[restless5150]

First off let me apologize if this has been covered elsewhere but I need your help. After spending time on the internet yesterday...I got a message as my web browsers home page that I'm sure you are all too familiar with...It went something like this:

Detected SPYware! System error #384

this was in a nice little blue screen with my IP adress and talk of "my computer being full of evidences". Not only that but I get a nice little pop-up that comes out of my system tray every 2 minutes that tells me my computer is infected

So I got highjack this v1.99 to deal with this problem... only thing is is that I don't know what I should be deleting and removing. Your help would be appreciated yall lemme know hat I need to do to rid myself of this problem( and where I can find a good deal on a shotgun...)

here's the log file:


Logfile of HijackThis v1.99.1
Scan saved at 12:19:01 AM, on 4/21/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\svchost.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\LXSUPMON.EXE
C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE
C:\PROGRA~1\VERIZO~1\HELPSU~1\SMARTB~1\MotiveSB.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\acoustic.exe
C:\Program Files\paytime.exe
C:\winstall.exe
C:\WINDOWS\system32\eventwvr.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\DOCUME~1\PAULVA~1\LOCALS~1\Temp\bwgo0001fb53.exe
C:\Program Files\Common Files\Verizon Online\ConnMgr\cmisrv.exe
C:\Program Files\Common Files\Verizon Online\AppMgr\vzOpenUIServer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\MotiveBrowser\MotiveBrowser.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Paul Vasquez\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
O1 - Hosts: 207.68.176.250 auto.search.msn.com
O1 - Hosts: 64.12.152.18 search.netscape.com
O1 - Hosts: indows.
O1 - Hosts: 64.12.152.18 search.netscape.com
O1 - Hosts: 207.68.176.250 auto.search.msn.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {196B9CB5-4C83-46F7-9B06-9672ECD9D99B} - C:\WINDOWS\SYSTEM32\winbrume.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\system32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [A Verizon App] C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\HELPSU~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [TBTray] acoustic.exe
O4 - HKLM\..\Run: [Launcher] aelaunch.exe
O4 - HKLM\..\Run: [SysTray] C:\Program Files\paytime.exe
O4 - HKLM\..\Run: [eventwvr] C:\WINDOWS\system32\eventwvr.exe
O4 - HKLM\..\RunServices: [eventwvr] C:\WINDOWS\system32\eventwvr.exe
O4 - HKCU\..\Run: [Shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - HKCU\..\Run: [eventwvr] C:\WINDOWS\system32\eventwvr.exe
O4 - HKCU\..\Run: [Key] C:\DOCUME~1\PAULVA~1\LOCALS~1\Temp\21.tmp
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Yahoo! Checkers - http://download.game...nts/y/kt4_x.cab
O16 - DPF: {01111F00-3E00-11D2-8470-0060089874ED} - http://supportsoft.a...ad/tgctlins.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) - http://www.ysbweb.co...ysb_regular.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1141670493843
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/.../GrooveAX27.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemreq...m/sysreqlab.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://www.driverage...driveragent.cab
O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - blank
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: SensSrv - C:\WINDOWS\SYSTEM32\senssrv.dll
O21 - SSODL: SysTray.Exbr - {6368D1FC-6F5C-4f1b-B164-E67214F678E9} - blank (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: psbase(2) - Unknown owner - C:\WINDOWS\system32\psbase(2).exe (file missing)
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

[Advertisements]

Hello Paul and welcome to Geeks to Go

As an introduction, please note that I am not Superhuman, I do not know everything, but what I do know has taken me years to learn. I am happy to pass on this information to you, but please bear in mind that I am also fallible.

Please note that you should have Administrator rights to perform the fixes. Also note that multiple identity PC’s (family PC’s) present a different problem; please tell me if your PC has more than one individual’s setting, but continue with the fix.

Before we get underway, you may wish to print these instructions for easy reference during the fix, although please be aware that many of the required URLs are hyperlinks in the red names shown on your screen. Part of the fix may require you to be in Safe Mode, which will not allow you to access the internet, or my instructions!

You have quite a mixture of malware and Trojans that need to be eradicated including a Puper infection. Let’s see what we can do with the first sweep.

You do not appear to have any antivirus programme running on your PC; we must correct that immediately.

Download:
AVG ANTIVIRUS FREE EDITION

Install AVG, update its virus definitions and perform a full system scan before proceeding any further.

Please download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy & paste the content of that report into your next reply.

IMPORTANT: Do NOT run option #2 OR any other option until you are directed to do so!

Note : process.exe is detected by some antivirus programmes (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a programme used to stop system processes. Antivirus programmes cannot distinguish between "good" and "malicious" use of such programmes, therefore they may alert the user.
http://www.beyondlog...processutil.htm

[Crustyoldbloke]

Hello Paul and welcome to Geeks to Go

As an introduction, please note that I am not Superhuman, I do not know everything, but what I do know has taken me years to learn. I am happy to pass on this information to you, but please bear in mind that I am also fallible.

Please note that you should have Administrator rights to perform the fixes. Also note that multiple identity PC’s (family PC’s) present a different problem; please tell me if your PC has more than one individual’s setting, but continue with the fix.

Before we get underway, you may wish to print these instructions for easy reference during the fix, although please be aware that many of the required URLs are hyperlinks in the red names shown on your screen. Part of the fix may require you to be in Safe Mode, which will not allow you to access the internet, or my instructions!

You have quite a mixture of malware and Trojans that need to be eradicated including a Puper infection. Let’s see what we can do with the first sweep.

You do not appear to have any antivirus programme running on your PC; we must correct that immediately.

Download:
AVG ANTIVIRUS FREE EDITION

Install AVG, update its virus definitions and perform a full system scan before proceeding any further.

Please download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy & paste the content of that report into your next reply.

IMPORTANT: Do NOT run option #2 OR any other option until you are directed to do so!

Note : process.exe is detected by some antivirus programmes (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a programme used to stop system processes. Antivirus programmes cannot distinguish between "good" and "malicious" use of such programmes, therefore they may alert the user.
http://www.beyondlog...processutil.htm

[restless5150]

I should point out that I have completed a full system scan of my comp using EWIDO anti-malware...a full hour and a half but the spyware is still present. Just wanted to know...since I have scanned using eido is it neccesary to use avg...thanx

[Crustyoldbloke]

There is a difference between antimalware and antivirus. A virus has the ability to replicate whereas malware is MALicious spyWARE. Surfing without antivirus protection is just asking for trouble.

[restless5150]

Okay, I'm runnin AVG to scan my pc but it still hasn't completed yet(i have been runnin this on and off for about A day and a half now) It has detected 300+ viruses!! A question regarding this...am I supposed to heal the viruses or send them to the vault and then delete them...any who after i run the scan...what is my next step to remove the spyware?

[Crustyoldbloke]

When AVG has finished cleaning your PC (doesn't matter if they are healed or moved or deleted providing they go). If your OS survives the clean up, just continue with the instructions given to you earlier.

[restless5150]

Here is my log for Smit Fraud Fix: (btw I deleted the files in my virus vault in AVG)


=======================================================================

SmitFraudFix v2.34

Scan done at 11:51:21.84, Sun 04/23/2006
Run from C:\Documents and Settings\Paul Vasquez\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600]

»»»»»»»»»»»»»»»»»»»»»»»» C:\

C:\exit FOUND !
C:\secure32.html FOUND !
C:\tool4.exe FOUND !
C:\uniq FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

C:\WINDOWS\svchost.exe FOUND !
C:\WINDOWS\teller2.chk FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

C:\WINDOWS\system32\bin29a.log FOUND !
C:\WINDOWS\system32\parad.raw.exe FOUND !
C:\WINDOWS\system32\zlbw.dll FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Paul Vasquez\Application Data

C:\Documents and Settings\Paul Vasquez\Application Data\Install.dat FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\PAULVA~1\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

C:\Program Files\secure32.html FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"

[HKEY_CLASSES_ROOT\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_CLASSES_ROOT\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"


»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

[Crustyoldbloke]

Please print out or copy these instructions/tutorial to Notepad as the internet will not be (while in Safe Mode) available to you at certain points of the removal process. Make sure to work through all the Steps in the exact order in which they are listed below. If there's anything that you don't understand, ask your question(s) before moving on with the fixes.

A. Please download the trial version of Ewido anti-malware from here: http://www.ewido.net/en/download/

• Install Ewido anti-malware.
• When installing, under Additional Options uncheck Install background guard and Install scan via context menu.
• When you run Ewido for the first time, you could get a warning "Database could not be found!". Click Ok.
• The programme will prompt you to update. Click the Ok button.
• The programme will now go to the main screen.

You will need to update Ewido to the latest definition files.

• On the left-hand side of the main screen click the Update Button.
• Click on Start.
• The update will start and a progress bar will show the updates being installed.

Once finished updating, close Ewido.

If you are having problems with the updater, you can use this link to manually update ewido.
Ewido manual updates. Make sure to close Ewido before installing the update.

B. Reboot your computer in Safe Mode.

• If the computer is running, shut down Windows, and then turn off the power.
• Wait 30 seconds, and then turn the computer on.
• Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
• Ensure that the Safe Mode option is selected.
• Press Enter. The computer then begins to start in Safe mode.
• Login on your usual account.

______________________________

C. Open the SmitfraudFix Folder, then double-click smitfraudfix.cmd file to start the tool.
Select option #2 - Clean by typing 2 and press Enter.
Wait for the tool to complete and disk cleanup to finish.
You will be prompted : "Registry cleaning - Do you want to clean the registry ?" answer Yes by typing Y and hit Enter.
The tool will also check if wininet.dll is infected. If a clean version is found, you will be prompted to replace wininet.dll. Answer Yes to the question "Replace infected file ?" by typing Y and hit Enter.

A reboot may be needed to finish the cleaning process, if you computer does not restart automatically please do it yourself manually. Reboot in Safe Mode.

The tool will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.
______________________________

D. Clean out your Temporary Internet files. Proceed like this:

• Quit Internet Explorer and quit any instances of Windows Explorer.
• Click Start, click Control Panel, and then double-click Internet Options.
• On the General tab, click Delete Files under Temporary Internet Files.
• In the Delete Files dialog box, tick the Delete all offline content check box , and then click OK.
• On the General tab, click Delete Cookies under Temporary Internet Files, and then click OK.
• Click on the Programs tab then click the Reset Web Settings button. Click Apply then OK.
• Click OK.

Next Click Start, click Control Panel and then double-click Display. Click on the Desktop tab, then click the Customize Desktop button. Click on the Web tab. Under Web Pages you should see a checked entry called Security info or something similar. If it is there, select that entry and click the Delete button. Click Ok then Apply and Ok.

Empty the Recycle Bin by right-clicking the Recycle Bin icon on your Desktop, and then clicking Empty Recycle Bin.
______________________________

E. Close ALL open Windows / Programmes / Folders. Please start Ewido, and run a full scan.

• Click on Scanner
• Click on Settings
  • Under How to scan all boxes should be checked
  • Under Unwanted Software all boxes should be checked
  • Under What to scan select Scan every file
  • Click on Ok
• Click on Complete System Scan to start the scan process.
• Let the programme scan the machine.

If Ewido finds anything, it will pop up a notification. When it asks if you want to clean the first file, put a checkmark in the lower left corner of the box that says Perform action on all infections and put a checkmark in the box next to Create encrypted backup, then choose clean and click Ok.

Once the scan has completed, there will be a button located on the bottom of the screen named Save Report.

• Click Save Report button
• Save the report to your Desktop

Close Ewido and Reboot in Normal Mode.
______________________________

F. Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #3 - Delete Trusted zone by typing 3 and press Enter

Note, if you use SpywareBlaster and/or IE-SPYAD, it will be necessary to re-install the protection both afford. For SpywareBlaster, run the Programme and re-protect all items. For IE-SPYAD, run the batch file and reinstall the protection.
______________________________

G. Please post:

• c:\rapport.txt
• Ewido log
• A new HijackThis log

You may need more than one reply to post the requested logs, otherwise they might get cut off.

[restless5150]

i have the full version of ewido installed on my pc...what does this change crusty?

[Crustyoldbloke]

In that case just don't download Ewido but use your copy and update and do the scan too. There's a new version out tomorrow, version 4.0 beta.

[restless5150]

okay here are the logs:

Rapport.txt:

SmitFraudFix v2.34

Scan done at 12:32:09.35, Sun 04/23/2006
Run from C:\Documents and Settings\Paul Vasquez\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600]

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\exit Deleted
C:\secure32.html Deleted
C:\tool4.exe Deleted
C:\uniq Deleted
C:\WINDOWS\svchost.exe Deleted
C:\WINDOWS\teller2.chk Deleted
C:\WINDOWS\system32\bin29a.log Deleted
C:\WINDOWS\system32\parad.raw.exe Deleted
C:\WINDOWS\system32\zlbw.dll Deleted
C:\Documents and Settings\Paul Vasquez\Application Data\Install.dat Deleted
C:\Program Files\secure32.html Deleted

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» End

=====================================================================

Ewido Log

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 3:07:09 PM, 4/23/2006
+ Report-Checksum: 37317B95

+ Scan result:

:mozilla.7:C:\Documents and Settings\Paul Vasquez\Application Data\Mozilla\Firefox\Profiles\4sdqzjpx.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.8:C:\Documents and Settings\Paul Vasquez\Application Data\Mozilla\Firefox\Profiles\4sdqzjpx.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.9:C:\Documents and Settings\Paul Vasquez\Application Data\Mozilla\Firefox\Profiles\4sdqzjpx.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.10:C:\Documents and Settings\Paul Vasquez\Application Data\Mozilla\Firefox\Profiles\4sdqzjpx.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.11:C:\Documents and Settings\Paul Vasquez\Application Data\Mozilla\Firefox\Profiles\4sdqzjpx.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.12:C:\Documents and Settings\Paul Vasquez\Application Data\Mozilla\Firefox\Profiles\4sdqzjpx.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.13:C:\Documents and Settings\Paul Vasquez\Application Data\Mozilla\Firefox\Profiles\4sdqzjpx.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.14:C:\Documents and Settings\Paul Vasquez\Application Data\Mozilla\Firefox\Profiles\4sdqzjpx.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.15:C:\Documents and Settings\Paul Vasquez\Application Data\Mozilla\Firefox\Profiles\4sdqzjpx.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.36:C:\Documents and Settings\Paul Vasquez\Application Data\Mozilla\Firefox\Profiles\4sdqzjpx.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.72:C:\Documents and Settings\Paul Vasquez\Application Data\Mozilla\Firefox\Profiles\4sdqzjpx.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.73:C:\Documents and Settings\Paul Vasquez\Application Data\Mozilla\Firefox\Profiles\4sdqzjpx.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.75:C:\Documents and Settings\Paul Vasquez\Application Data\Mozilla\Firefox\Profiles\4sdqzjpx.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.76:C:\Documents and Settings\Paul Vasquez\Application Data\Mozilla\Firefox\Profiles\4sdqzjpx.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.77:C:\Documents and Settings\Paul Vasquez\Application Data\Mozilla\Firefox\Profiles\4sdqzjpx.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.93:C:\Documents and Settings\Paul Vasquez\Application Data\Mozilla\Firefox\Profiles\4sdqzjpx.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.94:C:\Documents and Settings\Paul Vasquez\Application Data\Mozilla\Firefox\Profiles\4sdqzjpx.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.95:C:\Documents and Settings\Paul Vasquez\Application Data\Mozilla\Firefox\Profiles\4sdqzjpx.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.96:C:\Documents and Settings\Paul Vasquez\Application Data\Mozilla\Firefox\Profiles\4sdqzjpx.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.97:C:\Documents and Settings\Paul Vasquez\Application Data\Mozilla\Firefox\Profiles\4sdqzjpx.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.98:C:\Documents and Settings\Paul Vasquez\Application Data\Mozilla\Firefox\Profiles\4sdqzjpx.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.99:C:\Documents and Settings\Paul Vasquez\Application Data\Mozilla\Firefox\Profiles\4sdqzjpx.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.100:C:\Documents and Settings\Paul Vasquez\Application Data\Mozilla\Firefox\Profiles\4sdqzjpx.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.101:C:\Documents and Settings\Paul Vasquez\Application Data\Mozilla\Firefox\Profiles\4sdqzjpx.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.102:C:\Documents and Settings\Paul Vasquez\Application Data\Mozilla\Firefox\Profiles\4sdqzjpx.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.103:C:\Documents and Settings\Paul Vasquez\Application Data\Mozilla\Firefox\Profiles\4sdqzjpx.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.104:C:\Documents and Settings\Paul Vasquez\Application Data\Mozilla\Firefox\Profiles\4sdqzjpx.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.109:C:\Documents and Settings\Paul Vasquez\Application Data\Mozilla\Firefox\Profiles\4sdqzjpx.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned with backup
:mozilla.110:C:\Documents and Settings\Paul Vasquez\Application Data\Mozilla\Firefox\Profiles\4sdqzjpx.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned with backup
:mozilla.111:C:\Documents and Settings\Paul Vasquez\Application Data\Mozilla\Firefox\Profiles\4sdqzjpx.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.112:C:\Documents and Settings\Paul Vasquez\Application Data\Mozilla\Firefox\Profiles\4sdqzjpx.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.114:C:\Documents and Settings\Paul Vasquez\Application Data\Mozilla\Firefox\Profiles\4sdqzjpx.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.115:C:\Documents and Settings\Paul Vasquez\Application Data\Mozilla\Firefox\Profiles\4sdqzjpx.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.116:C:\Documents and Settings\Paul Vasquez\Application Data\Mozilla\Firefox\Profiles\4sdqzjpx.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.117:C:\Documents and Settings\Paul Vasquez\Application Data\Mozilla\Firefox\Profiles\4sdqzjpx.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.118:C:\Documents and Settings\Paul Vasquez\Application Data\Mozilla\Firefox\Profiles\4sdqzjpx.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.125:C:\Documents and Settings\Paul Vasquez\Application Data\Mozilla\Firefox\Profiles\4sdqzjpx.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.126:C:\Documents and Settings\Paul Vasquez\Application Data\Mozilla\Firefox\Profiles\4sdqzjpx.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.127:C:\Documents and Settings\Paul Vasquez\Application Data\Mozilla\Firefox\Profiles\4sdqzjpx.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.128:C:\Documents and Settings\Paul Vasquez\Application Data\Mozilla\Firefox\Profiles\4sdqzjpx.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.129:C:\Documents and Settings\Paul Vasquez\Application Data\Mozilla\Firefox\Profiles\4sdqzjpx.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.130:C:\Documents and Settings\Paul Vasquez\Application Data\Mozilla\Firefox\Profiles\4sdqzjpx.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.131:C:\Documents and Settings\Paul Vasquez\Application Data\Mozilla\Firefox\Profiles\4sdqzjpx.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.132:C:\Documents and Settings\Paul Vasquez\Application Data\Mozilla\Firefox\Profiles\4sdqzjpx.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.133:C:\Documents and Settings\Paul Vasquez\Application Data\Mozilla\Firefox\Profiles\4sdqzjpx.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.134:C:\Documents and Settings\Paul Vasquez\Application Data\Mozilla\Firefox\Profiles\4sdqzjpx.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.135:C:\Documents and Settings\Paul Vasquez\Application Data\Mozilla\Firefox\Profiles\4sdqzjpx.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.136:C:\Documents and Settings\Paul Vasquez\Application Data\Mozilla\Firefox\Profiles\4sdqzjpx.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.138:C:\Documents and Settings\Paul Vasquez\Application Data\Mozilla\Firefox\Profiles\4sdqzjpx.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup
:mozilla.139:C:\Documents and Settings\Paul Vasquez\Application Data\Mozilla\Firefox\Profiles\4sdqzjpx.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.140:C:\Documents and Settings\Paul Vasquez\Application Data\Mozilla\Firefox\Profiles\4sdqzjpx.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.143:C:\Documents and Settings\Paul Vasquez\Application Data\Mozilla\Firefox\Profiles\4sdqzjpx.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.144:C:\Documents and Settings\Paul Vasquez\Application Data\Mozilla\Firefox\Profiles\4sdqzjpx.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.145:C:\Documents and Settings\Paul Vasquez\Application Data\Mozilla\Firefox\Profiles\4sdqzjpx.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.146:C:\Documents and Settings\Paul Vasquez\Application Data\Mozilla\Firefox\Profiles\4sdqzjpx.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.147:C:\Documents and Settings\Paul Vasquez\Application Data\Mozilla\Firefox\Profiles\4sdqzjpx.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.150:C:\Documents and Settings\Paul Vasquez\Application Data\Mozilla\Firefox\Profiles\4sdqzjpx.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.151:C:\Documents and Settings\Paul Vasquez\Application Data\Mozilla\Firefox\Profiles\4sdqzjpx.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.152:C:\Documents and Settings\Paul Vasquez\Application Data\Mozilla\Firefox\Profiles\4sdqzjpx.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.154:C:\Documents and Settings\Paul Vasquez\Application Data\Mozilla\Firefox\Profiles\4sdqzjpx.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.155:C:\Documents and Settings\Paul Vasquez\Application Data\Mozilla\Firefox\Profiles\4sdqzjpx.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.156:C:\Documents and Settings\Paul Vasquez\Application Data\Mozilla\Firefox\Profiles\4sdqzjpx.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.159:C:\Documents and Settings\Paul Vasquez\Application Data\Mozilla\Firefox\Profiles\4sdqzjpx.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.160:C:\Documents and Settings\Paul Vasquez\Application Data\Mozilla\Firefox\Profiles\4sdqzjpx.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.161:C:\Documents and Settings\Paul Vasquez\Application Data\Mozilla\Firefox\Profiles\4sdqzjpx.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.162:C:\Documents and Settings\Paul Vasquez\Application Data\Mozilla\Firefox\Profiles\4sdqzjpx.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.163:C:\Documents and Settings\Paul Vasquez\Application Data\Mozilla\Firefox\Profiles\4sdqzjpx.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.164:C:\Documents and Settings\Paul Vasquez\Application Data\Mozilla\Firefox\Profiles\4sdqzjpx.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.169:C:\Documents and Settings\Paul Vasquez\Application Data\Mozilla\Firefox\Profiles\4sdqzjpx.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.170:C:\Documents and Settings\Paul Vasquez\Application Data\Mozilla\Firefox\Profiles\4sdqzjpx.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.171:C:\Documents and Settings\Paul Vasquez\Application Data\Mozilla\Firefox\Profiles\4sdqzjpx.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.172:C:\Documents and Settings\Paul Vasquez\Application Data\Mozilla\Firefox\Profiles\4sdqzjpx.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.173:C:\Documents and Settings\Paul Vasquez\Application Data\Mozilla\Firefox\Profiles\4sdqzjpx.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.175:C:\Documents and Settings\Paul Vasquez\Application Data\Mozilla\Firefox\Profiles\4sdqzjpx.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup
:mozilla.176:C:\Documents and Settings\Paul Vasquez\Application Data\Mozilla\Firefox\Profiles\4sdqzjpx.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup
:mozilla.177:C:\Documents and Settings\Paul Vasquez\Application Data\Mozilla\Firefox\Profiles\4sdqzjpx.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup
:mozilla.178:C:\Documents and Settings\Paul Vasquez\Application Data\Mozilla\Firefox\Profiles\4sdqzjpx.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup
:mozilla.184:C:\Documents and Settings\Paul Vasquez\Application Data\Mozilla\Firefox\Profiles\4sdqzjpx.default\cookies.txt -> TrackingCookie.Addynamix : Cleaned with backup
:mozilla.187:C:\Documents and Settings\Paul Vasquez\Application Data\Mozilla\Firefox\Profiles\4sdqzjpx.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.188:C:\Documents and Settings\Paul Vasquez\Application Data\Mozilla\Firefox\Profiles\4sdqzjpx.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.189:C:\Documents and Settings\Paul Vasquez\Application Data\Mozilla\Firefox\Profiles\4sdqzjpx.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.190:C:\Documents and Settings\Paul Vasquez\Application Data\Mozilla\Firefox\Profiles\4sdqzjpx.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned with backup
:mozilla.191:C:\Documents and Settings\Paul Vasquez\Application Data\Mozilla\Firefox\Profiles\4sdqzjpx.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned with backup
:mozilla.194:C:\Documents and Settings\Paul Vasquez\Application Data\Mozilla\Firefox\Profiles\4sdqzjpx.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup
:mozilla.195:C:\Documents and Settings\Paul Vasquez\Application Data\Mozilla\Firefox\Profiles\4sdqzjpx.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup
:mozilla.196:C:\Documents and Settings\Paul Vasquez\Application Data\Mozilla\Firefox\Profiles\4sdqzjpx.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup
:mozilla.197:C:\Documents and Settings\Paul Vasquez\Application Data\Mozilla\Firefox\Profiles\4sdqzjpx.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup
:mozilla.198:C:\Documents and Settings\Paul Vasquez\Application Data\Mozilla\Firefox\Profiles\4sdqzjpx.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup
:mozilla.199:C:\Documents and Settings\Paul Vasquez\Application Data\Mozilla\Firefox\Profiles\4sdqzjpx.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup
:mozilla.200:C:\Documents and Settings\Paul Vasquez\Application Data\Mozilla\Firefox\Profiles\4sdqzjpx.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup
:mozilla.208:C:\Documents and Settings\Paul Vasquez\Application Data\Mozilla\Firefox\Profiles\4sdqzjpx.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.209:C:\Documents and Settings\Paul Vasquez\Application Data\Mozilla\Firefox\Profiles\4sdqzjpx.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.210:C:\Documents and Settings\Paul Vasquez\Application Data\Mozilla\Firefox\Profiles\4sdqzjpx.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.211:C:\Documents and Settings\Paul Vasquez\Application Data\Mozilla\Firefox\Profiles\4sdqzjpx.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.212:C:\Documents and Settings\Paul Vasquez\Application Data\Mozilla\Firefox\Profiles\4sdqzjpx.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.213:C:\Documents and Settings\Paul Vasquez\Application Data\Mozilla\Firefox\Profiles\4sdqzjpx.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.214:C:\Documents and Settings\Paul Vasquez\Application Data\Mozilla\Firefox\Profiles\4sdqzjpx.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned with backup
:mozilla.215:C:\Documents and Settings\Paul Vasquez\Application Data\Mozilla\Firefox\Profiles\4sdqzjpx.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.216:C:\Documents and Settings\Paul Vasquez\Application Data\Mozilla\Firefox\Profiles\4sdqzjpx.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.217:C:\Documents and Settings\Paul Vasquez\Application Data\Mozilla\Firefox\Profiles\4sdqzjpx.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.220:C:\Documents and Settings\Paul Vasquez\Application Data\Mozilla\Firefox\Profiles\4sdqzjpx.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.221:C:\Documents and Settings\Paul Vasquez\Application Data\Mozilla\Firefox\Profiles\4sdqzjpx.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.222:C:\Documents and Settings\Paul Vasquez\Application Data\Mozilla\Firefox\Profiles\4sdqzjpx.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.223:C:\Documents and Settings\Paul Vasquez\Application Data\Mozilla\Firefox\Profiles\4sdqzjpx.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.224:C:\Documents and Settings\Paul Vasquez\Application Data\Mozilla\Firefox\Profiles\4sdqzjpx.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.244:C:\Documents and Settings\Paul Vasquez\Application Data\Mozilla\Firefox\Profiles\4sdqzjpx.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.245:C:\Documents and Settings\Paul Vasquez\Application Data\Mozilla\Firefox\Profiles\4sdqzjpx.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.246:C:\Documents and Settings\Paul Vasquez\Application Data\Mozilla\Firefox\Profiles\4sdqzjpx.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.247:C:\Documents and Settings\Paul Vasquez\Application Data\Mozilla\Firefox\Profiles\4sdqzjpx.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.248:C:\Documents and Settings\Paul Vasquez\Application Data\Mozilla\Firefox\Profiles\4sdqzjpx.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.249:C:\Documents and Settings\Paul Vasquez\Application Data\Mozilla\Firefox\Profiles\4sdqzjpx.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.252:C:\Documents and Settings\Paul Vasquez\Application Data\Mozilla\Firefox\Profiles\4sdqzjpx.default\cookies.txt -> TrackingCookie.Enhance : Cleaned with backup
:mozilla.259:C:\Documents and Settings\Paul Vasquez\Application Data\Mozilla\Firefox\Profiles\4sdqzjpx.default\cookies.txt -> TrackingCookie.Spylog : Cleaned with backup
:mozilla.260:C:\Documents and Settings\Paul Vasquez\Application Data\Mozilla\Firefox\Profiles\4sdqzjpx.default\cookies.txt -> TrackingCookie.Hotlog : Cleaned with backup
:mozilla.273:C:\Documents and Settings\Paul Vasquez\Application Data\Mozilla\Firefox\Profiles\4sdqzjpx.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup
:mozilla.274:C:\Documents and Settings\Paul Vasquez\Application Data\Mozilla\Firefox\Profiles\4sdqzjpx.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup
:mozilla.275:C:\Documents and Settings\Paul Vasquez\Application Data\Mozilla\Firefox\Profiles\4sdqzjpx.default\cookies.txt -> TrackingCookie.Yadro : Cleaned with backup
:mozilla.276:C:\Documents and Settings\Paul Vasquez\Application Data\Mozilla\Firefox\Profiles\4sdqzjpx.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.277:C:\Documents and Settings\Paul Vasquez\Application Data\Mozilla\Firefox\Profiles\4sdqzjpx.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.278:C:\Documents and Settings\Paul Vasquez\Application Data\Mozilla\Firefox\Profiles\4sdqzjpx.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.279:C:\Documents and Settings\Paul Vasquez\Application Data\Mozilla\Firefox\Profiles\4sdqzjpx.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.280:C:\Documents and Settings\Paul Vasquez\Application Data\Mozilla\Firefox\Profiles\4sdqzjpx.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.281:C:\Documents and Settings\Paul Vasquez\Application Data\Mozilla\Firefox\Profiles\4sdqzjpx.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.282:C:\Documents and Settings\Paul Vasquez\Application Data\Mozilla\Firefox\Profiles\4sdqzjpx.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.283:C:\Documents and Settings\Paul Vasquez\Application Data\Mozilla\Firefox\Profiles\4sdqzjpx.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.289:C:\Documents and Settings\Paul Vasquez\Application Data\Mozilla\Firefox\Profiles\4sdqzjpx.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.290:C:\Documents and Settings\Paul Vasquez\Application Data\Mozilla\Firefox\Profiles\4sdqzjpx.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.291:C:\Documents and Settings\Paul Vasquez\Application Data\Mozilla\Firefox\Profiles\4sdqzjpx.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.298:C:\Documents and Settings\Paul Vasquez\Application Data\Mozilla\Firefox\Profiles\4sdqzjpx.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup
:mozilla.299:C:\Documents and Settings\Paul Vasquez\Application Data\Mozilla\Firefox\Profiles\4sdqzjpx.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup
:mozilla.300:C:\Documents and Settings\Paul Vasquez\Application Data\Mozilla\Firefox\Profiles\4sdqzjpx.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup
:mozilla.301:C:\Documents and Settings\Paul Vasquez\Application Data\Mozilla\Firefox\Profiles\4sdqzjpx.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup
:mozilla.320:C:\Documents and Settings\Paul Vasquez\Application Data\Mozilla\Firefox\Profiles\4sdqzjpx.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.321:C:\Documents and Settings\Paul Vasquez\Application Data\Mozilla\Firefox\Profiles\4sdqzjpx.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.322:C:\Documents and Settings\Paul Vasquez\Application Data\Mozilla\Firefox\Profiles\4sdqzjpx.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.323:C:\Documents and Settings\Paul Vasquez\Application Data\Mozilla\Firefox\Profiles\4sdqzjpx.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.326:C:\Documents and Settings\Paul Vasquez\Application Data\Mozilla\Firefox\Profiles\4sdqzjpx.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.327:C:\Documents and Settings\Paul Vasquez\Application Data\Mozilla\Firefox\Profiles\4sdqzjpx.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.328:C:\Documents and Settings\Paul Vasquez\Application Data\Mozilla\Firefox\Profiles\4sdqzjpx.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.329:C:\Documents and Settings\Paul Vasquez\Application Data\Mozilla\Firefox\Profiles\4sdqzjpx.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.330:C:\Documents and Settings\Paul Vasquez\Application Data\Mozilla\Firefox\Profiles\4sdqzjpx.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.331:C:\Documents and Settings\Paul Vasquez\Application Data\Mozilla\Firefox\Profiles\4sdqzjpx.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.353:C:\Documents and Settings\Paul Vasquez\Application Data\Mozilla\Firefox\Profiles\4sdqzjpx.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.354:C:\Documents and Settings\Paul Vasquez\Application Data\Mozilla\Firefox\Profiles\4sdqzjpx.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.355:C:\Documents and Settings\Paul Vasquez\Application Data\Mozilla\Firefox\Profiles\4sdqzjpx.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.356:C:\Documents and Settings\Paul Vasquez\Application Data\Mozilla\Firefox\Profiles\4sdqzjpx.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.357:C:\Documents and Settings\Paul Vasquez\Application Data\Mozilla\Firefox\Profiles\4sdqzjpx.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.358:C:\Documents and Settings\Paul Vasquez\Application Data\Mozilla\Firefox\Profiles\4sdqzjpx.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.389:C:\Documents and Settings\Paul Vasquez\Application Data\Mozilla\Firefox\Profiles\4sdqzjpx.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup
:mozilla.392:C:\Documents and Settings\Paul Vasquez\Application Data\Mozilla\Firefox\Profiles\4sdqzjpx.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup
:mozilla.399:C:\Documents and Settings\Paul Vasquez\Application Data\Mozilla\Firefox\Profiles\4sdqzjpx.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup
:mozilla.403:C:\Documents and Settings\Paul Vasquez\Application Data\Mozilla\Firefox\Profiles\4sdqzjpx.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.417:C:\Documents and Settings\Paul Vasquez\Application Data\Mozilla\Firefox\Profiles\4sdqzjpx.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup
:mozilla.434:C:\Documents and Settings\Paul Vasquez\Application Data\Mozilla\Firefox\Profiles\4sdqzjpx.default\cookies.txt -> TrackingCookie.Targetnet : Cleaned with backup
:mozilla.436:C:\Documents and Settings\Paul Vasquez\Application Data\Mozilla\Firefox\Profiles\4sdqzjpx.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.437:C:\Documents and Settings\Paul Vasquez\Application Data\Mozilla\Firefox\Profiles\4sdqzjpx.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.442:C:\Documents and Settings\Paul Vasquez\Application Data\Mozilla\Firefox\Profiles\4sdqzjpx.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.443:C:\Documents and Settings\Paul Vasquez\Application Data\Mozilla\Firefox\Profiles\4sdqzjpx.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.444:C:\Documents and Settings\Paul Vasquez\Application Data\Mozilla\Firefox\Profiles\4sdqzjpx.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.445:C:\Documents and Settings\Paul Vasquez\Application Data\Mozilla\Firefox\Profiles\4sdqzjpx.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.446:C:\Documents and Settings\Paul Vasquez\Application Data\Mozilla\Firefox\Profiles\4sdqzjpx.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.447:C:\Documents and Settings\Paul Vasquez\Application Data\Mozilla\Firefox\Profiles\4sdqzjpx.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.448:C:\Documents and Settings\Paul Vasquez\Application Data\Mozilla\Firefox\Profiles\4sdqzjpx.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.469:C:\Documents and Settings\Paul Vasquez\Application Data\Mozilla\Firefox\Profiles\4sdqzjpx.default\cookies.txt -> TrackingCookie.Clickhype : Cleaned with backup
:mozilla.476:C:\Documents and Settings\Paul Vasquez\Application Data\Mozilla\Firefox\Profiles\4sdqzjpx.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.477:C:\Documents and Settings\Paul Vasquez\Application Data\Mozilla\Firefox\Profiles\4sdqzjpx.default\cookies.txt -> TrackingCookie.Realtracker : Cleaned with backup
:mozilla.478:C:\Documents and Settings\Paul Vasquez\Application Data\Mozilla\Firefox\Profiles\4sdqzjpx.default\cookies.txt -> TrackingCookie.Realtracker : Cleaned with backup
:mozilla.486:C:\Documents and Settings\Paul Vasquez\Application Data\Mozilla\Firefox\Profiles\4sdqzjpx.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.487:C:\Documents and Settings\Paul Vasquez\Application Data\Mozilla\Firefox\Profiles\4sdqzjpx.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.542:C:\Documents and Settings\Paul Vasquez\Application Data\Mozilla\Firefox\Profiles\4sdqzjpx.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.550:C:\Documents and Settings\Paul Vasquez\Application Data\Mozilla\Firefox\Profiles\4sdqzjpx.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned with backup
:mozilla.551:C:\Documents and Settings\Paul Vasquez\Application Data\Mozilla\Firefox\Profiles\4sdqzjpx.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.593:C:\Documents and Settings\Paul Vasquez\Application Data\Mozilla\Firefox\Profiles\4sdqzjpx.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.594:C:\Documents and Settings\Paul Vasquez\Application Data\Mozilla\Firefox\Profiles\4sdqzjpx.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.595:C:\Documents and Settings\Paul Vasquez\Application Data\Mozilla\Firefox\Profiles\4sdqzjpx.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.596:C:\Documents and Settings\Paul Vasquez\Application Data\Mozilla\Firefox\Profiles\4sdqzjpx.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.597:C:\Documents and Settings\Paul Vasquez\Application Data\Mozilla\Firefox\Profiles\4sdqzjpx.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.598:C:\Documents and Settings\Paul Vasquez\Application Data\Mozilla\Firefox\Profiles\4sdqzjpx.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.604:C:\Documents and Settings\Paul Vasquez\Application Data\Mozilla\Firefox\Profiles\4sdqzjpx.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
:mozilla.605:C:\Documents and Settings\Paul Vasquez\Application Data\Mozilla\Firefox\Profiles\4sdqzjpx.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
:mozilla.614:C:\Documents and Settings\Paul Vasquez\Application Data\Mozilla\Firefox\Profiles\4sdqzjpx.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup
:mozilla.615:C:\Documents and Settings\Paul Vasquez\Application Data\Mozilla\Firefox\Profiles\4sdqzjpx.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup
:mozilla.616:C:\Documents and Settings\Paul Vasquez\Application Data\Mozilla\Firefox\Profiles\4sdqzjpx.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup
:mozilla.633:C:\Documents and Settings\Paul Vasquez\Application Data\Mozilla\Firefox\Profiles\4sdqzjpx.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.634:C:\Documents and Settings\Paul Vasquez\Application Data\Mozilla\Firefox\Profiles\4sdqzjpx.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.635:C:\Documents and Settings\Paul Vasquez\Application Data\Mozilla\Firefox\Profiles\4sdqzjpx.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.656:C:\Documents and Settings\Paul Vasquez\Application Data\Mozilla\Firefox\Profiles\4sdqzjpx.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.657:C:\Documents and Settings\Paul Vasquez\Application Data\Mozilla\Firefox\Profiles\4sdqzjpx.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.663:C:\Documents and Settings\Paul Vasquez\Application Data\Mozilla\Firefox\Profiles\4sdqzjpx.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.668:C:\Documents and Settings\Paul Vasquez\Application Data\Mozilla\Firefox\Profiles\4sdqzjpx.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.783:C:\Documents and Settings\Paul Vasquez\Application Data\Mozilla\Firefox\Profiles\4sdqzjpx.default\cookies.txt -> TrackingCookie.Goldenpalace : Cleaned with backup
:mozilla.848:C:\Documents and Settings\Paul Vasquez\Application Data\Mozilla\Firefox\Profiles\4sdqzjpx.default\cookies.txt -> TrackingCookie.Directnetadvertising : Cleaned with backup
:mozilla.855:C:\Documents and Settings\Paul Vasquez\Application Data\Mozilla\Firefox\Profiles\4sdqzjpx.default\cookies.txt -> TrackingCookie.Casinodelrio : Cleaned with backup
C:\Documents and Settings\Paul Vasquez\Cookies\paul [email protected][1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Paul Vasquez\Cookies\paul [email protected][2].txt -> TrackingCookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Paul Vasquez\Cookies\paul [email protected][2].txt -> TrackingCookie.Pointroll : Cleaned with backup
C:\Documents and Settings\Paul Vasquez\Cookies\paul vasquez@advertising[1].txt -> TrackingCookie.Advertising : Cleaned with backup
C:\Documents and Settings\Paul Vasquez\Cookies\paul [email protected][1].txt -> TrackingCookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\Paul Vasquez\Cookies\paul vasquez@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Paul Vasquez\Cookies\paul vasquez@bluestreak[2].txt -> TrackingCookie.Bluestreak : Cleaned with backup
C:\Documents and Settings\Paul Vasquez\Cookies\paul vasquez@burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Paul Vasquez\Cookies\paul [email protected][1].txt -> TrackingCookie.Zedo : Cleaned with backup
C:\Documents and Settings\Paul Vasquez\Cookies\paul vasquez@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\Paul Vasquez\Cookies\paul [email protected][2].txt -> TrackingCookie.Sexcounter : Cleaned with backup
C:\Documents and Settings\Paul Vasquez\Cookies\paul vasquez@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Paul Vasquez\Cookies\paul vasquez@fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Paul Vasquez\Cookies\paul vasquez@hotlog[1].txt -> TrackingCookie.Hotlog : Cleaned with backup
C:\Documents and Settings\Paul Vasquez\Cookies\paul [email protected][2].txt -> TrackingCookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Paul Vasquez\Cookies\paul vasquez@mediaplex[2].txt -> TrackingCookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\Paul Vasquez\Cookies\paul vasquez@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Paul Vasquez\Cookies\paul vasquez@trafficmp[1].txt -> TrackingCookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\Paul Vasquez\Cookies\paul vasquez@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\Paul Vasquez\Cookies\paul [email protected][2].txt -> TrackingCookie.Burstbeacon : Cleaned with backup
C:\Documents and Settings\Paul Vasquez\Cookies\paul vasquez@zedo[2].txt -> TrackingCookie.Zedo : Cleaned with backup
C:\Documents and Settings\Paul Vasquez\Local Settings\Temp\Temporary Internet Files\Content.IE5\0BQJ43IH\Install[1].exe -> Adware.Spysheriff : Cleaned with backup
C:\Documents and Settings\Paul Vasquez\Local Settings\Temp\Temporary Internet Files\Content.IE5\0BQJ43IH\update[1].exe -> Adware.BHO : Cleaned with backup
C:\Documents and Settings\Paul Vasquez\Local Settings\Temp\Temporary Internet Files\Content.IE5\B3DQC7BF\i[1].exe -> Downloader.VB.abh : Cleaned with backup
C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll -> Trojan.Sinowal.i : Cleaned with backup
C:\Program Files\Internet Explorer\update.exe -> Adware.BHO : Cleaned with backup
C:\Program Files\TBONBin -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP501\A0494450.exe -> Adware.Bestofer : Cleaned with backup
C:\WINDOWS\SYSTEM32\winbrume.dll -> Adware.BHO : Cleaned with backup


::Report End

=====================================================================

Hijack This Log

Logfile of HijackThis v1.99.1
Scan saved at 3:19:39 PM, on 4/23/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE
C:\PROGRA~1\VERIZO~1\HELPSU~1\SMARTB~1\MotiveSB.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\acoustic.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Common Files\Verizon Online\ConnMgr\cmisrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\wscntfy.exe
C:\DOCUME~1\PAULVA~1\LOCALS~1\Temp\bwgo00023975.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Verizon Online\AppMgr\vzOpenUIServer.exe
C:\Program Files\Common Files\MotiveBrowser\MotiveBrowser.exe
C:\Documents and Settings\Paul Vasquez\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
O1 - Hosts: 207.68.176.250 auto.search.msn.com
O1 - Hosts: 64.12.152.18 search.netscape.com
O1 - Hosts: indows.
O1 - Hosts: 64.12.152.18 search.netscape.com
O1 - Hosts: 207.68.176.250 auto.search.msn.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {196B9CB5-4C83-46F7-9B06-9672ECD9D99B} - C:\WINDOWS\SYSTEM32\winbrume.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [A Verizon App] C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\HELPSU~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [TBTray] acoustic.exe
O4 - HKLM\..\Run: [Launcher] aelaunch.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Yahoo! Checkers - http://download.game...nts/y/kt4_x.cab
O16 - DPF: {01111F00-3E00-11D2-8470-0060089874ED} - http://supportsoft.a...ad/tgctlins.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) - http://www.ysbweb.co...ysb_regular.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1141670493843
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/.../GrooveAX27.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemreq...m/sysreqlab.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://www.driverage...driveragent.cab
O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - blank
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: SensSrv - senssrv.dll (file missing)
O21 - SSODL: SysTray.Exbr - {6368D1FC-6F5C-4f1b-B164-E67214F678E9} - blank (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Power Manager (PowerManager) - Unknown owner - C:\WINDOWS\svchost.exe (file missing)
O23 - Service: psbase(2) - Unknown owner - C:\WINDOWS\system32\psbase(2).exe (file missing)
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

=====================================================================

Im eager to get this problem taken care of and I appreciate you timely responses Crusty...YEAHHH!!!


btw i still can't change my desktop background yet...Jessica Alba is waiting

Edited by restless5150, 23 April 2006 - 04:39 PM.

[Crustyoldbloke]

Hello again

Those logs look good, so we can now just tidy up the rest.

To start please download the following programmes, we will run them later. Please save them to a place that you will remember, I suggest the Desktop:

Killbox by Option^Explicit
CCleaner
Hoster
CWShredder
cwsserviceemove.reg file

Now please install CWShredder, and run it. Click Check For Update, then Fix and then OK followed by Next, let it fix everything it asks about

Please run Hoster (just double click it to open). Choose the Restore Original Hosts button and press OK.

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
O1 - Hosts: 207.68.176.250 auto.search.msn.com
O1 - Hosts: 64.12.152.18 search.netscape.com
O1 - Hosts: indows.
O1 - Hosts: 64.12.152.18 search.netscape.com
O1 - Hosts: 207.68.176.250 auto.search.msn.com
O2 - BHO: (no name) - {196B9CB5-4C83-46F7-9B06-9672ECD9D99B} - C:\WINDOWS\SYSTEM32\winbrume.dll (file missing)
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) - http://www.ysbweb.co...ysb_regular.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemreq...m/sysreqlab.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://www.driverage...driveragent.cab
O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - blank
O20 - Winlogon Notify: SensSrv - senssrv.dll (file missing)
O21 - SSODL: SysTray.Exbr - {6368D1FC-6F5C-4f1b-B164-E67214F678E9} - blank (file missing)
O23 - Service: Power Manager (PowerManager) - Unknown owner - C:\WINDOWS\svchost.exe (file missing)
O23 - Service: psbase(2) - Unknown owner - C:\WINDOWS\system32\psbase(2).exe (file missing)

Now close all windows other than HiJackThis, then click Fix Checked.

Please now reboot into safe mode. Here's how:

Restart your computer and as soon as it starts booting up again continuously tap the F8 key. A menu should appear where you will be given the option to enter Safe Mode.

Unzip cwsserviceemove.reg file to your desktop. While in safe mode, double click on it and grant it permission to add the registry items

Please install Killbox by Option^Explicit.

• Please double-click Killbox.exe to run it.
• Select Delete on Reboot
• then Click on the All Files button.
• Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

C:\DOCUME~1\PAULVA~1\LOCALS~1\Temp\bwgo00023975.exe
c:\secure32.html

• Return to Killbox, go to the File menu, and choose Paste from Clipboard.
  
• Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).

If your computer does not restart automatically, please restart it manually.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click here to download and run missingfilesetup.exe. Then try Killbox again.

There is almost certainly bound to be some junk (leftover bits and pieces) on your system that is doing nothing but taking up space. I would recommend that you run CCleaner. Install it, update it, check the default setting in the left-hand pane, ensure you uncheck old prefetch data found under the system tab, and under the heading of Utilities uncheck Ewido Security Suite log and ensure Only delete files in Windows Temp folder older than 48 hours is unchecked also, then click Analyze> Run Cleaner. You may be fairly surprised by how much it finds. Also click Issues then Scan for issues – fix selected issues

Post back a fresh HijackThis log (from normal mode) and I will take another look.

How is your desktop now?

[restless5150]

i have another question (im full of these i know) i have a torrent client on my comp...will all of these fixes and or programs affect its use or will I have to redownload the client thanx...

[restless5150]

new hi jack log after last posts instructions:

Logfile of HijackThis v1.99.1
Scan saved at 5:48:57 PM, on 4/23/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE
C:\PROGRA~1\VERIZO~1\HELPSU~1\SMARTB~1\MotiveSB.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\acoustic.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Verizon Online\ConnMgr\cmisrv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\DOCUME~1\PAULVA~1\LOCALS~1\Temp\bwgo00037fa1.exe
C:\Program Files\Windows NT\Accessories\WORDPAD.EXE
C:\Program Files\Common Files\Verizon Online\AppMgr\vzOpenUIServer.exe
C:\Program Files\Common Files\MotiveBrowser\MotiveBrowser.exe
C:\Documents and Settings\Paul Vasquez\Desktop\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [A Verizon App] C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\HELPSU~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [TBTray] acoustic.exe
O4 - HKLM\..\Run: [Launcher] aelaunch.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Yahoo! Checkers - http://download.game...nts/y/kt4_x.cab
O16 - DPF: {01111F00-3E00-11D2-8470-0060089874ED} - http://supportsoft.a...ad/tgctlins.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) - http://www.ysbweb.co...ysb_regular.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1141670493843
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/.../GrooveAX27.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Power Manager (PowerManager) - Unknown owner - C:\WINDOWS\svchost.exe (file missing)
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe



BTW the desktop background is still f'ed up...i can see my background when i boot up but when windows loads all the way through...it disappears...and the "change desktop background on desktop properties page seems to be disabled

[Crustyoldbloke]

Hello again

By now you should know the answer to your question about Torrent.

Please delete your temporary files.

Click on START > RUN > type in cleanmgr and hit ENTER

You will see a window asking you to choose your harddrive (most likely C: Drive)

Click it and Windows will now scan the drive and show you the results

Make sure the following are checked:Downloaded Program Files
Temporary Internet Files and
Recycle Bin
Compress Old Files (if you want more disk space)
Click OK and Disk Cleanup will delete those files for you.

Next, go to Start>Run>type in %temp% hit Enter and delete the content of all the temp folders shown (only the content, not the folder). A couple of files may be in memory and will not therefore delete, this is normal.

Go to Start>Run and type Services.msc then hit OK
Scroll down and find this service:

Power Manager (PowerManager)

When you find it, double-click on it. In the next window that opens, click the Stop button, then click on Properties and under the General Tab, change the Startup Type to Disabled. Now hit Apply and then OK.

Run HiJackThis. Click on None of the above, just start the program. Now, click on the Config button (bottom right), then click on Misc Tools, then click on Delete an NT Service a window will pop up. Enter this item into that field (copy and paste):

PowerManager

Click OK.

It should pull up information about the service, when it asks if you want to reboot now click YES

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) - http://www.ysbweb.co...ysb_regular.cab
O23 - Service: Power Manager (PowerManager) - Unknown owner - C:\WINDOWS\svchost.exe (file missing)

Now close all windows other than HiJackThis, then click Fix Checked.

Please right click on this Wallpaper and choose Save Target As...Save it on your Desktop. Double click on it to run it and choose Yes to add it to the registry. Delete that .reg file when you are done.

See if you can change your wallpaper now.

Post back a fresh HijackThis log (from normal mode) and I will take another look.