[jsa]

I'm getting IE popup ads aout of the blue. IE starts on it's own. CA Pestpatrol Id's CmdService as adware, and states it can't quarentine it.
I have performed all the prereqs to noavail, and here are my logs.
----------------------------------------------------------------------------------------------------------------------------
HJT Log
----------------------------------------------------------------------------------------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 10:34:13 AM, on 8/14/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Dell\QuickSet\quickset.exe
C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\Program Files\TrojanHunter 4.5\THGuard.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\Documents and Settings\Jesse\My Documents\downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.comcast.n...lbar2.0/search/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.comcast.n...lbar2.0/search/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.mrfindalo.../search.asp?si=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=userinit.exe
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [VOBID] C:\Program Files\Pinnacle\InstantCDDVD\InstantDrive\InstantDrive.exe /remount
O4 - HKLM\..\Run: [IW ControlCenter] C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [win320870-9372478] C:\WINDOWS\win320870-9372478.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.5\THGuard.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [iqru] C:\PROGRA~1\COMMON~1\iqru\iqrum.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: - {946B3E9E-E21A-49c8-9F63-900533FAFE15} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0713E8D2-850A-101B-AFC0-4210102A8DA7} (Microsoft ProgressBar Control, version 5.0 (SP2)) - http://download.mcafee.com/molbin/Shared/C...22/ComCtl32.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...tup1.0.0.15.cab
O16 - DPF: {2DFF31F9-7893-4922-AF66-C9A1EB4EBB31} (Rhapsody Player Engine) - http://forms.real.com/real/player/download...ne_Inst_Win.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1146812219171
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalci....1.11_en_dl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.c...ers/play365.cab
O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} (Dell PC Checkup Installer Control) - http://pccheckup.del...ll/gtdownde.cab
O18 - Filter: text/html - (no CLSID) - (no file)
O20 - Winlogon Notify: Setup - C:\WINDOWS\system32\dnpo0173e.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pantech&Curitel Utility Service - Unknown owner - C:\Program Files\UTStarcom\Sprint\Sprint PCS Connection Manager\PnCUtilityService.exe (file missing)
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Vongo Service - Starz Entertainment Group LLC - C:\Program Files\Vongo\VongoService.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

----------------------------------------------------------------------------------------------------------------------------
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 1:43:22 AM 8/10/2006

+ Scan result:



C:\Documents and Settings\Guest\Application Data\ShopperReports -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\ShopperReports\cs -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\ShopperReports\cs\Config.xml -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\ShopperReports\cs\db -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\ShopperReports\cs\db\Aliases.dbs -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\ShopperReports\cs\db\Sites.dbs -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\ShopperReports\cs\dwld -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\ShopperReports\cs\dwld\WhiteList.xip -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\ShopperReports\cs\persist.dbs -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\ShopperReports\cs\report -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\ShopperReports\cs\report\aggr_storage.xml -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\ShopperReports\cs\report\send_storage.xml -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\ShopperReports\cs\res2 -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\ShopperReports\cs\res2\WhiteList.dbs -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\ShopperReports\shprrprt.log -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\ShopperReports\shprrprt_1150838555.log -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\ShopperReports\shprrprt_1150838616.log -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\ShopperReports\shprrprt_1150838677.log -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\ShopperReports\shprrprt_1150838738.log -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\ShopperReports\shprrprt_1150838799.log -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\ShopperReports\shprrprt_1150838860.log -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\ShopperReports\shprrprt_1150838921.log -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\ShopperReports\shprrprt_1150840020.log -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\ShopperReports\shprrprt_1150841141.log -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\ShopperReports\shprrprt_1150841202.log -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\ShopperReports\shprrprt_1150841431.log -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\ShopperReports\shprrprt_1150841562.log -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\ShopperReports\shprrprt_1150841745.log -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\ShopperReports\shprrprt_1150841878.log -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\ShopperReports\shprrprt_1150842054.log -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\ShopperReports\shprrprt_1150842296.log -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\ShopperReports\shprrprt_1150842463.log -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\ShopperReports\shprrprt_1150842776.log -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\ShopperReports\shprrprt_1150842965.log -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\ShopperReports\shprrprt_1150843086.log -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\ShopperReports\shprrprt_1150843208.log -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\ShopperReports\shprrprt_1150843602.log -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\ShopperReports\shprrprt_1150843663.log -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\ShopperReports\shprrprt_1150843801.log -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\ShopperReports\shprrprt_1150843948.log -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\ShopperReports\shprrprt_1150844202.log -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\ShopperReports\shprrprt_1150844373.log -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\ShopperReports\shprrprt_1150844559.log -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\ShopperReports\shprrprt_1150845120.log -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\ShopperReports\shprrprt_1150845402.log -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\ShopperReports\shprrprt_1150845475.log -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\ShopperReports\shprrprt_1150845580.log -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\ShopperReports\shprrprt_1150845719.log -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\ShopperReports\shprrprt_1150845864.log -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\ShopperReports\shprrprt_1150846036.log -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\ShopperReports\shprrprt_1150846158.log -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\ShopperReports\shprrprt_1150846491.log -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\ShopperReports\shprrprt_1150846552.log -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\ShopperReports\shprrprt_1150846613.log -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\ShopperReports\shprrprt_1150846682.log -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\ShopperReports\shprrprt_1150846760.log -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\ShopperReports\shprrprt_1150846822.log -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\ShopperReports\shprrprt_1150846885.log -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\ShopperReports\shprrprt_1150846946.log -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\ShopperReports\shprrprt_1150847005.log -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\ShopperReports\shprrprt_1150847066.log -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\ShopperReports\shprrprt_1150847183.log -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\ShopperReports\shprrprt_1150847291.log -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\ShopperReports\shprrprt_1150847394.log -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\ShopperReports\shprrprt_1150847471.log -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\ShopperReports\shprrprt_1150847593.log -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\ShopperReports\shprrprt_1150847786.log -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\ShopperReports\shprrprt_1150847908.log -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\ShopperReports\shprrprt_1150847994.log -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\ShopperReports\shprrprt_1150848229.log -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\ShopperReports\shprrprt_1150848290.log -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\ShopperReports\shprrprt_1150848351.log -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\ShopperReports\shprrprt_1150848412.log -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\ShopperReports\shprrprt_1150848473.log -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\ShopperReports\shprrprt_1150848535.log -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\ShopperReports\shprrprt_1150848624.log -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\ShopperReports\shprrprt_1150848679.log -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\ShopperReports\shprrprt_1150848742.log -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\ShopperReports\shprrprt_1150848793.log -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\ShopperReports\shprrprt_1150848851.log -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\ShopperReports\shprrprt_1150848924.log -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\ShopperReports\shprrprt_1150848985.log -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\ShopperReports\shprrprt_1150849046.log -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\ShopperReports\shprrprt_1150849089.log -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\ShopperReports\shprrprt_1150849139.log -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\ShopperReports\shprrprt_1150849216.log -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\ShopperReports\shprrprt_1150849369.log -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\ShopperReports\shprrprt_1150849496.log -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\ShopperReports\shprrprt_1150849592.log -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\ShopperReports\shprrprt_1150849669.log -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\ShopperReports\shprrprt_1150849724.log -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\ShopperReports\shprrprt_1150849791.log -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\ShopperReports\shprrprt_1150849905.log -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\ShopperReports\shprrprt_1150849970.log -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\ShopperReports\shprrprt_1150850004.log -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\ShopperReports\shprrprt_1150850065.log -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\ShopperReports\shprrprt_1150850173.log -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\ShopperReports\shprrprt_1150850282.log -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\ShopperReports\shprrprt_1150850347.log -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\ShopperReports\shprrprt_1150850414.log -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\ShopperReports\shprrprt_1150850475.log -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\ShopperReports\shprrprt_1150850536.log -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\ShopperReports\shprrprt_1150850624.log -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\ShopperReports\shprrprt_1150850685.log -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\ShopperReports\shprrprt_1150850746.log -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\ShopperReports\shprrprt_1150850807.log -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\ShopperReports\shprrprt_1150850868.log -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\ShopperReports\shprrprt_1150850990.log -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\ShopperReports\shprrprt_1150851112.log -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\ShopperReports\shprrprt_1150851234.log -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\ShopperReports\shprrprt_1150851356.log -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\ShopperReports\shprrprt_1150851478.log -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\ShopperReports\shprrprt_1150851982.log -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\ShopperReports\shprrprt_1150852043.log -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\ShopperReports\shprrprt_1150852104.log -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\ShopperReports\shprrprt_1150852165.log -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\ShopperReports\shprrprt_1150852227.log -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\ShopperReports\shprrprt_1150853427.log -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\ShopperReports\shprrprt_1150854627.log -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\ShopperReports\shprrprt_1150855827.log -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\ShopperReports\shprrprt_1150856618.log -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\ShopperReports\shprrprt_1150856679.log -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\ShopperReports\shprrprt_1150856741.log -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\ShopperReports\shprrprt_1150856802.log -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\ShopperReports\shprrprt_1150856863.log -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\ShopperReports\shprrprt_1150856925.log -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\ShopperReports\shprrprt_1150856978.log -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\ShopperReports\shprrprt_1150857035.log -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\ShopperReports\shprrprt_1150857101.log -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\ShopperReports\shprrprt_1150929141.log -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\ShopperReports\shprrprt_1150929202.log -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\ShopperReports\shprrprt_1150929263.log -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\ShopperReports\shprrprt_1150929324.log -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\ShopperReports\shprrprt_1150929385.log -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\ShopperReports\shprrprt_1150929540.log -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\ShopperReports\shprrprt_1150929698.log -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\ShopperReports\shprrprt_1150929759.log -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\ShopperReports\shprrprt_1150929935.log -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\ShopperReports\shprrprt_1150929996.log -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\ShopperReports\shprrprt_1150930057.log -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\ShopperReports\shprrprt_1150930461.log -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\ShopperReports\shprrprt_1150938659.log -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Application Data\ShopperReports -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Application Data\ShopperReports\cs -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Application Data\ShopperReports\cs\Config.xml -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Application Data\ShopperReports\cs\dwld -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Application Data\ShopperReports\cs\dwld\WhiteList.xip -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Application Data\ShopperReports\cs\persist.dbs -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Application Data\ShopperReports\cs\res1 -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Application Data\ShopperReports\cs\res1\WhiteList.dbs -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Application Data\ShopperReports\shprrprt.log -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\gloriaworkman\Application Data\ShopperReports -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\gloriaworkman\Application Data\ShopperReports\cs -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\gloriaworkman\Application Data\ShopperReports\cs\Config.xml -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\gloriaworkman\Application Data\ShopperReports\cs\db -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\gloriaworkman\Application Data\ShopperReports\cs\db\Aliases.dbs -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\gloriaworkman\Application Data\ShopperReports\cs\db\Sites.dbs -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\gloriaworkman\Application Data\ShopperReports\cs\dwld -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\gloriaworkman\Application Data\ShopperReports\cs\dwld\WhiteList.xip -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\gloriaworkman\Application Data\ShopperReports\cs\persist.dbs -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\gloriaworkman\Application Data\ShopperReports\cs\report -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\gloriaworkman\Application Data\ShopperReports\cs\report\aggr_storage.xml -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\gloriaworkman\Application Data\ShopperReports\cs\report\send_storage.xml -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\gloriaworkman\Application Data\ShopperReports\cs\res2 -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\gloriaworkman\Application Data\ShopperReports\cs\res2\WhiteList.dbs -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\gloriaworkman\Application Data\ShopperReports\shprrprt.log -> Adware.HotBar : Cleaned with backup (quarantined).
C:\WINDOWS\system32\awmlib.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\system32\doime.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\system32\iQsnap.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\system32\m4pole731h.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\system32\mrexcl40.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\system32\r4p8le7u1h.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\system32\wlhatm.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\system32\wqhcon.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\system32\wtwfaxui.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
[728] C:\WINDOWS\system32\ML4SDECD.dll -> Adware.Look2Me : Error during cleaning.
[808] C:\WINDOWS\system32\ML4SDECD.dll -> Adware.Look2Me : Error during cleaning.
C:\WINDOWS\system32\bez6n4r21.exe -> Adware.SearchAssistant : Cleaned with backup (quarantined).
C:\WINDOWS\system32bez6n4r21.exe -> Adware.SearchAssistant : Cleaned with backup (quarantined).
C:\WINDOWS\system32\n9nyb.exe -> Adware.Suggestor : Cleaned with backup (quarantined).
C:\WINDOWS\system32\zqskw.exe -> Adware.Suggestor : Cleaned with backup (quarantined).
C:\WINDOWS\system32n9nyb.exe -> Adware.Suggestor : Cleaned with backup (quarantined).
C:\Program Files\ComcastToolbar\uninstall.exe -> Adware.VMN : Cleaned with backup (quarantined).
C:\WINDOWS\system32\dr.exe -> Downloader.Adload.ds : Cleaned with backup (quarantined).
C:\Documents and Settings\Jesse\Local Settings\Temporary Internet Files\Content.IE5\2BWB5MR6\kybrdff_8[1].exe -> Downloader.Adload.dv : Cleaned with backup (quarantined).
C:\kybrdff_8.exe -> Downloader.Adload.dv : Cleaned with backup (quarantined).
C:\Documents and Settings\Jesse\Local Settings\Temp\Temporary Internet Files\Content.IE5\4PI3K5AR\popup[1].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Jesse\Local Settings\Temp\Temporary Internet Files\Content.IE5\4PI3K5AR\popup[2].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Jesse\Local Settings\Temp\Temporary Internet Files\Content.IE5\KLMZ0PQ3\popup[1].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Program Files\Messenger\kykeco.html -> Hijacker.Small.jf : Cleaned with backup (quarantined).
:mozilla.893:C:\Documents and Settings\gloriaworkman\Application Data\Netscape\NSB\Profiles\avm1lf6g.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned with backup (quarantined).
:mozilla.107:C:\Documents and Settings\gloriaworkman\Application Data\Netscape\NSB\Profiles\avm1lf6g.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.10:C:\Documents and Settings\gloriaworkman\Application Data\Netscape\NSB\Profiles\a5et5otz\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.238:C:\Documents and Settings\Jesse\Application Data\Mozilla\Firefox\Profiles\ont6t6fb.default\cookies.txt.old -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.28:C:\Documents and Settings\gloriaworkman\Application Data\Netscape\NSB\Profiles\a5et5otz\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.362:C:\Documents and Settings\gloriaworkman\Application Data\Netscape\NSB\Profiles\avm1lf6g.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.410:C:\Documents and Settings\gloriaworkman\Application Data\Netscape\NSB\Profiles\avm1lf6g.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.46:C:\Documents and Settings\gloriaworkman\Application Data\Netscape\NSB\Profiles\avm1lf6g.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.47:C:\Documents and Settings\gloriaworkman\Application Data\Netscape\NSB\Profiles\avm1lf6g.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.48:C:\Documents and Settings\gloriaworkman\Application Data\Netscape\NSB\Profiles\avm1lf6g.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.49:C:\Documents and Settings\gloriaworkman\Application Data\Netscape\NSB\Profiles\avm1lf6g.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.50:C:\Documents and Settings\gloriaworkman\Application Data\Netscape\NSB\Profiles\avm1lf6g.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.518:C:\Documents and Settings\gloriaworkman\Application Data\Netscape\NSB\Profiles\avm1lf6g.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.51:C:\Documents and Settings\gloriaworkman\Application Data\Netscape\NSB\Profiles\avm1lf6g.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.52:C:\Documents and Settings\gloriaworkman\Application Data\Netscape\NSB\Profiles\avm1lf6g.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.53:C:\Documents and Settings\gloriaworkman\Application Data\Netscape\NSB\Profiles\avm1lf6g.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.54:C:\Documents and Settings\gloriaworkman\Application Data\Netscape\NSB\Profiles\avm1lf6g.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.55:C:\Documents and Settings\gloriaworkman\Application Data\Netscape\NSB\Profiles\avm1lf6g.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.56:C:\Documents and Settings\gloriaworkman\Application Data\Netscape\NSB\Profiles\avm1lf6g.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.57:C:\Documents and Settings\gloriaworkman\Application Data\Netscape\NSB\Profiles\avm1lf6g.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.580:C:\Documents and Settings\gloriaworkman\Application Data\Netscape\NSB\Profiles\avm1lf6g.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.58:C:\Documents and Settings\gloriaworkman\Application Data\Netscape\NSB\Profiles\avm1lf6g.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.59:C:\Documents and Settings\gloriaworkman\Application Data\Netscape\NSB\Profiles\avm1lf6g.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.60:C:\Documents and Settings\gloriaworkman\Application Data\Netscape\NSB\Profiles\avm1lf6g.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.61:C:\Documents and Settings\gloriaworkman\Application Data\Netscape\NSB\Profiles\avm1lf6g.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.63:C:\Documents and Settings\gloriaworkman\Application Data\Netscape\NSB\Profiles\avm1lf6g.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.64:C:\Documents and Settings\gloriaworkman\Application Data\Netscape\NSB\Profiles\avm1lf6g.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.66:C:\Documents and Settings\gloriaworkman\Application Data\Netscape\NSB\Profiles\avm1lf6g.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.675:C:\Documents and Settings\gloriaworkman\Application Data\Netscape\NSB\Profiles\avm1lf6g.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.67:C:\Documents and Settings\gloriaworkman\Application Data\Netscape\NSB\Profiles\avm1lf6g.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.68:C:\Documents and Settings\gloriaworkman\Application Data\Netscape\NSB\Profiles\avm1lf6g.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.743:C:\Documents and Settings\gloriaworkman\Application Data\Netscape\NSB\Profiles\avm1lf6g.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.7:C:\Documents and Settings\gloriaworkman\Application Data\Netscape\NSB\Profiles\a5et5otz\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.801:C:\Documents and Settings\gloriaworkman\Application Data\Netscape\NSB\Profiles\avm1lf6g.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.854:C:\Documents and Settings\gloriaworkman\Application Data\Netscape\NSB\Profiles\avm1lf6g.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Cookies\guest@cartoonnetwork.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Cookies\guest@sprintnlc.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\gloriaworkman\Cookies\gloriaworkman@2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\gloriaworkman\Cookies\gloriaworkman@buycom.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\gloriaworkman\Cookies\gloriaworkman@cbs.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\gloriaworkman\Cookies\gloriaworkman@efashionsolutions.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\gloriaworkman\Cookies\gloriaworkman@embarq.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\gloriaworkman\Cookies\gloriaworkman@entrepreneur.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\gloriaworkman\Cookies\gloriaworkman@macromedia.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\gloriaworkman\Cookies\gloriaworkman@microsofteup.112.2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\gloriaworkman\Cookies\gloriaworkman@microsoftwga.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\gloriaworkman\Cookies\gloriaworkman@microsoftwlmessengermkt.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\gloriaworkman\Cookies\gloriaworkman@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\gloriaworkman\Cookies\gloriaworkman@msnservices.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\gloriaworkman\Cookies\gloriaworkman@nbcuniversal.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\gloriaworkman\Cookies\gloriaworkman@starz.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\gloriaworkman\Cookies\gloriaworkman@zag.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-1028375667-2882118016-4214439152-1012\Dc48.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-1028375667-2882118016-4214439152-1012\Dc61.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\Cookies\jesse@heavycom.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\Cookies\jesse@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.475:C:\Documents and Settings\gloriaworkman\Application Data\Netscape\NSB\Profiles\avm1lf6g.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned with backup (quarantined).
:mozilla.476:C:\Documents and Settings\gloriaworkman\Application Data\Netscape\NSB\Profiles\avm1lf6g.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned with backup (quarantined).
:mozilla.478:C:\Documents and Settings\gloriaworkman\Application Data\Netscape\NSB\Profiles\avm1lf6g.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned with backup (quarantined).
:mozilla.479:C:\Documents and Settings\gloriaworkman\Application Data\Netscape\NSB\Profiles\avm1lf6g.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned with backup (quarantined).
:mozilla.480:C:\Documents and Settings\gloriaworkman\Application Data\Netscape\NSB\Profiles\avm1lf6g.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned with backup (quarantined).
:mozilla.481:C:\Documents and Settings\gloriaworkman\Application Data\Netscape\NSB\Profiles\avm1lf6g.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned with backup (quarantined).
:mozilla.485:C:\Documents and Settings\gloriaworkman\Application Data\Netscape\NSB\Profiles\avm1lf6g.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned with backup (quarantined).
:mozilla.486:C:\Documents and Settings\gloriaworkman\Application Data\Netscape\NSB\Profiles\avm1lf6g.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned with backup (quarantined).
:mozilla.487:C:\Documents and Settings\gloriaworkman\Application Data\Netscape\NSB\Profiles\avm1lf6g.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned with backup (quarantined).
:mozilla.488:C:\Documents and Settings\gloriaworkman\Application Data\Netscape\NSB\Profiles\avm1lf6g.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned with backup (quarantined).
:mozilla.490:C:\Documents and Settings\gloriaworkman\Application Data\Netscape\NSB\Profiles\avm1lf6g.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned with backup (quarantined).
:mozilla.491:C:\Documents and Settings\gloriaworkman\Application Data\Netscape\NSB\Profiles\avm1lf6g.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned with backup (quarantined).
:mozilla.492:C:\Documents and Settings\gloriaworkman\Application Data\Netscape\NSB\Profiles\avm1lf6g.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned with backup (quarantined).
:mozilla.926:C:\Documents and Settings\gloriaworkman\Application Data\Netscape\NSB\Profiles\avm1lf6g.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned with backup (quarantined).
:mozilla.927:C:\Documents and Settings\gloriaworkman\Application Data\Netscape\NSB\Profiles\avm1lf6g.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned with backup (quarantined).
:mozilla.928:C:\Documents and Settings\gloriaworkman\Application Data\Netscape\NSB\Profiles\avm1lf6g.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned with backup (quarantined).
:mozilla.930:C:\Documents and Settings\gloriaworkman\Application Data\Netscape\NSB\Profiles\avm1lf6g.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned with backup (quarantined).
:mozilla.931:C:\Documents and Settings\gloriaworkman\Application Data\Netscape\NSB\Profiles\avm1lf6g.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned with backup (quarantined).
:mozilla.956:C:\Documents and Settings\gloriaworkman\Application Data\Netscape\NSB\Profiles\avm1lf6g.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned with backup (quarantined).
C:\Documents and Settings\gloriaworkman\Cookies\gloriaworkman@aavalue[2].txt -> TrackingCookie.Aavalue : Cleaned with backup (quarantined).
C:\Documents and Settings\gloriaworkman\Cookies\gloriaworkman@lovefreegames.aavalue[2].txt -> TrackingCookie.Aavalue : Cleaned with backup (quarantined).
C:\Documents and Settings\gloriaworkman\Cookies\gloriaworkman@prizeamerica.aavalue[1].txt -> TrackingCookie.Aavalue : Cleaned with backup (quarantined).
:mozilla.135:C:\Documents and Settings\Jesse\Application Data\Mozilla\Firefox\Profiles\ont6t6fb.default\cookies.txt.old -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
:mozilla.136:C:\Documents and Settings\Jesse\Application Data\Mozilla\Firefox\Profiles\ont6t6fb.default\cookies.txt.old -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
:mozilla.137:C:\Documents and Settings\Jesse\Application Data\Mozilla\Firefox\Profiles\ont6t6fb.default\cookies.txt.old -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
C:\Documents and Settings\gloriaworkman\Cookies\gloriaworkman@rotator.adjuggler[1].txt -> TrackingCookie.Adjuggler : Cleaned with backup (quarantined).
:mozilla.889:C:\Documents and Settings\gloriaworkman\Application Data\Netscape\NSB\Profiles\avm1lf6g.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.890:C:\D

[JSntgRvr]

Hi, jsa

Welcome to Geeks to go.

Click Here to download delcmdservice (by Marckie), and save it to your Desktop.
Click here to download Look2Me-Destroyer.exe and save it to your desktop.
Please download Brute Force Uninstaller to your desktop.

• Right click the BFU folder on your desktop, and choose Extract All
  
• Click "Next"
  
• In the box to choose where to extract the files to,
  
• Click "Browse"
  
• Click on the + sign next to "My Computer"
  
• Click on "Local Disk (C:) or whatever your primary drive is
  
• Click "Make New Folder"
  
• Type in BFU
  
• Click "Next", and Uncheck the "Show Extracted Files" box and then click "Finish".

RIGHT-CLICK HERE and choose "Save As" (in IE it's "Save Target As") in order to download Alcra PLUS Remover.
Save it in the same folder you made earlier (c:\BFU).

Do not do anything with these yet!

Close all Windows.

• Unzip the delcmdservice.zip contents to your Desktop (a folder named delcmdservice)
  
• Double-click on the delcmdservice folder
  
• Double-click on delreg.bat to launch the tool
  
• When the tool has finished, please reboot your computer and continue with the next step.
  
• Double-click Look2Me-Destroyer.exe to run it.
  
• Put a check next to Run this program as a task.
  
• You will receive a message saying Look2Me-Destroyer will close and re-open in approximately 10 seconds. Click OK
  
• When Look2Me-Destroyer re-opens, click the Scan for L2M button, your desktop icons will disappear, this is normal.
  
• Once it's done scanning, click the Remove L2M button.
  
• You will receive a Done Scanning message, click OK.
  
• When completed, you will receive this message: Done removing infected files! Look2Me-Destroyer will now shutdown your computer, click OK.
  
• Your computer will then shutdown.
  
• Turn your computer back on.

If Look2Me-Destroyer does not reopen automatically, reboot and try again.

If you receive a message from your firewall about this program accessing the internet please allow it.

If you receive a runtime error '339' please download MSWINSCK.OCX from here and place it in your C:\Windows\System32 Folder.

Go to Start->Run, type CMD and click Ok. The MSDOS Window will be displayed. At the prompt type the following and press Enter:

SC Stop "Network Monitor"
SC Delete "Network Monitor"
Exit

Reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping F8 until a menu appears. Highlight Safe Mode and hit enter.

Please go to Start > My Computer and navigate to the C:\BFU folder.

• Start the Brute Force Uninstaller by doubleclicking BFU.exe
  
• Behind the scriptline to execute field click the folder icon and select alcanshorty.bfu
  
• Press Execute and let the program do it’s job. (You ought to see a progress bar if you did this correctly.)
  
• Wait for the complete script execution box to pop up and press OK.
  
• Press exit to terminate the BFU program.

Reboot into normal windows.

Please go HERE to run Panda's ActiveScan

• Once you are on the Panda site click the Scan your PC button
  
• A new window will open...click the Check Now button
  
• Enter your Country
  
• Enter your State/Province
  
• Enter your e-mail address and click send
  
• Select either Home User or Company
  
• Click the big Scan Now button
  
• If it wants to install an ActiveX component allow it
  
• It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  
• When download is complete, click on My Computer to start the scan
  
• When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report along with the C:\Look2Me-Destroyer.txt and a new HiJackThis log

[jsa]

I'm at the step to start a dos prompt, when i try to run CMD, My Dos windowhas no prompt. Looks like a normal dos window except completly blank and no prompt. when i rebooted after removeing L2M didn't automaticlly start. I ran it again, and the scan results were blank.

should proceed to the BFU...?

[JSntgRvr]

Hi, jsa

Yes! Please proceed and post a fresh Hijackthis log.

[jsa]

after the execution of BFU, the (cmd) DOS window worked normally. The Panda avtive scan reported a couple of problems, see activescan report. also posted is a new HJT log.

----------------------------------------------------------------------------------------------------------------------------
---------------------------
activescan log
---------------------------
Incident Status Location

Potentially unwanted tool:application/funweb Not disinfected c:\windows\downloaded program files\f3initialsetup1.0.0.15.inf
Spyware:spyware/surfsidekick Not disinfected C:\Documents and Settings\Jesse\Local Settings\Temporary Internet Files\Ssk.log
Potentially unwanted tool:application/mywebsearch Not disinfected hkey_local_machine\software\FocusInteractive
Adware:adware/sqwire Not disinfected Windows Registry
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Guest\Cookies\guest@atwola[1].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Guest\Cookies\guest@go[2].txt
----------------------------------------------------------------------------------------------------------------------------

-----------------------
HJT log
-----------------------

Logfile of HijackThis v1.99.1
Scan saved at 12:09:51 PM, on 8/15/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
c:\program files\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
c:\program files\mcafee.com\agent\mcagent.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\Program Files\TrojanHunter 4.5\THGuard.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
c:\program files\mcafee.com\shared\mcinfo.exe
C:\Documents and Settings\Jesse\My Documents\downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.comcast.n...lbar2.0/search/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.comcast.n...lbar2.0/search/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.mrfindalo.../search.asp?si=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=userinit.exe
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [VOBID] C:\Program Files\Pinnacle\InstantCDDVD\InstantDrive\InstantDrive.exe /remount
O4 - HKLM\..\Run: [IW ControlCenter] C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [win320870-9372478] C:\WINDOWS\win320870-9372478.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.5\THGuard.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [iqru] C:\PROGRA~1\COMMON~1\iqru\iqrum.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: - {946B3E9E-E21A-49c8-9F63-900533FAFE15} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0713E8D2-850A-101B-AFC0-4210102A8DA7} (Microsoft ProgressBar Control, version 5.0 (SP2)) - http://download.mcafee.com/molbin/Shared/C...22/ComCtl32.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...tup1.0.0.15.cab
O16 - DPF: {2DFF31F9-7893-4922-AF66-C9A1EB4EBB31} (Rhapsody Player Engine) - http://forms.real.com/real/player/download...ne_Inst_Win.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1146812219171
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalci....1.11_en_dl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.c...ers/play365.cab
O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} (Dell PC Checkup Installer Control) - http://pccheckup.del...ll/gtdownde.cab
O18 - Filter: text/html - (no CLSID) - (no file)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pantech&Curitel Utility Service - Unknown owner - C:\Program Files\UTStarcom\Sprint\Sprint PCS Connection Manager\PnCUtilityService.exe (file missing)
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Vongo Service - Starz Entertainment Group LLC - C:\Program Files\Vongo\VongoService.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

----------------------------------------------------------------------------------------------------------------------------
----------------------------------------------------------------------------------------------------------------------------

[jsa]

On another note, how much is the usual donation?

[JSntgRvr]

Hi, jsa

Please download the Killbox by Option^Explicit.

Note: In the event you already have Killbox, this is a new version that I need you to download.

• Save it to your desktop.

The steps that I am about to suggest involve modifying the registry. Modifying the registry can be dangerous so we will make a backup of the registry first.
Modification of the registry can be EXTREMELY dangerous if you do not know exactly what you are doing so follow the steps that are listed below EXACTLY. if you cannot preform some of these steps or if you have ANY questions please ask BEFORE proceeding.

Backing Up Your Registry

• Go Here and download ERUNT
  (ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)
  
• Install ERUNT by following the prompts
  (use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)
  
• Start ERUNT
  (either by double clicking on the desktop icon or choosing to start the program at the end of the setup)
  
• Choose a location for the backup
  (the default location is C:\WINDOWS\ERDNT which is acceptable).
  
• Make sure that at least the first two check boxes are ticked
  
• Press OK
  
• Press YES to create the folder.

Registry Modifications

Download the enclosed file: [attachment=10234:attachment]
Extract its contents to the desktop. It is a Registry Entries file, Regfix.reg. Dont do anything with it yet.

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.mrfindalo.../search.asp?si=
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=userinit.exe
O4 - HKLM\..\Run: [win320870-9372478] C:\WINDOWS\win320870-9372478.exe
O4 - HKCU\..\Run: [iqru] C:\PROGRA~1\COMMON~1\iqru\iqrum.exe
O18 - Filter: text/html - (no CLSID) - (no file)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\

Now close all windows and browsers, other than HiJackThis, then click Fix Checked.

Close Hijackthis.

Double click on Regfix.reg on your desktop and select Yes when prompted to merge it into the registry.

• Please double-click Killbox.exe to run it.
  
• Select:
  • Delete on Reboot
    
  • then Click on the All Files button.
  
  
• Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):
  
  C:\WINDOWS\win320870-9372478.exe
  C:\Program Files\Common Files\iqru\iqrum.exe
  C:\Program Files\Common Files\iqru\
  c:\windows\downloaded program files\f3initialsetup1.0.0.15.inf
  C:\Documents and Settings\Jesse\Local Settings\Temporary Internet Files\Ssk.log
  
  
  
• Return to Killbox, go to the File menu, and choose Paste from Clipboard.
  
  
• Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).

If your computer does not restart automatically, please restart it manually.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click here to download and run missingfilesetup.exe. Then try Killbox again.

Post a fresh Hijackthis and let me kow how is the computer doing.

Quote

On another note, how much is the usual donation?

I will leave that to your discretion.

[JSntgRvr]

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member with address of this thread. This applies only to the original topic starter. Everyone else please begin a New Topic.