Help! Winfixer 2005 Has taken over [CLOSED]

Need a geek? Geeks to Go offers free, quality tech support -- in terms anyone can understand. Volunteers are waiting to help, friendly, technology experts who have knowledge to share, and enjoy helping others. Feel free to browse the site as a guest. However, you must log in to reply to existing topics, or to start a new topic. Other benefits of joining include richer forum features, and removal of all advertising. Learn more in our Welcome Guide Infected? Malware and Spyware Cleaning Guide. What are you waiting for? Click here to join for free today!

> Geeks to Go! » Security » Virus, Spyware and Trojan Removal

Help! Winfixer 2005 Has taken over [CLOSED], Removing Winfixer 2005

Options

rleptrone View Member Profile	Jan 20 2006, 05:05 PM Post #1
New Member Posts: 8 OS: Windows XP	I seem to have the same problem as a lot of people. I too have a Winfixer 2005 Problem. Here is my Highjackthis log. Can you help me? Logfile of HijackThis v1.99.1 Scan saved at 6:01:33 PM, on 1/20/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\pctspk.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\Program Files\Microsoft IntelliType Pro\type32.exe C:\Program Files\Microsoft IntelliPoint\point32.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe C:\Program Files\ViRobotXP\vrmonnt.exe C:\Program Files\ViRobotXP\Vrres.exe C:\Program Files\PCSecurityShield\The Shield Firewall\FireWall.exe C:\WINDOWS\system32\??erinit.exe C:\Program Files\Advanced Searchbar\jammer.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\EarthLink TotalAccess\Spyware Blocker\SpywareBlocker.exe C:\Program Files\mhbs\obcs.exe C:\Program Files\Hewlett-Packard\AiO\hp officejet d series\Bin\hpoojd07.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Palm\HOTSYNC.EXE C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe C:\WINDOWS\system32\wdfmgr.exe C:\Program Files\ViRobotXP\vrmonsvc.exe C:\WINDOWS\system32\hpoipm07.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\wuauclt.exe C:\Highjackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://myhomepage.capitan-trash.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/more/msie...ton/search.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://start.earthlink.net/AL/Search R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.searchforit.com/searchbar R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://myhomepage.capitan-trash.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.searchforit.com/searchbar R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.searchforit.com/searchbar R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://myhomepage.capitan-trash.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.earthlink.net/AL/Search R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.searchforit.com/searchbar R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R3 - URLSearchHook: (no name) - {5C5FCF6A-2BF6-5D22-A19F-0CD5F92CE2CC} - C:\WINDOWS\system32\rxlkcu.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: Implements Jammer - {09F0F280-FB9A-481B-B69A-CB00DC44D027} - C:\PROGRA~1\ADVANC~1\POPUPJ~1.DLL O2 - BHO: EarthLink ScamBlocker V2 - {15F4D456-5BAA-4076-8486-EECB38CD3E57} - C:\Program Files\EarthLink TotalAccess\Toolbar\EScamBlk.dll O2 - BHO: (no name) - {2B5417BC-F92A-D6FB-2D87-DDF8F89ACFC2} - C:\WINDOWS\system32\buwb.dll (file missing) O2 - BHO: Farstone Url Blocker - {316AEF8D-3C37-423E-9E6E-13820A9DC37A} - C:\PROGRA~1\PCSECU~1\THESHI~1\IrlOnIE.dll O2 - BHO: EarthLink PopUp Blocker V2 - {512ACF1B-64D9-4928-B382-A80556F28DB4} - C:\Program Files\EarthLink TotalAccess\Toolbar\ElnkPuB.dll O2 - BHO: (no name) - {5C5FCF6A-2BF6-5D22-A19F-0CD5F92CE2CC} - C:\WINDOWS\system32\rxlkcu.dll O2 - BHO: IE_PopupBlocker Class - {656EC4B7-072B-4698-B504-2A414C1F0037} - C:\Program Files\EarthLink TotalAccess\Accelerator\prpl_IePopupBlocker.dll O2 - BHO: (no name) - {6BAB6458-C167-25E3-8720-6D5578AE2E4A} - (no file) O2 - BHO: WebBar Class - {77712A64-F30B-47C8-A363-CDA1CEC7DC1B} - C:\PROGRA~1\ADVANC~1\ADVANC~1.DLL O2 - BHO: Replace Search Ctl - {832BEBED-C3DA-4534-A2C2-B2FFF220C820} - C:\WINDOWS\System32\replaceSearch.dll O2 - BHO: Earthlink Protection BHO - {9579D574-D4D8-4335-9560-FE8641A013BD} - C:\Program Files\EarthLink TotalAccess\Toolbar\ProtctIE.dll O2 - BHO: Farstone Popup Blocker - {E22F9B9D-1A1F-473E-BED6-D8BC152441F4} - C:\PROGRA~1\PCSECU~1\THESHI~1\FARPOP~1.DLL O2 - BHO: Uninstall Legacy Earthlink Toolbar - {E713904C-DF05-4C79-BBAD-02DB923253BE} - C:\Program Files\EarthLink TotalAccess\Toolbar\uninsttb.dll O3 - Toolbar: EarthLink Toolbar - {C7768536-96F8-4001-B1A2-90EE21279187} - C:\Program Files\EarthLink TotalAccess\Toolbar\Toolbar.dll O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [VTPreset] VTPreset.exe O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe" O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe" O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe O4 - HKLM\..\Run: [Vrmon] C:\Program Files\ViRobotXP\vrmonnt.exe Main O4 - HKLM\..\Run: [VrSchedule] C:\Program Files\ViRobotXP\Vrres.exe O4 - HKLM\..\Run: [dwStart] C:\Program Files\PCSecurityShield\The Shield Firewall\FireWall.exe O4 - HKLM\..\Run: [NI.UWFX5LP_0001_0614] "C:\WINDOWS\Downloaded Program Files\UWFX5LP_0001_0614NetInstaller.exe" O4 - HKCU\..\Run: [Mbwwflq] C:\WINDOWS\system32\??erinit.exe O4 - HKCU\..\Run: [PopupJammer] C:\Program Files\Advanced Searchbar\jammer.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\EarthLink TotalAccess\Spyware Blocker\SpywareBlocker.exe" /0 O4 - HKCU\..\Run: [Registry Cleaner] "C:\Program Files\Registry Cleaner Trial\regclean.exe" O4 - HKCU\..\Run: [Ucoe] "C:\Program Files\mhbs\obcs.exe" -vt mt O4 - Global Startup: HPAiODevice(hp officejet d series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet d series\Bin\hpoojd07.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O4 - Global Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: Add to White List - C:\Program Files\Advanced Searchbar\addtolist.js O8 - Extra context menu item: Delete from White List - C:\Program Files\Advanced Searchbar\delfromlist.js O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Broken Internet access because of LSP provider 'farlsp.dll' missing O16 - DPF: Yahoo! MahJong Solitaire - http://download.games.yahoo.com/games/clients/y/mjst3_x.cab O16 - DPF: {0F9B4CA4-A30F-480A-841D-69B45C50A8F8} (SekureL0gin.SekureKontrol) - http://secure2.comned.com/signuptemplates/AktiveSekurity.cab O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwe...etup1.0.0.8.cab O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/asa/LSSupCtl.cab O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540013} (CInstall Class) - http://adserver.sharewareonline.com/adserver/Install.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {77712A64-F30B-47C8-A363-CDA1CEC7DC1B} (WebBar Class) - http://www.advancedsearchbar.com/searchbarsetup2.exe O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comned.com/signuptemplates/...login-devel.cab O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab O16 - DPF: {B160422D-0A48-11D4-BD9B-00A0C9B0AB7B} (Download Class) - http://expressit.broderbund.com/plugin/Download.cab O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/SymAData.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/popc...aploader_v5.cab O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup145.cab O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe O23 - Service: ViRobot Expert Monitoring (vrmonsvc) - HAURI - C:\Program Files\ViRobotXP\vrmonsvc.exe

Crustyoldbloke View Member Profile	Jan 20 2006, 06:33 PM Post #2
Malware Surgeon with a shaky scalpel Posts: 15,101 From: Worcestershire, England OS: Win98, Windows XP Professional SP2, Vista	Hello rleptrone and welcome to Geeks to Go As an introduction, please note that I am not Superhuman, I do not know everything, but what I do know has taken me years to learn. I am happy to pass on this information to you, but please bear in mind that I am also fallible. Please note that you should have Administrator rights to perform the fixes. Also note that multiple identity PC�s (family PC�s) present a different problem; please tell me if your PC has more than one individual�s setting, but continue with the fix. Before we get underway, you may wish to print these instructions for easy reference during the fix, although please be aware that many of the required URLs are hyperlinks in the red names shown on your screen. Part of the fix may require you to be in Safe Mode, which will not allow you to access the internet, or my instructions! You have quite a mixture of malware and Trojans that need to be eradicated. Let�s see what we can do with the first sweep. You do not appear to have any antivirus programme running on your PC; we must correct that immediately. Download: AVG ANTIVIRUS FREE EDITION Install AVG, update its virus definitions and perform a full system scan before proceeding any further. A malicious .DLL file is disrupting the LSP chain on your computer. We need to get rid of it. 1. Please download LSP Fix 2. Run the LSPFix.exe that you have just finished downloading. 3. Check the I know what I'm doing box. 4. In the Keep box you should see one or more instances of farlsp.dll 5. Select every instance of farlsp.dll and move each one to the Remove box by clicking the >> button. 6. When you are done click Finish, do not use the X in the top right-hand corner as nothing will happen! Please download the following programmes and save them to your Desktop. Killbox by Option^Explicit CCleaner Ewido Security Suite Install Ewido Security Suite. Install Ewido security suite When installing, under "Additional Options" uncheck.. Install background guard Install scan via context menu You will need to update Ewido to the latest definition files. On the left hand side of the main screen click update. Then click on Start Update. The update will start and a progress bar will show the updates being installed. (the status bar at the bottom will display "Update successful") If you are having problems with the updater, you can use this link to manually update Ewido. Ewido manual updates Do NOT run a scan yet. Next, please reboot your computer in Safe Mode by doing the following: 1) Restart your computer 2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8. 3) Instead of Windows loading as normal, a menu should appear 4) Select the first option, to run Windows in Safe Mode. For additional help in booting into Safe Mode, see the following site: Safe Mode Launch Ewido, there should be an icon on your desktop, double-click it. The programme will now open to the main screen. When you run Ewido for the first time, you will get a warning "Database could not be found!". Click OK. Once the updates are installed do the following: Click on scanner Click on Complete System Scan and the scan will begin. You will be prompted to clean the first infection. Select "Perform action on all infections", then proceed. Once the scan has completed, there will be a button located on the bottom of the screen named Save report Click Save report. Save the report .txt file to your desktop and include it in your reply. Now close Ewido security suite. Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below. R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://myhomepage.capitan-trash.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.searchforit.com/searchbar R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://myhomepage.capitan-trash.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.searchforit.com/searchbar R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.searchforit.com/searchbar R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://myhomepage.capitan-trash.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.searchforit.com/searchbar R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R3 - URLSearchHook: (no name) - {5C5FCF6A-2BF6-5D22-A19F-0CD5F92CE2CC} - C:\WINDOWS\system32\rxlkcu.dll O2 - BHO: Implements Jammer - {09F0F280-FB9A-481B-B69A-CB00DC44D027} - C:\PROGRA~1\ADVANC~1\POPUPJ~1.DLL O2 - BHO: (no name) - {2B5417BC-F92A-D6FB-2D87-DDF8F89ACFC2} - C:\WINDOWS\system32\buwb.dll (file missing) O2 - BHO: Farstone Url Blocker - {316AEF8D-3C37-423E-9E6E-13820A9DC37A} - C:\PROGRA~1\PCSECU~1\THESHI~1\IrlOnIE.dll O2 - BHO: (no name) - {5C5FCF6A-2BF6-5D22-A19F-0CD5F92CE2CC} - C:\WINDOWS\system32\rxlkcu.dll O2 - BHO: (no name) - {6BAB6458-C167-25E3-8720-6D5578AE2E4A} - (no file) O2 - BHO: WebBar Class - {77712A64-F30B-47C8-A363-CDA1CEC7DC1B} - C:\PROGRA~1\ADVANC~1\ADVANC~1.DLL O2 - BHO: Replace Search Ctl - {832BEBED-C3DA-4534-A2C2-B2FFF220C820} - C:\WINDOWS\System32\replaceSearch.dll O4 - HKLM\..\Run: [NI.UWFX5LP_0001_0614] "C:\WINDOWS\Downloaded Program Files\UWFX5LP_0001_0614NetInstaller.exe" O4 - HKCU\..\Run: [Mbwwflq] C:\WINDOWS\system32\??erinit.exe O4 - HKCU\..\Run: [Ucoe] "C:\Program Files\mhbs\obcs.exe" -vt mt O8 - Extra context menu item: Add to White List - C:\Program Files\Advanced Searchbar\addtolist.js O8 - Extra context menu item: Delete from White List - C:\Program Files\Advanced Searchbar\delfromlist.js O16 - DPF: {0F9B4CA4-A30F-480A-841D-69B45C50A8F8} (SekureL0gin.SekureKontrol) - http://secure2.comned.com/signuptemplates/AktiveSekurity.cab O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwe...etup1.0.0.8.cab O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540013} (CInstall Class) - http://adserver.sharewareonline.com/adserver/Install.cab O16 - DPF: {77712A64-F30B-47C8-A363-CDA1CEC7DC1B} (WebBar Class) - http://www.advancedsearchbar.com/searchbarsetup2.exe O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comned.com/signuptemplates/...login-devel.cab Now close all windows other than HiJackThis, then click Fix Checked. Please install Killbox by Option^Explicit. Please double-click Killbox.exe to run it. Select Delete on Reboot then Click on the All Files button. Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy): C:\WINDOWS\system32\??erinit.exe C:\Program Files\mhbs\obcs.exe C:\WINDOWS\system32\rxlkcu.dll C:\PROGRA~1\ADVANC~1\POPUPJ~1.DLL C:\PROGRA~1\ADVANC~1\ADVANC~1.DLL C:\WINDOWS\System32\replaceSearch.dll C:\WINDOWS\Downloaded Program Files\UWFX5LP_0001_0614NetInstaller.exe Return to Killbox, go to the File menu, and choose Paste from Clipboard. Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!). If your computer does not restart automatically, please restart it manually. If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click here to download and run missingfilesetup.exe. Then try Killbox again. There is almost certainly bound to be some junk (leftover bits and pieces) on your system that is doing nothing but taking up space. I would recommend that you run CCleaner. Install it, update it, check the default setting in the left-hand pane, ensure you uncheck old prefetch data found under the system tab, and under the heading of Utilities uncheck Ewido Security Suite log, then click Analyze> Run Cleaner. You may be fairly surprised by how much it finds. Also click Issues then Scan for issues � fix selected issues Copy everything inside the quote box below (starting with dir) and paste it into notepad. Go up to "File > Save As" and click the drop-down box to change the "Save As Type" to "All Files". Save it as findfile.bat on your Desktop. QUOTE dir C:\WINDOWS\system32\??erinit.exe /a h > files.txt notepad files.txt Locate findfile.bat on your Desktop and double-click on it. It will open Notepad with some text in it. Please post the contents of that Notepad here along with a new HiJackThis log. Post back a fresh HijackThis log (from normal mode) and I will take another look.(don�t forget the Ewido log and the findfile log)

rleptrone View Member Profile	Jan 20 2006, 08:05 PM Post #3
New Member Posts: 8 OS: Windows XP	Thanks for your help with tis. I do have multiple users for this PC. Each one of my family members is set-up as a user. I don't think their settings are different from mine. Also I use the antivirus and firewall provided by The Shield Pro 2006. I don't knowwhy you couldn't see it. They were both on. I did a virus scanwith my program. Ididn't findanything. I downloaded the program you suggested. It is scanning at the moment. I'll let you know what it finds and will continue with the fix. THanks, Ralph

rleptrone View Member Profile	Jan 20 2006, 10:57 PM Post #4
New Member Posts: 8 OS: Windows XP	Hallelujah! I didn't see Winfixer pop-up during the reboot. Thanks a million! Here are the file logs you requested. Logfile of HijackThis v1.99.1 Scan saved at 11:52:46 PM, on 1/20/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\pctspk.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\Program Files\Microsoft IntelliType Pro\type32.exe C:\Program Files\Microsoft IntelliPoint\point32.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe C:\Program Files\ViRobotXP\vrmonnt.exe C:\Program Files\ViRobotXP\Vrres.exe C:\Program Files\PCSecurityShield\The Shield Firewall\FireWall.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\Program Files\Advanced Searchbar\jammer.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\EarthLink TotalAccess\Spyware Blocker\SpywareBlocker.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\Program Files\Hewlett-Packard\AiO\hp officejet d series\Bin\hpoojd07.exe C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wdfmgr.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Palm\HOTSYNC.EXE C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe C:\WINDOWS\system32\hpoipm07.exe C:\WINDOWS\System32\alg.exe C:\Program Files\ViRobotXP\vrmonsvc.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\notepad.exe C:\Highjackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/more/msie...ton/search.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://start.earthlink.net/AL/Search R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.earthlink.net/AL/Search R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: EarthLink ScamBlocker V2 - {15F4D456-5BAA-4076-8486-EECB38CD3E57} - C:\Program Files\EarthLink TotalAccess\Toolbar\EScamBlk.dll O2 - BHO: Farstone Url Blocker - {316AEF8D-3C37-423E-9E6E-13820A9DC37A} - C:\PROGRA~1\PCSECU~1\THESHI~1\IrlOnIE.dll O2 - BHO: EarthLink PopUp Blocker V2 - {512ACF1B-64D9-4928-B382-A80556F28DB4} - C:\Program Files\EarthLink TotalAccess\Toolbar\ElnkPuB.dll O2 - BHO: IE_PopupBlocker Class - {656EC4B7-072B-4698-B504-2A414C1F0037} - C:\Program Files\EarthLink TotalAccess\Accelerator\prpl_IePopupBlocker.dll O2 - BHO: (no name) - {6BAB6458-C167-25E3-8720-6D5578AE2E4A} - (no file) O2 - BHO: Earthlink Protection BHO - {9579D574-D4D8-4335-9560-FE8641A013BD} - C:\Program Files\EarthLink TotalAccess\Toolbar\ProtctIE.dll O2 - BHO: Farstone Popup Blocker - {E22F9B9D-1A1F-473E-BED6-D8BC152441F4} - C:\PROGRA~1\PCSECU~1\THESHI~1\FARPOP~1.DLL O2 - BHO: Uninstall Legacy Earthlink Toolbar - {E713904C-DF05-4C79-BBAD-02DB923253BE} - C:\Program Files\EarthLink TotalAccess\Toolbar\uninsttb.dll O3 - Toolbar: EarthLink Toolbar - {C7768536-96F8-4001-B1A2-90EE21279187} - C:\Program Files\EarthLink TotalAccess\Toolbar\Toolbar.dll O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [VTPreset] VTPreset.exe O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe" O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe" O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe O4 - HKLM\..\Run: [Vrmon] C:\Program Files\ViRobotXP\vrmonnt.exe Main O4 - HKLM\..\Run: [VrSchedule] C:\Program Files\ViRobotXP\Vrres.exe O4 - HKLM\..\Run: [dwStart] C:\Program Files\PCSecurityShield\The Shield Firewall\FireWall.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKCU\..\Run: [PopupJammer] C:\Program Files\Advanced Searchbar\jammer.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\EarthLink TotalAccess\Spyware Blocker\SpywareBlocker.exe" /0 O4 - Global Startup: HPAiODevice(hp officejet d series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet d series\Bin\hpoojd07.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O4 - Global Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: Add to White List - C:\Program Files\Advanced Searchbar\addtolist.js O8 - Extra context menu item: Delete from White List - C:\Program Files\Advanced Searchbar\delfromlist.js O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: Yahoo! MahJong Solitaire - http://download.games.yahoo.com/games/clients/y/mjst3_x.cab O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/asa/LSSupCtl.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab O16 - DPF: {B160422D-0A48-11D4-BD9B-00A0C9B0AB7B} (Download Class) - http://expressit.broderbund.com/plugin/Download.cab O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/SymAData.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://download.games.yahoo.com/games/popc...aploader_v5.cab O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup145.cab O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe O23 - Service: ViRobot Expert Monitoring (vrmonsvc) - HAURI - C:\Program Files\ViRobotXP\vrmonsvc.exe findfile log Volume in drive C has no label. Volume Serial Number is 2908-1D08 Directory of C:\WINDOWS\system32 12/19/2005 12:53 PM 405,504 ??erinit.exe 08/04/2004 03:56 AM 24,576 userinit.exe 2 File(s) 430,080 bytes Directory of C:\Documents and Settings\Ralph Leptrone\Desktop --------------------------------------------------------- ewido anti-malware - Scan report --------------------------------------------------------- + Created on: 11:02:21 PM, 1/20/2006 + Report-Checksum: 3F320B5D + Scan result: HKLM\SOFTWARE\Classes\AppID\{8C65AEF6-E413-4314-815B-82717A3F1603} -> Adware.WinFixer : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{09F0F280-FB9A-481B-B69A-CB00DC44D027} -> Spyware.AdvancedSearchbar : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{77712A64-F30B-47C8-A363-CDA1CEC7DC1B} -> Spyware.AdvancedSearchbar : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{832BEBED-C3DA-4534-A2C2-B2FFF220C820} -> Spyware.Hijacker.Generic : Cleaned with backup HKLM\SOFTWARE\Classes\drs.n -> Adware.Searchforit : Cleaned with backup HKLM\SOFTWARE\Classes\Interface\{20F13844-04BC-4987-9964-2502F0DA54D3} -> Spyware.PurityScan : Cleaned with backup HKLM\SOFTWARE\Classes\Interface\{3E43040C-73C1-4898-A4F8-E2C9428B1167} -> Spyware.PurityScan : Cleaned with backup HKLM\SOFTWARE\Classes\Interface\{4F79D1C5-24F9-4E59-8022-604D4B41D5CA} -> Adware.WinFixer : Cleaned with backup HKLM\SOFTWARE\Classes\ReplaceSearch.ReplaceSearchCtl -> Adware.Searchforit : Cleaned with backup HKLM\SOFTWARE\Classes\ReplaceSearch.ReplaceSearchCtl\CLSID -> Adware.Searchforit : Cleaned with backup HKLM\SOFTWARE\Classes\ReplaceSearch.ReplaceSearchCtl\CurVer -> Adware.Searchforit : Cleaned with backup HKLM\SOFTWARE\Classes\ReplaceSearch.ReplaceSearchCtl.1 -> Adware.Searchforit : Cleaned with backup HKLM\SOFTWARE\Classes\TypeLib\{30ED49A5-CA6C-4918-B5F3-5E6818C91D8B} -> Adware.WinFixer : Cleaned with backup HKLM\SOFTWARE\Classes\TypeLib\{EE6F3F6A-AD8E-48DA-9B1D-D5204B2D227D} -> Spyware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\ClickSpring -> Spyware.PurityScan : Cleaned with backup HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -> Spyware.PopularScreensavers : Cleaned with backup HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{77712A64-F30B-47C8-A363-CDA1CEC7DC1B} -> Spyware.AdvancedSearchbar : Cleaned with backup HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{09F0F280-FB9A-481B-B69A-CB00DC44D027} -> Spyware.AdvancedSearchbar : Cleaned with backup HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{77712A64-F30B-47C8-A363-CDA1CEC7DC1B} -> Spyware.AdvancedSearchbar : Cleaned with backup HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{832BEBED-C3DA-4534-A2C2-B2FFF220C820} -> Spyware.Hijacker.Generic : Cleaned with backup HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MediaTickets -> Spyware.PurityScan : Cleaned with backup HKLM\SOFTWARE\WinSoftware -> Adware.WinFixer : Cleaned with backup HKU\S-1-5-21-73586283-1580436667-839522115-1003\Software\DR_S -> Adware.Searchforit : Cleaned with backup HKU\S-1-5-21-73586283-1580436667-839522115-1003\Software\DR_S\dp -> Adware.Searchforit : Cleaned with backup HKU\S-1-5-21-73586283-1580436667-839522115-1003\Software\DR_S\dp\adsh -> Adware.Searchforit : Cleaned with backup HKU\S-1-5-21-73586283-1580436667-839522115-1003\Software\DR_S\dp\ezu -> Adware.Searchforit : Cleaned with backup HKU\S-1-5-21-73586283-1580436667-839522115-1003\Software\DR_S\dp\sfisb -> Adware.Searchforit : Cleaned with backup HKU\S-1-5-21-73586283-1580436667-839522115-1003\Software\DR_S\dp\sfitb -> Adware.Searchforit : Cleaned with backup HKU\S-1-5-21-73586283-1580436667-839522115-1003\Software\DR_S\dp\wu -> Adware.Searchforit : Cleaned with backup HKU\S-1-5-21-73586283-1580436667-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{09F0F280-FB9A-481B-B69A-CB00DC44D027} -> Spyware.AdvancedSearchbar : Cleaned with backup HKU\S-1-5-21-73586283-1580436667-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{77712A64-F30B-47C8-A363-CDA1CEC7DC1B} -> Spyware.AdvancedSearchbar : Cleaned with backup HKU\S-1-5-21-73586283-1580436667-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{832BEBED-C3DA-4534-A2C2-B2FFF220C820} -> Spyware.Hijacker.Generic : Cleaned with backup HKU\S-1-5-21-73586283-1580436667-839522115-1003\Software\searchforit -> Adware.Searchforit : Cleaned with backup HKU\S-1-5-21-73586283-1580436667-839522115-1003\Software\searchforit\searchforit -> Adware.Searchforit : Cleaned with backup HKU\S-1-5-21-73586283-1580436667-839522115-1003\Software\searchforit\searchforit\Historyfiles -> Adware.Searchforit : Cleaned with backup HKU\S-1-5-21-73586283-1580436667-839522115-1003\Software\searchforit\searchforit\Historys1 -> Adware.Searchforit : Cleaned with backup HKU\S-1-5-21-73586283-1580436667-839522115-1003\Software\WinSoftware -> Adware.WinFixer : Cleaned with backup C:\WINDOWS\system32\oins.exe -> Spyware.MediaTickets : Cleaned with backup C:\WINDOWS\system32\replaceSearch.dll -> Spyware.ReSearch : Cleaned with backup C:\WINDOWS\mtuninst.exe -> Adware.MediaTickets : Cleaned with backup C:\WINDOWS\Downloaded Program Files\popcaploader.dll -> Not-A-Virus.RiskWare.Downloader.PopCap.a : Cleaned with backup C:\WINDOWS\Downloaded Program Files\AktiveSekurity.ocx -> Not-A-Virus.VirTool.Collector : Cleaned with backup C:\WINDOWS\Downloaded Program Files\desktop-celebrita.exe -> Heuristic.Win32.Dialer : Cleaned with backup C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UWFX5LP_0001_0803NetInstaller.exe -> Not-A-Virus.Downloader.Agent.c : Cleaned with backup C:\WINDOWS\Downloaded Program Files\CONFLICT.2\UWFX5LP_0001_0803NetInstaller.exe -> Not-A-Virus.Downloader.Agent.c : Cleaned with backup C:\WINDOWS\Downloaded Program Files\UWFX5LP_0001_0614NetInstaller.exe -> Not-A-Virus.Downloader.Agent.e : Cleaned with backup C:\WINDOWS\Downloaded Program Files\UWFX5LP_0001_0802NetInstaller.exe -> Not-A-Virus.Downloader.Agent.c : Cleaned with backup C:\WINDOWS\Downloaded Program Files\UWFX5LP_0001_0803NetInstaller.exe -> Not-A-Virus.Downloader.Agent.c : Cleaned with backup C:\WINDOWS\Downloaded Program Files\UWFX5NetInstaller.exe -> Not-A-Virus.Downloader.Agent.d : Cleaned with backup C:\WINDOWS\Downloaded Program Files\UWFX5_0001_MNINetInstaller.exe -> Adware.Virtumonde : Cleaned with backup C:\WINDOWS\Downloaded Program Files\UERSNetInstaller.exe -> Not-A-Virus.Downloader.Agent.d : Cleaned with backup C:\WINDOWS\Downloaded Program Files\UWFX5_0001_N57M2811NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.b : Cleaned with backup C:\Documents and Settings\Ralph Leptrone\Local Settings\Temp\Cookies\ralph leptrone@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup C:\Documents and Settings\Ralph Leptrone\Local Settings\Temporary Internet Files\Content.IE5\0RAFUHIP\mm[1].js -> Spyware.Chitika : Cleaned with backup C:\Documents and Settings\Ralph Leptrone\Local Settings\Temporary Internet Files\Content.IE5\O9WHMV41\!update-2995[1].0000 -> Adware.MediaTickets : Cleaned with backup C:\Documents and Settings\Ralph Leptrone\Cookies\ralph leptrone@sales.liveperson[2].txt -> Spyware.Cookie.Liveperson : Cleaned with backup C:\Documents and Settings\Ralph Leptrone\Cookies\ralph leptrone@sales.liveperson[1].txt -> Spyware.Cookie.Liveperson : Cleaned with backup C:\Documents and Settings\Ralph Leptrone\Cookies\ralph leptrone@atdmt[1].txt -> Spyware.Cookie.Atdmt : Cleaned with backup C:\Documents and Settings\Ralph Leptrone\Cookies\ralph leptrone@hypertracker[1].txt -> Spyware.Cookie.Hypertracker : Cleaned with backup C:\Documents and Settings\Ralph Leptrone\Cookies\ralph leptrone@yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup C:\Documents and Settings\Ralph Leptrone\Cookies\ralph leptrone@adbrite[1].txt -> Spyware.Cookie.Adbrite : Cleaned with backup C:\Documents and Settings\Ralph Leptrone\Cookies\ralph leptrone@ad.yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup C:\Documents and Settings\Ralph Leptrone\Cookies\ralph leptrone@sales.liveperson[4].txt -> Spyware.Cookie.Liveperson : Cleaned with backup C:\Documents and Settings\Ralph Leptrone\Application Data\Earthlink\6.0\rleptrone@earthlink.net\Cookies\ralph leptrone@sales.liveperson[2].txt -> Spyware.Cookie.Liveperson : Cleaned with backup C:\Documents and Settings\Ralph Leptrone\Application Data\Earthlink\6.0\rleptrone@earthlink.net\Cookies\ralph leptrone@sales.liveperson[1].txt -> Spyware.Cookie.Liveperson : Cleaned with backup C:\Documents and Settings\Ralph Leptrone\Application Data\Earthlink\6.0\rleptrone@earthlink.net\Cookies\ralph leptrone@edge.ru4[2].txt -> Spyware.Cookie.Ru4 : Cleaned with backup C:\Documents and Settings\Ralph Leptrone\Application Data\Earthlink\6.0\rleptrone@earthlink.net\Cookies\ralph leptrone@revenue[2].txt -> Spyware.Cookie.Revenue : Cleaned with backup C:\Documents and Settings\Ralph Leptrone\Application Data\Earthlink\6.0\rleptrone@earthlink.net\Cookies\ralph leptrone@hypertracker[1].txt -> Spyware.Cookie.Hypertracker : Cleaned with backup C:\Documents and Settings\Ralph Leptrone\Application Data\Earthlink\6.0\rleptrone@earthlink.net\Cookies\ralph leptrone@edge.ru4[1].txt -> Spyware.Cookie.Ru4 : Cleaned with backup C:\Documents and Settings\Debbi Leptrone\Local Settings\Temp\Cookies\debbi leptrone@e-2dj6wfkiwhcjcgo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Debbi Leptrone\Local Settings\Temp\Cookies\debbi leptrone@tribalfusion[2].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup C:\Documents and Settings\Debbi Leptrone\Local Settings\Temp\Cookies\debbi leptrone@advertising[2].txt -> Spyware.Cookie.Advertising : Cleaned with backup C:\Documents and Settings\Debbi Leptrone\Local Settings\Temp\Cookies\debbi leptrone@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup C:\Documents and Settings\Debbi Leptrone\Local Settings\Temp\Cookies\debbi leptrone@z1.adserver[1].txt -> Spyware.Cookie.Adserver : Cleaned with backup C:\Documents and Settings\Debbi Leptrone\Local Settings\Temp\Cookies\debbi leptrone@tribalfusion[1].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup C:\Documents and Settings\Debbi Leptrone\Local Settings\Temp\Cookies\debbi leptrone@bluestreak[1].txt -> Spyware.Cookie.Bluestreak : Cleaned with backup C:\Documents and Settings\Debbi Leptrone\Local Settings\Temp\Cookies\debbi leptrone@servedby.advertising[2].txt -> Spyware.Cookie.Advertising : Cleaned with backup C:\Documents and Settings\Debbi Leptrone\Local Settings\Temp\Cookies\debbi leptrone@e-2dj6wjk4olcpaco.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Debbi Leptrone\Local Settings\Temp\Cookies\debbi leptrone@e-2dj6wjl4oldpgho.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Debbi Leptrone\Local Settings\Temp\Cookies\debbi leptrone@e-2dj6wjloeidzwdo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Debbi Leptrone\Local Settings\Temp\Cookies\debbi leptrone@e-2dj6wjkyohajodo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Debbi Leptrone\Local Settings\Temp\Cookies\debbi leptrone@e-2dj6wjnygmazskp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Debbi Leptrone\Local Settings\Temp\Cookies\debbi leptrone@edge.ru4[1].txt -> Spyware.Cookie.Ru4 : Cleaned with backup C:\Documents and Settings\Debbi Leptrone\Local Settings\Temp\Cookies\debbi leptrone@servedby.advertising[3].txt -> Spyware.Cookie.Advertising : Cleaned with backup C:\Documents and Settings\Debbi Leptrone\Local Settings\Temp\Cookies\debbi leptrone@ads.addynamix[1].txt -> Spyware.Cookie.Addynamix : Cleaned with backup C:\Documents and Settings\Debbi Leptrone\Local Settings\Temp\Cookies\debbi leptrone@citi.bridgetrack[1].txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup C:\Documents and Settings\Debbi Leptrone\Local Settings\Temp\Cookies\debbi leptrone@z1.adserver[3].txt -> Spyware.Cookie.Adserver : Cleaned with backup C:\Documents and Settings\Debbi Leptrone\Local Settings\Temp\Cookies\debbi leptrone@casalemedia[1].txt -> Spyware.Cookie.Casalemedia : Cleaned with backup C:\Documents and Settings\Debbi Leptrone\Local Settings\Temp\Cookies\debbi leptrone@bluestreak[2].txt -> Spyware.Cookie.Bluestreak : Cleaned with backup C:\Documents and Settings\Debbi Leptrone\Local Settings\Temp\Cookies\debbi leptrone@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup C:\Documents and Settings\Debbi Leptrone\Local Settings\Temp\Cookies\debbi leptrone@advertising[3].txt -> Spyware.Cookie.Advertising : Cleaned with backup C:\Documents and Settings\Debbi Leptrone\Local Settings\Temp\Cookies\debbi leptrone@fastclick[2].txt -> Spyware.Cookie.Fastclick : Cleaned with backup C:\Documents and Settings\Debbi Leptrone\Local Settings\Temp\Cookies\debbi leptrone@statse.webtrendslive[1].txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup C:\Documents and Settings\Debbi Leptrone\Local Settings\Temp\Cookies\debbi leptrone@ads.pointroll[2].txt -> Spyware.Cookie.Pointroll : Cleaned with backup C:\Documents and Settings\Debbi Leptrone\Local Settings\Temp\Cookies\debbi leptrone@questionmarket[1].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup C:\Documents and Settings\Debbi Leptrone\Local Settings\Temp\Cookies\debbi leptrone@centrport[1].txt -> Spyware.Cookie.Centrport : Cleaned with backup C:\Documents and Settings\Debbi Leptrone\Local Settings\Temp\Cookies\debbi leptrone@2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup C:\Documents and Settings\Debbi Leptrone\Local Settings\Temp\Cookies\debbi leptrone@mediaplex[2].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup C:\Documents and Settings\Debbi Leptrone\Local Settings\Temp\Cookies\debbi leptrone@e-2dj6wjlikkdpsfq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Debbi Leptrone\Cookies\debbi leptrone@questionmarket[1].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup C:\Documents and Settings\Debbi Leptrone\Cookies\debbi leptrone@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkycpd5ocpq2dj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Debbi Leptrone\Cookies\debbi leptrone@2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup C:\Documents and Settings\Debbi Leptrone\Cookies\debbi leptrone@y-1shz2prbmdj6wvny-1sez2pra2dj6wjloknajkgoasdj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Debbi Leptrone\Cookies\debbi leptrone@y-1shz2prbmdj6wvny-1sez2pra2dj6wjnyolazkkqaidj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Debbi Leptrone\Cookies\debbi leptrone@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkokkc5gfow2dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Debbi Leptrone\Cookies\debbi leptrone@a-1shz2prbmdj6wvny-1sez2pra2dj6wjlokld5kdoa-1dj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Debbi Leptrone\Cookies\debbi leptrone@y-1shz2prbmdj6wvny-1sez2pra2dj6wfliehcpgcpgidj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Debbi Leptrone\Cookies\debbi leptrone@casalemedia[2].txt -> Spyware.Cookie.Casalemedia : Cleaned with backup C:\Documents and Settings\Debbi Leptrone\Cookies\debbi leptrone@serving-sys[2].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup C:\Documents and Settings\Debbi Leptrone\Cookies\debbi leptrone@bs.serving-sys[1].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup C:\Documents and Settings\Debbi Leptrone\Cookies\debbi leptrone@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkyukdzakqaqdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Debbi Leptrone\Cookies\debbi leptrone@y-1shz2prbmdj6wvny-1sez2pra2dj6wjl4kjczwbpaqdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Debbi Leptrone\Cookies\debbi leptrone@a-1shz2prbmdj6wvny-1sez2pra2dj6wjny-1gcpgkogsdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Debbi Leptrone\Cookies\debbi leptrone@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkoemazobqaidj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Debbi Leptrone\Cookies\debbi leptrone@casalemedia[1].txt -> Spyware.Cookie.Casalemedia : Cleaned with backup C:\Documents and Settings\Debbi Leptrone\Cookies\debbi leptrone@2o7[4].txt -> Spyware.Cookie.2o7 : Cleaned with backup C:\Documents and Settings\Debbi Leptrone\Cookies\debbi leptrone@www.burstbeacon[3].txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup C:\Documents and Settings\Debbi Leptrone\Cookies\debbi leptrone@2o7[5].txt -> Spyware.Cookie.2o7 : Cleaned with backup C:\Documents and Settings\Debbi Leptrone\Cookies\debbi leptrone@findwhat[1].txt -> Spyware.Cookie.Findwhat : Cleaned with backup C:\Documents and Settings\Debbi Leptrone\Cookies\debbi leptrone@serving-sys[1].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup C:\Documents and Settings\Debbi Leptrone\Cookies\debbi leptrone@e-2dj6wjkyehdzmko.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Debbi Leptrone\Cookies\debbi leptrone@e-2dj6wfk4amczedp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Debbi Leptrone\Cookies\debbi leptrone@e-2dj6wjkyukdzakq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Debbi Leptrone\Cookies\debbi leptrone@e-2dj6wjlicpczafo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Debbi Leptrone\Cookies\debbi leptrone@e-2dj6wjlyagc5oco.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Debbi Leptrone\Cookies\debbi leptrone@e-2dj6wjl4wgd5slp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Debbi Leptrone\Cookies\debbi leptrone@2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup C:\Documents and Settings\Debbi Leptrone\Cookies\debbi leptrone@e-2dj6wjny-1kdjok.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Debbi Leptrone\Cookies\debbi leptrone@e-2dj6wjkoqiazkkp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Debbi Leptrone\Cookies\debbi leptrone@questionmarket[2].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup C:\Documents and Settings\Debbi Leptrone\Cookies\debbi leptrone@e-2dj6wfkoaldpakp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Debbi Leptrone\Cookies\debbi leptrone@edge.ru4[2].txt -> Spyware.Cookie.Ru4 : Cleaned with backup C:\Documents and Settings\Debbi Leptrone\Cookies\debbi leptrone@serving-sys[3].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup C:\Documents and Settings\Debbi Leptrone\Cookies\debbi leptrone@bs.serving-sys[4].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup C:\Documents and Settings\Debbi Leptrone\Cookies\debbi leptrone@ads.pointroll[1].txt -> Spyware.Cookie.Pointroll : Cleaned with backup C:\Documents and Settings\Debbi Leptrone\Cookies\debbi leptrone@e-2dj6wjk4gjc5ebo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Debbi Leptrone\Cookies\debbi leptrone@e-2dj6wjmywidzwlo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Debbi Leptrone\Cookies\debbi leptrone@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup C:\Documents and Settings\Debbi Leptrone\Cookies\debbi leptrone@sales.liveperson[1].txt -> Spyware.Cookie.Liveperson : Cleaned with backup C:\Documents and Settings\Debbi Leptrone\Cookies\debbi leptrone@perf.overture[1].txt -> Spyware.Cookie.Overture : Cleaned with backup C:\Documents and Settings\Debbi Leptrone\Cookies\debbi leptrone@y-1shz2prbmdj6wvny-1sez2pra2dj6wfkyuhdzocqaidj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Debbi Leptrone\Cookies\debbi leptrone@sales.liveperson[2].txt -> Spyware.Cookie.Liveperson : Cleaned with backup C:\Documents and Settings\Debbi Leptrone\Cookies\debbi leptrone@y-1shz2prbmdj6wvny-1sez2pra2dj6wjloaidjiloaudj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Debbi Leptrone\Cookies\debbi leptrone@ads39.hyperbanner[1].txt -> Spyware.Cookie.Hyperbanner : Cleaned with backup C:\Documents and Settings\Debbi Leptrone\Cookies\debbi leptrone@y-1shz2prbmdj6wvny-1sez2pra2dj6wjnyamdziboaydj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Debbi Leptrone\Cookies\debbi leptrone@www.burstbeacon[1].txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup C:\Documents and Settings\Debbi Leptrone\Cookies\debbi leptrone@y-1shz2prbmdj6wvny-1sez2pra2dj6wjloopazacogidj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Debbi Leptrone\Cookies\debbi leptrone@-1shz2prbmdj6wvny-1sez2pra2dj6wjny-1odjwaog6dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Debbi Leptrone\Cookies\debbi leptrone@ads39.bpath[1].txt -> Spyware.Cookie.Bpath : Cleaned with backup C:\Documents and Settings\Debbi Leptrone\Cookies\debbi leptrone@y-1shz2prbmdj6wvny-1sez2pra2dj6wjnyondzsapgudj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Debbi Leptrone\Cookies\debbi leptrone@y-1shz2prbmdj6wvny-1sez2pra2dj6wfkysgdjihoaudj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Debbi Leptrone\Cookies\debbi leptrone@ads.x10[1].txt -> Spyware.Cookie.X10 : Cleaned with backup C:\Documents and Settings\Debbi Leptrone\Cookies\debbi leptrone@y-1shz2prbmdj6wvny-1sez2pra2dj6wjliwpc5cdogqdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Debbi Leptrone\Cookies\debbi leptrone@y-1shz2prbmdj6wvny-1sez2pra2dj6wfk4ohc5wfow6dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Debbi Leptrone\Cookies\debbi leptrone@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkycpajcdowidj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Debbi Leptrone\Cookies\debbi leptrone@y-1shz2prbmdj6wvny-1sez2pra2dj6wjmikkc5kaoqwdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Debbi Leptrone\Cookies\debbi leptrone@bs.serving-sys[2].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup C:\Documents and Settings\Debbi Leptrone\Cookies\debbi leptrone@y-1shz2prbmdj6wvny-1sez2pra2dj6wjk4uidpshpgwdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Debbi Leptrone\Cookies\debbi leptrone@adopt.euroclick[1].txt -> Spyware.Cookie.Euroclick : Cleaned with backup C:\Documents and Settings\Debbi Leptrone\Cookies\debbi leptrone@e-2dj6wfk4qocjocq.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Debbi Leptrone\Cookies\debbi leptrone@e-2dj6wjlowgazaao.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Debbi Leptrone\Cookies\debbi leptrone@e-2dj6wjkoojcjwlq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Debbi Leptrone\Cookies\debbi leptrone@e-2dj6wjkyuoajcgp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Debbi Leptrone\Cookies\debbi leptrone@e-2dj6wfkiandzibp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Debbi Leptrone\Cookies\debbi leptrone@e-2dj6wjlismajwep.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Debbi Leptrone\Cookies\debbi leptrone@2o7[3].txt -> Spyware.Cookie.2o7 : Cleaned with backup C:\Documents and Settings\Debbi Leptrone\Cookies\debbi leptrone@bs.serving-sys[3].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup C:\Documents and Settings\Debbi Leptrone\Cookies\debbi leptrone@e-2dj6wfmiwid5kbp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Debbi Leptrone\Cookies\debbi leptrone@e-2dj6wfmichczalp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Debbi Leptrone\Cookies\debbi leptrone@e-2dj6wfmiwldpelo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Debbi Leptrone\Cookies\debbi leptrone@e-2dj6wjnyajdzgfq.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Debbi Leptrone\Cookies\debbi leptrone@casalemedia[3].txt -> Spyware.Cookie.Casalemedia : Cleaned with backup C:\Documents and Settings\Debbi Leptrone\Cookies\debbi leptrone@e-2dj6wfkoeodpoep.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Debbi Leptrone\Cookies\debbi leptrone@e-2dj6wfkisldjihp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Debbi Leptrone\Cookies\debbi leptrone@e-2dj6wjliujcjobo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Debbi Leptrone\Cookies\debbi leptrone@e-2dj6wjliqgcjgdo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Debbi Leptrone\Cookies\debbi leptrone@questionmarket[3].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup C:\Documents and Settings\Debbi Leptrone\Cookies\debbi leptrone@adopt.specificclick[2].txt -> Spyware.Cookie.Specificclick : Cleaned with backup C:\Documents and Settings\Debbi Leptrone\Cookies\debbi leptrone@e-2dj6wjmioid5map.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Debbi Leptrone\Cookies\debbi leptrone@e-2dj6wfk4oldpmco.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Debbi Leptrone\Cookies\debbi leptrone@e-2dj6wjny-1kd5ce.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Debbi Leptrone\Cookies\debbi leptrone@e-2dj6wjk4kjd5cho.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Debbi Leptrone\Cookies\debbi leptrone@casalemedia[4].txt -> Spyware.Cookie.Casalemedia : Cleaned with backup C:\Documents and Settings\Debbi Leptrone\Cookies\debbi leptrone@e-2dj6wjmyendjglo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Debbi Leptrone\Cookies\debbi leptrone@e-2dj6wfk4skczceq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Debbi Leptrone\Cookies\debbi leptrone@e-2dj6wjnyepdjsep.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Debbi Leptrone\Cookies\debbi leptrone@e-2dj6wjk4chdzgdp.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Debbi Leptrone\Cookies\debbi leptrone@e-2dj6wjnyohdjmlp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Debbi Leptrone\Cookies\debbi leptrone@e-2dj6wjnywhcpkbp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Debbi Leptrone\Cookies\debbi leptrone@e-2dj6wjl4uhd5wdp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Debbi Leptrone\Cookies\debbi leptrone@e-2dj6wjkoglazokp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Debbi Leptrone\Cookies\debbi leptrone@e-2dj6wjnysicpakp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Debbi Leptrone\Cookies\debbi leptrone@burstnet[2].txt -> Spyware.Cookie.Burstnet : Cleaned with backup C:\Documents and Settings\Debbi Leptrone\Cookies\debbi leptrone@e-2dj6wjmycjajkbo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Debbi Leptrone\Cookies\debbi leptrone@e-2dj6wjnysoazoco.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Debbi Leptrone\Cookies\debbi leptrone@centrport[1].txt -> Spyware.Cookie.Centrport : Cleaned with backup C:\Documents and Settings\Debbi Leptrone\Cookies\debbi leptrone@edge.ru4[3].txt -> Spyware.Cookie.Ru4 : Cleaned with backup C:\Documents and Settings\Debbi Leptrone\Cookies\debbi leptrone@www.burstbeacon[2].txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup C:\Documents and Settings\Debbi Leptrone\Cookies\debbi leptrone@e-2dj6wjkoslcpcko.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Debbi Leptrone\Cookies\debbi leptrone@e-2dj6wjny-1nd5ee.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Debbi Leptrone\Cookies\debbi leptrone@e-2dj6wjkyqpc5khp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Debbi Leptrone\Cookies\debbi leptrone@e-2dj6wjny-1jczsb.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Debbi Leptrone\Cookies\debbi leptrone@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup C:\Documents and Settings\Debbi Leptrone\Cookies\debbi leptrone@e-2dj6wjkooncjmhp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Debbi Leptrone\Cookies\debbi leptrone@e-2dj6wjnyopczmgp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Debbi Leptrone\Cookies\debbi leptrone@e-2dj6wjlianczodo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Debbi Leptrone\Cookies\debbi leptrone@e-2dj6wfkisgdzgco.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Debbi Leptrone\Cookies\debbi leptrone@e-2dj6wjkyulajibo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Debbi Leptrone\Cookies\debbi leptrone@e-2dj6wfkikgajelp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Debbi Leptrone\Cookies\debbi leptrone@e-2dj6wgkywjdzcep.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Debbi Leptrone\Cookies\debbi leptrone@ad.yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup C:\Documents and Settings\Debbi Leptrone\Cookies\debbi leptrone@ads.pointroll[3].txt -> Spyware.Cookie.Pointroll : Cleaned with backup C:\Documents and Settings\Debbi Leptrone\Cookies\debbi leptrone@ads.addynamix[2].txt -> Spyware.Cookie.Addynamix : Cleaned with backup C:\Documents and Settings\Debbi Leptrone\Cookies\debbi leptrone@questionmarket[4].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup C:\Documents and Settings\Debbi Leptrone\Cookies\debbi leptrone@ads.bridgetrack[1].txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup C:\Documents and Settings\Debbi Leptrone\Cookies\debbi leptrone@e-2dj6wjlisoczwfp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Debbi Leptrone\Cookies\debbi leptrone@buildabear.122.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup C:\Documents and Settings\Debbi Leptrone\Cookies\debbi leptrone@edge.ru4[4].txt -> Spyware.Cookie.Ru4 : Cleaned with backup C:\Documents and Settings\Debbi Leptrone\Cookies\debbi leptrone@e-2dj6wfkiumdjeco.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Debbi Leptrone\Cookies\debbi leptrone@hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup C:\Documents and Settings\Debbi Leptrone\Cookies\debbi leptrone@ehg-pizzahut.hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup C:\Documents and Settings\Debbi Leptrone\Cookies\debbi leptrone@statse.webtrendslive[1].txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup C:\Documents and Settings\Debbi Leptrone\Cookies\debbi leptrone@z1.adserver[1].txt -> Spyware.Cookie.Adserver : Cleaned with backup C:\Documents and Settings\Debbi Leptrone\Cookies\debbi leptrone@serving-sys[5].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup C:\Documents and Settings\Debbi Leptrone\Cookies\debbi leptrone@ads.pointroll[2].txt -> Spyware.Cookie.Pointroll : Cleaned with backup C:\Documents and Settings\Debbi Leptrone\Cookies\debbi leptrone@rccl.bridgetrack[1].txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup C:\Documents and Settings\Debbi Leptrone\Cookies\debbi leptrone@advertising[2].txt -> Spyware.Cookie.Advertising : Cleaned with backup C:\Documents and Settings\Debbi Leptrone\Cookies\debbi leptrone@bluestreak[2].txt -> Spyware.Cookie.Bluestreak : Cleaned with backup C:\Documents and Settings\Debbi Leptrone\Cookies\debbi leptrone@e-2dj6wjkyghajicp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Debbi Leptrone\Cookies\debbi leptrone@e-2dj6wjlocjdjkgp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Debbi Leptrone\Cookies\debbi leptrone@tribalfusion[2].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup C:\Documents and Settings\Debbi Leptrone\Cookies\debbi leptrone@mediaplex[1].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup C:\Documents and Settings\Debbi Leptrone\Application Data\Earthlink\6.0\rleptrone@earthlink.net\Cookies\debbi leptrone@y-1shz2prbmdj6wvny-1sez2pra2dj6wfkyuhdzocqaidj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Debbi Leptrone\Application Data\Earthlink\6.0\rleptrone@earthlink.net\Cookies\debbi leptrone@2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup C:\Documents and Settings\Debbi Leptrone\Application Data\Earthlink\6.0\rleptrone@earthlink.net\Cookies\debbi leptrone@questionmarket[1].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup C:\Documents and Settings\Debbi Leptrone\Application Data\Earthlink\6.0\rleptrone@earthlink.net\Cookies\debbi leptrone@sales.liveperson[2].txt -> Spyware.Cookie.Liveperson : Cleaned with backup C:\Documents and Settings\Debbi Leptrone\Application Data\Earthlink\6.0\rleptrone@earthlink.net\Cookies\debbi leptrone@y-1shz2prbmdj6wvny-1sez2pra2dj6wjloaidjiloaudj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Debbi Leptrone\Application Data\Earthlink\6.0\rleptrone@earthlink.net\Cookies\debbi leptrone@ads39.hyperbanner[1].txt -> Spyware.Cookie.Hyperbanner : Cleaned with backup C:\Documents and Settings\Debbi Leptrone\Application Data\Earthlink\6.0\rleptrone@earthlink.net\Cookies\debbi leptrone@y-1shz2prbmdj6wvny-1sez2pra2dj6wjnyamdziboaydj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Debbi Leptrone\Application Data\Earthlink\6.0\rleptrone@earthlink.net\Cookies\debbi leptrone@www.burstbeacon[1].txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup C:\Documents and Settings\Debbi Leptrone\Application Data\Earthlink\6.0\rleptrone@earthlink.net\Cookies\debbi leptrone@y-1shz2prbmdj6wvny-1sez2pra2dj6wjloopazacogidj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Debbi Leptrone\Application Data\Earthlink\6.0\rleptrone@earthlink.net\Cookies\debbi leptrone@serving-sys[2].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup C:\Documents and Settings\Debbi Leptrone\Application Data\Earthlink\6.0\rleptrone@earthlink.net\Cookies\debbi leptrone@-1shz2prbmdj6wvny-1sez2pra2dj6wjny-1odjwaog6dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Debbi Leptrone\Application Data\Earthlink\6.0\rleptrone@earthlink.net\Cookies\debbi leptrone@ads.pointroll[1].txt -> Spyware.Cookie.Pointroll : Cleaned with backup C:\Documents and Settings\Debbi Leptrone\Application Data\Earthlink\6.0\rleptrone@earthlink.net\Cookies\debbi leptrone@ads39.bpath[1].txt -> Spyware.Cookie.Bpath : Cleaned with backup C:\Documents and Settings\Debbi Leptrone\Application Data\Earthlink\6.0\rleptrone@earthlink.net\Cookies\debbi leptrone@y-1shz2prbmdj6wvny-1sez2pra2dj6wjnyondzsapgudj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Debbi Leptrone\Application Data\Earthlink\6.0\rleptrone@earthlink.net\Cookies\debbi leptrone@y-1shz2prbmdj6wvny-1sez2pra2dj6wfkysgdjihoaudj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Debbi Leptrone\Application Data\Earthlink\6.0\rleptrone@earthlink.net\Cookies\debbi leptrone@ads.x10[1].txt -> Spyware.Cookie.X10 : Cleaned with backup C:\Documents and Settings\Debbi Leptrone\Application Data\Earthlink\6.0\rleptrone@earthlink.net\Cookies\debbi leptrone@y-1shz2prbmdj6wvny-1sez2pra2dj6wjliwpc5cdogqdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Debbi Leptrone\Application Data\Earthlink\6.0\rleptrone@earthlink.net\Cookies\debbi leptrone@y-1shz2prbmdj6wvny-1sez2pra2dj6wfk4ohc5wfow6dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Debbi Leptrone\Application Data\Earthlink\6.0\rleptrone@earthlink.net\Cookies\debbi leptrone@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkycpajcdowidj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Debbi Leptrone\Application Data\Earthlink\6.0\rleptrone@earthlink.net\Cookies\debbi leptrone@y-1shz2prbmdj6wvny-1sez2pra2dj6wjmikkc5kaoqwdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Debbi Leptrone\Application Data\Earthlink\6.0\rleptrone@earthlink.net\Cookies\debbi leptrone@bs.serving-sys[2].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup C:\Documents and Settings\Debbi Leptrone\Application Data\Earthlink\6.0\rleptrone@earthlink.net\Cookies\debbi leptrone@edge.ru4[2].txt -> Spyware.Cookie.Ru4 : Cleaned with backup C:\Documents and Settings\Debbi Leptrone\Application Data\Earthlink\6.0\rleptrone@earthlink.net\Cookies\debbi leptrone@y-1shz2prbmdj6wvny-1sez2pra2dj6wjk4uidpshpgwdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Maggie Leptrone\Cookies\maggie leptrone@ads.pointroll[1].txt -> Spyware.Cookie.Pointroll : Cleaned with backup C:\Documents and Settings\Maggie Leptrone\Cookies\maggie leptrone@bs.serving-sys[1].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup C:\Documents and Settings\Maggie Leptrone\Cookies\maggie leptrone@2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup C:\Documents and Settings\Maggie Leptrone\Cookies\maggie leptrone@serving-sys[1].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup C:\Documents and Settings\Maggie Leptrone\Cookies\maggie leptrone@casalemedia[1].txt -> Spyware.Cookie.Casalemedia : Cleaned with backup C:\Documents and Settings\Maggie Leptrone\Cookies\maggie leptrone@questionmarket[2].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup C:\Documents and Settings\Maggie Leptrone\Cookies\maggie leptrone@edge.ru4[2].txt -> Spyware.Cookie.Ru4 : Cleaned with backup C:\Documents and Settings\Maggie Leptrone\Cookies\maggie leptrone@hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup C:\Documents and Settings\Maggie Leptrone\Cookies\maggie leptrone@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup C:\Documents and Settings\Maggie Leptrone\Cookies\maggie leptrone@ehg-dig.hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup C:\Program Files\FunWebProducts\Installr\1.bin\F3EZSETP.DLL -> Downloader.FunWeb.a : Cleaned with backup C:\System Volume Information\_restore{EE19DFBE-1131-43CC-BA83-21B18EE7E325}\RP596\A0082454.dll -> Spyware.PurityScan : Cleaned with backup C:\System Volume Information\_restore{EE19DFBE-1131-43CC-BA83-21B18EE7E325}\RP596\A0082455.exe -> Spyware.MediaTickets : Cleaned with backup C:\System Volume Information\_restore{EE19DFBE-1131-43CC-BA83-21B18EE7E325}\RP599\A0082492.dll -> Adware.PurityScan : Cleaned with backup C:\System Volume Information\_restore{EE19DFBE-1131-43CC-BA83-21B18EE7E325}\RP617\A0085690.dll -> Adware.Winfixer : Cleaned with backup C:\System Volume Information\_restore{EE19DFBE-1131-43CC-BA83-21B18EE7E325}\RP625\A0087103.exe -> Adware.MediaTickets : Cleaned with backup C:\System Volume Information\_restore{EE19DFBE-1131-43CC-BA83-21B18EE7E325}\RP634\A0089107.dll -> Adware.PurityScan : Cleaned with backup C:\My Documents\Data\incredifind.exe -> Downloader.Keenval.e : Cleaned with backup C:\My Documents\Data\Data\incredifind.exe -> Downloader.Keenval.e : Cleaned with backup ::Report End

Crustyoldbloke View Member Profile	Jan 21 2006, 10:33 AM Post #5
Malware Surgeon with a shaky scalpel Posts: 15,101 From: Worcestershire, England OS: Win98, Windows XP Professional SP2, Vista	Hello again Ralph Please uninstall AVG. When I looked at the original log I saw antispyware and firewall, but must have skipped the virobot file - call it a senior moment. The Ewido log looks good as does the Findfile log, but it would appear that Notepad had wordwrap enabled and produced that scattered HJT log that I see. It will take me 30 minutes to read it properly, which I am not going to do since I work on about 30 HJT logs at a time. Please submit a fresh HJT log for that profile from normal mode. Due to the PC having many different logons, I will need to see HJT logs from all users when I am happy that this profile is clean.

rleptrone View Member Profile	Jan 24 2006, 04:59 PM Post #6
New Member Posts: 8 OS: Windows XP	Hey sorry it has taken me so long to get back to you. It getscrazy around my house. However, Ifinished doingeverything that you had instructed me to do. I did not get the WInFoxer 2005 installer prompt when I rebooted. So, I think ou solved that problem. Attached is a current HJT log for your review. Thanks a Million! Logfile of HijackThis v1.99.1 Scan saved at 5:56:38 PM, on 1/24/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\pctspk.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\Program Files\Microsoft IntelliType Pro\type32.exe C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe C:\Program Files\Microsoft IntelliPoint\point32.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe C:\Program Files\ViRobotXP\vrmonnt.exe C:\Program Files\ViRobotXP\Vrres.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\PROGRAM FILES\ADVANCED SEARCHBAR\JAMMER.EXE C:\Program Files\Messenger\msmsgs.exe C:\Program Files\EarthLink TotalAccess\TaskPanl.exe C:\Program Files\Hewlett-Packard\AiO\hp officejet d series\Bin\hpoojd07.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Palm\HOTSYNC.EXE C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wdfmgr.exe C:\Program Files\ViRobotXP\vrmonsvc.exe C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe C:\WINDOWS\system32\hpoipm07.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\pctspk.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\Program Files\Microsoft IntelliType Pro\type32.exe C:\Program Files\Microsoft IntelliPoint\point32.exe C:\Program Files\Winamp\winampa.exe C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe C:\Program Files\ViRobotXP\vrmonnt.exe C:\Program Files\ViRobotXP\Vrres.exe C:\Program Files\PCSecurityShield\The Shield Firewall\FireWall.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\Program Files\Advanced Searchbar\jammer.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\EarthLink TotalAccess\Spyware Blocker\SpywareBlocker.exe C:\Program Files\Hewlett-Packard\AiO\hp officejet d series\Bin\hpoojd07.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Palm\HOTSYNC.EXE C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Highjackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/more/msie...ton/search.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://start.earthlink.net/AL/Search R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.earthlink.net/AL/Search R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: EarthLink ScamBlocker V2 - {15F4D456-5BAA-4076-8486-EECB38CD3E57} - C:\Program Files\EarthLink TotalAccess\Toolbar\EScamBlk.dll O2 - BHO: Farstone Url Blocker - {316AEF8D-3C37-423E-9E6E-13820A9DC37A} - C:\PROGRA~1\PCSECU~1\THESHI~1\IrlOnIE.dll O2 - BHO: EarthLink PopUp Blocker V2 - {512ACF1B-64D9-4928-B382-A80556F28DB4} - C:\Program Files\EarthLink TotalAccess\Toolbar\ElnkPuB.dll O2 - BHO: IE_PopupBlocker Class - {656EC4B7-072B-4698-B504-2A414C1F0037} - C:\Program Files\EarthLink TotalAccess\Accelerator\prpl_IePopupBlocker.dll O2 - BHO: (no name) - {6BAB6458-C167-25E3-8720-6D5578AE2E4A} - (no file) O2 - BHO: Earthlink Protection BHO - {9579D574-D4D8-4335-9560-FE8641A013BD} - C:\Program Files\EarthLink TotalAccess\Toolbar\ProtctIE.dll O2 - BHO: Farstone Popup Blocker - {E22F9B9D-1A1F-473E-BED6-D8BC152441F4} - C:\PROGRA~1\PCSECU~1\THESHI~1\FARPOP~1.DLL O2 - BHO: Uninstall Legacy Earthlink Toolbar - {E713904C-DF05-4C79-BBAD-02DB923253BE} - C:\Program Files\EarthLink TotalAccess\Toolbar\uninsttb.dll O3 - Toolbar: EarthLink Toolbar - {C7768536-96F8-4001-B1A2-90EE21279187} - C:\Program Files\EarthLink TotalAccess\Toolbar\Toolbar.dll O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [VTPreset] VTPreset.exe O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe" O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe" O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe O4 - HKLM\..\Run: [Vrmon] C:\Program Files\ViRobotXP\vrmonnt.exe Main O4 - HKLM\..\Run: [VrSchedule] C:\Program Files\ViRobotXP\Vrres.exe O4 - HKLM\..\Run: [dwStart] C:\Program Files\PCSecurityShield\The Shield Firewall\FireWall.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKCU\..\Run: [PopupJammer] C:\Program Files\Advanced Searchbar\jammer.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\EarthLink TotalAccess\Spyware Blocker\SpywareBlocker.exe" /0 O4 - Global Startup: HPAiODevice(hp officejet d series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet d series\Bin\hpoojd07.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O4 - Global Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: Add to White List - C:\Program Files\Advanced Searchbar\addtolist.js O8 - Extra context menu item: Delete from White List - C:\Program Files\Advanced Searchbar\delfromlist.js O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: Yahoo! MahJong Solitaire - http://download.games.yahoo.com/games/clients/y/mjst3_x.cab O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/asa/LSSupCtl.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab O16 - DPF: {B160422D-0A48-11D4-BD9B-00A0C9B0AB7B} (Download Class) - http://expressit.broderbund.com/plugin/Download.cab O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/SymAData.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://download.games.yahoo.com/games/popc...aploader_v5.cab O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup145.cab O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe O23 - Service: ViRobot Expert Monitoring (vrmonsvc) - HAURI - C:\Program Files\ViRobotXP\vrmonsvc.exe

Crustyoldbloke View Member Profile	Jan 24 2006, 06:26 PM Post #7
Malware Surgeon with a shaky scalpel Posts: 15,101 From: Worcestershire, England OS: Win98, Windows XP Professional SP2, Vista	Hello again Ralph That HJT log looks rather good with a couple of exceptions. We just need to tidy up a little. Rescan with HijackThis. Close all programmes leaving only HijackThis running. Place a checkmark or tick against the following: R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = O2 - BHO: (no name) - {6BAB6458-C167-25E3-8720-6D5578AE2E4A} - (no file) Click on Fix Checked when finished and exit HijackThis. Post back a fresh HijackThis log, from normal mode, and I will take another look.

rleptrone View Member Profile	Jan 27 2006, 03:58 PM Post #8
New Member Posts: 8 OS: Windows XP	Thanks a lot for this. Atached is a fresh HJT log. Logfile of HijackThis v1.99.1 Scan saved at 4:57:03 PM, on 1/27/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\pctspk.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\Program Files\Microsoft IntelliType Pro\type32.exe C:\Program Files\Microsoft IntelliPoint\point32.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\ViRobotXP\vrmonnt.exe C:\Program Files\ViRobotXP\Vrres.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\Program Files\MediaGateway\MediaGateway.exe C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe C:\Program Files\Advanced Searchbar\jammer.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\Program Files\Messenger\msmsgs.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\Program Files\EarthLink TotalAccess\Spyware Blocker\SpywareBlocker.exe C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wdfmgr.exe C:\Program Files\ViRobotXP\vrmonsvc.exe C:\Program Files\Hewlett-Packard\AiO\hp officejet d series\Bin\hpoojd07.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Palm\HOTSYNC.EXE C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe C:\WINDOWS\system32\hpoipm07.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\pctspk.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\Program Files\Microsoft IntelliType Pro\type32.exe C:\Program Files\Microsoft IntelliPoint\point32.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\ViRobotXP\vrmonnt.exe C:\Program Files\ViRobotXP\Vrres.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\Program Files\MediaGateway\MediaGateway.exe C:\PROGRAM FILES\ADVANCED SEARCHBAR\JAMMER.EXE C:\Program Files\Messenger\msmsgs.exe C:\Program Files\EarthLink TotalAccess\TaskPanl.exe C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe C:\Program Files\Hewlett-Packard\AiO\hp officejet d series\Bin\hpoojd07.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Palm\HOTSYNC.EXE C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe C:\Program Files\PCSecurityShield\The Shield Firewall\FireWall.exe C:\Highjackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/more/msie...ton/search.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://start.earthlink.net/AL/Search R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.earthlink.net/AL/Search O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: EarthLink ScamBlocker V2 - {15F4D456-5BAA-4076-8486-EECB38CD3E57} - C:\Program Files\EarthLink TotalAccess\Toolbar\EScamBlk.dll O2 - BHO: Farstone Url Blocker - {316AEF8D-3C37-423E-9E6E-13820A9DC37A} - C:\PROGRA~1\PCSECU~1\THESHI~1\IrlOnIE.dll O2 - BHO: EarthLink PopUp Blocker V2 - {512ACF1B-64D9-4928-B382-A80556F28DB4} - C:\Program Files\EarthLink TotalAccess\Toolbar\ElnkPuB.dll O2 - BHO: IE_PopupBlocker Class - {656EC4B7-072B-4698-B504-2A414C1F0037} - C:\Program Files\EarthLink TotalAccess\Accelerator\prpl_IePopupBlocker.dll O2 - BHO: Earthlink Protection BHO - {9579D574-D4D8-4335-9560-FE8641A013BD} - C:\Program Files\EarthLink TotalAccess\Toolbar\ProtctIE.dll O2 - BHO: Farstone Popup Blocker - {E22F9B9D-1A1F-473E-BED6-D8BC152441F4} - C:\PROGRA~1\PCSECU~1\THESHI~1\FARPOP~1.DLL O2 - BHO: Uninstall Legacy Earthlink Toolbar - {E713904C-DF05-4C79-BBAD-02DB923253BE} - C:\Program Files\EarthLink TotalAccess\Toolbar\uninsttb.dll O3 - Toolbar: EarthLink Toolbar - {C7768536-96F8-4001-B1A2-90EE21279187} - C:\Program Files\EarthLink TotalAccess\Toolbar\Toolbar.dll O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [VTPreset] VTPreset.exe O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe" O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe" O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Vrmon] C:\Program Files\ViRobotXP\vrmonnt.exe Main O4 - HKLM\..\Run: [VrSchedule] C:\Program Files\ViRobotXP\Vrres.exe O4 - HKLM\..\Run: [dwStart] C:\Program Files\PCSecurityShield\The Shield Firewall\FireWall.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [MediaGateway] C:\Program Files\MediaGateway\MediaGateway.exe O4 - HKCU\..\Run: [PopupJammer] C:\Program Files\Advanced Searchbar\jammer.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\EarthLink TotalAccess\Spyware Blocker\SpywareBlocker.exe" /0 O4 - Global Startup: HPAiODevice(hp officejet d series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet d series\Bin\hpoojd07.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O4 - Global Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: Add to White List - C:\Program Files\Advanced Searchbar\addtolist.js O8 - Extra context menu item: Delete from White List - C:\Program Files\Advanced Searchbar\delfromlist.js O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: Yahoo! MahJong Solitaire - http://download.games.yahoo.com/games/clients/y/mjst3_x.cab O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/asa/LSSupCtl.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab O16 - DPF: {B160422D-0A48-11D4-BD9B-00A0C9B0AB7B} (Download Class) - http://expressit.broderbund.com/plugin/Download.cab O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/SymAData.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://download.games.yahoo.com/games/popc...aploader_v5.cab O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup145.cab O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: ViRobot Expert Monitoring (vrmonsvc) - HAURI - C:\Program Files\ViRobotXP\vrmonsvc.exe

Crustyoldbloke View Member Profile	Jan 27 2006, 04:10 PM Post #9
Malware Surgeon with a shaky scalpel Posts: 15,101 From: Worcestershire, England OS: Win98, Windows XP Professional SP2, Vista	Hello again Ralph You've picked up a fresh infection, 180 Solutions. Have a look in the ADD and REMOVE programmes in the Control Panel to see if it is there. Rescan with HijackThis. Close all programmes leaving only HijackThis running. Place a checkmark or tick against the following: O4 - HKLM\..\Run: [MediaGateway] C:\Program Files\MediaGateway\MediaGateway.exe Click on Fix Checked when finished and exit HijackThis. Reboot normally Post back a fresh HijackThis log, from normal mode, and I will take another look.

Crustyoldbloke View Member Profile	Feb 6 2006, 03:43 AM Post #10
Malware Surgeon with a shaky scalpel Posts: 15,101 From: Worcestershire, England OS: Win98, Windows XP Professional SP2, Vista	Due to lack of feedback, this topic has been closed. If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.

« Next Oldest · Virus, Spyware and Trojan Removal · Next Newest »

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Topic Title	Replies / Views	Topic Information
Virus, Spyware and Trojan Removal Please help! I think A virus has taken over my computer	3 / 391	11th March 2006 - 12:38 AM qtbecky started - last by don77
Virus, Spyware and Trojan Removal Browser taken over :( [CLOSED]	8 / 553	29th September 2006 - 02:23 AM Chrisl911 started - last by Crustyoldbloke
Virus, Spyware and Trojan Removal DESPERATELY NEED HELP! WHATABOUTADOG.COM has taken over my compute	0 / 383	29th October 2007 - 09:41 PM VBEL started - last by VBEL
Virus, Spyware and Trojan Removal Help Worm.win32.skynet has taken over my PC [RESOLVED] 12	27 / 2,384	31st January 2008 - 12:04 PM FrankyPyro started - last by Rorschach112