Please help! [RESOLVED]

Need a geek? You've come to the right place! Geeks to Go offers free, quality technical support, in a non-technical way. Volunteers are waiting to help. Friendly, technology experts who have knowledge to share, and find reward in helping others. Feel free to browse the site as a guest. However, to reply to a topic, or start a new one, you'll need to register (also removes advertising). New here? Visit our Welcome Guide. Infected with a Virus, Spyware, or Trojan? Read our Malware and Spyware Cleaning Guide.

> Geeks to Go! » Security » Virus, Spyware and Trojan Removal

2 Pages

1 2 >

Please help! [RESOLVED], Icons and taskbar have disappeared

Options

chadmysta View Member Profile	Jun 22 2006, 04:13 PM Post #1
Member Posts: 15 OS: Windows XP	For some reason each time I reboot my computer my icons and taskbar disappear. Only my desktop wallpaper shows. I can run task mangager and type in 'explorer.exe' and everything reappears. But, each time I reboot, they disappear again. I have also been having many pop-ups. Help would be much appreciated. Logfile of HijackThis v1.99.1 Scan saved at 5:13:34 PM, on 6/22/2006 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Cox\Applications\app\Prism.exe c:\program files\cox\applications\app\CurtainsSysSvcNt.exe C:\Program Files\Common Files\Command Software\dvpapi.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\WINDOWS\explorer.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\AIM\aim.exe C:\PROGRA~1\WNSXS~1\wowexec.exe C:\WINDOWS\SYSTEM32\??sks\w?nword.exe C:\WINDOWS\System32\wuauclt.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Hijackthis\HijackThis.exe R3 - Default URLSearchHook is missing F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\System32\faedn.exe F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\AUserInit.exe,qulhxfv.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: AuthBHO.cBHO - {A4D90779-6CB2-4752-83C2-A2AB4D9A672D} - C:\Program Files\Cox\Applications\app\AuthBHO.dll O3 - Toolbar: Cox Popup Blocker - {64634180-B0EA-48B6-82B7-9620D33362C1} - C:\Program Files\Cox\Applications\app\AuthBHO.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [MTBar] C:\WINDOWS\mirar.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl O4 - HKCU\..\Run: [Ocin] "C:\PROGRA~1\WNSXS~1\wowexec.exe" -vt yazr O4 - HKCU\..\Run: [Mwork] C:\WINDOWS\SYSTEM32\??sks\w?nword.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000 O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: (no name) - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file) O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by119fd.bay119.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - mk:@MSITStore:C:\DOCUME~1\CHADSE~1.000\LOCALS~1\Temp\winfix.chm::/SystemDoctor2006FreeInstall.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - AppInit_DLLs: C:\WINDOWS\System32\fast.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: Curtains for Windows System Service (CurtainsSysSvc) - Authentium, Inc. - c:\program files\cox\applications\app\CurtainsSysSvcNt.exe O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe

pomp View Member Profile	Jun 22 2006, 07:58 PM Post #2
the man Posts: 1,366 From: Jersey Shore OS: Windows XP Professional SP2	Download FindQool, extract the files and place the FindQool folder it root, usualy thats C:\ http://downloads.subratam.org/Lon/FindQool.zip It must be c:\FindQool now to work Open that folder and run Qlocate.bat, post the text that will open please..

chadmysta View Member Profile	Jun 22 2006, 08:05 PM Post #3
Member Posts: 15 OS: Windows XP	Thu 06/22/2006 Running from: C:\FindQool PLEASE NOTE: LEGIT FILES MIGHT BE LISTED. IF YOU ARE UNSURE OF WHAT IS LISTED LEAVE THEM ALONE. Known file names MD5 Check.... C:\WINDOWS\system32\unccy.dat C:\WINDOWS\system32\ppnyna.exe C:\WINDOWS\system32\faedn.exe C:\WINDOWS\system32\vxmyeih.dll C:\WINDOWS\system32\qulhxfv.exe Files found with locate com. C:\WINDOWS\SYSTEM32\QULHXFV.EXE C:\WINDOWS\SYSTEM32\VXMYEIH.DLL C:\WINDOWS\SYSTEM32\UNCCY.DAT C:\WINDOWS\SYSTEM32\PPNYNA.EXE C:\WINDOWS\SYSTEM32\FAEDN.EXE C:\DOCUME~1\ALLUSE~1.WIN\STARTM~1\PROGRAMS\STARTUP\HXYAT.EXE Re-check using dir /a:-d C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup 06/21/2006 11:44 PM 127,488 hxyat.exe ... ... Runs, Listed here as a Doublecheck for the locate com results HKLM "ohrqmx"="C:\\WINDOWS\\System32\\ppnyna.exe reg_run" HKCU "lexro"="C:\\WINDOWS\\System32\\ppnyna.exe reg_run" ... Files In Winlogon shell and userinit Listed here as a Doublecheck for the locate com results shell REG_SZ Explorer.exe, C:\WINDOWS\System32\faedn.exe userinit REG_SZ C:\WINDOWS\System32\AUserInit.exe,qulhxfv.exe ... SWReg utility Written by Bobbi Flekman � 2005 Findqool edited 17/05/2006

pomp View Member Profile	Jun 22 2006, 08:15 PM Post #4
the man Posts: 1,366 From: Jersey Shore OS: Windows XP Professional SP2	Download KillBox http://www.downloads.subratam.org/KillBox.zip. Place it in a folder on your Desktop. In the main screen of Pocket KillBox, go to Tools in the top menu bar, and select: Delete Temp Files.Use the drop down box and clear ALL profiles this way. Back at the main Killbox screen check the box that says 'End Explorer Shell While Killing File'. Next click on 'Delete on Reboot'. Click on Box/button marked All Files (Lower right) <<--VERY IMPORTANT Copy all the lines in the quote box below to your clipboard (Left Click and drag though ALL the line to highlight then then Rt. click and choose Copy) . Go back to KillBox. Go to File->Paste from Clipboard and then hit the button with a red circle and white X. Confirm to delete and when asked if you want to reboot, say Yes: QUOTE C:\WINDOWS\system32\ppnyna.exe C:\WINDOWS\system32\faedn.exe C:\WINDOWS\system32\vxmyeih.dll C:\WINDOWS\system32\qulhxfv.exe C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\hxyat.exe If you get a PendingOperations message, ignore/close it and restart your computer manually. Restart your computer if you haven't already. When you get back...scan with hijackthis and post a new log!

chadmysta View Member Profile	Jun 22 2006, 08:28 PM Post #5
Member Posts: 15 OS: Windows XP	Logfile of HijackThis v1.99.1 Scan saved at 9:28:25 PM, on 6/22/2006 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE c:\program files\cox\applications\app\CurtainsSysSvcNt.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Common Files\Command Software\dvpapi.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Cox\Applications\app\Prism.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\WINDOWS\explorer.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\AIM\aim.exe C:\PROGRA~1\WNSXS~1\wowexec.exe C:\WINDOWS\SYSTEM32\??sks\w?nword.exe C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\WINDOWS\System32\wuauclt.exe C:\WINDOWS\System32\wuauclt.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Hijackthis\HijackThis.exe R3 - Default URLSearchHook is missing F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\System32\faedn.exe F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\AUserInit.exe,qulhxfv.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: AuthBHO.cBHO - {A4D90779-6CB2-4752-83C2-A2AB4D9A672D} - C:\Program Files\Cox\Applications\app\AuthBHO.dll O3 - Toolbar: Cox Popup Blocker - {64634180-B0EA-48B6-82B7-9620D33362C1} - C:\Program Files\Cox\Applications\app\AuthBHO.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [MTBar] C:\WINDOWS\mirar.exe O4 - HKLM\..\Run: [ohrqmx] C:\WINDOWS\System32\ppnyna.exe reg_run O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl O4 - HKCU\..\Run: [Ocin] "C:\PROGRA~1\WNSXS~1\wowexec.exe" -vt yazr O4 - HKCU\..\Run: [Mwork] C:\WINDOWS\SYSTEM32\??sks\w?nword.exe O4 - HKCU\..\Run: [lexro] C:\WINDOWS\System32\ppnyna.exe reg_run O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000 O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: (no name) - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file) O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by119fd.bay119.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - mk:@MSITStore:C:\DOCUME~1\CHADSE~1.000\LOCALS~1\Temp\winfix.chm::/SystemDoctor2006FreeInstall.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - AppInit_DLLs: C:\WINDOWS\System32\fast.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: Curtains for Windows System Service (CurtainsSysSvc) - Authentium, Inc. - c:\program files\cox\applications\app\CurtainsSysSvcNt.exe O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe

pomp View Member Profile	Jun 22 2006, 08:34 PM Post #6
the man Posts: 1,366 From: Jersey Shore OS: Windows XP Professional SP2	Please hang in there. I'm in contact with someone about qoologic, and how to fix it...It's been a pesky infection lately! I'll get back to you when I get information! Thanks.

chadmysta View Member Profile	Jun 22 2006, 08:39 PM Post #7
Member Posts: 15 OS: Windows XP	Okay, I will. Thanks for the quick reply.

pomp View Member Profile	Jun 23 2006, 08:44 AM Post #8
the man Posts: 1,366 From: Jersey Shore OS: Windows XP Professional SP2	Have hijackthis fix the following: R3 - Default URLSearchHook is missing F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\System32\faedn.exe F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\AUserInit.exe,qulhxfv.exe O4 - HKLM\..\Run: [ohrqmx] C:\WINDOWS\System32\ppnyna.exe reg_run O4 - HKCU\..\Run: [lexro] C:\WINDOWS\System32\ppnyna.exe reg_run O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - mk:@MSITStore:C:\DOCUME~1\CHADSE~1.000\LOCALS~1\Temp\winfix.chm::/SystemDoctor2006FreeInstall.cab O20 - AppInit_DLLs: C:\WINDOWS\System32\fast.dll Restart your computer Copy everything inside the quote box below (starting with dir) and paste it into notepad. Go up to "File > Save As" and click the drop-down box to change the "Save As Type" to "All Files". Save it as findfile.bat on your Desktop. QUOTE dir C:\WINDOWS\SYSTEM32\??sks /a h > files.txt notepad files.txt Locate findfile.bat on your Desktop and double-click on it. It will open Notepad with some text in it. Please post the contents of that Notepad here along with a new HiJackThis log. This post has been edited by pomp: Jun 23 2006, 08:46 AM

chadmysta View Member Profile	Jun 23 2006, 11:54 AM Post #9
Member Posts: 15 OS: Windows XP	When I had hijackthis fix those problems I got this error message... An unexpected error has occurred at procedure: modBackup_MakeBackup(sItem=O20 - AppInit_DLLs: C:\WINDOWS\System32\fast.dll) Error #5 - Invalid procedure call or argument Please email me at merijn@spywareinfo.com, reporting the following: * What you were trying to fix when the error occurred, if applicable * How you can reproduce the error * A complete HijackThis scan log, if possible Windows version: Windows NT 5.01.2600 MSIE version: 6.0.2800.1106 HijackThis version: 1.99.1 This message has been copied to your clipboard. Click OK to continue the rest of the scan. But, I believe the rest of the things were fixed and when I restarted my icons and taskbar did appear. Findfile: Volume in drive C has no label. Volume Serial Number is E8C9-7352 Directory of C:\WINDOWS\SYSTEM32 06/21/2006 11:44 PM <DIR> �?sks 0 File(s) 0 bytes Directory of C:\Documents and Settings\Chad Sedbrook.CHAD.000\Desktop Logfile of HijackThis v1.99.1 Scan saved at 12:53:52 PM, on 6/23/2006 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE c:\program files\cox\applications\app\CurtainsSysSvcNt.exe C:\Program Files\Common Files\Command Software\dvpapi.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\AIM\aim.exe C:\PROGRA~1\WNSXS~1\wowexec.exe C:\WINDOWS\SYSTEM32\SKS~1\WNWORD~1.EXE C:\Program Files\Canon\CAL\CALMAIN.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\System32\wuauclt.exe C:\Program Files\Hijackthis\HijackThis.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: AuthBHO.cBHO - {A4D90779-6CB2-4752-83C2-A2AB4D9A672D} - C:\Program Files\Cox\Applications\app\AuthBHO.dll O3 - Toolbar: Cox Popup Blocker - {64634180-B0EA-48B6-82B7-9620D33362C1} - C:\Program Files\Cox\Applications\app\AuthBHO.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [MTBar] C:\WINDOWS\mirar.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl O4 - HKCU\..\Run: [Ocin] "C:\PROGRA~1\WNSXS~1\wowexec.exe" -vt yazr O4 - HKCU\..\Run: [Mwork] C:\WINDOWS\SYSTEM32\SKS~1\WNWORD~1.EXE O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000 O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: (no name) - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file) O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by119fd.bay119.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - AppInit_DLLs: fast.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: Curtains for Windows System Service (CurtainsSysSvc) - Authentium, Inc. - c:\program files\cox\applications\app\CurtainsSysSvcNt.exe O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: Intel NCS NetService (NetSvc) - Intel� Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe This post has been edited by chadmysta: Jun 23 2006, 11:56 AM

pomp View Member Profile	Jun 23 2006, 05:19 PM Post #10
the man Posts: 1,366 From: Jersey Shore OS: Windows XP Professional SP2	Hello! Ok...Please go here: C:\WINDOWS\SYSTEM32 and find a folder 'tasks' ..put your mouse over it and you should see the following: 06/21/2006 11:44 PM 0 File(s) 0 bytes Delete that folder! Have hijackthis fix the following: O4 - HKLM\..\Run: [MTBar] C:\WINDOWS\mirar.exe O20 - AppInit_DLLs: fast.dll Find and delete the following if there: C:\WINDOWS\mirar.exe C:\WINDOWS\system32\fast.dll Empty recycle bin. Jotti File Submission: Please go to Jotti's malware scan Copy and paste the following file path into the "File to upload & scan"box on the top of the page: C:\PROGRA~1\WNSXS~1\wowexec.exe Click on the submit button Please post the results in your next reply. Do the same thing for this path: C:\WINDOWS\SYSTEM32\SKS~1\WNWORD~1.EXE Please post both results for each file here! Updating Java and Clearing Cache Go to Start > Control Panel double-click on the Java Icon (coffee cup) in the Control Panel. It will say "Java Plug-in" under the icon. Please find the update button or tab in the Java Control Panel. Update your Java then reboot. If you are unable to update you can manually update by going here: http://www.java.com/en/download/manual.jsp After the reboot, go back into the Control Panel and double-click the Java Icon. Under Temporary Internet Files, click the Delete Files button. There are three options in the window to clear the cache - Leave ALL 3 Checked Downloaded Applets Downloaded Applications Other Files Click OK on Delete Temporary Files Window Note: This deletes ALL the Downloaded Applications and Applets from the CACHE. Click OK to leave the Java Control Panel. Scan with hijackthis and post a new log also!!

chadmysta View Member Profile	Jun 23 2006, 07:55 PM Post #11
Member Posts: 15 OS: Windows XP	Okay� I went to C:\WINDOWS\SYSTEM32 and there was a fold named �Tasks� but it said �484 KB� when I held my mouse over it, and the folder could not be deleted. When I had HijackThis fix these problems: O4 - HKLM\..\Run: [MTBar] C:\WINDOWS\mirar.exe O20 - AppInit_DLLs: fast.dll I received this error message: An unexpected error has occurred at procedure: modBackup_MakeBackup(sItem=O20 - AppInit_DLLs: fast.dll) Error #5 - Invalid procedure call or argument Please email me at merijn@spywareinfo.com, reporting the following: * What you were trying to fix when the error occurred, if applicable * How you can reproduce the error * A complete HijackThis scan log, if possible Windows version: Windows NT 5.01.2600 MSIE version: 6.0.2800.1106 HijackThis version: 1.99.1 This message has been copied to your clipboard. Click OK to continue the rest of the scan. Also I located the file C:\WINDOWS\system32\fast.dll but received an error message that it could not be deleted. Scanner results for C:\PROGRA~1\WNSXS~1\wowexec.exe AntiVir Found Trojan/Dldr.PurityScan.CQ.3 ArcaVir Found Trojan.Agent.Jla Avast Found Win32:Purityscan-Q AVG Antivirus Found Downloader.Generic2.DBJ BitDefender Found nothing ClamAV Found Trojan.PurityScan.BJ Dr.Web Found Adware.ClickSpring F-Prot Antivirus Found nothing Fortinet Found W32/EV!tr.dldr Kaspersky Anti-Virus Found Trojan-Downloader.Win32.PurityScan.cq NOD32 Found nothing Norman Virus Control Found W32/Zlob.IWF UNA Found nothing VirusBuster Found nothing VBA32 Found Trojan-Downloader.Win32.PurityScan.cq Scanner results forC:\WINDOWS\SYSTEM32\SKS~1\WNWORD~1.EXE AntiVir Found Adware-Spyware/PurityScan.EN.1 adware ArcaVir Found Adware.Mediatickets Avast Found Win32:Ndrv-B AVG Antivirus Found nothing BitDefender Found nothing ClamAV Found Trojan.PurityScan.EN Dr.Web Found Adware.ClickSpring F-Prot Antivirus Found nothing Fortinet Found nothing Kaspersky Anti-Virus Found nothing NOD32 Found nothing Norman Virus Control Found nothing UNA Found nothing VirusBuster Found nothing VBA32 Found Embedded.AdWare.Win32.PurityScan.en (probable variant) Logfile of HijackThis v1.99.1 Scan saved at 8:54:41 PM, on 6/23/2006 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\QuickTime\qttask.exe c:\program files\cox\applications\app\CurtainsSysSvcNt.exe C:\Program Files\Common Files\Command Software\dvpapi.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\AIM\aim.exe C:\PROGRA~1\WNSXS~1\wowexec.exe C:\WINDOWS\SYSTEM32\SKS~1\WNWORD~1.EXE C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\System32\wuauclt.exe C:\WINDOWS\System32\wuauclt.exe C:\Program Files\Hijackthis\HijackThis.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: AuthBHO.cBHO - {A4D90779-6CB2-4752-83C2-A2AB4D9A672D} - C:\Program Files\Cox\Applications\app\AuthBHO.dll O3 - Toolbar: Cox Popup Blocker - {64634180-B0EA-48B6-82B7-9620D33362C1} - C:\Program Files\Cox\Applications\app\AuthBHO.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl O4 - HKCU\..\Run: [Ocin] "C:\PROGRA~1\WNSXS~1\wowexec.exe" -vt yazr O4 - HKCU\..\Run: [Mwork] C:\WINDOWS\SYSTEM32\SKS~1\WNWORD~1.EXE O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: (no name) - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file) O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by119fd.bay119.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - AppInit_DLLs: fast.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: Curtains for Windows System Service (CurtainsSysSvc) - Authentium, Inc. - c:\program files\cox\applications\app\CurtainsSysSvcNt.exe O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: Intel NCS NetService (NetSvc) - Intel� Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe This post has been edited by chadmysta: Jun 23 2006, 07:56 PM

pomp View Member Profile	Jun 23 2006, 08:02 PM Post #12
the man Posts: 1,366 From: Jersey Shore OS: Windows XP Professional SP2	Ok, I'm wondering what fast.dll is of. Please scan that file through jotti... this is the file path: C:\WINDOWS\system32\fast.dll Have hijackthis fix the following files: O4 - HKCU\..\Run: [Ocin] "C:\PROGRA~1\WNSXS~1\wowexec.exe" -vt yazr O4 - HKCU\..\Run: [Mwork] C:\WINDOWS\SYSTEM32\SKS~1\WNWORD~1.EXE Find and delete the following files and/or folders: C:\PROGRA~1\WNSXS~1 C:\WINDOWS\SYSTEM32\SKS~1\WNWORD~1.EXE note: You won't see the "~1" in the folder title or file title. But it looks similar to what you see above. So delete it!.... Empty recycle bin. Restart your computer. Scan with hijackthis and post a new log!

chadmysta View Member Profile	Jun 23 2006, 08:25 PM Post #13
Member Posts: 15 OS: Windows XP	Scanner results AntiVir Found Adware-Spyware/PurityScan.EN.1 adware ArcaVir Found Adware.Bho.Purityscan.Jha Avast Found Win32:Ndrv AVG Antivirus Found Generic.OFX BitDefender Found nothing ClamAV Found Trojan.PurityScan.EN Dr.Web Found Adware.ClickSpring F-Prot Antivirus Found nothing Fortinet Found Adware/PurityScan Kaspersky Anti-Virus Found not-a-virus:AdWare.Win32.PurityScan.en NOD32 Found Win32/Adware.PurityScan application Norman Virus Control Found W32/PurityScan.YM UNA Found nothing VirusBuster Found nothing VBA32 Found AdWare.Win32.PurityScan.en Logfile of HijackThis v1.99.1 Scan saved at 9:22:57 PM, on 6/23/2006 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE c:\program files\cox\applications\app\CurtainsSysSvcNt.exe C:\Program Files\Common Files\Command Software\dvpapi.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\QuickTime\qttask.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\AIM\aim.exe C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\ASKS~1\spoolsv.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\SYSTEM32\??sks\w?nword.exe C:\WINDOWS\System32\wuauclt.exe C:\WINDOWS\System32\wuauclt.exe C:\Program Files\Hijackthis\HijackThis.exe R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: AuthBHO.cBHO - {A4D90779-6CB2-4752-83C2-A2AB4D9A672D} - C:\Program Files\Cox\Applications\app\AuthBHO.dll O3 - Toolbar: Cox Popup Blocker - {64634180-B0EA-48B6-82B7-9620D33362C1} - C:\Program Files\Cox\Applications\app\AuthBHO.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl O4 - HKCU\..\Run: [Mwork] C:\WINDOWS\SYSTEM32\SKS~1\WNWORD~1.EXE O4 - HKCU\..\Run: [Ocin] "C:\WINDOWS\ASKS~1\spoolsv.exe" -vt yazr O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: (no name) - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file) O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by119fd.bay119.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - AppInit_DLLs: fast.dll C:\WINDOWS\System32\fast.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: Curtains for Windows System Service (CurtainsSysSvc) - Authentium, Inc. - c:\program files\cox\applications\app\CurtainsSysSvcNt.exe O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe

pomp View Member Profile	Jun 24 2006, 09:09 AM Post #14
the man Posts: 1,366 From: Jersey Shore OS: Windows XP Professional SP2	First download ewido anti-spyware from HERE and save that file to your desktop. This is a 30 day trial of the program Once you have downloaded ewido anti-spyware, locate the icon on the desktop and double-click it to launch the set up program. Once the setup is complete you will need run ewido and update the definition files. On the main screen select the icon "Update" then select the "Update now" link. Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed. Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab. Once in the Settings screen click on "Recommended actions" and then select "Quarantine". Under "Reports" Select "Automatically generate report after every scan" Un-Select "Only if threats were found" Close ewido anti-spyware, Do Not run a scan just yet, we will shortly. Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter. IMPORTANT: Do not open any other windows or programs while ewido is scanning, it may interfere with the scanning proccess: Lauch ewido-anti-spyware by double-clicking the icon on your desktop. Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan". ewido will now begin the scanning process, be patient this may take a little time. Once the scan is complete do the following: If you have any infections you will prompted, then select "Apply all actions" Next select the "Reports" icon at the top. Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important). Close ewido and reboot your system back into Normal Mode and post the results of the ewido report scan.

chadmysta View Member Profile	Jun 24 2006, 02:33 PM Post #15
Member Posts: 15 OS: Windows XP	--------------------------------------------------------- ewido anti-spyware - Scan Report --------------------------------------------------------- + Created at: 3:27:44 PM 6/24/2006 + Scan result: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP530\A0074123.dll -> Adware.Aws : Cleaned with backup (quarantined). C:\Program Files\WіnSxS\wowexec.exe -> Adware.ClickSpring : Cleaned with backup (quarantined). C:\WINDOWS\Τasks\spoolsv.exe -> Adware.ClickSpring : Cleaned with backup (quarantined). C:\System Volume Information\_restore{DEDB216E-7637-4120-827E-3F47CFC38022}\RP148\A0011048.dll -> Adware.Comet : Cleaned with backup (quarantined). C:\System Volume Information\_restore{DEDB216E-7637-4120-827E-3F47CFC38022}\RP148\A0011051.exe -> Adware.Look2Me : Cleaned with backup (quarantined). C:\Documents and Settings\Chad Sedbrook\Local Settings\Temp\F1E148.tmp/titno.exe -> Adware.MDH : Cleaned with backup (quarantined). C:\System Volume Information\_restore{DEDB216E-7637-4120-827E-3F47CFC38022}\RP148\A0011040.exe -> Adware.MediaMotor : Cleaned with backup (quarantined). C:\WINDOWS\unstall.exe -> Adware.MediaMotor : Cleaned with backup (quarantined). C:\Program Files\Cowabanga\Cowabanga.exe -> Adware.MediaTicket : Cleaned with backup (quarantined). C:\WINDOWS\mtuninst.exe -> Adware.MediaTickets : Cleaned with backup (quarantined). C:\Program Files\themexp\Themexp.org File\NNEZTA388.exe -> Adware.NewDotNet : Cleaned with backup (quarantined). C:\RECYCLER\S-1-5-21-1018304155-786744162-3852077622-1007\Dc5.EXE -> Adware.NewDotNet : Cleaned with backup (quarantined). C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP530\A0071926.EXE -> Adware.NewDotNet : Cleaned with backup (quarantined). C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP530\A0072983.exe -> Adware.NewDotNet : Cleaned with backup (quarantined). C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP530\A0072985.exe -> Adware.NewDotNet : Cleaned with backup (quarantined). C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP530\A0073000.dll -> Adware.NewDotNet : Cleaned with backup (quarantined). C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP534\A0074396.dll -> Adware.NewDotNet : Cleaned with backup (quarantined). C:\System Volume Information\_restore{DEDB216E-7637-4120-827E-3F47CFC38022}\RP151\A0012398.dll -> Adware.PurityScan : Cleaned with backup (quarantined). C:\Program Files\themexp\Themexp.org File\TBEZA127Q.exe.tcf -> Adware.Quick : Cleaned with backup (quarantined). C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP530\A0074124.exe -> Adware.Quick : Cleaned with backup (quarantined). C:\Documents and Settings\All Users.WINDOWS\Application Data\Authentium\Curtains150\Quarantine\Quarantine\ppq2E.tmp\jalmp.dll -> Adware.Suggestor : Cleaned with backup (quarantined). C:\Documents and Settings\All Users.WINDOWS\Application Data\Authentium\Curtains150\Quarantine\Quarantine\ppq2E.tmp\uninstall.exe -> Adware.Suggestor : Cleaned with backup (quarantined). C:\Documents and Settings\Chad Sedbrook\Local Settings\Temp\i14C.tmp -> Adware.SurfSide : Cleaned with backup (quarantined). C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP530\A0074193.dll -> Adware.SurfSide : Cleaned with backup (quarantined). C:\Documents and Settings\Chad Sedbrook\Local Settings\Temp\GLB14E.tmp/empty_00000001 -> Adware.Ucmore : Cleaned with backup (quarantined). C:\Documents and Settings\Chad Sedbrook.CHAD.000\Local Settings\Temp\temp.fr8C4B\Programs\webhdll.dll -> Adware.WebHancer : Cleaned with backup (quarantined). C:\System Volume Information\_restore{DEDB216E-7637-4120-827E-3F47CFC38022}\RP148\A0008835.exe -> Adware.WebHancer : Cleaned with backup (quarantined). C:\System Volume Information\_restore{DEDB216E-7637-4120-827E-3F47CFC38022}\RP148\A0008837.dll -> Adware.WebHancer : Cleaned with backup (quarantined). C:\System Volume Information\_restore{DEDB216E-7637-4120-827E-3F47CFC38022}\RP148\A0008838.dll -> Adware.WebHancer : Cleaned with backup (quarantined). C:\System Volume Information\_restore{DEDB216E-7637-4120-827E-3F47CFC38022}\RP148\A0008841.dll -> Adware.WebHancer : Cleaned with backup (quarantined). C:\System Volume Information\_restore{DEDB216E-7637-4120-827E-3F47CFC38022}\RP148\A0008848.dll -> Adware.WebHancer : Cleaned with backup (quarantined). C:\System Volume Information\_restore{DEDB216E-7637-4120-827E-3F47CFC38022}\RP148\A0011039.exe -> Adware.WebHancer : Cleaned with backup (quarantined). C:\System Volume Information\_restore{DEDB216E-7637-4120-827E-3F47CFC38022}\RP148\A0011041.exe/whAgent.exe -> Adware.WebHancer : Cleaned with backup (quarantined). C:\System Volume Information\_restore{DEDB216E-7637-4120-827E-3F47CFC38022}\RP148\A0011046.exe -> Adware.WebHancer : Cleaned with backup (quarantined). C:\System Volume Information\_restore{DEDB216E-7637-4120-827E-3F47CFC38022}\RP148\A0011053.exe/WhAgent.exe -> Adware.WebHancer : Cleaned with backup (quarantined). C:\System Volume Information\_restore{DEDB216E-7637-4120-827E-3F47CFC38022}\RP148\A0011054.exe -> Adware.WebHancer : Cleaned with backup (quarantined). C:\System Volume Information\_restore{DEDB216E-7637-4120-827E-3F47CFC38022}\RP148\A0011055.dll -> Adware.WebHancer : Cleaned with backup (quarantined). C:\System Volume Information\_restore{DEDB216E-7637-4120-827E-3F47CFC38022}\RP148\A0011056.exe -> Adware.WebHancer : Cleaned with backup (quarantined). C:\System Volume Information\_restore{DEDB216E-7637-4120-827E-3F47CFC38022}\RP148\A0011059.exe -> Adware.WebHancer : Cleaned with backup (quarantined). C:\System Volume Information\_restore{DEDB216E-7637-4120-827E-3F47CFC38022}\RP148\A0011061.dll -> Adware.WebHancer : Cleaned with backup (quarantined). C:\System Volume Information\_restore{DEDB216E-7637-4120-827E-3F47CFC38022}\RP148\A0011066.dll -> Adware.WebHancer : Cleaned with backup (quarantined). C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP530\A0074125.exe -> Adware.WebRebates : Cleaned with backup (quarantined). C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP530\A0072945.exe.tcf -> Adware.WinAD : Cleaned with backup (quarantined). C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP530\A0074122.exe -> Adware.WinAD : Cleaned with backup (quarantined). C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP528\A0071825.exe -> Backdoor.Rbot.afu : Cleaned with backup (quarantined). C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP530\A0071887.exe -> Backdoor.Rbot.afu : Cleaned with backup (quarantined). C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP530\A0071918.exe -> Backdoor.Rbot.afu : Cleaned with backup (quarantined). C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP530\A0071934.exe -> Backdoor.Rbot.afu : Cleaned with backup (quarantined). C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP530\A0072921.exe -> Backdoor.Rbot.afu : Cleaned with backup (quarantined). C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP530\A0072977.exe -> Backdoor.Rbot.afu : Cleaned with backup (quarantined). C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP530\A0073010.exe -> Backdoor.Rbot.afu : Cleaned with backup (quarantined). C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP530\A0073063.exe -> Backdoor.Rbot.afu : Cleaned with backup (quarantined). C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP530\A0073082.exe -> Backdoor.Rbot.afu : Cleaned with backup (quarantined). C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP530\A0073113.exe -> Backdoor.Rbot.afu : Cleaned with backup (quarantined). C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP530\A0073122.exe -> Backdoor.Rbot.afu : Cleaned with backup (quarantined). C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP530\A0074120.exe -> Backdoor.Rbot.afu : Cleaned with backup (quarantined). C:\Documents and Settings\All Users.WINDOWS\Application Data\Authentium\Curtains150\Quarantine\Quarantine\ppq23.tmp\optimize.exe -> Downloader.Dyfuca.ey : Cleaned with backup (quarantined). C:\System Volume Information\_restore{DEDB216E-7637-4120-827E-3F47CFC38022}\RP147\A0007786.exe -> Downloader.Dyfuca.ey : Cleaned with backup (quarantined). C:\System Volume Information\_restore{DEDB216E-7637-4120-827E-3F47CFC38022}\RP147\A0007792.exe -> Downloader.Dyfuca.ey : Cleaned with backup (quarantined). C:\System Volume Information\_restore{DEDB216E-7637-4120-827E-3F47CFC38022}\RP148\A0008821.exe -> Downloader.Dyfuca.ey : Cleaned with backup (quarantined). C:\Documents and Settings\Chad Sedbrook.CHAD.000\Local Settings\Temp\!update.exe -> Downloader.PurityScan.co : Cleaned with backup (quarantined). C:\WINDOWS\SYSTEM32\oins.exe -> Downloader.PurityScan.cp : Cleaned with backup (quarantined). C:\System Volume Information\_restore{DEDB216E-7637-4120-827E-3F47CFC38022}\RP147\A0005743.exe -> Downloader.Qoologic.at : Cleaned with backup (quarantined). C:\!KillBox\( 1) -> Downloader.Qoologic.bj : Cleaned with backup (quarantined). C:\!KillBox\( 2) -> Downloader.Qoologic.bj : Cleaned with backup (quarantined). C:\!KillBox\( 3) -> Downloader.Qoologic.bj : Cleaned with backup (quarantined). C:\!KillBox\( 4) -> Downloader.Qoologic.bj : Cleaned with backup (quarantined). C:\!KillBox\( 5) -> Downloader.Qoologic.bj : Cleaned with backup (quarantined). C:\System Volume Information\_restore{DEDB216E-7637-4120-827E-3F47CFC38022}\RP149\A0011156.exe -> Downloader.Qoologic.bj : Cleaned with backup (quarantined). C:\System Volume Information\_restore{DEDB216E-7637-4120-827E-3F47CFC38022}\RP149\A0011157.exe -> Downloader.Qoologic.bj : Cleaned with backup (quarantined). C:\System Volume Information\_restore{DEDB216E-7637-4120-827E-3F47CFC38022}\RP149\A0011158.dll -> Downloader.Qoologic.bj : Cleaned with backup (quarantined). C:\System Volume Information\_restore{DEDB216E-7637-4120-827E-3F47CFC38022}\RP149\A0011159.exe -> Downloader.Qoologic.bj : Cleaned with backup (quarantined). C:\System Volume Information\_restore{DEDB216E-7637-4120-827E-3F47CFC38022}\RP149\A0011160.exe -> Downloader.Qoologic.bj : Cleaned with backup (quarantined). C:\WINDOWS\SYSTEM32\unccy.dat -> Downloader.Qoologic.bj : Cleaned with backup (quarantined). C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP524\A0071478.exe -> Dropper.WinAD.h : Cleaned with backup (quarantined). C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP530\A0073121.exe -> Dropper.WinAD.h : Cleaned with backup (quarantined). C:\WINDOWS\Downloaded Program Files\pre.exe -> Hijacker.VB.lb : Cleaned with backup (quarantined). C:\WINDOWS\SYSTEM32\a.exe -> Hijacker.VB.lb : Cleaned with backup (quarantined). C:\Documents and Settings\Chad Sedbrook.CHAD.000\Local Settings\Temp\SystemDoctor2006FreeInstall.exe -> Not-A-Virus.Downloader.Win32.WinFixer.l : Cleaned with backup (quarantined). C:\WINDOWS\Downloaded Program Files\CONFLICT.1\USDR6_0001_D08M0404NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.l : Cleaned with backup (quarantined). C:\WINDOWS\Downloaded Program Files\USDR6_0001_D08M0404NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.l : Cleaned with backup (quarantined). C:\Documents and Settings\Chad Sedbrook.CHAD.000\Cookies\chad sedbrook@2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined). C:\Documents and Settings\Chad Sedbrook\Cookies\chad sedbrook@coxhsi.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined). C:\Documents and Settings\Chad Sedbrook.CHAD.000\Cookies\chad sedbrook@ads.addynamix[1].txt -> TrackingCookie.Addynamix : Cleaned with backup (quarantined). C:\Documents and Settings\Chad Sedbrook.CHAD.000\Cookies\chad sedbrook@advertising[1].txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined). C:\Documents and Settings\Chad Sedbrook.CHAD.000\Cookies\chad sedbrook@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined). C:\Documents and Settings\Chad Sedbrook.CHAD.000\Cookies\chad sedbrook@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined). C:\Documents and Settings\Chad Sedbrook.CHAD.000\Cookies\chad sedbrook@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined). C:\Documents and Settings\LocalService\Cookies\system@c.enhance[1].txt -> TrackingCookie.Enhance : Cleaned with backup (quarantined). C:\Documents and Settings\Chad Sedbrook\Cookies\chad sedbrook@kmpads[2].txt -> TrackingCookie.Kmpads : Cleaned with backup (quarantined). C:\Documents and Settings\Chad Sedbrook.CHAD.000\Cookies\chad sedbrook@banner.newyorkcasino[2].txt -> TrackingCookie.Newyorkcasino : Cleaned with backup (quarantined). C:\Documents and Settings\Chad Sedbrook.CHAD.000\Cookies\chad sedbrook@newyorkcasino[1].txt -> TrackingCookie.Newyorkcasino : Cleaned with backup (quarantined). C:\Documents and Settings\Chad Sedbrook\Cookies\chad sedbrook@paypopup[1].txt -> TrackingCookie.Paypopup : Cleaned with backup (quarantined). C:\Documents and Settings\Chad Sedbrook.CHAD.000\Cookies\chad sedbrook@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined). C:\Documents and Settings\Chad Sedbrook\Cookies\chad sedbrook@banners.searchingbooth[1].txt -> TrackingCookie.Searchingbooth : Cleaned with backup (quarantined). C:\Documents and Settings\Chad Sedbrook\Cookies\chad sedbrook@adopt.specificclick[1].txt -> TrackingCookie.Specificclick : Cleaned with backup (quarantined). C:\Documents and Settings\Chad Sedbrook\Cookies\chad sedbrook@h.starware[2].txt -> TrackingCookie.Starware : Cleaned with backup (quarantined). C:\Documents and Settings\Chad Sedbrook.CHAD.000\Cookies\chad sedbrook@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined). C:\Documents and Settings\Chad Sedbrook\Cookies\chad sedbrook@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined). ::Report end

« Next Oldest · Virus, Spyware and Trojan Removal · Next Newest »

2 Pages

1 2 >

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Topic Title	Replies / Views	Topic Information
Virus, Spyware and Trojan Removal Trojan Detected...Can't Remove, Please Help! [RESOLVED]	6 / 550	20th August 2006 - 07:57 PM lildeb started - last by Jag11
Virus, Spyware and Trojan Removal Please Help! [RESOLVED]	7 / 417	30th August 2006 - 01:01 PM Lynne25 started - last by Crustyoldbloke
Virus, Spyware and Trojan Removal please help! [RESOLVED]	6 / 297	12th September 2006 - 02:13 AM luke1 started - last by Crustyoldbloke
Virus, Spyware and Trojan Removal trojanSPM/LX WinAntiVirus pop ups - PLEASE HELP! [RESOLVED]	10 / 864	14th October 2006 - 02:30 AM jeff46 started - last by Crustyoldbloke
Virus, Spyware and Trojan Removal I got something. Please Help! [RESOLVED]	11 / 418	8th October 2006 - 06:09 PM frantinadule started - last by cfa-ddg2