[Greg M]

Logfile of HijackThis v1.99.1
Scan saved at 6:46:35 AM, on 7/25/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Intel\Intel® Active Monitor\imonnt.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Intel\Intel® Active Monitor\imontray.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Logitech\G-series Software\LGDCore.exe
C:\Program Files\Logitech\G-series Software\LCDMon.exe
C:\WINDOWS\system32\bdpn.exe
C:\Program Files\ipwins\ipwins.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Common Files\{F82E3AF6-0960-1033-0920-020202070001}\Update.exe
C:\Program Files\Logitech\G-series Software\SDK\G15NetSpeed.exe
C:\DOCUME~1\Rage\MYDOCU~1\SEMBLY~1\MCONFI~1.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\TClock\TClock.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktopMail.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Gaim\gaim.exe
C:\Documents and Settings\Rage\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://finance.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.games-fusion.net
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll
O2 - BHO: Yvakt Class - {00172AD1-F4BD-48C0-AEB5-A4CFE4638393} - C:\WINDOWS\system32\v199.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {23FB5ADD-DA37-4a40-9FC0-B0E2384CDE92} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Related Page - {9A9C9B69-F908-4AAB-8D0C-10EA8997F37E} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: (no name) - {E5E2A3E7-00FE-4D31-A030-A10799DDCA66} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: (no name) - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - (no file)
O4 - HKLM\..\Run: [IMONTRAY] C:\Program Files\Intel\Intel® Active Monitor\imontray.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\G-series Software\LCDMon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [kSPYv] "C:\WINDOWS\system32\bdpn.exe"
O4 - HKLM\..\Run: [SystemDoctor 2006 Free] C:\Program Files\SystemDoctor 2006 Free\sd2006.exe -scan
O4 - HKLM\..\Run: [IpWins] C:\Program Files\ipwins\ipwins.exe
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKCU\..\Run: [Hoos] "C:\Program Files\eaci\siba.exe" -vt yazb
O4 - HKCU\..\Run: [Zsv] C:\DOCUME~1\Rage\MYDOCU~1\SEMBLY~1\MCONFI~1.EXE
O4 - HKCU\..\Run: [TClock.exe] C:\Program Files\TClock\tclock_install.exe
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - Global Startup: Greg_startup.bat
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar3.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar3.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar3.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar3.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar3.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar3.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} - http://www.systemdoc...FreeInstall.cab
O16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} - http://cabs.elitemed...s/mediaview.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - mk:@MSITStore:C:\DOCUME~1\Rage\LOCALS~1\Temp\winfix.chm::/SystemDoctor2006FreeInstall.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{68D76D08-F776-468D-927B-4F04A45B2E73}: NameServer = 192.168.1.1
O18 - Filter: text/html - {0F9A5F09-3BFD-40D3-85FE-36227430A374} - C:\WINDOWS\system32\v199.dll
O20 - AppInit_DLLs: repairs303169590.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: Intel® Active Monitor (imonNT) - Intel Corp. - C:\Program Files\Intel\Intel® Active Monitor\imonnt.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe

[Advertisements]

Hello Greg and welcome to Geeks to Go

As an introduction, please note that I am not Superhuman, I do not know everything, but what I do know has taken me years to learn. I am happy to pass on this information to you, but please bear in mind that I am also fallible.

Please note that you should have Administrator rights to perform the fixes. Also note that multiple identity PC’s (family PC’s) present a different problem; please tell me if your PC has more than one individual’s setting, but continue with the fix.

Before we get underway, you may wish to print these instructions for easy reference during the fix, although please be aware that many of the required URLs are hyperlinks in the red names shown on your screen. Part of the fix may require you to be in Safe Mode, which will not allow you to access the internet, or my instructions!

You have quite a mixture of malware and Trojans. Let’s see what we can do.

Look in your Control Panel’s Add/Remove Programs for PuritySCAN By OIN, OuterInfo, OIN or similar , click on it and click remove.

Reboot and delete this folder if found: C:\Program Files\PurityScan\

If it is not listed, download and run this uninstaller: outerinfo.com/OiUninstaller.exe

Tutorial for the uninstaller if needed

Please download the following programmes, we will run them later. Please save them to a place that you will remember, I suggest the Desktop:

Killbox by Option^Explicit
CCleaner
Ewido Anti Spyware
combofix.exe

Double click combofix.exe & follow the prompts.

When it has finished, it will produce a log. Please post that log in your next reply.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Right click on this link Del 015 Domains.inf and choose Save (link) As. Save it to your desktop. Right click on that file and choose Install. It will run immediately (you won't be able to see anything happen). You may delete it afterwards

Please install, and update Ewido anti-spyware

• Load Ewido and then click the Update tab at the top. Under Manual Update click Start update.
  
• After the update finishes (the status bar at the bottom will display "Update successful")
  
• Please select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  
• Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  
• Under "Reports"
• Select "Automatically generate report after every scan"
• Deselect "Only if threats were found"
• Close Ewido. Do not run it yet.

Next, please reboot your computer in Safe Mode by doing the following:

• Restart your computer
• After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
• Instead of Windows loading as normal, a menu should appear
• Select the first option, to run Windows in Safe Mode.

For additional help in booting into Safe Mode, see the following site:

Safe Mode

• In Safe Mode, load Ewido and click on the Scanner tab at the top and then click on Complete System Scan. This scan can take quite a while to run, so be patient.
  
• Ewido will list any infections found on the left hand side. When the scan has finished, it will automatically set the recommended action. Click the Apply all actions button. Ewido will display "All actions have been applied" on the right hand side.
  
• Click on "Save Report", then "Save Report As". This will create a text file. Make sure you know where to find this file again (I suggest the Desktop).
  
• Please ensure you post that log in your reply.

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll
O2 - BHO: Yvakt Class - {00172AD1-F4BD-48C0-AEB5-A4CFE4638393} - C:\WINDOWS\system32\v199.dll
O2 - BHO: (no name) - {23FB5ADD-DA37-4a40-9FC0-B0E2384CDE92} - (no file)
O2 - BHO: Related Page - {9A9C9B69-F908-4AAB-8D0C-10EA8997F37E} - (no file)
O2 - BHO: (no name) - {E5E2A3E7-00FE-4D31-A030-A10799DDCA66} - (no file)
O3 - Toolbar: (no name) - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - (no file)
O4 - HKLM\..\Run: [kSPYv] "C:\WINDOWS\system32\bdpn.exe"
O4 - HKLM\..\Run: [SystemDoctor 2006 Free] C:\Program Files\SystemDoctor 2006 Free\sd2006.exe -scan
O4 - HKLM\..\Run: [IpWins] C:\Program Files\ipwins\ipwins.exe
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKCU\..\Run: [Hoos] "C:\Program Files\eaci\siba.exe" -vt yazb
O4 - HKCU\..\Run: [Zsv] C:\DOCUME~1\Rage\MYDOCU~1\SEMBLY~1\MCONFI~1.EXE
O4 - HKCU\..\Run: [TClock.exe] C:\Program Files\TClock\tclock_install.exe
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} - http://www.systemdoc...FreeInstall.cab
O16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} - http://cabs.elitemed...s/mediaview.cab
O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - mk:@MSITStore:C:\DOCUME~1\Rage\LOCALS~1\Temp\winfix.chm::/SystemDoctor2006FreeInstall.cab
O18 - Filter: text/html - {0F9A5F09-3BFD-40D3-85FE-36227430A374} - C:\WINDOWS\system32\v199.dll
O20 - AppInit_DLLs: repairs303169590.dll

Now close all windows other than HiJackThis, then click Fix Checked.

Please now reboot into normal mode.

Please install Killbox by Option^Explicit.

• Please double-click Killbox.exe to run it.
• Select Delete on Reboot
• then Click on the All Files button.
• Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

C:\WINDOWS\system32\bdpn.exe
C:\Program Files\ipwins\ipwins.exe
C:\Program Files\Common Files\{F82E3AF6-0960-1033-0920-020202070001}\Update.exe
C:\DOCUME~1\Rage\MYDOCU~1\SEMBLY~1\MCONFI~1.EXE
C:\Program Files\TClock\TClock.exe
C:\Program Files\SurfSideKick 3\SskBho.dll
C:\WINDOWS\system32\v199.dll
C:\Program Files\SystemDoctor 2006 Free\sd2006.exe
C:\Program Files\SurfSideKick 3\Ssk.exe
C:\Program Files\eaci\siba.exe
C:\Program Files\TClock\tclock_install.exe
C:\DOCUME~1\Rage\LOCALS~1\Temp\winfix.chm::/SystemDoctor2006FreeInstall.cab
C:\WINDOWS\system32\repairs303169590.dll

• Return to Killbox, go to the File menu, and choose Paste from Clipboard.
  
• Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).

If your computer does not restart automatically, please restart it manually.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click here to download and run missingfilesetup.exe. Then try Killbox again.

There is almost certainly bound to be some junk (leftover bits and pieces) on your system that is doing nothing but taking up space. I would recommend that you run CCleaner. Install it, check the default setting in the left-hand pane, ensure you uncheck old prefetch data found under the system tab, and under the heading of Utilities uncheck Ewido Security Suite log then click Analyze> Run Cleaner. You may be fairly surprised by how much it finds. Also click Issues then Scan for issues – fix selected issues

Post back a fresh HijackThis log (from normal mode) and I will take another look. (3 Logs in total please).

[Crustyoldbloke]

Hello Greg and welcome to Geeks to Go

As an introduction, please note that I am not Superhuman, I do not know everything, but what I do know has taken me years to learn. I am happy to pass on this information to you, but please bear in mind that I am also fallible.

Please note that you should have Administrator rights to perform the fixes. Also note that multiple identity PC’s (family PC’s) present a different problem; please tell me if your PC has more than one individual’s setting, but continue with the fix.

Before we get underway, you may wish to print these instructions for easy reference during the fix, although please be aware that many of the required URLs are hyperlinks in the red names shown on your screen. Part of the fix may require you to be in Safe Mode, which will not allow you to access the internet, or my instructions!

You have quite a mixture of malware and Trojans. Let’s see what we can do.

Look in your Control Panel’s Add/Remove Programs for PuritySCAN By OIN, OuterInfo, OIN or similar , click on it and click remove.

Reboot and delete this folder if found: C:\Program Files\PurityScan\

If it is not listed, download and run this uninstaller: outerinfo.com/OiUninstaller.exe

Tutorial for the uninstaller if needed

Please download the following programmes, we will run them later. Please save them to a place that you will remember, I suggest the Desktop:

Killbox by Option^Explicit
CCleaner
Ewido Anti Spyware
combofix.exe

Double click combofix.exe & follow the prompts.

When it has finished, it will produce a log. Please post that log in your next reply.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Right click on this link Del 015 Domains.inf and choose Save (link) As. Save it to your desktop. Right click on that file and choose Install. It will run immediately (you won't be able to see anything happen). You may delete it afterwards

Please install, and update Ewido anti-spyware

• Load Ewido and then click the Update tab at the top. Under Manual Update click Start update.
  
• After the update finishes (the status bar at the bottom will display "Update successful")
  
• Please select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  
• Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  
• Under "Reports"
• Select "Automatically generate report after every scan"
• Deselect "Only if threats were found"
• Close Ewido. Do not run it yet.

Next, please reboot your computer in Safe Mode by doing the following:

• Restart your computer
• After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
• Instead of Windows loading as normal, a menu should appear
• Select the first option, to run Windows in Safe Mode.

For additional help in booting into Safe Mode, see the following site:

Safe Mode

• In Safe Mode, load Ewido and click on the Scanner tab at the top and then click on Complete System Scan. This scan can take quite a while to run, so be patient.
  
• Ewido will list any infections found on the left hand side. When the scan has finished, it will automatically set the recommended action. Click the Apply all actions button. Ewido will display "All actions have been applied" on the right hand side.
  
• Click on "Save Report", then "Save Report As". This will create a text file. Make sure you know where to find this file again (I suggest the Desktop).
  
• Please ensure you post that log in your reply.

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll
O2 - BHO: Yvakt Class - {00172AD1-F4BD-48C0-AEB5-A4CFE4638393} - C:\WINDOWS\system32\v199.dll
O2 - BHO: (no name) - {23FB5ADD-DA37-4a40-9FC0-B0E2384CDE92} - (no file)
O2 - BHO: Related Page - {9A9C9B69-F908-4AAB-8D0C-10EA8997F37E} - (no file)
O2 - BHO: (no name) - {E5E2A3E7-00FE-4D31-A030-A10799DDCA66} - (no file)
O3 - Toolbar: (no name) - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - (no file)
O4 - HKLM\..\Run: [kSPYv] "C:\WINDOWS\system32\bdpn.exe"
O4 - HKLM\..\Run: [SystemDoctor 2006 Free] C:\Program Files\SystemDoctor 2006 Free\sd2006.exe -scan
O4 - HKLM\..\Run: [IpWins] C:\Program Files\ipwins\ipwins.exe
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKCU\..\Run: [Hoos] "C:\Program Files\eaci\siba.exe" -vt yazb
O4 - HKCU\..\Run: [Zsv] C:\DOCUME~1\Rage\MYDOCU~1\SEMBLY~1\MCONFI~1.EXE
O4 - HKCU\..\Run: [TClock.exe] C:\Program Files\TClock\tclock_install.exe
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} - http://www.systemdoc...FreeInstall.cab
O16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} - http://cabs.elitemed...s/mediaview.cab
O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - mk:@MSITStore:C:\DOCUME~1\Rage\LOCALS~1\Temp\winfix.chm::/SystemDoctor2006FreeInstall.cab
O18 - Filter: text/html - {0F9A5F09-3BFD-40D3-85FE-36227430A374} - C:\WINDOWS\system32\v199.dll
O20 - AppInit_DLLs: repairs303169590.dll

Now close all windows other than HiJackThis, then click Fix Checked.

Please now reboot into normal mode.

Please install Killbox by Option^Explicit.

• Please double-click Killbox.exe to run it.
• Select Delete on Reboot
• then Click on the All Files button.
• Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

C:\WINDOWS\system32\bdpn.exe
C:\Program Files\ipwins\ipwins.exe
C:\Program Files\Common Files\{F82E3AF6-0960-1033-0920-020202070001}\Update.exe
C:\DOCUME~1\Rage\MYDOCU~1\SEMBLY~1\MCONFI~1.EXE
C:\Program Files\TClock\TClock.exe
C:\Program Files\SurfSideKick 3\SskBho.dll
C:\WINDOWS\system32\v199.dll
C:\Program Files\SystemDoctor 2006 Free\sd2006.exe
C:\Program Files\SurfSideKick 3\Ssk.exe
C:\Program Files\eaci\siba.exe
C:\Program Files\TClock\tclock_install.exe
C:\DOCUME~1\Rage\LOCALS~1\Temp\winfix.chm::/SystemDoctor2006FreeInstall.cab
C:\WINDOWS\system32\repairs303169590.dll

• Return to Killbox, go to the File menu, and choose Paste from Clipboard.
  
• Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).

If your computer does not restart automatically, please restart it manually.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click here to download and run missingfilesetup.exe. Then try Killbox again.

There is almost certainly bound to be some junk (leftover bits and pieces) on your system that is doing nothing but taking up space. I would recommend that you run CCleaner. Install it, check the default setting in the left-hand pane, ensure you uncheck old prefetch data found under the system tab, and under the heading of Utilities uncheck Ewido Security Suite log then click Analyze> Run Cleaner. You may be fairly surprised by how much it finds. Also click Issues then Scan for issues – fix selected issues

Post back a fresh HijackThis log (from normal mode) and I will take another look. (3 Logs in total please).

[Greg M]

Combofix log:
Start Time= Tue 07/25/2006 17:45:17.89
Running from: C:\Documents and Settings\Rage\Desktop

(((((((((((((((((((((((((((((((((((((((((((((((( Ssk's Log )))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\repairs303169590.dll
C:\Documents and Settings\Rage\Application Data\Sskcwrd.dll
C:\Documents and Settings\Rage\Application Data\Sskdmns.dll
C:\Documents and Settings\Rage\Application Data\Sskknwrd.dll
C:\Documents and Settings\Rage\Application Data\Sskuknwrd.dll
C:\Documents and Settings\Rage\Local Settings\Temporary Internet Files\Ssk.log
C:\WINDOWS\Prefetch\SSK.EXE-02BBBF01.pf


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



17:50:44.26
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-07-24 09:41:10 ( .D... ) "C:\Program Files\TClock"
2006-07-24 07:14:28 ( .D... ) "C:\Documents and Settings\Rage\Application Data\SystemDoctor 2006 Free"
2006-07-24 07:06:58 0 ( A.... ) "C:\Documents and Settings\Rage\Application Data\internaldb41.dat"
2006-07-24 07:04:32 236818 ( A.... ) "C:\Program Files\Common Files\EliteMediaGroupOinUninstaller.exe"
2006-07-24 07:04:30 81920 ( A.... ) "C:\WINDOWS\system32\csrss.dll"
2006-07-24 07:04:22 129649 ( A.... ) "C:\WINDOWS\elpp100drop.exe"
2006-07-24 07:04:22 30208 ( A.... ) "C:\WINDOWS\ss1205.exe"
2006-07-24 07:04:20 32768 ( A.... ) "C:\WINDOWS\unstall.exe"
2006-07-24 07:04:20 ( .D... ) "C:\Program Files\eaci"
2006-07-24 07:04:12 359634 ( A.... ) "C:\WINDOWS\media_motor_bundle.exe"
2006-07-24 07:04:06 226536 ( A.... ) "C:\WINDOWS\whCC-GIANT.exe"
2006-07-24 07:03:50 208896 ( A.... ) "C:\WINDOWS\system32\v199.dll"
2006-07-24 07:03:50 28672 ( A.... ) "C:\WINDOWS\system32\hvzead7v.exe"
2006-07-24 07:03:48 380928 ( A.... ) "C:\WINDOWS\system32\WinNB58.dll"
2006-07-24 07:03:42 102400 ( A.... ) "C:\WINDOWS\mirar.exe"
2006-07-24 07:03:34 8491 ( A.... ) "C:\WINDOWS\thiselt.exe"
2006-07-24 06:59:30 ( .D... ) "C:\Program Files\Common Files\{F82E3AF6-0960-1033-0920-020202070001}"
2006-07-04 12:38:16 98304 ( A.... ) "C:\WINDOWS\W2BNEUnin.exe"
2006-06-21 17:38:40 235228 ( A.... ) "C:\WINDOWS\system32\icon_mediamotor.exe"
2006-06-21 17:38:16 115239 ( A.... ) "C:\WINDOWS\system32\ts_mediamotor.exe"
2006-05-31 20:09:08 ( .D... ) "C:\Program Files\SereneScreen"
2006-05-25 01:22:06 53248 ( A.... ) "C:\WINDOWS\bdoscandel.exe"
2006-05-14 19:25:48 286720 ( ..... ) "C:\WINDOWS\Setup1.exe"
2006-05-07 13:26:58 154112 ( A.... ) "C:\WINDOWS\system32\dxr.dll"
2006-05-07 13:26:38 83456 ( A.... ) "C:\WINDOWS\system32\dsmux.exe"
2006-05-07 13:24:54 99840 ( A.... ) "C:\WINDOWS\system32\mkx.dll"
2006-05-07 13:24:42 51200 ( A.... ) "C:\WINDOWS\system32\avi.dll"
2006-05-07 13:24:30 61440 ( A.... ) "C:\WINDOWS\system32\mmfinfo.dll"
2006-05-07 13:24:16 65536 ( A.... ) "C:\WINDOWS\system32\mp4.dll"
2006-05-07 13:24:04 57856 ( A.... ) "C:\WINDOWS\system32\ogm.dll"
2006-05-07 13:23:46 45568 ( A.... ) "C:\WINDOWS\system32\mkzlib.dll"
2006-05-07 13:23:42 23552 ( A.... ) "C:\WINDOWS\system32\mkunicode.dll"


(((((((((((((((((((((((((((((((((((((( Files Created - Last 30days )))))))))))))))))))))))))))))))))))))))))))


2006-07-24 21:53 1,072,549,888 C:\hiberfil.sys
2006-07-24 07:04 89,088 C:\WINDOWS\system32\atl71.dll
2006-07-24 07:04 81,920 C:\WINDOWS\system32\csrss.dll
2006-07-24 07:04 499,712 C:\WINDOWS\system32\msvcp71.dll
2006-07-24 07:04 30,208 C:\WINDOWS\ss1205.exe
2006-07-24 07:04 129,649 C:\WINDOWS\elpp100drop.exe
2006-07-24 07:04 1,060,864 C:\WINDOWS\system32\mfc71.dll
2006-07-24 07:03 8,491 C:\WINDOWS\thiselt.exe
2006-07-24 07:03 380,928 C:\WINDOWS\system32\WinNB58.dll
2006-07-24 07:03 359,634 C:\WINDOWS\media_motor_bundle.exe
2006-07-24 07:03 32,768 C:\WINDOWS\unstall.exe
2006-07-24 07:03 28,672 C:\WINDOWS\system32\hvzead7v.exe
2006-07-24 07:03 226,536 C:\WINDOWS\whCC-GIANT.exe
2006-07-24 07:03 208,896 C:\WINDOWS\system32\v199.dll
2006-07-24 07:03 102,400 C:\WINDOWS\mirar.exe
2006-07-04 12:38 98,304 C:\WINDOWS\W2BNEUnin.exe
2006-06-21 17:38 235,228 C:\WINDOWS\system32\icon_mediamotor.exe
2006-06-21 17:38 115,239 C:\WINDOWS\system32\ts_mediamotor.exe


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"IMONTRAY"="C:\\Program Files\\Intel\\Intel® Active Monitor\\imontray.exe"
"ShStatEXE"="\"C:\\Program Files\\Network Associates\\VirusScan\\SHSTAT.EXE\" /STANDALONE"
"McAfeeUpdaterUI"="\"C:\\Program Files\\Network Associates\\Common Framework\\UpdaterUI.exe\" /StartedFromRunKey"
"Google Desktop Search"="\"C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe\" /startup"
"ATICCC"="\"C:\\Program Files\\ATI Technologies\\ATI.ACE\\cli.exe\" runtime -Delay"
@=""
"Launch LGDCore"="\"C:\\Program Files\\Logitech\\G-series Software\\LGDCore.exe\" /SHOWHIDE"
"Launch LCDMon"="\"C:\\Program Files\\Logitech\\G-series Software\\LCDMon.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"SystemDoctor 2006 Free"="C:\\Program Files\\SystemDoctor 2006 Free\\sd2006.exe -scan"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"TClock.exe"="C:\\Program Files\\TClock\\tclock_install.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"dj8BT0wp"="\"C:\\WINDOWS\\system32\\hvzead7v.exe\" -Yli9"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonceex]
"flags"=dword:00000008

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonceex\000]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]
"{F82E3AF6-0960-1033-0920-020202070001}"="\"C:\\Program Files\\Common Files\\{F82E3AF6-0960-1033-0920-020202070001}\\Update.exe\" mc-110-12-0000103"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,96,00,00,00,00,00,00,00,6a,04,00,00,c4,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,c4,02,\
00,00,04,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,c4,02,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Color Calibration.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Color Calibration.lnk"
"backup"="C:\\WINDOWS\\pss\\Color Calibration.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\SEC\\MAGICT~1.6_C\\GAMMAT~1.EXE "
"item"="Color Calibration"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MagicTune3.6.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\MagicTune3.6.lnk"
"backup"="C:\\WINDOWS\\pss\\MagicTune3.6.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\SEC\\MAGICT~1.6_C\\MAGICT~2.EXE "
"item"="MagicTune3.6"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Pinnacle Scheduler.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Pinnacle Scheduler.lnk"
"backup"="C:\\WINDOWS\\pss\\Pinnacle Scheduler.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Pinnacle\\SHARED~1\\Programs\\SCHEDU~1\\PCLESC~1.EXE "
"item"="Pinnacle Scheduler"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AceGain LiveUpdate]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="LiveUpdate"
"hkey"="HKLM"
"command"="C:\\Program Files\\Otsego\\LiveUpdate.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="aim"
"hkey"="HKCU"
"command"="C:\\PROGRA~1\\AIM\\aim.exe -cnetwait.odl"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CXMon]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Hpi_Monitor"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Hewlett-Packard\\PhotoSmart\\Photo Imaging\\Hpi_Monitor.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="daemon"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\D-Tools\\daemon.exe\" -lang 1033 -noicon"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Jet Detection]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ADGJDet"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Creative\\SBLive\\PROGRAM\\ADGJDet.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msnmsgr"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Ghost 9.0]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="GhostTray"
"hkey"="HKLM"
"command"="C:\\Program Files\\Symantec\\Norton Ghost\\Agent\\GhostTray.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NvCpl"
"hkey"="HKLM"
"command"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NvMcTray"
"hkey"="HKLM"
"command"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="nwiz"
"hkey"="HKLM"
"command"="nwiz.exe /install"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PDVDServ"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="hpgs2wnd"
"hkey"="HKLM"
"command"="C:\\Program Files\\Hewlett-Packard\\PhotoSmart\\HP Share-to-Web\\hpgs2wnd.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="C:\\Program Files\\Java\\jre1.5.0_01\\bin\\jusched.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="evntsvc"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\Real\\Update_OB\\evntsvc.exe -osboot"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPP Auto Loader]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="TPPALDR"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\TPPALDR.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="UpdReg"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\UpdReg.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WINDVDPatch]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CTHELPER"
"hkey"="HKLM"
"command"="CTHELPER.EXE"
"inimapping"="0"

Contents of the 'Scheduled Tasks' folder
Completion time: Tue 07/25/2006 17:50:55.25
ComboFix ver 06.07.15 - This logfile is located at C:\ComboFix.txt


Ewido Report:
---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 7:10:42 PM 7/25/2006

+ Scan result:



G:\Backup\My Documents\ZangoMessenger.exe -> Adware.180Solutions : Cleaned with backup (quarantined).
G:\Backup\Programs\ZangoMessenger.exe -> Adware.180Solutions : Cleaned with backup (quarantined).
C:\WINDOWS\system32\nseF5.dll -> Adware.Ezula : Cleaned with backup (quarantined).
C:\QUARANTINE\mmxsnet.exe.Vir -> Adware.MediaMotor : Cleaned with backup (quarantined).
C:\QUARANTINE\mmxsnet[1].exe.Vir -> Adware.MediaMotor : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\amm06.ocx -> Adware.MediaMotor : Cleaned with backup (quarantined).
C:\WINDOWS\unstall.exe -> Adware.MediaMotor : Cleaned with backup (quarantined).
C:\WINDOWS\system32\WinNB58.dll -> Adware.Mirar : Cleaned with backup (quarantined).
C:\WINDOWS\mirar.exe -> Adware.NetNucleus : Cleaned with backup (quarantined).
C:\WINDOWS\system32\csrss.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Clickspring -> Adware.PurityScan : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\SystemDoctor 2006 Free -> Adware.SystemDoctor2006 : Cleaned with backup (quarantined).
C:\WINDOWS\webhdll.dll_tobedeleted -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\WINDOWS\whCC-GIANT.exe/WhAgent.exe -> Adware.WebHancer : Error during cleaning.
C:\WINDOWS\Downloaded Program Files\3138302D2D2D.exe -> Downloader.Adload.ai : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\3138302D2D2D.exe -> Downloader.Adload.ai : Cleaned with backup (quarantined).
C:\WINDOWS\ss1205.exe -> Dropper.Small.qn : Cleaned with backup (quarantined).
E:\Greg\Hacker\hacker\SC-KeyLog2.exe -> Logger.SCKeyLog.20 : Cleaned with backup (quarantined).
E:\Programs\Prank_progz\pranks\fakefmt.zip/fakefmt.exe -> Not-A-Virus.BadJoke.Win32.FakeFormat.105 : Error during cleaning.
E:\Programs\AIM_files\AIM Files.rar/AIM Files\Other Aim Progs\Buddy Kill 2.4\BuddyKill.zip/Buddy Kill/BuddyKill.exe -> Not-A-Virus.DoS.Win32.BKill.b : Error during cleaning.
C:\WINDOWS\Downloaded Program Files\USDR6_0001_D08M0404NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.l : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\USDR6_0001_D17M1107NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.l : Cleaned with backup (quarantined).
E:\Greg\Hacker\old_stuff_11_7_03\aenima.zip/testserv.exe -> Not-A-Virus.EmailFlooder.Win32.Aenima.20 : Error during cleaning.
E:\Greg\Hacker\hacker\Utilities\X-Scan-v2.3-en.zip/dat/cgi.lst -> Not-A-Virus.Exploit.IIS.WebDir : Error during cleaning.
E:\Programs\AIM_files\AIM Files.rar/AIM Files\Other Aim Progs\Aim Amp\AimAmp.zip/AimAmp/aimamp.exe -> Not-A-Virus.Flooder.Win32.VB.aq : Error during cleaning.
E:\Programs\AIM_files\tools\AimAmp.zip/AimAmp/aimamp.exe -> Not-A-Virus.Flooder.Win32.VB.aq : Error during cleaning.
E:\Programs\AIM_files\AIM Files.rar/AIM Files\Other Aim Progs\Chat Spam\chatspam.zip/chatspam/chatspam.exe -> Not-A-Virus.Flooder.Win32.VB.au : Error during cleaning.
E:\Greg\Hacker\hacker\Utilities\X-Scan-v2.3-en.zip/Xscan.exe -> Not-A-Virus.HackTool.Win32.XScan.23 : Error during cleaning.
E:\Greg\Hacker\hacker\Utilities\X-Scan-v2.3-en.zip/xscan_gui.exe -> Not-A-Virus.HackTool.Win32.XScan.23 : Error during cleaning.
E:\Greg\Hacker\hacker\X-Scan\Xscan.exe -> Not-A-Virus.HackTool.Win32.XScan.23 : Cleaned with backup (quarantined).
E:\Greg\Hacker\hacker\X-Scan\xscan_gui.exe -> Not-A-Virus.HackTool.Win32.XScan.23 : Cleaned with backup (quarantined).
E:\Programs\AIM_files\AIM Files.rar/AIM Files\Other Aim Progs\Evil Intentions 2\EvilIntentions2.zip/aimocx.ocx -> Not-A-Virus.IMFlooder.Win32.QuietStorm : Error during cleaning.
E:\Programs\AIM_files\tools\EvilIntentions2.zip/aimocx.ocx -> Not-A-Virus.IMFlooder.Win32.QuietStorm : Error during cleaning.
E:\Greg\Hacker\old_stuff_11_7_03\watchkeystrokes.zip/Vprotkkd._vx -> Not-A-Virus.Monitor.Win32.KeyKey.121 : Error during cleaning.
E:\Greg\Hacker\old_stuff_11_7_03\watchkeystrokes.zip/slman._ex -> Not-A-Virus.Monitor.Win32.KeyKey.121 : Error during cleaning.
E:\Greg\Hacker\old_stuff_11_7_03\watchkeystrokes.zip/Vkeykeyd._vx -> Not-A-Virus.Monitor.Win32.KeyKey.122 : Error during cleaning.
E:\Greg\Hacker\old_stuff_11_7_03\watchkeystrokes.zip/kkmon._ex -> Not-A-Virus.Monitor.Win32.KeyKey.122 : Error during cleaning.
E:\Greg\Hacker\old_stuff_11_7_03\wgatescan-22.zip/wGateScan-2_2.exe -> Not-A-Virus.NetTool.Win32.WinGateScan.22 : Error during cleaning.
E:\Programs\VNC\vncviewer\vncviewer.exe -> Not-A-Virus.RemoteAdmin.Win32.WinVNC.333 : Cleaned with backup (quarantined).
C:\Documents and Settings\Rage\Cookies\rage@247realmedia[1].txt -> TrackingCookie.247realmedia : Cleaned with backup (quarantined).
:mozilla.6:C:\Documents and Settings\Rage\Application Data\Mozilla\Profiles\default\of2h70wj.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.7:C:\Documents and Settings\Rage\Application Data\Mozilla\Profiles\default\of2h70wj.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Rage\Cookies\rage@2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Rage\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Rage\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Rage\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Rage\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Rage\Cookies\rage@adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
C:\Documents and Settings\Rage\Cookies\[email protected][1].txt -> TrackingCookie.Addynamix : Cleaned with backup (quarantined).
C:\Documents and Settings\Rage\Cookies\[email protected][1].txt -> TrackingCookie.Adjuggler : Cleaned with backup (quarantined).
C:\Documents and Settings\Rage\Cookies\rage@adrevolver[2].txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
C:\Documents and Settings\Rage\Cookies\[email protected][1].txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
C:\Documents and Settings\Rage\Cookies\[email protected][1].txt -> TrackingCookie.Adserver : Cleaned with backup (quarantined).
:mozilla.15:C:\Documents and Settings\Rage\Application Data\Mozilla\Firefox\Profiles\9zazwsaa.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.17:C:\Documents and Settings\Rage\Application Data\Mozilla\Firefox\Profiles\9zazwsaa.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.18:C:\Documents and Settings\Rage\Application Data\Mozilla\Firefox\Profiles\9zazwsaa.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.21:C:\Documents and Settings\Rage\Application Data\Mozilla\Firefox\Profiles\9zazwsaa.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.24:C:\Documents and Settings\Rage\Application Data\Mozilla\Firefox\Profiles\9zazwsaa.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
C:\Documents and Settings\Rage\Cookies\rage@bluestreak[2].txt -> TrackingCookie.Bluestreak : Cleaned with backup (quarantined).
C:\Documents and Settings\Rage\Cookies\[email protected][2].txt -> TrackingCookie.Bridgetrack : Cleaned with backup (quarantined).
C:\Documents and Settings\Rage\Cookies\[email protected][1].txt -> TrackingCookie.Burstbeacon : Cleaned with backup (quarantined).
C:\Documents and Settings\Rage\Cookies\rage@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
:mozilla.39:C:\Documents and Settings\Rage\Application Data\Mozilla\Firefox\Profiles\9zazwsaa.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.40:C:\Documents and Settings\Rage\Application Data\Mozilla\Firefox\Profiles\9zazwsaa.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.41:C:\Documents and Settings\Rage\Application Data\Mozilla\Firefox\Profiles\9zazwsaa.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.42:C:\Documents and Settings\Rage\Application Data\Mozilla\Firefox\Profiles\9zazwsaa.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
C:\Documents and Settings\Rage\Cookies\rage@com[1].txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
C:\Documents and Settings\Rage\Cookies\rage@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Cleaned with backup (quarantined).
:mozilla.16:C:\Documents and Settings\Rage\Application Data\Mozilla\Firefox\Profiles\9zazwsaa.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Rage\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Rage\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Rage\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Rage\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Rage\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Rage\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Rage\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Rage\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Rage\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Rage\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Rage\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Rage\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Rage\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Rage\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Rage\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Rage\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Rage\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Rage\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Rage\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Rage\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Rage\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Rage\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Rage\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Rage\Cookies\[email protected][2].txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.56:C:\Documents and Settings\Rage\Application Data\Mozilla\Firefox\Profiles\9zazwsaa.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
:mozilla.57:C:\Documents and Settings\Rage\Application Data\Mozilla\Firefox\Profiles\9zazwsaa.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Rage\Cookies\rage@findwhat[1].txt -> TrackingCookie.Findwhat : Cleaned with backup (quarantined).
:mozilla.69:C:\Documents and Settings\Rage\Application Data\Mozilla\Firefox\Profiles\9zazwsaa.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.71:C:\Documents and Settings\Rage\Application Data\Mozilla\Firefox\Profiles\9zazwsaa.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Documents and Settings\Rage\Cookies\rage@kmpads[2].txt -> TrackingCookie.Kmpads : Cleaned with backup (quarantined).
:mozilla.58:C:\Documents and Settings\Rage\Application Data\Mozilla\Firefox\Profiles\9zazwsaa.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined).
C:\Documents and Settings\Rage\Cookies\[email protected][1].txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
C:\Documents and Settings\Rage\Cookies\[email protected][2].txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
C:\Documents and Settings\Rage\Cookies\rage@overture[2].txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
C:\Documents and Settings\Rage\Cookies\[email protected][1].txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
C:\Documents and Settings\Rage\Cookies\[email protected][1].txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
C:\Documents and Settings\Rage\Cookies\rage@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
C:\Documents and Settings\Rage\Cookies\[email protected][1].txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
C:\Documents and Settings\Rage\Cookies\rage@revenue[1].txt -> TrackingCookie.Revenue : Cleaned with backup (quarantined).
C:\Documents and Settings\Rage\Cookies\[email protected][2].txt -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).
C:\Documents and Settings\Rage\Cookies\rage@serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
C:\Documents and Settings\Rage\Cookies\[email protected][2].txt -> TrackingCookie.Specificclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Rage\Cookies\[email protected][1].txt -> TrackingCookie.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Rage\Cookies\[email protected][1].txt -> TrackingCookie.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Rage\Cookies\rage@statcounter[1].txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
C:\Documents and Settings\Rage\Cookies\[email protected][1].txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
C:\Documents and Settings\Rage\Cookies\[email protected][1].txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
C:\Documents and Settings\Rage\Cookies\rage@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
C:\Documents and Settings\Rage\Cookies\[email protected][2].txt -> TrackingCookie.Tracking101 : Cleaned with backup (quarantined).
C:\Documents and Settings\Rage\Cookies\rage@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Cleaned with backup (quarantined).
:mozilla.30:C:\Documents and Settings\Rage\Application Data\Mozilla\Firefox\Profiles\9zazwsaa.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.31:C:\Documents and Settings\Rage\Application Data\Mozilla\Firefox\Profiles\9zazwsaa.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.32:C:\Documents and Settings\Rage\Application Data\Mozilla\Firefox\Profiles\9zazwsaa.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.33:C:\Documents and Settings\Rage\Application Data\Mozilla\Firefox\Profiles\9zazwsaa.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.34:C:\Documents and Settings\Rage\Application Data\Mozilla\Firefox\Profiles\9zazwsaa.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.35:C:\Documents and Settings\Rage\Application Data\Mozilla\Firefox\Profiles\9zazwsaa.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.36:C:\Documents and Settings\Rage\Application Data\Mozilla\Firefox\Profiles\9zazwsaa.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.37:C:\Documents and Settings\Rage\Application Data\Mozilla\Firefox\Profiles\9zazwsaa.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
C:\Documents and Settings\Rage\Cookies\rage@trafficmp[1].txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.54:C:\Documents and Settings\Rage\Application Data\Mozilla\Firefox\Profiles\9zazwsaa.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
:mozilla.55:C:\Documents and Settings\Rage\Application Data\Mozilla\Firefox\Profiles\9zazwsaa.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
C:\Documents and Settings\Rage\Cookies\[email protected][2].txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
C:\Documents and Settings\Rage\Cookies\rage@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
C:\Documents and Settings\Rage\Cookies\[email protected][2].txt -> TrackingCookie.Valuead : Cleaned with backup (quarantined).
:mozilla.38:C:\Documents and Settings\Rage\Application Data\Mozilla\Firefox\Profiles\9zazwsaa.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.43:C:\Documents and Settings\Rage\Application Data\Mozilla\Firefox\Profiles\9zazwsaa.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.44:C:\Documents and Settings\Rage\Application Data\Mozilla\Firefox\Profiles\9zazwsaa.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.45:C:\Documents and Settings\Rage\Application Data\Mozilla\Firefox\Profiles\9zazwsaa.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.46:C:\Documents and Settings\Rage\Application Data\Mozilla\Firefox\Profiles\9zazwsaa.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.47:C:\Documents and Settings\Rage\Application Data\Mozilla\Firefox\Profiles\9zazwsaa.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\Documents and Settings\Rage\Cookies\[email protected][1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\Documents and Settings\Rage\Cookies\rage@yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\Documents and Settings\Rage\Cookies\rage@zedo[2].txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
E:\Greg\Text\websites\Dark Edge.zip/Dark Edge/CGI-Bin/NEW CGI SCRIPTS/gallery_maker_pro_1.5.zip/patch.exe -> Trojan.Proxcrak.A : Error during cleaning.
E:\Greg\Text\websites\Darkweb.zip/Darkweb/CGI-Bin/NEW CGI SCRIPTS/gallery_maker_pro_1.5.zip/patch.exe -> Trojan.Proxcrak.A : Error during cleaning.
::Report end




Hijack this log (after running thru everything):
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
C:\Program Files\Intel\Intel® Active Monitor\imontray.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Logitech\G-series Software\LGDCore.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Logitech\G-series Software\LCDMon.exe
C:\Program Files\Logitech\G-series Software\SDK\G15NetSpeed.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Intel® Active Monitor\imonnt.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Documents and Settings\Rage\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://finance.yahoo.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [IMONTRAY] C:\Program Files\Intel\Intel® Active Monitor\imontray.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\G-series Software\LCDMon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - Global Startup: Greg_startup.bat
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar3.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar3.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar3.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar3.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar3.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar3.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{68D76D08-F776-468D-927B-4F04A45B2E73}: NameServer = 192.168.1.1
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: Intel® Active Monitor (imonNT) - Intel Corp. - C:\Program Files\Intel\Intel® Active Monitor\imonnt.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe


Thanks for the help!!! :thumbsup:

[Greg M]

Does it look good?

[Crustyoldbloke]

Hello again

Please go to START > RUN > type in msconfig > hit ENTER > STARTUP > check ENABLE ALL > APPLY > OK > REBOOT

Please resubmit a fresh HJT log from normal mode. Please ensure that all of the log is posted including the header.

How's the PC running now?

[Greg M]

Logfile of HijackThis v1.99.1
Scan saved at 7:36:11 PM, on 7/26/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
C:\Program Files\Intel\Intel® Active Monitor\imontray.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Logitech\G-series Software\LGDCore.exe
C:\Program Files\Logitech\G-series Software\LCDMon.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Logitech\G-series Software\SDK\G15NetSpeed.exe
C:\WINDOWS\TPPALDR.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Java\jre1.5.0_01\bin\jucheck.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Intel® Active Monitor\imonnt.exe
C:\PROGRA~1\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\AIM\aim.exe
C:\Program Files\SEC\MagicTune3.6_Client_pivot\GammaTray.exe
C:\Program Files\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Documents and Settings\Rage\Desktop\PC Repair\HijackThis.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://finance.yahoo.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [IMONTRAY] C:\Program Files\Intel\Intel® Active Monitor\imontray.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\G-series Software\LCDMon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [TPP Auto Loader] C:\WINDOWS\TPPALDR.EXE
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 -noicon
O4 - HKLM\..\Run: [CXMon] "C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"
O4 - HKLM\..\Run: [AceGain LiveUpdate] C:\Program Files\Otsego\LiveUpdate.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: Color Calibration.lnk = ?
O4 - Global Startup: Greg_startup.bat
O4 - Global Startup: MagicTune3.6.lnk = ?
O4 - Global Startup: Pinnacle Scheduler.lnk = ?
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar3.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar3.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar3.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar3.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar3.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar3.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{68D76D08-F776-468D-927B-4F04A45B2E73}: NameServer = 192.168.1.1
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: Intel® Active Monitor (imonNT) - Intel Corp. - C:\Program Files\Intel\Intel® Active Monitor\imonnt.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe


The PC seems to be running better though IE is a little slow.

[Greg M]

any ideas?

[Crustyoldbloke]

Hello again Greg

Your HJT log looks good.

MSIE has always been slow, I use Firefox instead. It is much safer and quicker. http://www.mozilla.com/firefox/

Updating Java and Clearing Cache

• Go to Start > Control Panel double-click on the Java Icon (coffee cup) in the Control Panel.
• It will say "Java Plug-in" under the icon.
  Please find the update button or tab in the Java Control Panel. Update your Java then reboot.
• If you are unable to update you can manually update by going here:
  • http://www.java.com/en/download/manual.jsp
• After the reboot, go back into the Control Panel and double-click the Java Icon.
• Under Temporary Internet Files, click the Delete Files button.
• There are three options in the window to clear the cache - Leave ALL 3 CheckedDownloaded Applets
  Downloaded Applications
  Other Files
• Click OK on Delete Temporary Files Window
  Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
• Click OK to leave the Java Control Panel.

I don't need to see any logs, just confirm that all is OK and I'll give you the final instructions for cleaning restore points etc.

[Greg M]

Okay, done.

[Crustyoldbloke]

Congratulations! your new log is clean. Just a little bit more to do to prevent further infection.

Reset and Re-enable your System Restore to remove bad files that have been backed up by Windows. The files in System Restore are protected to prevent any programmes changing them. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected.)

To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.

(Windows XP)
1. Turn off System Restore.On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
2. Reboot.

3. Turn ON System Restore.On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.
I recommend going to the following link and update as recommended by Microsoft. This adds more security and extra features including a pop-up blocker for Internet Explorer. Microsoft Update

MVPS Hosts file This replaces your current HOSTS file with one that will restrict known ad sites from serving you unsolicited advertisements. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is the IP of your local computer.

SiteAdvisor download this plug-in for your browser and it will alert you of a known bad site for FREE.

Now that everything is fixed, I suggest that you consider getting these programmes to help keep the computer clean:

SPYWARE BLASTER - Blocks bad ActiveX items from installing on your computer.
WINDOWS DEFENDER - With daily updates and scans, this programme offers good security against malware.
AD-AWARE PERSONAL – A fine free malware detector and removal programme
SPYBOT S&D – Excellent free spyware detector and removal programme
GOOGLE TOOLBAR - Blocks many unwanted pop-ups in Internet Explorer.
FIREFOX - Safer alternative to the Internet Explorer web browser.
AVG ANTIVIRUS FREE EDITION - Free antivirus programme if you currently are not using one.
ZONEALARM - Free firewall programme if you currently are not using one (Windows XP has a built-in firewall).

Remember to update these frequently.

Please note that whilst there is nothing wrong in having more than one antispyware programme for “on demand” scanning, having two or more antivirus systems is not recommended as they may well cause conflicts and slowness.

You may also want to read "How did I get infected in the first place" to learn how to better secure your computer.

Be sure to keep your Windows, antispyware and antivirus updated.

It just remains for me to wish you happy safe surfing; I hope you found my advice helpful.

[Greg M]

I still have sporadic Internet connection problems, but just w/ web browsers (IE & FireFox). They work fine for a while then just stop working (Page Cannot be Displayed/Timeout), then start-up again. I really haven’t discovered any rhyme or reason. Any ideas?

Thanks for all the other help!

[Crustyoldbloke]

Hello again Greg

Could be a cache problem or a VM problem.

The pagefile.sys file is used by the virtual memory. It should be roughly 1.5 times your RAM memory.

You can set the size of the paging file in XP, if you wish. Go to Start > (Settings) > Control Panel > System > Advanced Tab > Performance Settings > Advanced Tab > Virtual Memory settings. Try cancelling it all together, rebooting and then resetting.

In MSIE go to TOOLS > INTERNET OPTIONS > GENERAL > SETTINGS > and make the amount of diskspace read 1024 MB or higher.

In FF go to TOOLS > OPTIONS > PRIVACY > CACHE > make it read 1024 MB > SETTINGS > try the settings in the screen shot.




If it is still not right, I would be inclined to post a topic in the Internet and Browsers forum.

[Crustyoldbloke]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.