> TrackingCookie.Adjuggler : Cleaned with backup
:mozilla.103:C:\Documents and Settings\alex\Application Data\Mozilla\Firefox\Profiles\0j4vyedm.default\coo kies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.104:C:\Documents and Settings\alex\Application Data\Mozilla\Firefox\Profiles\0j4vyedm.default\coo kies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.105:C:\Documents and Settings\alex\Application Data\Mozilla\Firefox\Profiles\0j4vyedm.default\coo kies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.106:C:\Documents and Settings\alex\Application Data\Mozilla\Firefox\Profiles\0j4vyedm.default\coo kies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.107:C:\Documents and Settings\alex\Application Data\Mozilla\Firefox\Profiles\0j4vyedm.default\coo kies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.108:C:\Documents and Settings\alex\Application Data\Mozilla\Firefox\Profiles\0j4vyedm.default\coo kies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.109:C:\Documents and Settings\alex\Application Data\Mozilla\Firefox\Profiles\0j4vyedm.default\coo kies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.111:C:\Documents and Settings\alex\Application Data\Mozilla\Firefox\Profiles\0j4vyedm.default\coo kies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.113:C:\Documents and Settings\alex\Application Data\Mozilla\Firefox\Profiles\0j4vyedm.default\coo kies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.144:C:\Documents and Settings\alex\Application Data\Mozilla\Firefox\Profiles\0j4vyedm.default\coo kies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.145:C:\Documents and Settings\alex\Application Data\Mozilla\Firefox\Profiles\0j4vyedm.default\coo kies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.147:C:\Documents and Settings\alex\Application Data\Mozilla\Firefox\Profiles\0j4vyedm.default\coo kies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.148:C:\Documents and Settings\alex\Application Data\Mozilla\Firefox\Profiles\0j4vyedm.default\coo kies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.149:C:\Documents and Settings\alex\Application Data\Mozilla\Firefox\Profiles\0j4vyedm.default\coo kies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.150:C:\Documents and Settings\alex\Application Data\Mozilla\Firefox\Profiles\0j4vyedm.default\coo kies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.151:C:\Documents and Settings\alex\Application Data\Mozilla\Firefox\Profiles\0j4vyedm.default\coo kies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.152:C:\Documents and Settings\alex\Application Data\Mozilla\Firefox\Profiles\0j4vyedm.default\coo kies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.175:C:\Documents and Settings\alex\Application Data\Mozilla\Firefox\Profiles\0j4vyedm.default\coo kies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.176:C:\Documents and Settings\alex\Application Data\Mozilla\Firefox\Profiles\0j4vyedm.default\coo kies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.177:C:\Documents and Settings\alex\Application Data\Mozilla\Firefox\Profiles\0j4vyedm.default\coo kies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.178:C:\Documents and Settings\alex\Application Data\Mozilla\Firefox\Profiles\0j4vyedm.default\coo kies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.179:C:\Documents and Settings\alex\Application Data\Mozilla\Firefox\Profiles\0j4vyedm.default\coo kies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.180:C:\Documents and Settings\alex\Application Data\Mozilla\Firefox\Profiles\0j4vyedm.default\coo kies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.181:C:\Documents and Settings\alex\Application Data\Mozilla\Firefox\Profiles\0j4vyedm.default\coo kies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.182:C:\Documents and Settings\alex\Application Data\Mozilla\Firefox\Profiles\0j4vyedm.default\coo kies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.183:C:\Documents and Settings\alex\Application Data\Mozilla\Firefox\Profiles\0j4vyedm.default\coo kies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.184:C:\Documents and Settings\alex\Application Data\Mozilla\Firefox\Profiles\0j4vyedm.default\coo kies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.185:C:\Documents and Settings\alex\Application Data\Mozilla\Firefox\Profiles\0j4vyedm.default\coo kies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.186:C:\Documents and Settings\alex\Application Data\Mozilla\Firefox\Profiles\0j4vyedm.default\coo kies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.187:C:\Documents and Settings\alex\Application Data\Mozilla\Firefox\Profiles\0j4vyedm.default\coo kies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.188:C:\Documents and Settings\alex\Application Data\Mozilla\Firefox\Profiles\0j4vyedm.default\coo kies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.189:C:\Documents and Settings\alex\Application Data\Mozilla\Firefox\Profiles\0j4vyedm.default\coo kies.txt -> TrackingCookie.Bluestreak : Cleaned with backup
:mozilla.190:C:\Documents and Settings\alex\Application Data\Mozilla\Firefox\Profiles\0j4vyedm.default\coo kies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.191:C:\Documents and Settings\alex\Application Data\Mozilla\Firefox\Profiles\0j4vyedm.default\coo kies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.192:C:\Documents and Settings\alex\Application Data\Mozilla\Firefox\Profiles\0j4vyedm.default\coo kies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.193:C:\Documents and Settings\alex\Application Data\Mozilla\Firefox\Profiles\0j4vyedm.default\coo kies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.194:C:\Documents and Settings\alex\Application Data\Mozilla\Firefox\Profiles\0j4vyedm.default\coo kies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.195:C:\Documents and Settings\alex\Application Data\Mozilla\Firefox\Profiles\0j4vyedm.default\coo kies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.196:C:\Documents and Settings\alex\Application Data\Mozilla\Firefox\Profiles\0j4vyedm.default\coo kies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.197:C:\Documents and Settings\alex\Application Data\Mozilla\Firefox\Profiles\0j4vyedm.default\coo kies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.198:C:\Documents and Settings\alex\Application Data\Mozilla\Firefox\Profiles\0j4vyedm.default\coo kies.txt -> TrackingCookie.Burstbeacon : Cleaned with backup
:mozilla.199:C:\Documents and Settings\alex\Application Data\Mozilla\Firefox\Profiles\0j4vyedm.default\coo kies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.200:C:\Documents and Settings\alex\Application Data\Mozilla\Firefox\Profiles\0j4vyedm.default\coo kies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.201:C:\Documents and Settings\alex\Application Data\Mozilla\Firefox\Profiles\0j4vyedm.default\coo kies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.202:C:\Documents and Settings\alex\Application Data\Mozilla\Firefox\Profiles\0j4vyedm.default\coo kies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.210:C:\Documents and Settings\alex\Application Data\Mozilla\Firefox\Profiles\0j4vyedm.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.211:C:\Documents and Settings\alex\Application Data\Mozilla\Firefox\Profiles\0j4vyedm.default\coo kies.txt -> TrackingCookie.247realmedia : Cleaned with backup
:mozilla.238:C:\Documents and Settings\alex\Application Data\Mozilla\Firefox\Profiles\0j4vyedm.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.239:C:\Documents and Settings\alex\Application Data\Mozilla\Firefox\Profiles\0j4vyedm.default\coo kies.txt -> TrackingCookie.Qksrv : Cleaned with backup
:mozilla.240:C:\Documents and Settings\alex\Application Data\Mozilla\Firefox\Profiles\0j4vyedm.default\coo kies.txt -> TrackingCookie.Qksrv : Cleaned with backup
:mozilla.247:C:\Documents and Settings\alex\Application Data\Mozilla\Firefox\Profiles\0j4vyedm.default\coo kies.txt -> TrackingCookie.Onestat : Cleaned with backup
:mozilla.248:C:\Documents and Settings\alex\Application Data\Mozilla\Firefox\Profiles\0j4vyedm.default\coo kies.txt -> TrackingCookie.Onestat : Cleaned with backup
:mozilla.263:C:\Documents and Settings\alex\Application Data\Mozilla\Firefox\Profiles\0j4vyedm.default\coo kies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.273:C:\Documents and Settings\alex\Application Data\Mozilla\Firefox\Profiles\0j4vyedm.default\coo kies.txt -> TrackingCookie.Targetnet : Cleaned with backup
:mozilla.274:C:\Documents and Settings\alex\Application Data\Mozilla\Firefox\Profiles\0j4vyedm.default\coo kies.txt -> TrackingCookie.Targetnet : Cleaned with backup
:mozilla.275:C:\Documents and Settings\alex\Application Data\Mozilla\Firefox\Profiles\0j4vyedm.default\coo kies.txt -> TrackingCookie.Targetnet : Cleaned with backup
:mozilla.276:C:\Documents and Settings\alex\Application Data\Mozilla\Firefox\Profiles\0j4vyedm.default\coo kies.txt -> TrackingCookie.Targetnet : Cleaned with backup
:mozilla.277:C:\Documents and Settings\alex\Application Data\Mozilla\Firefox\Profiles\0j4vyedm.default\coo kies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.278:C:\Documents and Settings\alex\Application Data\Mozilla\Firefox\Profiles\0j4vyedm.default\coo kies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.279:C:\Documents and Settings\alex\Application Data\Mozilla\Firefox\Profiles\0j4vyedm.default\coo kies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.280:C:\Documents and Settings\alex\Application Data\Mozilla\Firefox\Profiles\0j4vyedm.default\coo kies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.281:C:\Documents and Settings\alex\Application Data\Mozilla\Firefox\Profiles\0j4vyedm.default\coo kies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.282:C:\Documents and Settings\alex\Application Data\Mozilla\Firefox\Profiles\0j4vyedm.default\coo kies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.283:C:\Documents and Settings\alex\Application Data\Mozilla\Firefox\Profiles\0j4vyedm.default\coo kies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.286:C:\Documents and Settings\alex\Application Data\Mozilla\Firefox\Profiles\0j4vyedm.default\coo kies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.287:C:\Documents and Settings\alex\Application Data\Mozilla\Firefox\Profiles\0j4vyedm.default\coo kies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.288:C:\Documents and Settings\alex\Application Data\Mozilla\Firefox\Profiles\0j4vyedm.default\coo kies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.289:C:\Documents and Settings\alex\Application Data\Mozilla\Firefox\Profiles\0j4vyedm.default\coo kies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.293:C:\Documents and Settings\alex\Application Data\Mozilla\Firefox\Profiles\0j4vyedm.default\coo kies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.294:C:\Documents and Settings\alex\Application Data\Mozilla\Firefox\Profiles\0j4vyedm.default\coo kies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.295:C:\Documents and Settings\alex\Application Data\Mozilla\Firefox\Profiles\0j4vyedm.default\coo kies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.296:C:\Documents and Settings\alex\Application Data\Mozilla\Firefox\Profiles\0j4vyedm.default\coo kies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.310:C:\Documents and Settings\alex\Application Data\Mozilla\Firefox\Profiles\0j4vyedm.default\coo kies.txt -> TrackingCookie.Revenue : Cleaned with backup
:mozilla.322:C:\Documents and Settings\alex\Application Data\Mozilla\Firefox\Profiles\0j4vyedm.default\coo kies.txt -> TrackingCookie.Cpvfeed : Cleaned with backup
:mozilla.323:C:\Documents and Settings\alex\Application Data\Mozilla\Firefox\Profiles\0j4vyedm.default\coo kies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.324:C:\Documents and Settings\alex\Application Data\Mozilla\Firefox\Profiles\0j4vyedm.default\coo kies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.325:C:\Documents and Settings\alex\Application Data\Mozilla\Firefox\Profiles\0j4vyedm.default\coo kies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.326:C:\Documents and Settings\alex\Application Data\Mozilla\Firefox\Profiles\0j4vyedm.default\coo kies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.327:C:\Documents and Settings\alex\Application Data\Mozilla\Firefox\Profiles\0j4vyedm.default\coo kies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.328:C:\Documents and Settings\alex\Application Data\Mozilla\Firefox\Profiles\0j4vyedm.default\coo kies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.329:C:\Documents and Settings\alex\Application Data\Mozilla\Firefox\Profiles\0j4vyedm.default\coo kies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.330:C:\Documents and Settings\alex\Application Data\Mozilla\Firefox\Profiles\0j4vyedm.default\coo kies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.336:C:\Documents and Settings\alex\Application Data\Mozilla\Firefox\Profiles\0j4vyedm.default\coo kies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.337:C:\Documents and Settings\alex\Application Data\Mozilla\Firefox\Profiles\0j4vyedm.default\coo kies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.338:C:\Documents and Settings\alex\Application Data\Mozilla\Firefox\Profiles\0j4vyedm.default\coo kies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.339:C:\Documents and Settings\alex\Application Data\Mozilla\Firefox\Profiles\0j4vyedm.default\coo kies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.340:C:\Documents and Settings\alex\Application Data\Mozilla\Firefox\Profiles\0j4vyedm.default\coo kies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.347:C:\Documents and Settings\alex\Application Data\Mozilla\Firefox\Profiles\0j4vyedm.default\coo kies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.348:C:\Documents and Settings\alex\Application Data\Mozilla\Firefox\Profiles\0j4vyedm.default\coo kies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.362:C:\Documents and Settings\alex\Application Data\Mozilla\Firefox\Profiles\0j4vyedm.default\coo kies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.373:C:\Documents and Settings\alex\Application Data\Mozilla\Firefox\Profiles\0j4vyedm.default\coo kies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.374:C:\Documents and Settings\alex\Application Data\Mozilla\Firefox\Profiles\0j4vyedm.default\coo kies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.375:C:\Documents and Settings\alex\Application Data\Mozilla\Firefox\Profiles\0j4vyedm.default\coo kies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.376:C:\Documents and Settings\alex\Application Data\Mozilla\Firefox\Profiles\0j4vyedm.default\coo kies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.377:C:\Documents and Settings\alex\Application Data\Mozilla\Firefox\Profiles\0j4vyedm.default\coo kies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.378:C:\Documents and Settings\alex\Application Data\Mozilla\Firefox\Profiles\0j4vyedm.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.382:C:\Documents and Settings\alex\Application Data\Mozilla\Firefox\Profiles\0j4vyedm.default\coo kies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.383:C:\Documents and Settings\alex\Application Data\Mozilla\Firefox\Profiles\0j4vyedm.default\coo kies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.397:C:\Documents and Settings\alex\Application Data\Mozilla\Firefox\Profiles\0j4vyedm.default\coo kies.txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
:mozilla.409:C:\Documents and Settings\alex\Application Data\Mozilla\Firefox\Profiles\0j4vyedm.default\coo kies.txt -> TrackingCookie.Adtech : Cleaned with backup
:mozilla.410:C:\Documents and Settings\alex\Application Data\Mozilla\Firefox\Profiles\0j4vyedm.default\coo kies.txt -> TrackingCookie.Adtech : Cleaned with backup
:mozilla.435:C:\Documents and Settings\alex\Application Data\Mozilla\Firefox\Profiles\0j4vyedm.default\coo kies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup
:mozilla.436:C:\Documents and Settings\alex\Application Data\Mozilla\Firefox\Profiles\0j4vyedm.default\coo kies.txt -> TrackingCookie.Sitestat : Cleaned with backup
:mozilla.437:C:\Documents and Settings\alex\Application Data\Mozilla\Firefox\Profiles\0j4vyedm.default\coo kies.txt -> TrackingCookie.Sitestat : Cleaned with backup
:mozilla.439:C:\Documents and Settings\alex\Application Data\Mozilla\Firefox\Profiles\0j4vyedm.default\coo kies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.440:C:\Documents and Settings\alex\Application Data\Mozilla\Firefox\Profiles\0j4vyedm.default\coo kies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.441:C:\Documents and Settings\alex\Application Data\Mozilla\Firefox\Profiles\0j4vyedm.default\coo kies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.442:C:\Documents and Settings\alex\Application Data\Mozilla\Firefox\Profiles\0j4vyedm.default\coo kies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.443:C:\Documents and Settings\alex\Application Data\Mozilla\Firefox\Profiles\0j4vyedm.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.476:C:\Documents and Settings\alex\Application Data\Mozilla\Firefox\Profiles\0j4vyedm.default\coo kies.txt -> TrackingCookie.Tacoda : Cleaned with backup
C:\Documents and Settings\alex\Cookies\alex@2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\alex\Cookies\alex@advertising[1].txt -> TrackingCookie.Advertising : Cleaned with backup
C:\Documents and Settings\alex\Cookies\alex@as-us.falkag[2].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\Documents and Settings\alex\Cookies\alex@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup
C:\Documents and Settings\alex\Cookies\alex@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\alex\Cookies\alex@ehg-nestleusainc.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\alex\Cookies\alex@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\alex\Cookies\alex@kmpads[1].txt -> TrackingCookie.Kmpads : Cleaned with backup
C:\Documents and Settings\alex\Cookies\alex@server.iad.liveperson[1].txt -> TrackingCookie.Liveperson : Cleaned with backup
C:\Documents and Settings\alex\Cookies\alex@trafficmp[2].txt -> TrackingCookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\alex\Cookies\alex@zedo[1].txt -> TrackingCookie.Zedo : Cleaned with backup
C:\Documents and Settings\alex\Desktop\uninstall6_76.exe -> Adware.NewDotNet : Cleaned with backup
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\04Q9STUJ\newname19[1].exe -> Downloader.VB.aci : Cleaned with backup
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\N0YK3SWI\drsmartload[1].exe -> Downloader.Adload.ap : Cleaned with backup
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\N0YK3SWI\keyboard19[1].exe -> Downloader.VB.ys : Cleaned with backup
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\O759JSR1\defender19a[1].exe -> Hijacker.VB.nh : Cleaned with backup
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\OTRGQ9DN\!update-3820[1].0000 -> Downloader.PurityScan.cl : Cleaned with backup
:mozilla.8:C:\Documents and Settings\Valued Customer\Application Data\Mozilla\Firefox\Profiles\dxdp3pv9.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.10:C:\Documents and Settings\Valued Customer\Application Data\Mozilla\Firefox\Profiles\dxdp3pv9.default\coo kies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.12:C:\Documents and Settings\Valued Customer\Application Data\Mozilla\Firefox\Profiles\dxdp3pv9.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.13:C:\Documents and Settings\Valued Customer\Application Data\Mozilla\Firefox\Profiles\dxdp3pv9.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.14:C:\Documents and Settings\Valued Customer\Application Data\Mozilla\Firefox\Profiles\dxdp3pv9.default\coo kies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.17:C:\Documents and Settings\Valued Customer\Application Data\Mozilla\Firefox\Profiles\dxdp3pv9.default\coo kies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.18:C:\Documents and Settings\Valued Customer\Application Data\Mozilla\Firefox\Profiles\dxdp3pv9.default\coo kies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.19:C:\Documents and Settings\Valued Customer\Application Data\Mozilla\Firefox\Profiles\dxdp3pv9.default\coo kies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.31:C:\Documents and Settings\Valued Customer\Application Data\Mozilla\Firefox\Profiles\dxdp3pv9.default\coo kies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.33:C:\Documents and Settings\Valued Customer\Application Data\Mozilla\Firefox\Profiles\dxdp3pv9.default\coo kies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.34:C:\Documents and Settings\Valued Customer\Application Data\Mozilla\Firefox\Profiles\dxdp3pv9.default\coo kies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.35:C:\Documents and Settings\Valued Customer\Application Data\Mozilla\Firefox\Profiles\dxdp3pv9.default\coo kies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.36:C:\Documents and Settings\Valued Customer\Application Data\Mozilla\Firefox\Profiles\dxdp3pv9.default\coo kies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.37:C:\Documents and Settings\Valued Customer\Application Data\Mozilla\Firefox\Profiles\dxdp3pv9.default\coo kies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.38:C:\Documents and Settings\Valued Customer\Application Data\Mozilla\Firefox\Profiles\dxdp3pv9.default\coo kies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.39:C:\Documents and Settings\Valued Customer\Application Data\Mozilla\Firefox\Profiles\dxdp3pv9.default\coo kies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.40:C:\Documents and Settings\Valued Customer\Application Data\Mozilla\Firefox\Profiles\dxdp3pv9.default\coo kies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.41:C:\Documents and Settings\Valued Customer\Application Data\Mozilla\Firefox\Profiles\dxdp3pv9.default\coo kies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.59:C:\Documents and Settings\Valued Customer\Application Data\Mozilla\Firefox\Profiles\dxdp3pv9.default\coo kies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.60:C:\Documents and Settings\Valued Customer\Application Data\Mozilla\Firefox\Profiles\dxdp3pv9.default\coo kies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.61:C:\Documents and Settings\Valued Customer\Application Data\Mozilla\Firefox\Profiles\dxdp3pv9.default\coo kies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.62:C:\Documents and Settings\Valued Customer\Application Data\Mozilla\Firefox\Profiles\dxdp3pv9.default\coo kies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.63:C:\Documents and Settings\Valued Customer\Application Data\Mozilla\Firefox\Profiles\dxdp3pv9.default\coo kies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.73:C:\Documents and Settings\Valued Customer\Application Data\Mozilla\Firefox\Profiles\dxdp3pv9.default\coo kies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.74:C:\Documents and Settings\Valued Customer\Application Data\Mozilla\Firefox\Profiles\dxdp3pv9.default\coo kies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.75:C:\Documents and Settings\Valued Customer\Application Data\Mozilla\Firefox\Profiles\dxdp3pv9.default\coo kies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.82:C:\Documents and Settings\Valued Customer\Application Data\Mozilla\Firefox\Profiles\dxdp3pv9.default\coo kies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.94:C:\Documents and Settings\Valued Customer\Application Data\Mozilla\Firefox\Profiles\dxdp3pv9.default\coo kies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.95:C:\Documents and Settings\Valued Customer\Application Data\Mozilla\Firefox\Profiles\dxdp3pv9.default\coo kies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.96:C:\Documents and Settings\Valued Customer\Application Data\Mozilla\Firefox\Profiles\dxdp3pv9.default\coo kies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.97:C:\Documents and Settings\Valued Customer\Application Data\Mozilla\Firefox\Profiles\dxdp3pv9.default\coo kies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.98:C:\Documents and Settings\Valued Customer\Application Data\Mozilla\Firefox\Profiles\dxdp3pv9.default\coo kies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.108:C:\Documents and Settings\Valued Customer\Application Data\Mozilla\Firefox\Profiles\dxdp3pv9.default\coo kies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.109:C:\Documents and Settings\Valued Customer\Application Data\Mozilla\Firefox\Profiles\dxdp3pv9.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Program Files\NewDotNet -> Adware.NewDotNet : Cleaned with backup
C:\RECYCLER\S-1-5-21-3057704224-2564294346-1321446302-1006\Dc11.exe -> Downloader.VB.aci : Cleaned with backup
C:\RECYCLER\S-1-5-21-3057704224-2564294346-1321446302-1006\Dc12\SnowballWars.exe -> Dropper.VB.mz : Cleaned with backup
C:\RECYCLER\S-1-5-21-3057704224-2564294346-1321446302-1006\Dc3.pif -> Backdoor.SdBot.aad : Cleaned with backup
C:\RECYCLER\S-1-5-21-3057704224-2564294346-1321446302-1006\Dc5.exe -> Hijacker.VB.nh : Cleaned with backup
C:\RECYCLER\S-1-5-21-3057704224-2564294346-1321446302-1006\Dc6.exe -> Downloader.VB.ys : Cleaned with backup
C:\RECYCLER\S-1-5-21-3057704224-2564294346-1321446302-1006\Dc7.EXE -> Adware.NewDotNet : Cleaned with backup
C:\RECYCLER\S-1-5-21-3057704224-2564294346-1321446302-1006\Dc9.exe -> Downloader.Adload.ap : Cleaned with backup
C:\WINDOWS\Fοnts\cmd.exe -> Downloader.PurityScan.cl : Cleaned with backup
C:\WINDOWS\NDNuninstall6_38.exe -> Adware.NewDotNet : Cleaned with backup
C:\WINDOWS\NDNuninstall7_22.exe -> Adware.NewDotNet : Cleaned with backup
::Report End
Now, here is my HJT Uninstall Manager list:
BitLord 1.1
Call of Duty(R) 2
EVGA Display Driver
ewido anti-malware
HijackThis 1.99.1
iTunes
J2SE Runtime Environment 5.0 Update 3
Macromedia Flash Player 8
MapleStory
Microsoft Office Professional Edition 2003
mIRC
Mozilla Firefox (1.5.0.3)
MSN
MSN Messenger 7.5
MSN Toolbar
QuickTime
Realtek AC'97 Audio
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
VentriloMIX
Viewpoint Manager (Remove Only)
Viewpoint Media Player
Windows Installer 3.1 (KB893803)
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Xfire (remove only)
Thanks again for all of your help!
-
HI,
Uninstall these two via add/remove program:
Viewpoint Manager (Remove Only)
Viewpoint Media Player
Reboot and give me a new hijackthis log please.
How is the computer behaving now?
-
Here is my HJT log as requested:
Logfile of HijackThis v1.99.1
Scan saved at 11:41:42 PM, on 5/13/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Userinit.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Common Files\AOL\1146078616\ee\AOLSoftware.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\cfg32.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Xfire\Xfire.exe
c:\program files\common files\aol\1146078616\ee\aim6.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Documents and Settings\alex\Desktop\HijackThis.exe
C:\WINDOWS\system32\imapi.exe
C:\Program Files\iPod\bin\iPodService.exe
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
O2 - BHO: CExtension Object - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\cfg32p.dll
O2 - BHO: (no name) - {033B2052-EEEF-9D67-EC2B-ECABCE45B2CB} - C:\WINDOWS\system32\wpq.dll
O2 - BHO: CFG32S - {7564B020-44E8-4c9b-A887-C6EC41AC67DA} - C:\WINDOWS\cfg32r.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O2 - BHO: Scaggy Insert - {C68AE9C0-0909-4DDC-B661-C1AFB9F59898} - C:\WINDOWS\cfg32o.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: Search - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\WINDOWS\cfg32s.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1146078616\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Configuration Manager] C:\WINDOWS\cfg32.exe
O4 - HKLM\..\Run: [w001b437.dll] RUNDLL32.EXE w001b437.dll,I2 000d2b7a0001b437
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Userinit Logon Verification (UsrInitVerif) - Unknown owner - C:\WINDOWS\userinit.exe (file missing)
Oh, and my computer is working GREAT now, Thanks A Lot! 
No popups or anything!
Last edited by ahiggins; 14-05-2006 at 04:44 AM.
Reason: Left out a part
-
Great news, little more to do yet.
Don't run CCleaner yet we will from safe mode below, thanks.
To clean your temp folder, recycle bin, etc..please download this free tool:
CCleaner
Don't install any Toolbars, or other programs, should it ask you!Just uncheck the option of installing the Yahoo toolbar.
It will put a shortcut on your Desktop.
Click on CCleaner to start it. Then click "Run Cleaner", just use the windows tab up front by default.
Then Reboot (Exit)
Now reboot into safe mode by tapping your F8 key upon restart and safe mode screen appears, select safe mode and press enter.
Run hijackthis and click on scan button and put checks next to these:
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
O2 - BHO: CExtension Object - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\cfg32p.dll
O2 - BHO: (no name) - {033B2052-EEEF-9D67-EC2B-ECABCE45B2CB} - C:\WINDOWS\system32\wpq.dll
O2 - BHO: CFG32S - {7564B020-44E8-4c9b-A887-C6EC41AC67DA} - C:\WINDOWS\cfg32r.dll
O2 - BHO: Scaggy Insert - {C68AE9C0-0909-4DDC-B661-C1AFB9F59898} - C:\WINDOWS\cfg32o.dll
O3 - Toolbar: Search - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\WINDOWS\cfg32s.dll
O4 - HKLM\..\Run: [Configuration Manager] C:\WINDOWS\cfg32.exe
O4 - HKLM\..\Run: [w001b437.dll] RUNDLL32.EXE w001b437.dll,I2 000d2b7a0001b437
Make sure nothing is open but hijackthis and click fix checked.
Navigate to these files or folders using Windows Explorer (OR Start -> Search) and delete (if present):
DELETE FILES:
C:\WINDOWS\cfg32s.dll
C:\WINDOWS\cfg32.exe
w001b437.dll
Now run CCleaner useing the windows tab only upfront by default.
Reboot normal mode and post a new hijackthis log please.
