[DMR5713]

Environment: I have Windows XP Professional with all critical and driver updates on a Dell Dimension 4550, 512 Mb RAM, 80 Gb hard drive. My Internet connection is through Verizon DSL, and I run Norton Internet Security (including NAV) with automatic downloading of updates.

Recently, explorer.exe has been hogging nearly all of the CPU time, making anything else run extremely slowly or sometimes not at all. Task Manager shows explorer.exe continually getting over 95% -- often 99% -- of the CPU regardless of what else is running. I can help things a little by lowering the priority of explorer.exe in Task Manager, but even then it gets nearly all the CPU time and slows the system down to a crawl.

Neither Lavasoft Ad-Aware nor Spybot Search & Destroy found anything notable -- lots of tracking cookies, all of which I removed. CWShredder found nothing (but I didn't suspect that CWS would be there.) The Trend Micro online analysis found a few more, and also found Trojan Vundo and removed it, but the problem persisted after shutting down and restarting.

Two other possibly relevant facts: (1) When I first boot up the system and log in, the problem often does not occur. But if I logoff and someone else logs in (we have the system configured for multiple users -- I'm the only with full administrative rights), that person will have the problem, and if they logoff and I login again, I will also have the problem. (2) Explorer.exe will not run in Safe Mode, although it will run in Safe Mode with Networking. If I boot into Safe Mode (without networking), the dialog box that asks if you want to run Safe Mode pops up for about a second and then disappears, leaving a blank screen (except for the Safe Mode headers and footers). The only way to run anything is to start up Task Manager (with Ctrl-Alt-Del) and then run things from there.

Here's the HijackThis log, from my user while the problem was occurring:

Logfile of HijackThis v1.99.1
Scan saved at 7:54:54 AM, on 9/19/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe
C:\Program Files\Netscape\Netscape\Netscp.exe
C:\PROGRA~1\Netscape\COMMUN~1\Program\AIM\aim.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\Common Files\AOL\1124237502\ee\AOLHostManager.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\Program Files\Common Files\AOL\1124237502\ee\AOLServiceHost.exe
C:\Program Files\Common Files\AOL\1124237502\ee\AOLServiceHost.exe
C:\Program Files\Palm\HOTSYNC.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopOE.exe
C:\Program Files\HijackThis\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.earthlink.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink...ton/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://cgi.verizon.n...=6.1&bm=ho_home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://education.dellnet.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://education.dellnet.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.earthlink...ton/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;http://localhost
R3 - URLSearchHook: (no name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
O1 - Hosts: 17.250.248.77 idisk0.mac.com idisk1.mac.com idisk2.mac.com idisk3.mac.com idisk4.mac.com idisk5.mac.com idisk6.mac.com idisk7.mac.com idisk8.mac.com idisk9.mac.com idisk10.mac.com idisk11.mac.com idisk12.mac.com idisk13.mac.com idisk14.mac.com idisk15.mac.com idisk16.mac.com idisk17.mac.com idisk18.mac.com idisk19.mac.com idisk20.mac.com idisk21.mac.com idisk22.mac.com idisk23.mac.com idisk24.mac.com idisk25.mac.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: MSEvents Object - {827DC836-DD9F-4A68-A602-5812EB50A834} - C:\WINDOWS\Fonts\msvcsvc.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [WildTangent CDA] "C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe" /startup "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0500.dll"
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1124237502\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo
O4 - HKCU\..\Run: [Desktop Weather 3] C:\PROGRA~1\THEWEA~1\The Weather Channel.exe
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\Netscape\COMMUN~1\Program\AIM\aim.exe -cnetwait.odl
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\bin\matcli.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\googletoolbar.dll/cmsearch.html
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\googletoolbar.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\googletoolbar.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\googletoolbar.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\googletoolbar.dll/cmtrans.html
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\Netscape\COMMUN~1\Program\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: ppctlcab - http://www.pestscan....er/ppctlcab.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.s...sa/LSSupCtl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1121513300578
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://www.verizon.n...tivePreQual.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.s...sa/SymAData.cab
O20 - Winlogon Notify: msvcsvc - C:\WINDOWS\Fonts\msvcsvc.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

[Advertisements]

Hi and welcome to GeeksToGo! My name is Sam and I will be helping you.

You still have a Vundo infection. Trend Micro can't remove it. If you still need help with this problem please post a new hijackthis log.

[Buckeye_Sam]

Hi and welcome to GeeksToGo! My name is Sam and I will be helping you.

You still have a Vundo infection. Trend Micro can't remove it. If you still need help with this problem please post a new hijackthis log.

[DMR5713]

Thanks & sorry to have taken so long to continue this. It seems like it may be Virtumonde, not Vundo, but whichever it is, it is stubborn. I tried running Symantec's FixVundo and FxVMonde (in that order, as Symantec recommends) and neither one of them found anything. But when I forced Norton AV to scan the file C:\Windows\Fonts\msvcsvc.dll (which seems like the culprit, or part of the culprit), NAV reported that the file is an instance of VirtuMonde.

I then tried Ewido, which keeps popping up reporting that same file and claiming to clean it. When I ran a full Ewido scan, it again found the same file (along with a bunch of tracking cookies that it got rid of, plus some stuff from WildTangent that I will probably restore because my son has one of their games on the machine and he'll be upset if it doesn't work ), but it has not successfully removed it.

Here are the Ewido log and (after that) the HijackThis log. Note that Ewido generated two files, one of which is the log file below and the other of which is a file called logfile.txt that has the line

RegQueryValueEx failed, Value: 00000002

repeated many times.

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 9:26:02 PM, 9/27/2005
+ Report-Checksum: 10E1AFD3

+ Scan result:

:mozilla.6:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\DMRosenblum\lqyh9kh2.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.7:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\DMRosenblum\lqyh9kh2.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.15:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\DMRosenblum\lqyh9kh2.slt\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.16:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\DMRosenblum\lqyh9kh2.slt\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.21:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\DMRosenblum\lqyh9kh2.slt\cookies.txt -> Spyware.Cookie.Qksrv : Cleaned with backup
C:\Documents and Settings\All Users\Documents\APTIVA\WINDOWS\Cookies\[email protected][1].txt -> Spyware.Cookie.Cqcounter : Cleaned with backup
C:\Documents and Settings\All Users\Documents\APTIVA\WINDOWS\Temporary Internet Files\Content.IE5\2EJ8WVNH\[1].htm -> Spyware.BookedSpace : Cleaned with backup
C:\Documents and Settings\All Users\Documents\APTIVA\WINDOWS\Temporary Internet Files\Content.IE5\8DMVKTMV\exitpoplight1[1].htm -> Trojan.NoClose.i : Cleaned with backup
C:\Documents and Settings\All Users\Documents\APTIVA\WINDOWS\Temporary Internet Files\Content.IE5\YEK6WCAN\exitpoplight1[1].htm -> Trojan.NoClose.i : Cleaned with backup
C:\Documents and Settings\Danesh Pettersson\Cookies\danesh pettersson@burstnet[2].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Danesh Pettersson\Cookies\danesh [email protected][1].txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
:mozilla.22:C:\Documents and Settings\Daniel Rosenblum\Application Data\Mozilla\Profiles\DMRosenblum\rm1s72qk.slt\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.37:C:\Documents and Settings\Daniel Rosenblum\Application Data\Mozilla\Profiles\DMRosenblum\rm1s72qk.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.38:C:\Documents and Settings\Daniel Rosenblum\Application Data\Mozilla\Profiles\DMRosenblum\rm1s72qk.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.39:C:\Documents and Settings\Daniel Rosenblum\Application Data\Mozilla\Profiles\DMRosenblum\rm1s72qk.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.40:C:\Documents and Settings\Daniel Rosenblum\Application Data\Mozilla\Profiles\DMRosenblum\rm1s72qk.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.41:C:\Documents and Settings\Daniel Rosenblum\Application Data\Mozilla\Profiles\DMRosenblum\rm1s72qk.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.42:C:\Documents and Settings\Daniel Rosenblum\Application Data\Mozilla\Profiles\DMRosenblum\rm1s72qk.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.43:C:\Documents and Settings\Daniel Rosenblum\Application Data\Mozilla\Profiles\DMRosenblum\rm1s72qk.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.44:C:\Documents and Settings\Daniel Rosenblum\Application Data\Mozilla\Profiles\DMRosenblum\rm1s72qk.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.45:C:\Documents and Settings\Daniel Rosenblum\Application Data\Mozilla\Profiles\DMRosenblum\rm1s72qk.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.46:C:\Documents and Settings\Daniel Rosenblum\Application Data\Mozilla\Profiles\DMRosenblum\rm1s72qk.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.47:C:\Documents and Settings\Daniel Rosenblum\Application Data\Mozilla\Profiles\DMRosenblum\rm1s72qk.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.48:C:\Documents and Settings\Daniel Rosenblum\Application Data\Mozilla\Profiles\DMRosenblum\rm1s72qk.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.49:C:\Documents and Settings\Daniel Rosenblum\Application Data\Mozilla\Profiles\DMRosenblum\rm1s72qk.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.50:C:\Documents and Settings\Daniel Rosenblum\Application Data\Mozilla\Profiles\DMRosenblum\rm1s72qk.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.51:C:\Documents and Settings\Daniel Rosenblum\Application Data\Mozilla\Profiles\DMRosenblum\rm1s72qk.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.52:C:\Documents and Settings\Daniel Rosenblum\Application Data\Mozilla\Profiles\DMRosenblum\rm1s72qk.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.53:C:\Documents and Settings\Daniel Rosenblum\Application Data\Mozilla\Profiles\DMRosenblum\rm1s72qk.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.54:C:\Documents and Settings\Daniel Rosenblum\Application Data\Mozilla\Profiles\DMRosenblum\rm1s72qk.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.55:C:\Documents and Settings\Daniel Rosenblum\Application Data\Mozilla\Profiles\DMRosenblum\rm1s72qk.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.56:C:\Documents and Settings\Daniel Rosenblum\Application Data\Mozilla\Profiles\DMRosenblum\rm1s72qk.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.57:C:\Documents and Settings\Daniel Rosenblum\Application Data\Mozilla\Profiles\DMRosenblum\rm1s72qk.slt\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.58:C:\Documents and Settings\Daniel Rosenblum\Application Data\Mozilla\Profiles\DMRosenblum\rm1s72qk.slt\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.61:C:\Documents and Settings\Daniel Rosenblum\Application Data\Mozilla\Profiles\DMRosenblum\rm1s72qk.slt\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.65:C:\Documents and Settings\Daniel Rosenblum\Application Data\Mozilla\Profiles\DMRosenblum\rm1s72qk.slt\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.66:C:\Documents and Settings\Daniel Rosenblum\Application Data\Mozilla\Profiles\DMRosenblum\rm1s72qk.slt\cookies.txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
:mozilla.67:C:\Documents and Settings\Daniel Rosenblum\Application Data\Mozilla\Profiles\DMRosenblum\rm1s72qk.slt\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.68:C:\Documents and Settings\Daniel Rosenblum\Application Data\Mozilla\Profiles\DMRosenblum\rm1s72qk.slt\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.69:C:\Documents and Settings\Daniel Rosenblum\Application Data\Mozilla\Profiles\DMRosenblum\rm1s72qk.slt\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.70:C:\Documents and Settings\Daniel Rosenblum\Application Data\Mozilla\Profiles\DMRosenblum\rm1s72qk.slt\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.71:C:\Documents and Settings\Daniel Rosenblum\Application Data\Mozilla\Profiles\DMRosenblum\rm1s72qk.slt\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.73:C:\Documents and Settings\Daniel Rosenblum\Application Data\Mozilla\Profiles\DMRosenblum\rm1s72qk.slt\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.85:C:\Documents and Settings\Daniel Rosenblum\Application Data\Mozilla\Profiles\DMRosenblum\rm1s72qk.slt\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.97:C:\Documents and Settings\Daniel Rosenblum\Application Data\Mozilla\Profiles\DMRosenblum\rm1s72qk.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.98:C:\Documents and Settings\Daniel Rosenblum\Application Data\Mozilla\Profiles\DMRosenblum\rm1s72qk.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.109:C:\Documents and Settings\Daniel Rosenblum\Application Data\Mozilla\Profiles\DMRosenblum\rm1s72qk.slt\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.110:C:\Documents and Settings\Daniel Rosenblum\Application Data\Mozilla\Profiles\DMRosenblum\rm1s72qk.slt\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.111:C:\Documents and Settings\Daniel Rosenblum\Application Data\Mozilla\Profiles\DMRosenblum\rm1s72qk.slt\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.112:C:\Documents and Settings\Daniel Rosenblum\Application Data\Mozilla\Profiles\DMRosenblum\rm1s72qk.slt\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.113:C:\Documents and Settings\Daniel Rosenblum\Application Data\Mozilla\Profiles\DMRosenblum\rm1s72qk.slt\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.114:C:\Documents and Settings\Daniel Rosenblum\Application Data\Mozilla\Profiles\DMRosenblum\rm1s72qk.slt\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.128:C:\Documents and Settings\Daniel Rosenblum\Application Data\Mozilla\Profiles\DMRosenblum\rm1s72qk.slt\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.129:C:\Documents and Settings\Daniel Rosenblum\Application Data\Mozilla\Profiles\DMRosenblum\rm1s72qk.slt\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.130:C:\Documents and Settings\Daniel Rosenblum\Application Data\Mozilla\Profiles\DMRosenblum\rm1s72qk.slt\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.131:C:\Documents and Settings\Daniel Rosenblum\Application Data\Mozilla\Profiles\DMRosenblum\rm1s72qk.slt\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.132:C:\Documents and Settings\Daniel Rosenblum\Application Data\Mozilla\Profiles\DMRosenblum\rm1s72qk.slt\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.133:C:\Documents and Settings\Daniel Rosenblum\Application Data\Mozilla\Profiles\DMRosenblum\rm1s72qk.slt\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.134:C:\Documents and Settings\Daniel Rosenblum\Application Data\Mozilla\Profiles\DMRosenblum\rm1s72qk.slt\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.163:C:\Documents and Settings\Daniel Rosenblum\Application Data\Mozilla\Profiles\DMRosenblum\rm1s72qk.slt\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.164:C:\Documents and Settings\Daniel Rosenblum\Application Data\Mozilla\Profiles\DMRosenblum\rm1s72qk.slt\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.165:C:\Documents and Settings\Daniel Rosenblum\Application Data\Mozilla\Profiles\DMRosenblum\rm1s72qk.slt\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.173:C:\Documents and Settings\Daniel Rosenblum\Application Data\Mozilla\Profiles\DMRosenblum\rm1s72qk.slt\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.174:C:\Documents and Settings\Daniel Rosenblum\Application Data\Mozilla\Profiles\DMRosenblum\rm1s72qk.slt\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.175:C:\Documents and Settings\Daniel Rosenblum\Application Data\Mozilla\Profiles\DMRosenblum\rm1s72qk.slt\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.176:C:\Documents and Settings\Daniel Rosenblum\Application Data\Mozilla\Profiles\DMRosenblum\rm1s72qk.slt\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.177:C:\Documents and Settings\Daniel Rosenblum\Application Data\Mozilla\Profiles\DMRosenblum\rm1s72qk.slt\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.178:C:\Documents and Settings\Daniel Rosenblum\Application Data\Mozilla\Profiles\DMRosenblum\rm1s72qk.slt\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.179:C:\Documents and Settings\Daniel Rosenblum\Application Data\Mozilla\Profiles\DMRosenblum\rm1s72qk.slt\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.180:C:\Documents and Settings\Daniel Rosenblum\Application Data\Mozilla\Profiles\DMRosenblum\rm1s72qk.slt\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.181:C:\Documents and Settings\Daniel Rosenblum\Application Data\Mozilla\Profiles\DMRosenblum\rm1s72qk.slt\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.217:C:\Documents and Settings\Daniel Rosenblum\Application Data\Mozilla\Profiles\DMRosenblum\rm1s72qk.slt\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.218:C:\Documents and Settings\Daniel Rosenblum\Application Data\Mozilla\Profiles\DMRosenblum\rm1s72qk.slt\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
:mozilla.225:C:\Documents and Settings\Daniel Rosenblum\Application Data\Mozilla\Profiles\DMRosenblum\rm1s72qk.slt\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.226:C:\Documents and Settings\Daniel Rosenblum\Application Data\Mozilla\Profiles\DMRosenblum\rm1s72qk.slt\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.227:C:\Documents and Settings\Daniel Rosenblum\Application Data\Mozilla\Profiles\DMRosenblum\rm1s72qk.slt\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.228:C:\Documents and Settings\Daniel Rosenblum\Application Data\Mozilla\Profiles\DMRosenblum\rm1s72qk.slt\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.229:C:\Documents and Settings\Daniel Rosenblum\Application Data\Mozilla\Profiles\DMRosenblum\rm1s72qk.slt\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.230:C:\Documents and Settings\Daniel Rosenblum\Application Data\Mozilla\Profiles\DMRosenblum\rm1s72qk.slt\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.231:C:\Documents and Settings\Daniel Rosenblum\Application Data\Mozilla\Profiles\DMRosenblum\rm1s72qk.slt\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.232:C:\Documents and Settings\Daniel Rosenblum\Application Data\Mozilla\Profiles\DMRosenblum\rm1s72qk.slt\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.233:C:\Documents and Settings\Daniel Rosenblum\Application Data\Mozilla\Profiles\DMRosenblum\rm1s72qk.slt\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.234:C:\Documents and Settings\Daniel Rosenblum\Application Data\Mozilla\Profiles\DMRosenblum\rm1s72qk.slt\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.235:C:\Documents and Settings\Daniel Rosenblum\Application Data\Mozilla\Profiles\DMRosenblum\rm1s72qk.slt\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.236:C:\Documents and Settings\Daniel Rosenblum\Application Data\Mozilla\Profiles\DMRosenblum\rm1s72qk.slt\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.237:C:\Documents and Settings\Daniel Rosenblum\Application Data\Mozilla\Profiles\DMRosenblum\rm1s72qk.slt\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.238:C:\Documents and Settings\Daniel Rosenblum\Application Data\Mozilla\Profiles\DMRosenblum\rm1s72qk.slt\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.244:C:\Documents and Settings\Daniel Rosenblum\Application Data\Mozilla\Profiles\DMRosenblum\rm1s72qk.slt\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.245:C:\Documents and Settings\Daniel Rosenblum\Application Data\Mozilla\Profiles\DMRosenblum\rm1s72qk.slt\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.246:C:\Documents and Settings\Daniel Rosenblum\Application Data\Mozilla\Profiles\DMRosenblum\rm1s72qk.slt\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.247:C:\Documents and Settings\Daniel Rosenblum\Application Data\Mozilla\Profiles\DMRosenblum\rm1s72qk.slt\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.248:C:\Documents and Settings\Daniel Rosenblum\Application Data\Mozilla\Profiles\DMRosenblum\rm1s72qk.slt\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.249:C:\Documents and Settings\Daniel Rosenblum\Application Data\Mozilla\Profiles\DMRosenblum\rm1s72qk.slt\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.254:C:\Documents and Settings\Daniel Rosenblum\Application Data\Mozilla\Profiles\DMRosenblum\rm1s72qk.slt\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.255:C:\Documents and Settings\Daniel Rosenblum\Application Data\Mozilla\Profiles\DMRosenblum\rm1s72qk.slt\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.256:C:\Documents and Settings\Daniel Rosenblum\Application Data\Mozilla\Profiles\DMRosenblum\rm1s72qk.slt\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.273:C:\Documents and Settings\Daniel Rosenblum\Application Data\Mozilla\Profiles\DMRosenblum\rm1s72qk.slt\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.274:C:\Documents and Settings\Daniel Rosenblum\Application Data\Mozilla\Profiles\DMRosenblum\rm1s72qk.slt\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup
:mozilla.275:C:\Documents and Settings\Daniel Rosenblum\Application Data\Mozilla\Profiles\DMRosenblum\rm1s72qk.slt\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup
C:\Documents and Settings\Daniel Rosenblum\Cookies\daniel rosenblum@2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Daniel Rosenblum\Cookies\daniel rosenblum@advertising[2].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Daniel Rosenblum\Cookies\daniel rosenblum@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Daniel Rosenblum\Cookies\daniel rosenblum@bfast[1].txt -> Spyware.Cookie.Bfast : Cleaned with backup
C:\Documents and Settings\Daniel Rosenblum\Cookies\daniel rosenblum@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Daniel Rosenblum\Cookies\daniel [email protected][2].txt -> Spyware.Cookie.Liveperson : Cleaned with backup
C:\Documents and Settings\Daniel Rosenblum\Cookies\daniel [email protected][2].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Daniel Rosenblum\Cookies\drosenbl@adorigin[1].txt -> Spyware.Cookie.Adorigin : Cleaned with backup
C:\Documents and Settings\Daniel Rosenblum\Cookies\[email protected][1].txt -> Spyware.Cookie.Excite : Cleaned with backup
C:\Documents and Settings\Daniel Rosenblum\Cookies\[email protected][1].txt -> Spyware.Cookie.Myaffiliateprogram : Cleaned with backup
C:\Documents and Settings\Daniel Rosenblum\Local Settings\Application Data\Wildtangent\Cdacache\00\00\0F.dat/files\wtvh.dll -> Spyware.WildTangent : Error during cleaning
:mozilla.11:C:\Documents and Settings\Elaine Fondiller\Application Data\Mozilla\Profiles\DMRosenblum\5bueuy60.slt\cookies.txt -> Spyware.Cookie.Coremetrics : Cleaned with backup
:mozilla.12:C:\Documents and Settings\Elaine Fondiller\Application Data\Mozilla\Profiles\DMRosenblum\5bueuy60.slt\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.14:C:\Documents and Settings\Elaine Fondiller\Application Data\Mozilla\Profiles\DMRosenblum\5bueuy60.slt\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.15:C:\Documents and Settings\Elaine Fondiller\Application Data\Mozilla\Profiles\DMRosenblum\5bueuy60.slt\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.16:C:\Documents and Settings\Elaine Fondiller\Application Data\Mozilla\Profiles\DMRosenblum\5bueuy60.slt\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.18:C:\Documents and Settings\Elaine Fondiller\Application Data\Mozilla\Profiles\DMRosenblum\5bueuy60.slt\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.20:C:\Documents and Settings\Elaine Fondiller\Application Data\Mozilla\Profiles\DMRosenblum\5bueuy60.slt\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.21:C:\Documents and Settings\Elaine Fondiller\Application Data\Mozilla\Profiles\DMRosenblum\5bueuy60.slt\cookies.txt -> Spyware.Cookie.Coremetrics : Cleaned with backup
:mozilla.22:C:\Documents and Settings\Elaine Fondiller\Application Data\Mozilla\Profiles\DMRosenblum\5bueuy60.slt\cookies.txt -> Spyware.Cookie.Sitestat : Cleaned with backup
:mozilla.26:C:\Documents and Settings\Elaine Fondiller\Application Data\Mozilla\Profiles\DMRosenblum\5bueuy60.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.27:C:\Documents and Settings\Elaine Fondiller\Application Data\Mozilla\Profiles\DMRosenblum\5bueuy60.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.34:C:\Documents and Settings\Elaine Fondiller\Application Data\Mozilla\Profiles\DMRosenblum\5bueuy60.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.35:C:\Documents and Settings\Elaine Fondiller\Application Data\Mozilla\Profiles\DMRosenblum\5bueuy60.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.36:C:\Documents and Settings\Elaine Fondiller\Application Data\Mozilla\Profiles\DMRosenblum\5bueuy60.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.46:C:\Documents and Settings\Elaine Fondiller\Application Data\Mozilla\Profiles\DMRosenblum\5bueuy60.slt\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.47:C:\Documents and Settings\Elaine Fondiller\Application Data\Mozilla\Profiles\DMRosenblum\5bueuy60.slt\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.48:C:\Documents and Settings\Elaine Fondiller\Application Data\Mozilla\Profiles\DMRosenblum\5bueuy60.slt\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.49:C:\Documents and Settings\Elaine Fondiller\Application Data\Mozilla\Profiles\DMRosenblum\5bueuy60.slt\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.57:C:\Documents and Settings\Elaine Fondiller\Application Data\Mozilla\Profiles\DMRosenblum\5bueuy60.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.58:C:\Documents and Settings\Elaine Fondiller\Application Data\Mozilla\Profiles\DMRosenblum\5bueuy60.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.59:C:\Documents and Settings\Elaine Fondiller\Application Data\Mozilla\Profiles\DMRosenblum\5bueuy60.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.60:C:\Documents and Settings\Elaine Fondiller\Application Data\Mozilla\Profiles\DMRosenblum\5bueuy60.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.61:C:\Documents and Settings\Elaine Fondiller\Application Data\Mozilla\Profiles\DMRosenblum\5bueuy60.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.62:C:\Documents and Settings\Elaine Fondiller\Application Data\Mozilla\Profiles\DMRosenblum\5bueuy60.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.63:C:\Documents and Settings\Elaine Fondiller\Application Data\Mozilla\Profiles\DMRosenblum\5bueuy60.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.64:C:\Documents and Settings\Elaine Fondiller\Application Data\Mozilla\Profiles\DMRosenblum\5bueuy60.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.65:C:\Documents and Settings\Elaine Fondiller\Application Data\Mozilla\Profiles\DMRosenblum\5bueuy60.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.66:C:\Documents and Settings\Elaine Fondiller\Application Data\Mozilla\Profiles\DMRosenblum\5bueuy60.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.67:C:\Documents and Settings\Elaine Fondiller\Application Data\Mozilla\Profiles\DMRosenblum\5bueuy60.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.68:C:\Documents and Settings\Elaine Fondiller\Application Data\Mozilla\Profiles\DMRosenblum\5bueuy60.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.69:C:\Documents and Settings\Elaine Fondiller\Application Data\Mozilla\Profiles\DMRosenblum\5bueuy60.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.71:C:\Documents and Settings\Elaine Fondiller\Application Data\Mozilla\Profiles\DMRosenblum\5bueuy60.slt\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.88:C:\Documents and Settings\Elaine Fondiller\Application Data\Mozilla\Profiles\DMRosenblum\5bueuy60.slt\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.95:C:\Documents and Settings\Elaine Fondiller\Application Data\Mozilla\Profiles\DMRosenblum\5bueuy60.slt\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.96:C:\Documents and Settings\Elaine Fondiller\Application Data\Mozilla\Profiles\DMRosenblum\5bueuy60.slt\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.97:C:\Documents and Settings\Elaine Fondiller\Application Data\Mozilla\Profiles\DMRosenblum\5bueuy60.slt\cookies.txt -> Spyware.Cookie.Clickagents : Cleaned with backup
:mozilla.98:C:\Documents and Settings\Elaine Fondiller\Application Data\Mozilla\Profiles\DMRosenblum\5bueuy60.slt\cookies.txt -> Spyware.Cookie.Qksrv : Cleaned with backup
:mozilla.102:C:\Documents and Settings\Elaine Fondiller\Application Data\Mozilla\Profiles\DMRosenblum\5bueuy60.slt\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\Elaine Fondiller\Cookies\elaine [email protected][1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Elaine Fondiller\Cookies\elaine fondiller@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Elaine Fondiller\Cookies\elaine fondiller@bluestreak[2].txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
C:\Documents and Settings\Elaine Fondiller\Cookies\elaine fondiller@burstnet[1].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Elaine Fondiller\Cookies\elaine fondiller@centrport[2].txt -> Spyware.Cookie.Centrport : Cleaned with backup
C:\Documents and Settings\Elaine Fondiller\Cookies\elaine fondiller@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Elaine Fondiller\Cookies\elaine fondiller@fastclick[1].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Elaine Fondiller\Cookies\elaine fondiller@mediaplex[1].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\Elaine Fondiller\Cookies\elaine [email protected][1].txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
:mozilla.15:C:\Documents and Settings\Emma Rosenblum\Application Data\Mozilla\Profiles\DMRosenblum\jn9t7876.slt\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.20:C:\Documents and Settings\Emma Rosenblum\Application Data\Mozilla\Profiles\DMRosenblum\jn9t7876.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.23:C:\Documents and Settings\Emma Rosenblum\Application Data\Mozilla\Profiles\DMRosenblum\jn9t7876.slt\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.25:C:\Documents and Settings\Emma Rosenblum\Application Data\Mozilla\Profiles\DMRosenblum\jn9t7876.slt\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.26:C:\Documents and Settings\Emma Rosenblum\Application Data\Mozilla\Profiles\DMRosenblum\jn9t7876.slt\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.27:C:\Documents and Settings\Emma Rosenblum\Application Data\Mozilla\Profiles\DMRosenblum\jn9t7876.slt\cookies.txt -> Spyware.Cookie.Clickagents : Cleaned with backup
:mozilla.28:C:\Documents and Settings\Emma Rosenblum\Application Data\Mozilla\Profiles\DMRosenblum\jn9t7876.slt\cookies.txt -> Spyware.Cookie.Qksrv : Cleaned with backup
:mozilla.30:C:\Documents and Settings\Emma Rosenblum\Application Data\Mozilla\Profiles\DMRosenblum\jn9t7876.slt\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.33:C:\Documents and Settings\Emma Rosenblum\Application Data\Mozilla\Profiles\DMRosenblum\jn9t7876.slt\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\Emma Rosenblum\Cookies\emma [email protected][2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Emma Rosenblum\Cookies\emma rosenblum@burstnet[2].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Emma Rosenblum\Cookies\emma [email protected][2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Emma Rosenblum\Cookies\emma [email protected][1].txt -> Spyware.Cookie.Masterstats : Cleaned with backup
C:\Documents and Settings\Emma Rosenblum\Cookies\emma [email protected][1].txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
C:\Documents and Settings\Emma Rosenblum\Cookies\emma [email protected][1].txt -> Spyware.Cookie.Enigmasoftwaregroup : Cleaned with backup
:mozilla.8:C:\Documents and Settings\Frank Fondiller\Application Data\Mozilla\Profiles\DMRosenblum\55z2v0uj.slt\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.12:C:\Documents and Settings\Frank Fondiller\Application Data\Mozilla\Profiles\DMRosenblum\55z2v0uj.slt\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.13:C:\Documents and Settings\Frank Fondiller\Application Data\Mozilla\Profiles\DMRosenblum\55z2v0uj.slt\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.14:C:\Documents and Settings\Frank Fondiller\Application Data\Mozilla\Profiles\DMRosenblum\55z2v0uj.slt\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.15:C:\Documents and Settings\Frank Fondiller\Application Data\Mozilla\Profiles\DMRosenblum\55z2v0uj.slt\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.16:C:\Documents and Settings\Frank Fondiller\Application Data\Mozilla\Profiles\DMRosenblum\55z2v0uj.slt\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.17:C:\Documents and Settings\Frank Fondiller\Application Data\Mozilla\Profiles\DMRosenblum\55z2v0uj.slt\cookies.txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
:mozilla.26:C:\Documents and Settings\Frank Fondiller\Application Data\Mozilla\Profiles\DMRosenblum\55z2v0uj.slt\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.37:C:\Documents and Settings\Frank Fondiller\Application Data\Mozilla\Profiles\DMRosenblum\55z2v0uj.slt\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.42:C:\Documents and Settings\Frank Fondiller\Application Data\Mozilla\Profiles\DMRosenblum\55z2v0uj.slt\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.43:C:\Documents and Settings\Frank Fondiller\Application Data\Mozilla\Profiles\DMRosenblum\55z2v0uj.slt\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.44:C:\Documents and Settings\Frank Fondiller\Application Data\Mozilla\Profiles\DMRosenblum\55z2v0uj.slt\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.49:C:\Documents and Settings\Frank Fondiller\Application Data\Mozilla\Profiles\DMRosenblum\55z2v0uj.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.50:C:\Documents and Settings\Frank Fondiller\Application Data\Mozilla\Profiles\DMRosenblum\55z2v0uj.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.51:C:\Documents and Settings\Frank Fondiller\Application Data\Mozilla\Profiles\DMRosenblum\55z2v0uj.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.54:C:\Documents and Settings\Frank Fondiller\Application Data\Mozilla\Profiles\DMRosenblum\55z2v0uj.slt\cookies.txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
:mozilla.55:C:\Documents and Settings\Frank Fondiller\Application Data\Mozilla\Profiles\DMRosenblum\55z2v0uj.slt\cookies.txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
:mozilla.56:C:\Documents and Settings\Frank Fondiller\Application Data\Mozilla\Profiles\DMRosenblum\55z2v0uj.slt\cookies.txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
:mozilla.58:C:\Documents and Settings\Frank Fondiller\Application Data\Mozilla\Profiles\DMRosenblum\55z2v0uj.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.59:C:\Documents and Settings\Frank Fondiller\Application Data\Mozilla\Profiles\DMRosenblum\55z2v0uj.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.60:C:\Documents and Settings\Frank Fondiller\Application Data\Mozilla\Profiles\DMRosenblum\55z2v0uj.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.67:C:\Documents and Settings\Frank Fondiller\Application Data\Mozilla\Profiles\DMRosenblum\55z2v0uj.slt\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.69:C:\Documents and Settings\Frank Fondiller\Application Data\Mozilla\Profiles\DMRosenblum\55z2v0uj.slt\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.70:C:\Documents and Settings\Frank Fondiller\Application Data\Mozilla\Profiles\DMRosenblum\55z2v0uj.slt\cookies.txt -> Spyware.Cookie.Clickagents : Cleaned with backup
:mozilla.71:C:\Documents and Settings\Frank Fondiller\Application Data\Mozilla\Profiles\DMRosenblum\55z2v0uj.slt\cookies.txt -> Spyware.Cookie.Qksrv : Cleaned with backup
C:\Documents and Settings\Gita Pettersson\Local Settings\Temporary Internet Files\Content.IE5\Z13VJ6WD\empty[1].htm -> Spyware.BookedSpace : Cleaned with backup
:mozilla.13:C:\Documents and Settings\Samuel Rosenblum\Application Data\Mozilla\Profiles\DMRosenblum\e5a0tqwc.slt\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.14:C:\Documents and Settings\Samuel Rosenblum\Application Data\Mozilla\Profiles\DMRosenblum\e5a0tqwc.slt\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.15:C:\Documents and Settings\Samuel Rosenblum\Application Data\Mozilla\Profiles\DMRosenblum\e5a0tqwc.slt\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.16:C:\Documents and Settings\Samuel Rosenblum\Application Data\Mozilla\Profiles\DMRosenblum\e5a0tqwc.slt\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.17:C:\Documents and Settings\Samuel Rosenblum\Application Data\Mozilla\Profiles\DMRosenblum\e5a0tqwc.slt\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.18:C:\Documents and Settings\Samuel Rosenblum\Application Data\Mozilla\Profiles\DMRosenblum\e5a0tqwc.slt\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.19:C:\Documents and Settings\Samuel Rosenblum\Application Data\Mozilla\Profiles\DMRosenblum\e5a0tqwc.slt\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.20:C:\Documents and Settings\Samuel Rosenblum\Application Data\Mozilla\Profiles\DMRosenblum\e5a0tqwc.slt\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.21:C:\Documents and Settings\Samuel Rosenblum\Application Data\Mozilla\Profiles\DMRosenblum\e5a0tqwc.slt\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.22:C:\Documents and Settings\Samuel Rosenblum\Application Data\Mozilla\Profiles\DMRosenblum\e5a0tqwc.slt\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.23:C:\Documents and Settings\Samuel Rosenblum\Application Data\Mozilla\Profiles\DMRosenblum\e5a0tqwc.slt\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.52:C:\Documents and Settings\Samuel Rosenblum\Application Data\Mozilla\Profiles\DMRosenblum\e5a0tqwc.slt\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.81:C:\Documents and Settings\Samuel Rosenblum\Application Data\Mozilla\Profiles\DMRosenblum\e5a0tqwc.slt\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.83:C:\Documents and Settings\Samuel Rosenblum\Application Data\Mozilla\Profiles\DMRosenblum\e5a0tqwc.slt\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.84:C:\Documents and Settings\Samuel Rosenblum\Application Data\Mozilla\Profiles\DMRosenblum\e5a0tqwc.slt\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.90:C:\Documents and Settings\Samuel Rosenblum\Application Data\Mozilla\Profiles\DMRosenblum\e5a0tqwc.slt\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.91:C:\Documents and Settings\Samuel Rosenblum\Application Data\Mozilla\Profiles\DMRosenblum\e5a0tqwc.slt\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.108:C:\Documents and Settings\Samuel Rosenblum\Application Data\Mozilla\Profiles\DMRosenblum\e5a0tqwc.slt\cookies.txt -> Spyware.Cookie.Qksrv : Cleaned with backup
C:\Documents and Settings\Samuel Rosenblum\Cookies\samuel rosenblum@2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Samuel Rosenblum\Cookies\samuel [email protected][2].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Samuel Rosenblum\Cookies\samuel rosenblum@advertising[2].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Samuel Rosenblum\Cookies\samuel rosenblum@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Samuel Rosenblum\Cookies\samuel rosenblum@burstnet[1].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Samuel Rosenblum\Cookies\samuel rosenblum@centrport[1].txt -> Spyware.Cookie.Centrport : Cleaned with backup
C:\Documents and Settings\Samuel Rosenblum\Cookies\samuel [email protected][1].txt -> Spyware.Cookie.Clickzs : Cleaned with backup
C:\Documents and Settings\Samuel Rosenblum\Cookies\samuel rosenblum@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Samuel Rosenblum\Cookies\samuel [email protected][2].txt -> Spyware.Cookie.Ru4 : Cleaned with backup
C:\Documents and Settings\Samuel Rosenblum\Cookies\samuel [email protected][2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Samuel Rosenblum\Cookies\samuel [email protected][1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Samuel Rosenblum\Cookies\samuel [email protected][2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Samuel Rosenblum\Cookies\samuel rosenblum@fastclick[2].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Samuel Rosenblum\Cookies\samuel rosenblum@hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Samuel Rosenblum\Cookies\samuel rosenblum@mediaplex[2].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\Samuel Rosenblum\Cookies\samuel [email protected][2].txt -> Spyware.Cookie.Wegcash : Cleaned with backup
C:\Documents and Settings\Samuel Rosenblum\Cookies\samuel [email protected][1].txt -> Spyware.Cookie.Oewabox : Cleaned with backup
C:\Documents and Settings\Samuel Rosenblum\Cookies\samuel [email protected][1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Samuel Rosenblum\Cookies\samuel [email protected][2].txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
C:\Documents and Settings\Samuel Rosenblum\Cookies\samuel [email protected][2].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Samuel Rosenblum\Cookies\samuel [email protected][2].txt -> Spyware.Cookie.Myaffiliateprogram : Cleaned with backup
C:\Documents and Settings\Samuel Rosenblum\Cookies\samuel [email protected][1].txt -> Spyware.Cookie.Adserver : Cleaned with backup
C:\Program Files\EarthLink 5.0\[email protected]\Cookies\daniel rosenblum@com[2].txt -> Spyware.Cookie.Com : Cleaned with backup
C:\Program Files\EarthLink 5.0\[email protected]\Cookies\drosenbl@adorigin[1].txt -> Spyware.Cookie.Adorigin : Cleaned with backup
C:\Program Files\EarthLink 5.0\[email protected]\Cookies\[email protected][1].txt -> Spyware.Cookie.Link4ads : Cleaned with backup
C:\Program Files\EarthLink 5.0\[email protected]\Cookies\[email protected][1].txt -> Spyware.Cookie.Hyperbanner : Cleaned with backup
C:\Program Files\EarthLink 5.0\[email protected]\Cookies\drosenbl@com[1].txt -> Spyware.Cookie.Com : Cleaned with backup
C:\Program Files\EarthLink 5.0\[email protected]\Cookies\[email protected][2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Program Files\EarthLink 5.0\[email protected]\Cookies\[email protected][1].txt -> Spyware.Cookie.Preferences : Cleaned with backup
C:\Program Files\EarthLink 5.0\[email protected]\Cookies\[email protected][2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Program Files\EarthLink 5.0\[email protected]\Cookies\[email protected][2].txt -> Spyware.Cookie.Hyperbanner : Cleaned with backup
C:\Program Files\EarthLink 5.0\[email protected]\Cookies\drosenbl@preferences[1].txt -> Spyware.Cookie.Preferences : Cleaned with backup
C:\Program Files\EarthLink 5.0\[email protected]\Cookies\drosenbl@questionmarket[1].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\Program Files\EarthLink 5.0\[email protected]\Cookies\[email protected][1].txt -> Spyware.Cookie.Excite : Cleaned with backup
C:\Program Files\EarthLink 5.0\[email protected]\Cookies\[email protected][2].txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
C:\Program Files\EarthLink 5.0\[email protected]\Cookies\[email protected][1].txt -> Spyware.Cookie.Myaffiliateprogram : Cleaned with backup
C:\Program Files\EarthLink 5.0\[email protected]\Cookies\[email protected][2].txt -> Spyware.Cookie.Popuptraffic : Cleaned with backup
C:\Program Files\EarthLink 5.0\[email protected]\Cookies\daniel rosenblum@com[2].txt -> Spyware.Cookie.Com : Cleaned with backup
C:\Program Files\EarthLink 5.0\[email protected]\Cookies\drosenbl@adorigin[1].txt -> Spyware.Cookie.Adorigin : Cleaned with backup
C:\Program Files\EarthLink 5.0\[email protected]\Cookies\[email protected][1].txt -> Spyware.Cookie.Link4ads : Cleaned with backup
C:\Program Files\EarthLink 5.0\[email protected]\Cookies\[email protected][1].txt -> Spyware.Cookie.Hyperbanner : Cleaned with backup
C:\Program Files\EarthLink 5.0\[email protected]\Cookies\drosenbl@com[1].txt -> Spyware.Cookie.Com : Cleaned with backup
C:\Program Files\EarthLink 5.0\[email protected]\Cookies\[email protected][2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Program Files\EarthLink 5.0\[email protected]\Cookies\[email protected][1].txt -> Spyware.Cookie.Preferences : Cleaned with backup
C:\Program Files\EarthLink 5.0\[email protected]\Cookies\[email protected][2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Program Files\EarthLink 5.0\[email protected]\Cookies\[email protected][2].txt -> Spyware.Cookie.Hyperbanner : Cleaned with backup
C:\Program Files\EarthLink 5.0\[email protected]\Cookies\drosenbl@preferences[1].txt -> Spyware.Cookie.Preferences : Cleaned with backup
C:\Program Files\EarthLink 5.0\[email protected]\Cookies\drosenbl@questionmarket[1].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\Program Files\EarthLink 5.0\[email protected]\Cookies\[email protected][1].txt -> Spyware.Cookie.Excite : Cleaned with backup
C:\Program Files\EarthLink 5.0\[email protected]\Cookies\[email protected][2].txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
C:\Program Files\EarthLink 5.0\[email protected]\Cookies\[email protected][1].txt -> Spyware.Cookie.Myaffiliateprogram : Cleaned with backup
C:\Program Files\EarthLink 5.0\[email protected]\Cookies\[email protected][2].txt -> Spyware.Cookie.Popuptraffic : Cleaned with backup
C:\Program Files\Netscape\Communicator\Program\Plugins\npwthost.dll -> Spyware.WildTangent : Cleaned with backup
C:\WINDOWS\Fonts\msvcsvc.dll -> Spyware.Virtumonde : Cleaned with backup
C:\WINDOWS\SYSTEM32\geebc.dll -> TrojanDownloader.ConHook.k : Cleaned with backup
C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wtvh.dll -> Spyware.WildTangent : Cleaned with backup
C:\WINDOWS\wt\wtupdates\wtwebdriver\files\3.3.1.001\npwthost.dll -> Spyware.WildTangent : Cleaned with backup
C:\WINDOWS\wt\wtupdates\wtwebdriver\files\3.3.1.001\wtvh.dll -> Spyware.WildTangent : Cleaned with backup
C:\WINDOWS\wt\wtvh.dll -> Spyware.WildTangent : Cleaned with backup


::Report End

And now, here's the HijackThis log, which I ran right after running the Ewido scan above:

Logfile of HijackThis v1.99.1
Scan saved at 9:28:12 PM, on 9/27/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Common Files\AOL\1124237502\ee\AOLHostManager.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\Common Files\AOL\1124237502\ee\AOLServiceHost.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe
C:\Program Files\Common Files\Symantec Shared\AdBlocking\NSMdtr.exe
C:\PROGRA~1\Netscape\COMMUN~1\Program\AIM\aim.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\Program Files\Palm\HOTSYNC.EXE
C:\Program Files\Common Files\AOL\1124237502\ee\AOLServiceHost.exe
C:\Program Files\Verizon Online\bin\mpbtn.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopOE.exe
C:\PROGRA~1\Netscape\Netscape\Netscp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.earthlink.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink...ton/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://cgi.verizon.n...=6.1&bm=ho_home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://education.dellnet.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://education.dellnet.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.earthlink...ton/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;http://localhost
R3 - URLSearchHook: (no name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
O1 - Hosts: 17.250.248.77 idisk0.mac.com idisk1.mac.com idisk2.mac.com idisk3.mac.com idisk4.mac.com idisk5.mac.com idisk6.mac.com idisk7.mac.com idisk8.mac.com idisk9.mac.com idisk10.mac.com idisk11.mac.com idisk12.mac.com idisk13.mac.com idisk14.mac.com idisk15.mac.com idisk16.mac.com idisk17.mac.com idisk18.mac.com idisk19.mac.com idisk20.mac.com idisk21.mac.com idisk22.mac.com idisk23.

[DMR5713]

Sorry, it looks like my latest posting was too long and got truncated. I am at work now (the troublesome computer is at home), so I will post the rest of the HijackThis log and the other comments I made when I get home.

[Buckeye_Sam]

It seems like it may be Virtumonde, not Vundo

It's the same thing, just different terminology. And unfortunately Ewido doesn't get it all either.

I can't tell from the portion of the log that I can see, but I'm sure it's still there. Once you post the entire log then we'll get rid of it for you.

[DMR5713]

OK, here it is.

Logfile of HijackThis v1.99.1
Scan saved at 9:28:12 PM, on 9/27/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Common Files\AOL\1124237502\ee\AOLHostManager.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\Common Files\AOL\1124237502\ee\AOLServiceHost.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe
C:\Program Files\Common Files\Symantec Shared\AdBlocking\NSMdtr.exe
C:\PROGRA~1\Netscape\COMMUN~1\Program\AIM\aim.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\Program Files\Palm\HOTSYNC.EXE
C:\Program Files\Common Files\AOL\1124237502\ee\AOLServiceHost.exe
C:\Program Files\Verizon Online\bin\mpbtn.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopOE.exe
C:\PROGRA~1\Netscape\Netscape\Netscp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.earthlink.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink...ton/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://cgi.verizon.n...=6.1&bm=ho_home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://education.dellnet.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://education.dellnet.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.earthlink...ton/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;http://localhost
R3 - URLSearchHook: (no name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
O1 - Hosts: 17.250.248.77 idisk0.mac.com idisk1.mac.com idisk2.mac.com idisk3.mac.com idisk4.mac.com idisk5.mac.com idisk6.mac.com idisk7.mac.com idisk8.mac.com idisk9.mac.com idisk10.mac.com idisk11.mac.com idisk12.mac.com idisk13.mac.com idisk14.mac.com idisk15.mac.com idisk16.mac.com idisk17.mac.com idisk18.mac.com idisk19.mac.com idisk20.mac.com idisk21.mac.com idisk22.mac.com idisk23.mac.com idisk24.mac.com idisk25.mac.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: MSEvents Object - {827DC836-DD9F-4A68-A602-5812EB50A834} - C:\WINDOWS\Fonts\msvcsvc.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [WildTangent CDA] "C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe" /startup "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0500.dll"
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1124237502\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo
O4 - HKCU\..\Run: [Desktop Weather 3] C:\PROGRA~1\THEWEA~1\The Weather Channel.exe
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\Netscape\COMMUN~1\Program\AIM\aim.exe -cnetwait.odl
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\bin\matcli.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\googletoolbar.dll/cmsearch.html
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\googletoolbar.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\googletoolbar.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\googletoolbar.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\googletoolbar.dll/cmtrans.html
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\Netscape\COMMUN~1\Program\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: ppctlcab - http://www.pestscan....er/ppctlcab.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.s...sa/LSSupCtl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1121513300578
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://www.verizon.n...tivePreQual.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.s...sa/SymAData.cab
O20 - Winlogon Notify: msvcsvc - C:\WINDOWS\Fonts\msvcsvc.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

[Buckeye_Sam]

Yep, still there. Let's see if we can get rid of it for you.

Please print these instructions out for use in Safe Mode.

Please download VundoFix.exe to your desktop.

• Double-click VundoFix.exe to extract the files
• This will create a VundoFix folder on your desktop.
• After the files are extracted, please reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode then hit enter.
• Once in safe mode open the VundoFix folder and doubleclick on KillVundo.bat
• You will first be presented with a warning and a list of forums to seek help at.
  it should look like this
  

  VundoFix V2.1 by Atri
  By pressing enter you agree that you are using this at your own risk
  Please seek assistance at one of the following forums:
  http://www.atribune.org/forums
  http://www.247fixes.com/forums
  http://www.geekstogo.com/forum
  http://forums.net-integration.net
  

• At this point press enter one time.
  
• Next you will see:
  

  Type in the filepath as instructed by the forum staff
  Then Press Enter, Then F6, Then Enter Again to continue with the fix.

• At this point please type the following file path (make sure to enter it exactly as below!):
  
  
  • C:\WINDOWS\Fonts\msvcsvc.dll
  
  
• Press Enter, then press the F6 key, then press Enter one more time to continue with the fix.
  
• Next you will see:
  

  Please type in the second filepath as instructed by the forum staff
  Then Press Enter, Then F6, Then Enter Again to continue with the fix.

• At this point please type the following file path (make sure to enter it exactly as below!):
  
  C:\WINDOWS\Fonts\cvscvcm.*
  
• Press Enter, then press the F6 key, then press Enter one more time to continue with the fix.
  
• The fix will run then HijackThis will open.
• In HiJackThis, please place a check next to the following items and click FIX CHECKED:
  
  
  O2 - BHO: MSEvents Object - {827DC836-DD9F-4A68-A602-5812EB50A834} - C:\WINDOWS\Fonts\msvcsvc.dll
  O20 - Winlogon Notify: msvcsvc - C:\WINDOWS\Fonts\msvcsvc.dll
  
  
• After you have fixed these items, close Hijackthis and Press any key to Force a reboot of your computer.
• Pressing any key will cause a "Blue Screen of Death" this is normal, do not worry!
• Once your machine reboots please continue with the instructions below.

Download and install CleanUp!

Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
Set the program up as follows:
Click "Options..."
Move the arrow down to "Custom CleanUp!"
Put a check next to the following (Make sure nothing else is checked!):

• Empty Recycle Bins
• Delete Cookies
• Delete Prefetch files
• Cleanup! All Users

Click OK
Press the CleanUp! button to start the program.

It may ask you to reboot at the end, click NO.

Then, please run this online virus scan: ActiveScan

Copy the results of the ActiveScan and paste them here along with a new HiJackThis log and the vundofix.txt file from the vundofix folder into this topic.

[DMR5713]

Thanks very much for the assistance. I followed all the steps and everything seemed to go smoothly until the Panda ActiveScan. I chose to scan My Computer, and after going through a few things, it got stuck scanning C:\Windows\explorer.exe. I let it sit for about twenty minutes before I ended it with Task Manager. After rebooting I tried again but hit the same problem. I'll try scanning Local Drives (instead of My Computer) when I'm next at home -- I didn't have time to do that this morning. (I'm writing from work now.) Once I get a final result on that, I'll post the vundofix.txt file and the new HijackThis log along with the Panda result.

[Buckeye_Sam]

If you can't get Panda to run that's ok. Just skip that step and we'll work around it for now.

[DMR5713]

OK, I'm back at home now. Here's the vundofix.txt file:

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 [email protected]
Suspending PID 548 'smss.exe'
Threads [552][556][560]

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 [email protected]
Killing PID 1712 'explorer.exe'

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 [email protected]
Error, Cannot find a process with an image name of rundll32.exe

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 [email protected]
Killing PID 620 'winlogon.exe'
File Deleted sucessfully.
Files Deleted sucessfully.


And here's the HijackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 7:14:56 AM, on 9/29/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\HijackThis\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.earthlink.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink...ton/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://cgi.verizon.n...=6.1&bm=ho_home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://education.dellnet.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://education.dellnet.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.earthlink...ton/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;http://localhost
R3 - URLSearchHook: (no name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
O1 - Hosts: 17.250.248.77 idisk0.mac.com idisk1.mac.com idisk2.mac.com idisk3.mac.com idisk4.mac.com idisk5.mac.com idisk6.mac.com idisk7.mac.com idisk8.mac.com idisk9.mac.com idisk10.mac.com idisk11.mac.com idisk12.mac.com idisk13.mac.com idisk14.mac.com idisk15.mac.com idisk16.mac.com idisk17.mac.com idisk18.mac.com idisk19.mac.com idisk20.mac.com idisk21.mac.com idisk22.mac.com idisk23.mac.com idisk24.mac.com idisk25.mac.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [WildTangent CDA] "C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe" /startup "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0500.dll"
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1124237502\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo
O4 - HKCU\..\Run: [Desktop Weather 3] C:\PROGRA~1\THEWEA~1\The Weather Channel.exe
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\Netscape\COMMUN~1\Program\AIM\aim.exe -cnetwait.odl
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\bin\matcli.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\googletoolbar.dll/cmsearch.html
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\googletoolbar.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\googletoolbar.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\googletoolbar.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\googletoolbar.dll/cmtrans.html
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\Netscape\COMMUN~1\Program\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: ppctlcab - http://www.pestscan....er/ppctlcab.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.s...sa/LSSupCtl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1121513300578
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://www.verizon.n...tivePreQual.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.s...sa/SymAData.cab
O20 - Winlogon Notify: msvcsvc - C:\WINDOWS\Fonts\msvcsvc.dll (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe


By the way, I still haven't checked to see if explorer.exe runs in regular Safe Mode (without networking) -- when I did all the fixes, I was in Safe Mode with Networking (because, as I mentioned in the initial post in this thread, explorer.exe didn't run in regular Safe Mode, that is, without networking).

[DMR5713]

PS I checked and found that yes, now explorer.exe does run in regular Safe Mode (without networking). So that problem was also being caused by Vundo/Virtumonde.

[Buckeye_Sam]

It looks Vundo is gone. We just have a little cleaning up to do.

Run Hijackthis again, click scan, and Put a checkmark next to each of these. Then close all other windows--you should only see HijackThis on your Desktop--and click the Fix Checked button.

R3 - URLSearchHook: (no name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O20 - Winlogon Notify: msvcsvc - C:\WINDOWS\Fonts\msvcsvc.dll (file missing)


Reboot and post one more hijackthis log.
How are things on your end? Any problems?

[DMR5713]

OK, I ran HijackThis and fixed the R3 - URLSearchHook and the O4 - ...dumprep. I couldn't find the O20 - Winlogin Notify when I ran HijackThis -- it seems to have been removed by other means.

Here's the new HijackThis log (after doing those fixes and rebooting).

Logfile of HijackThis v1.99.1
Scan saved at 10:28:26 AM, on 10/1/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\Common Files\AOL\1124237502\ee\AOLHostManager.exe
C:\Program Files\Common Files\AOL\1124237502\ee\AOLServiceHost.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe
C:\Program Files\Netscape\Netscape\Netscp.exe
C:\PROGRA~1\Netscape\COMMUN~1\Program\AIM\aim.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\Program Files\Common Files\AOL\1124237502\ee\AOLServiceHost.exe
C:\Program Files\Palm\HOTSYNC.EXE
C:\Program Files\Verizon Online\bin\mpbtn.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopOE.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.earthlink.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink...ton/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://cgi.verizon.n...=6.1&bm=ho_home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://education.dellnet.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://education.dellnet.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.earthlink...ton/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;http://localhost
O1 - Hosts: 17.250.248.77 idisk0.mac.com idisk1.mac.com idisk2.mac.com idisk3.mac.com idisk4.mac.com idisk5.mac.com idisk6.mac.com idisk7.mac.com idisk8.mac.com idisk9.mac.com idisk10.mac.com idisk11.mac.com idisk12.mac.com idisk13.mac.com idisk14.mac.com idisk15.mac.com idisk16.mac.com idisk17.mac.com idisk18.mac.com idisk19.mac.com idisk20.mac.com idisk21.mac.com idisk22.mac.com idisk23.mac.com idisk24.mac.com idisk25.mac.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [WildTangent CDA] "C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe" /startup "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0500.dll"
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1124237502\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo
O4 - HKCU\..\Run: [Desktop Weather 3] C:\PROGRA~1\THEWEA~1\The Weather Channel.exe
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\Netscape\COMMUN~1\Program\AIM\aim.exe -cnetwait.odl
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\bin\matcli.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\googletoolbar.dll/cmsearch.html
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\googletoolbar.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\googletoolbar.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\googletoolbar.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\googletoolbar.dll/cmtrans.html
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\Netscape\COMMUN~1\Program\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: ppctlcab - http://www.pestscan....er/ppctlcab.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.s...sa/LSSupCtl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1121513300578
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://www.verizon.n...tivePreQual.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.s...sa/SymAData.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

[Buckeye_Sam]

Your log looks clean to me!

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

• Disable and Enable System Restore. - If you are using Windows ME or XP then you should disable and reenable system restore to make sure there are no infected files found in a restore point left over from what we have just cleaned.
  
  You can find instructions on how to enable and reenable system restore here:
  
  Managing Windows Millenium System Restore
  
  or
  
  Windows XP System Restore Guide
  
  Renable system restore with instructions from tutorial above
  
  
• Make your Internet Explorer more secure - This can be done by following these simple instructions:
  • From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.
    
    • Change the Download signed ActiveX controls to Prompt
    • Change the Download unsigned ActiveX controls to Disable
    • Change the Initialize and script ActiveX controls not marked as safe to Disable
    • Change the Installation of desktop items to Prompt
    • Change the Launching programs and files in an IFRAME to Prompt
    • Change the Navigate sub-frames across different domains to Prompt
    • When all these settings have been made, click on the OK button.
    • If it prompts you as to whether or not you want to save the settings, press the Yes button.
  • Next press the Apply button and then the OK to exit the Internet Properties page.
• Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.
  
  See this link for a listing of some online & their stand-alone antivirus programs:
  
  Virus, Spyware, and Malware Protection and Removal Resources
  
  
• Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.
  
  
• Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.
  
  For a tutorial on Firewalls and a listing of some available ones see the link below:
  
  Understanding and Using Firewalls
  
  
• Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
  
  
• Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software.
  
  A tutorial on installing & using this product can be found here:
  
  Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers
  
  
• Install Ad-Aware - Install and download Ad-Aware. ou should also scan your computer with program on a regular basis just as you would an antivirus software in conjunction with Spybot.
  
  A tutorial on installing & using this product can be found here:
  
  Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer
  
  
• Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.
  
  A tutorial on installing & using this product can be found here:
  
  Using SpywareBlaster to protect your computer from Spyware and Malware
  
  
• Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

Follow this list and your potential for being infected again will reduce dramatically.

[DMR5713]

Thanks very much for your very helpful advice. I already had all of those things running except SpywareBlaster.

Unfortunately, I hit a far worse problem on Saturday: my hard drive suffered a mechanical failure. (It was two and a half years old, with no history of problems, no jostling or moving, good UPS protection from voltage problems, etc. etc.) So after all of that work, I'll still have to rebuild the system from scratch with a new hard drive.

Your help, however, was very much appreciated.