[Zaphod18]

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 4:51:25 PM, 8/15/2005
+ Report-Checksum: D803E948

+ Scan result:

HKLM\SOFTWARE\CashBack -> Spyware.CashBack : Cleaned with backup
HKLM\SOFTWARE\Classes\AppID\AtlBrowser.EXE -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\AppID\{0818D423-6247-11D1-ABEE-00D049C10000} -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\AppID\{2C4E6D22-B71F-491F-AAD3-B6972A650D50} -> Spyware.IBIS : Cleaned with backup
HKLM\SOFTWARE\Classes\AppID\{FB45C451-B0E9-4407-BB6A-9361013F3E9A} -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\AtlBrCon.AtlBrCon -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\AtlBrCon.AtlBrCon\CurVer -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -> Spyware.MiniBug : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{6EC11407-5B2E-4E25-8BDF-77445B52AB37} -> Spyware.VX2 : Cleaned with backup
HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{6EC11407-5B2E-4E25-8BDF-77445B52AB37} -> Spyware.VX2 : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{05080E6B-A88A-4CFD-8C3D-9B2557670B6E} -> Spyware.BookedSpace : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{10D7DB96-56DC-4617-8EAB-EC506ABE6C7E} -> Spyware.AdDestroyer : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{1CFB8B32-4053-4144-AF6F-1540EEC7F101} -> Spyware.Adlogix : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{241667A3-EC83-4885-84DD-C2DAAFC1C5EA} -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{25630B50-53C6-4E66-A945-9D7B6B2171FF} -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{370F6327-41C4-4FA6-A2DF-1BA57EE0FBB9} -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{370F6353-41C4-4FA6-A2DF-1BA57EE0FBB9} -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{6CDC3337-01F7-4A79-A4AF-0B19303CC0BE} -> Spyware.AdDestroyer : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{788C6F6E-C2EA-4A63-9C38-CE7D8F43BCE4} -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{78BCF936-45B0-40A7-9391-DCC03420DB35} -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{795398D0-DC2F-4118-A69C-592273BA9C2B} -> Spyware.AdDestroyer : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{8EEE58D5-130E-4CBD-9C83-35A0564E1357} -> Spyware.NaviSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{8EEE58D5-130E-4CBD-9C83-35A0564E2468} -> Spyware.NaviSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{8EEE58D5-130E-4CBD-9C83-35A0564E5678} -> Spyware.BargainBuddy : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{955CBF48-4313-4B1F-872B-254B7822CCF2} -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{9CFA26C2-81DA-4C9D-A501-F144A4A000FA} -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{B288F21C-A144-4CA2-9B70-8AFA1FAE4B06} -> Spyware.AdDestroyer : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{C6906A23-4717-4E1F-B6FD-F06EBED11357} -> Spyware.NaviSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{C6906A23-4717-4E1F-B6FD-F06EBED12468} -> Spyware.NaviSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{C6906A23-4717-4E1F-B6FD-F06EBED15678} -> Spyware.BargainBuddy : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{EFA52460-8822-4191-BA38-FACDD2007910} -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\PROTOCOLS\Name-Space Handler\res -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{0DC5CD7C-F653-4417-AA43-D457BE3A9622} -> Spyware.BookedSpace : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{370F6327-41C4-4FA6-A2DF-1BA57EE0FBB9} -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{4EB7BBE8-2E15-424B-9DDB-2CDB9516B2C3} -> Spyware.NaviSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{4EB7BBE8-2E15-424B-9DDB-2CDB9516C2E3} -> Spyware.NaviSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{4EB7BBE8-2E15-424B-9DDB-2CDB9516E2A3} -> Spyware.NaviSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{52CACFDF-9170-46A9-AE2E-E594D324C72A} -> Spyware.CashBack : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{9CFA26C0-81DA-4C9D-A501-F144A4A000FA} -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{9CFA26C1-81DA-4C9D-A501-F144A4A000FA} -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{BAF13496-8F72-47A1-9CEE-09238EFC75F0} -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{D0C29A75-7146-4737-98EE-BC4D7CF44AF9} -> Spyware.AdDestroyer : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{E0D3B292-A0B0-4640-975C-2F882E039F52} -> Spyware.AdDestroyer : Cleaned with backup
HKLM\SOFTWARE\ClickSpring -> Spyware.PurityScan : Cleaned with backup
HKLM\SOFTWARE\eXactUtil -> Spyware.BargainBuddy : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CashBack -> Spyware.CashBack : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DisplayUtility -> Spyware.Delfin : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NaviSearch -> Spyware.NaviSearch : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Surf SideKick -> Spyware.SurfSide : Cleaned with backup
HKLM\SOFTWARE\Mvu -> Spyware.Delfin : Cleaned with backup
HKLM\SOFTWARE\NaviSearch -> Spyware.NaviSearch : Cleaned with backup
HKLM\SOFTWARE\SecureWin -> Spyware.Adlogix : Cleaned with backup
HKLM\SOFTWARE\skin -> Spyware.Delfin : Cleaned with backup
HKU\.DEFAULT\Software\toolbar -> Spyware.WebSearch : Cleaned with backup
HKU\S-1-5-21-1708537768-1450960922-682003330-1003\Software\Mvu -> Spyware.Delfin : Cleaned with backup
HKU\S-1-5-21-1708537768-1450960922-682003330-1003\Software\Web Offer -> Spyware.eZula : Cleaned with backup
HKU\S-1-5-21-1708537768-1450960922-682003330-1003\Software\Web Offer\Setup -> Spyware.eZula : Cleaned with backup
HKU\S-1-5-21-1708537768-1450960922-682003330-1003\Software\Web Offer\Setup\ID -> Spyware.eZula : Cleaned with backup
HKU\S-1-5-18\Software\toolbar -> Spyware.WebSearch : Cleaned with backup
[1300] C:\WINDOWS\system32\esjdfu.exe -> Trojan.Agent.cp : Cleaned with backup
[1560] VM_00F90000 -> Adware.BetterInternet : Error during cleaning
C:\Documents and Settings\Administrator\Cookies\administrator@abetterinternet[2].txt -> Spyware.Cookie.Abetterinternet : Cleaned with backup
:mozilla.8:C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\0s93dy60.default\cookies.txt -> Spyware.Cookie.Epilot : Cleaned with backup
:mozilla.9:C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\0s93dy60.default\cookies.txt -> Spyware.Cookie.Epilot : Cleaned with backup
:mozilla.10:C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\0s93dy60.default\cookies.txt -> Spyware.Cookie.Epilot : Cleaned with backup
:mozilla.11:C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\0s93dy60.default\cookies.txt -> Spyware.Cookie.Epilot : Cleaned with backup
:mozilla.12:C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\0s93dy60.default\cookies.txt -> Spyware.Cookie.Bfast : Cleaned with backup
:mozilla.14:C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\0s93dy60.default\cookies.txt -> Spyware.Cookie.Epilot : Cleaned with backup
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\CJ6L27AD\!update-2234[1].0000 -> TrojanDownloader.PurityScan.y : Cleaned with backup
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\H82BE06E\!update-2214[1].0000 -> TrojanDownloader.PurityScan.y : Cleaned with backup
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\H82BE06E\!update-2224[1].0000 -> TrojanDownloader.PurityScan.y : Cleaned with backup
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\O1QZUR0V\!update-2204[1].0000 -> TrojanDownloader.PurityScan.y : Cleaned with backup
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\O1QZUR0V\!update-2234[1].0000 -> TrojanDownloader.PurityScan.y : Cleaned with backup
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\O1QZUR0V\!update-2254[1].0000 -> TrojanDownloader.PurityScan.y : Cleaned with backup
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\O1QZUR0V\!update-2274[1].0000 -> Spyware.MediaTickets : Cleaned with backup
:mozilla.20:C:\Documents and Settings\Simi Designs\Application Data\Mozilla\Firefox\Profiles\d3do8gmn.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.21:C:\Documents and Settings\Simi Designs\Application Data\Mozilla\Firefox\Profiles\d3do8gmn.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.34:C:\Documents and Settings\Simi Designs\Application Data\Mozilla\Firefox\Profiles\d3do8gmn.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.35:C:\Documents and Settings\Simi Designs\Application Data\Mozilla\Firefox\Profiles\d3do8gmn.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.36:C:\Documents and Settings\Simi Designs\Application Data\Mozilla\Firefox\Profiles\d3do8gmn.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.37:C:\Documents and Settings\Simi Designs\Application Data\Mozilla\Firefox\Profiles\d3do8gmn.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.38:C:\Documents and Settings\Simi Designs\Application Data\Mozilla\Firefox\Profiles\d3do8gmn.default\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.39:C:\Documents and Settings\Simi Designs\Application Data\Mozilla\Firefox\Profiles\d3do8gmn.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.40:C:\Documents and Settings\Simi Designs\Application Data\Mozilla\Firefox\Profiles\d3do8gmn.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.41:C:\Documents and Settings\Simi Designs\Application Data\Mozilla\Firefox\Profiles\d3do8gmn.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.49:C:\Documents and Settings\Simi Designs\Application Data\Mozilla\Firefox\Profiles\d3do8gmn.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.50:C:\Documents and Settings\Simi Designs\Application Data\Mozilla\Firefox\Profiles\d3do8gmn.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.51:C:\Documents and Settings\Simi Designs\Application Data\Mozilla\Firefox\Profiles\d3do8gmn.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.53:C:\Documents and Settings\Simi Designs\Application Data\Mozilla\Firefox\Profiles\d3do8gmn.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.57:C:\Documents and Settings\Simi Designs\Application Data\Mozilla\Firefox\Profiles\d3do8gmn.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.58:C:\Documents and Settings\Simi Designs\Application Data\Mozilla\Firefox\Profiles\d3do8gmn.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.59:C:\Documents and Settings\Simi Designs\Application Data\Mozilla\Firefox\Profiles\d3do8gmn.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.60:C:\Documents and Settings\Simi Designs\Application Data\Mozilla\Firefox\Profiles\d3do8gmn.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.65:C:\Documents and Settings\Simi Designs\Application Data\Mozilla\Firefox\Profiles\d3do8gmn.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.70:C:\Documents and Settings\Simi Designs\Application Data\Mozilla\Firefox\Profiles\d3do8gmn.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.76:C:\Documents and Settings\Simi Designs\Application Data\Mozilla\Firefox\Profiles\d3do8gmn.default\cookies.txt -> Spyware.Cookie.Coremetrics : Cleaned with backup
:mozilla.77:C:\Documents and Settings\Simi Designs\Application Data\Mozilla\Firefox\Profiles\d3do8gmn.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.78:C:\Documents and Settings\Simi Designs\Application Data\Mozilla\Firefox\Profiles\d3do8gmn.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.79:C:\Documents and Settings\Simi Designs\Application Data\Mozilla\Firefox\Profiles\d3do8gmn.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.80:C:\Documents and Settings\Simi Designs\Application Data\Mozilla\Firefox\Profiles\d3do8gmn.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.81:C:\Documents and Settings\Simi Designs\Application Data\Mozilla\Firefox\Profiles\d3do8gmn.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.94:C:\Documents and Settings\Simi Designs\Application Data\Mozilla\Firefox\Profiles\d3do8gmn.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.95:C:\Documents and Settings\Simi Designs\Application Data\Mozilla\Firefox\Profiles\d3do8gmn.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.96:C:\Documents and Settings\Simi Designs\Application Data\Mozilla\Firefox\Profiles\d3do8gmn.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.97:C:\Documents and Settings\Simi Designs\Application Data\Mozilla\Firefox\Profiles\d3do8gmn.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.98:C:\Documents and Settings\Simi Designs\Application Data\Mozilla\Firefox\Profiles\d3do8gmn.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.99:C:\Documents and Settings\Simi Designs\Application Data\Mozilla\Firefox\Profiles\d3do8gmn.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.100:C:\Documents and Settings\Simi Designs\Application Data\Mozilla\Firefox\Profiles\d3do8gmn.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.101:C:\Documents and Settings\Simi Designs\Application Data\Mozilla\Firefox\Profiles\d3do8gmn.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.102:C:\Documents and Settings\Simi Designs\Application Data\Mozilla\Firefox\Profiles\d3do8gmn.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.103:C:\Documents and Settings\Simi Designs\Application Data\Mozilla\Firefox\Profiles\d3do8gmn.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.104:C:\Documents and Settings\Simi Designs\Application Data\Mozilla\Firefox\Profiles\d3do8gmn.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.105:C:\Documents and Settings\Simi Designs\Application Data\Mozilla\Firefox\Profiles\d3do8gmn.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.106:C:\Documents and Settings\Simi Designs\Application Data\Mozilla\Firefox\Profiles\d3do8gmn.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.107:C:\Documents and Settings\Simi Designs\Application Data\Mozilla\Firefox\Profiles\d3do8gmn.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.108:C:\Documents and Settings\Simi Designs\Application Data\Mozilla\Firefox\Profiles\d3do8gmn.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.109:C:\Documents and Settings\Simi Designs\Application Data\Mozilla\Firefox\Profiles\d3do8gmn.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.110:C:\Documents and Settings\Simi Designs\Application Data\Mozilla\Firefox\Profiles\d3do8gmn.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.111:C:\Documents and Settings\Simi Designs\Application Data\Mozilla\Firefox\Profiles\d3do8gmn.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.112:C:\Documents and Settings\Simi Designs\Application Data\Mozilla\Firefox\Profiles\d3do8gmn.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.113:C:\Documents and Settings\Simi Designs\Application Data\Mozilla\Firefox\Profiles\d3do8gmn.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.114:C:\Documents and Settings\Simi Designs\Application Data\Mozilla\Firefox\Profiles\d3do8gmn.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.115:C:\Documents and Settings\Simi Designs\Application Data\Mozilla\Firefox\Profiles\d3do8gmn.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.116:C:\Documents and Settings\Simi Designs\Application Data\Mozilla\Firefox\Profiles\d3do8gmn.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.117:C:\Documents and Settings\Simi Designs\Application Data\Mozilla\Firefox\Profiles\d3do8gmn.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.118:C:\Documents and Settings\Simi Designs\Application Data\Mozilla\Firefox\Profiles\d3do8gmn.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.119:C:\Documents and Settings\Simi Designs\Application Data\Mozilla\Firefox\Profiles\d3do8gmn.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.120:C:\Documents and Settings\Simi Designs\Application Data\Mozilla\Firefox\Profiles\d3do8gmn.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.121:C:\Documents and Settings\Simi Designs\Application Data\Mozilla\Firefox\Profiles\d3do8gmn.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.122:C:\Documents and Settings\Simi Designs\Application Data\Mozilla\Firefox\Profiles\d3do8gmn.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.123:C:\Documents and Settings\Simi Designs\Application Data\Mozilla\Firefox\Profiles\d3do8gmn.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.124:C:\Documents and Settings\Simi Designs\Application Data\Mozilla\Firefox\Profiles\d3do8gmn.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.125:C:\Documents and Settings\Simi Designs\Application Data\Mozilla\Firefox\Profiles\d3do8gmn.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.126:C:\Documents and Settings\Simi Designs\Application Data\Mozilla\Firefox\Profiles\d3do8gmn.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.127:C:\Documents and Settings\Simi Designs\Application Data\Mozilla\Firefox\Profiles\d3do8gmn.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.128:C:\Documents and Settings\Simi Designs\Application Data\Mozilla\Firefox\Profiles\d3do8gmn.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.129:C:\Documents and Settings\Simi Designs\Application Data\Mozilla\Firefox\Profiles\d3do8gmn.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.130:C:\Documents and Settings\Simi Designs\Application Data\Mozilla\Firefox\Profiles\d3do8gmn.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.131:C:\Documents and Settings\Simi Designs\Application Data\Mozilla\Firefox\Profiles\d3do8gmn.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.132:C:\Documents and Settings\Simi Designs\Application Data\Mozilla\Firefox\Profiles\d3do8gmn.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.133:C:\Documents and Settings\Simi Designs\Application Data\Mozilla\Firefox\Profiles\d3do8gmn.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.134:C:\Documents and Settings\Simi Designs\Application Data\Mozilla\Firefox\Profiles\d3do8gmn.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.135:C:\Documents and Settings\Simi Designs\Application Data\Mozilla\Firefox\Profiles\d3do8gmn.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.136:C:\Documents and Settings\Simi Designs\Application Data\Mozilla\Firefox\Profiles\d3do8gmn.default\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.137:C:\Documents and Settings\Simi Designs\Application Data\Mozilla\Firefox\Profiles\d3do8gmn.default\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.138:C:\Documents and Settings\Simi Designs\Application Data\Mozilla\Firefox\Profiles\d3do8gmn.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.139:C:\Documents and Settings\Simi Designs\Application Data\Mozilla\Firefox\Profiles\d3do8gmn.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.140:C:\Documents and Settings\Simi Designs\Application Data\Mozilla\Firefox\Profiles\d3do8gmn.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.141:C:\Documents and Settings\Simi Designs\Application Data\Mozilla\Firefox\Profiles\d3do8gmn.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.142:C:\Documents and Settings\Simi Designs\Application Data\Mozilla\Firefox\Profiles\d3do8gmn.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.143:C:\Documents and Settings\Simi Designs\Application Data\Mozilla\Firefox\Profiles\d3do8gmn.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.144:C:\Documents and Settings\Simi Designs\Application Data\Mozilla\Firefox\Profiles\d3do8gmn.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.145:C:\Documents and Settings\Simi Designs\Application Data\Mozilla\Firefox\Profiles\d3do8gmn.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.156:C:\Documents and Settings\Simi Designs\Application Data\Mozilla\Firefox\Profiles\d3do8gmn.default\cookies.txt -> Spyware.Cookie.Epilot : Cleaned with backup
:mozilla.191:C:\Documents and Settings\Simi Designs\Application Data\Mozilla\Firefox\Profiles\d3do8gmn.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.192:C:\Documents and Settings\Simi Designs\Application Data\Mozilla\Firefox\Profiles\d3do8gmn.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.193:C:\Documents and Settings\Simi Designs\Application Data\Mozilla\Firefox\Profiles\d3do8gmn.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.194:C:\Documents and Settings\Simi Designs\Application Data\Mozilla\Firefox\Profiles\d3do8gmn.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.195:C:\Documents and Settings\Simi Designs\Application Data\Mozilla\Firefox\Profiles\d3do8gmn.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.199:C:\Documents and Settings\Simi Designs\Application Data\Mozilla\Firefox\Profiles\d3do8gmn.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.200:C:\Documents and Settings\Simi Designs\Application Data\Mozilla\Firefox\Profiles\d3do8gmn.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.201:C:\Documents and Settings\Simi Designs\Application Data\Mozilla\Firefox\Profiles\d3do8gmn.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.202:C:\Documents and Settings\Simi Designs\Application Data\Mozilla\Firefox\Profiles\d3do8gmn.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
C:\Documents and Settings\Simi Designs\Cookies\simi designs@2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Simi Designs\Cookies\simi designs@abetterinternet[1].txt -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Documents and Settings\Simi Designs\Cookies\simi [email protected][2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Simi Designs\Cookies\simi designs@advertising[2].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Simi Designs\Cookies\simi designs@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Simi Designs\Cookies\simi [email protected][2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Simi Designs\Cookies\simi designs@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Simi Designs\Cookies\simi [email protected][1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Simi Designs\Cookies\simi [email protected][1].txt -> Spyware.Cookie.Adserver : Cleaned with backup
C:\Documents and Settings\Simi Designs\Desktop\l2mfix\backup.zip/abl.dll -> Spyware.Look2Me : Error during cleaning
C:\Documents and Settings\Simi Designs\Desktop\l2mfix\backup.zip/agsmsext.dll -> Spyware.Look2Me : Error during cleaning
C:\Documents and Settings\Simi Designs\Desktop\l2mfix\backup.zip/avvapi32.dll -> Spyware.Look2Me : Error during cleaning
C:\Documents and Settings\Simi Designs\Desktop\l2mfix\backup.zip/cvcfg32.dll -> Spyware.Look2Me : Error during cleaning
C:\Documents and Settings\Simi Designs\Desktop\l2mfix\backup.zip/cyyptsvc.dll -> Spyware.Look2Me : Error during cleaning
C:\Documents and Settings\Simi Designs\Desktop\l2mfix\backup.zip/dmskcopy.dll -> Spyware.Look2Me : Error during cleaning
C:\Documents and Settings\Simi Designs\Desktop\l2mfix\backup.zip/drvmgr.dll -> Spyware.Look2Me : Error during cleaning
C:\Documents and Settings\Simi Designs\Desktop\l2mfix\backup.zip/dwound3d.dll -> Spyware.Look2Me : Error during cleaning
C:\Documents and Settings\Simi Designs\Desktop\l2mfix\backup.zip/FF20.DLL -> Spyware.Look2Me : Error during cleaning
C:\Documents and Settings\Simi Designs\Desktop\l2mfix\backup.zip/hxk3anim.dll -> Spyware.Look2Me : Error during cleaning
C:\Documents and Settings\Simi Designs\Desktop\l2mfix\backup.zip/iIsrecst.dll -> Spyware.Look2Me : Error during cleaning
C:\Documents and Settings\Simi Designs\Desktop\l2mfix\backup.zip/kodusx.dll -> Spyware.Look2Me : Error during cleaning
C:\Documents and Settings\Simi Designs\Desktop\l2mfix\backup.zip/kvdal.dll -> Spyware.Look2Me : Error during cleaning
C:\Documents and Settings\Simi Designs\Desktop\l2mfix\backup.zip/mbad.dll -> Spyware.Look2Me : Error during cleaning
C:\Documents and Settings\Simi Designs\Desktop\l2mfix\backup.zip/mbwstr10.dll -> Spyware.Look2Me : Error during cleaning
C:\Documents and Settings\Simi Designs\Desktop\l2mfix\backup.zip/mddmo.dll -> Spyware.Look2Me : Error during cleaning
C:\Documents and Settings\Simi Designs\Desktop\l2mfix\backup.zip/mrl_mtf.dll -> Spyware.Look2Me : Error during cleaning
C:\Documents and Settings\Simi Designs\Desktop\l2mfix\backup.zip/nntshell.dll -> Spyware.Look2Me : Error during cleaning
C:\Documents and Settings\Simi Designs\Desktop\l2mfix\backup.zip/ohfox32.dll -> Spyware.Look2Me : Error during cleaning
C:\Documents and Settings\Simi Designs\Desktop\l2mfix\backup.zip/pklmon.dll -> Spyware.Look2Me : Error during cleaning
C:\Documents and Settings\Simi Designs\Desktop\l2mfix\backup.zip/rfched32.dll -> Spyware.Look2Me : Error during cleaning
C:\Documents and Settings\Simi Designs\Desktop\l2mfix\backup.zip/tdflog.dll -> Spyware.Look2Me : Error during cleaning
C:\Documents and Settings\Simi Designs\Desktop\l2mfix\backup.zip/thappcmp.dll -> Spyware.Look2Me : Error during cleaning
C:\Documents and Settings\Simi Designs\Desktop\l2mfix\backup.zip/tqemeui.dll -> Spyware.Look2Me : Error during cleaning
C:\Documents and Settings\Simi Designs\Desktop\l2mfix\backup.zip/uaer32.dll -> Spyware.Look2Me : Error during cleaning
C:\Documents and Settings\Simi Designs\Desktop\l2mfix\backup.zip/uhrdpa.dll -> Spyware.Look2Me : Error during cleaning
C:\Documents and Settings\Simi Designs\Desktop\l2mfix\backup.zip/vmdex.dll -> Spyware.Look2Me : Error during cleaning
C:\Documents and Settings\Simi Designs\Desktop\l2mfix\backup.zip/wlpui.dll -> Spyware.Look2Me : Error during cleaning
C:\Documents and Settings\Simi Designs\Desktop\l2mfix\backup.zip/guard.tmp -> Spyware.Look2Me : Error during cleaning
C:\Documents and Settings\Simi Designs\Local Settings\Temp\b.com -> TrojanDropper.Agent.pb : Cleaned with backup
C:\Documents and Settings\Simi Designs\Local Settings\Temp\BXB\aurareco.exe -> Adware.BetterInternet : Cleaned with backup
C:\Documents and Settings\Simi Designs\Local Settings\Temp\Cookies\simi designs@2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Simi Designs\Local Settings\Temp\Cookies\simi designs@abetterinternet[2].txt -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Documents and Settings\Simi Designs\Local Settings\Temp\Cookies\simi [email protected][2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Simi Designs\Local Settings\Temp\Cookies\simi [email protected][2].txt -> Spyware.Cookie.Addynamix : Cleaned with backup
C:\Documents and Settings\Simi Designs\Local Settings\Temp\Cookies\simi [email protected][2].txt -> Spyware.Cookie.Pointroll : Cleaned with backup
C:\Documents and Settings\Simi Designs\Local Settings\Temp\Cookies\simi designs@advertising[1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Simi Designs\Local Settings\Temp\Cookies\simi designs@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Simi Designs\Local Settings\Temp\Cookies\simi designs@centrport[1].txt -> Spyware.Cookie.Centrport : Cleaned with backup
C:\Documents and Settings\Simi Designs\Local Settings\Temp\Cookies\simi designs@doubleclick[2].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Simi Designs\Local Settings\Temp\Cookies\simi designs@hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Simi Designs\Local Settings\Temp\Cookies\simi designs@linksynergy[1].txt -> Spyware.Cookie.Linksynergy : Cleaned with backup
C:\Documents and Settings\Simi Designs\Local Settings\Temp\Cookies\simi designs@overture[1].txt -> Spyware.Cookie.Overture : Cleaned with backup
C:\Documents and Settings\Simi Designs\Local Settings\Temp\Cookies\simi [email protected][1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Simi Designs\Local Settings\Temp\Cookies\simi designs@revenue[1].txt -> Spyware.Cookie.Revenue : Cleaned with backup
C:\Documents and Settings\Simi Designs\Local Settings\Temp\Cookies\simi [email protected][2].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Simi Designs\Local Settings\Temp\Cookies\simi [email protected][1].txt -> Spyware.Cookie.Liveperson : Cleaned with backup
C:\Documents and Settings\Simi Designs\Local Settings\Temp\Cookies\simi designs@serving-sys[2].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\Simi Designs\Local Settings\Temp\Cookies\simi designs@tradedoubler[1].txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
C:\Documents and Settings\Simi Designs\Local Settings\Temp\Cookies\simi designs@trafficmp[2].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\Simi Designs\Local Settings\Temp\Cookies\simi [email protected][1].txt -> Spyware.Cookie.Adserver : Cleaned with backup
C:\Documents and Settings\Simi Designs\Local Settings\Temp\f1993093.exe -> TrojanDownloader.Qoologic.n : Cleaned with backup
C:\Documents and Settings\Simi Designs\Local Settings\Temp\nsh_114.exe -> Spyware.Downloadware : Cleaned with backup
C:\Documents and Settings\Simi Designs\Local Settings\Temp\temp.fr6F21\seng.dll -> Adware.eZula : Cleaned with backup
C:\Documents and Settings\Simi Designs\Local Settings\Temp\temp.fr7906 -> Spyware.IBIS : Cleaned with backup
C:\Documents and Settings\Simi Designs\Local Settings\Temp\temp.frF440 -> Adware.eZula : Cleaned with backup
C:\Documents and Settings\Simi Designs\Local Settings\Temp\Temporary Internet Files\Content.IE5\QZ8DKTY3\Nail[1].exe -> Adware.BetterInternet : Cleaned with backup
C:\Documents and Settings\Simi Designs\Local Settings\Temp\Temporary Internet Files\Content.IE5\QZ8DKTY3\recinst[1].exe -> TrojanDownloader.Qoologic.x : Cleaned with backup
C:\Documents and Settings\Simi Designs\Local Settings\Temp\Temporary Internet Files\Content.IE5\RG8X326V\abiuninst[1].exe -> Adware.BetterInternet : Cleaned with backup
C:\Documents and Settings\Simi Designs\Local Settings\Temp\Temporary Internet Files\Content.IE5\SP63OLY7\Poller[1].exe -> Trojan.Agent.gp : Cleaned with backup
C:\Documents and Settings\Simi Designs\Local Settings\Temp\tp7543.exe -> TrojanDownloader.Qoologic.x : Cleaned with backup
C:\Documents and Settings\Simi Designs\Local Settings\Temp\upd209.exe -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Simi Designs\Local Settings\Temp\ZPP\aurareco.exe -> Adware.BetterInternet : Cleaned with backup
C:\Documents and Settings\Simi Designs\Local Settings\Temporary Internet Files\Content.IE5\8XSN6VWX\AppWrap[8].exe -> TrojanDropper.Agent.pb : Cleaned with backup
C:\Documents and Settings\Simi Designs\Local Settings\Temporary Internet Files\Content.IE5\C1WFSTU1\AppWrap[5].exe -> TrojanDropper.Agent.pb : Cleaned with backup
C:\Documents and Settings\Simi Designs\Local Settings\Temporary Internet Files\Content.IE5\GBCPW3YT\AppWrap[6].exe -> TrojanDropper.Agent.pb : Cleaned with backup
C:\Program Files\BullsEye Network\bin\adv.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\Program Files\BullsEye Network\bin\adx.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\Program Files\BullsEye Network\bin\bargains.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\Program Files\CashBack -> Spyware.CashBack : Cleaned with backup
C:\Program Files\CashBack\ad.dat -> Spyware.CashBack : Cleaned with backup
C:\Program Files\CashBack\bb_auto_wider.swf -> Spyware.CashBack : Cleaned with backup
C:\Program Files\CashBack\bb_click_wider.swf -> Spyware.CashBack : Cleaned with backup
C:\Program Files\CashBack\bb_welcome.html -> Spyware.CashBack : Cleaned with backup
C:\Program Files\CashBack\bb_welcome1.swf -> Spyware.CashBack : Cleaned with backup
C:\Program Files\CashBack\bin -> Spyware.CashBack : Cleaned with backup
C:\Program Files\CashBack\bin\cashback.exe -> Spyware.CashBack : Cleaned with backup
C:\Program Files\CashBack\bin\cb.exe -> Spyware.CashBack : Cleaned with backup
C:\Program Files\CashBack\bin\flash.exe -> Spyware.CashBack : Cleaned with backup
C:\Program Files\CashBack\blank.gif -> Spyware.CashBack : Cleaned with backup
C:\Program Files\CashBack\icon.gif -> Spyware.CashBack : Cleaned with backup
C:\Program Files\CashBack\logo.gif -> Spyware.CashBack : Cleaned with backup
C:\Program Files\CashBack\t1124129795.dec -> Spyware.CashBack : Cleaned with backup
C:\Program Files\CashBack\template.html -> Spyware.CashBack : Cleaned with backup
C:\Program Files\CashBack\template2.html -> Spyware.CashBack : Cleaned with backup
C:\Program Files\CashBack\ub.dat -> Spyware.CashBack : Cleaned with backup
C:\Program Files\CashBack\Uninstall.exe -> Spyware.CashBack : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\0D6B6B73-040B-4E12-AD46-B22900.asq -> TrojanDownloader.Qoologic.n : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\6F925CA4-DD5A-4E41-AE71-18D303.asq -> TrojanDownloader.Qoologic.n : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\93482EFC-1942-43EB-BAE7-28A0CD.asq -> TrojanDownloader.Qoologic.n : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\A08FA0FB-6551-459E-9BF6-5CDA9E.asq -> TrojanDownloader.Qoologic.n : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\B955BFA0-C95F-401E-9E53-534085.asq -> TrojanDownloader.Qoologic.n : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\0070F61F-CD6D-4C7C-810D-09A7F1\52C733AA-8BAB-474C-A4BB-77A38D -> Spyware.BookedSpace : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\115045FD-784F-40EF-81F1-9E5772\A169761C-8CB5-42FA-A797-E0D749 -> Adware.BetterInternet : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\123A29ED-A67D-4C84-8AD6-4EE185\975F8EC2-892D-48F1-95A8-05DE74 -> Adware.BetterInternet : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\1A53A9A8-F185-4386-AE95-99FDF0\B3A2FD6D-F94D-4845-89AF-38F3CF -> Adware.BetterInternet : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\1CCE7298-6536-4C97-90C0-A64DC2\5A80CD0F-9113-4937-94C8-B42BF4 -> Adware.BetterInternet : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\1D73D8D3-B818-48DB-9B9D-CC39C7\AFCF96FA-8FCE-4326-A961-C68ED6 -> Spyware.E2Give : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\2AB97F17-8800-4E75-ACAD-34BB40\087013B9-B85F-49E2-91D5-CD5217 -> Spyware.BargainBuddy : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\2AB97F17-8800-4E75-ACAD-34BB40\7B161C2E-46A3-4C92-A6E4-1E4408 -> Spyware.BargainBuddy : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\2AB97F17-8800-4E75-ACAD-34BB40\A11FFF3E-CB75-4078-BE59-DBC23F -> Spyware.BargainBuddy : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\2AB97F17-8800-4E75-ACAD-34BB40\EE8643FB-3BED-49B4-8A6A-E21F5C -> Spyware.BargainBuddy : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\2AB97F17-8800-4E75-ACAD-34BB40\FAB133A1-9307-4240-B37B-C22EC7 -> Spyware.BargainBuddy : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\30127327-13A2-4CED-94F6-50337C\FF944BA6-A983-4ECC-8496-65EF77 -> Spyware.BookedSpace : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\30D66379-EFDE-4C7C-91B0-62760C\78E35093-21A7-4240-BDA2-7E76E1 -> Spyware.Hijacker.Generic : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\353D3632-92D7-4E1F-9F08-6C7C93\6628A7C3-291E-4ECA-B916-74E578 -> Adware.BetterInternet : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\35B52938-75FD-4582-9A2B-C0E2A4\3134E01E-04A7-4AC8-AF1F-B267BC -> TrojanDownloader.Qoologic.n : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\35B52938-75FD-4582-9A2B-C0E2A4\71C8DFA5-B625-4CF4-A589-BAAA2D -> TrojanDownloader.Qoologic.n : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\35B52938-75FD-4582-9A2B-C0E2A4\D6442ED0-D888-4FCF-96E8-A6428B -> TrojanDownloader.Qoologic.n : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\35B52938-75FD-4582-9A2B-C0E2A4\D8531370-FDED-441E-A98E-C03087 -> TrojanDownloader.Qoologic.p : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\35B52938-75FD-4582-9A2B-C0E2A4\E7C2A69B-8AF9-4F4D-B06D-186686 -> TrojanDownloader.Qoologic.n : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\35B52938-75FD-4582-9A2B-C0E2A4\F2E561E7-EBC8-4003-B66F-E36116 -> TrojanDownloader.Qoologic.n : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\3C890FC9-8D14-4573-88C6-046AB8\5ACAD524-528B-4949-82D0-132C69 -> Spyware.ImiBar : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\41A4DEC8-C656-4D97-B577-2F88F4\ED9B3546-93A2-4BDD-9068-C9EE3A -> Spyware.Hijacker.Generic : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\51E13177-6E15-4F34-ADB9-407785\4D0B66F5-009B-45B4-97AD-0EDA45 -> Spyware.Hijacker.Generic : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\559D89A0-1E33-4D2B-B86B-151877\72DFF2EC-D479-4F71-A28F-081288 -> Spyware.WinAD : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\559D89A0-1E33-4D2B-B86B-151877\831BCAAF-AC3D-482D-8815-574EEA -> Spyware.WinAD : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\559D89A0-1E33-4D2B-B86B-151877\B453A5C2-9CB1-498D-919F-C46D35 -> Spyware.WinAD : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\55D22F20-B729-4252-A7C0-54B1DE\921F6720-0464-4A51-8C46-87D576 -> Spyware.BargainBuddy : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\57C65382-366C-470A-978A-52A2BC\010EAC83-4B07-414D-8A96-F1BD4F -> Spyware.WinAD : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\57C65382-366C-470A-978A-52A2BC\821329AE-C320-434E-A445-1DD348 -> Spyware.WinAD : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\5C6CEA60-A420-4359-902D-A28F26\29957E36-9C6E-4713-93C3-25AD00 -> Spyware.BargainBuddy : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\5C6CEA60-A420-4359-902D-A28F26\B2D33460-186B-4A0B-B4FC-EA44EB -> Spyware.BargainBuddy : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\5C6CEA60-A420-4359-902D-A28F26\BF84E9B1-5592-4498-A88D-81E04E -> Spyware.BargainBuddy : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\5D36920F-6DB2-42E8-8DCC-C631D0\3BAA106C-45D1-42E0-8143-25DC2C -> TrojanDownloader.Agent.qg : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\5D9D0068-AF0C-416E-998C-3FD66B\FE47C489-3DB4-4DD4-800A-080970 -> Spyware.Hijacker.Generic : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\5E58E305-BBB8-413F-84D8-2DC15E\92BFE682-9B1E-4D16-99E1-4A0145 -> Spyware.BargainBuddy : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\613F1723-AD72-4B3B-A8B0-AC1A3A\8CB6B378-3DBE-4EEE-A6E5-0799C7 -> Spyware.BookedSpace : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\624A20EB-5E8C-45BB-A5C9-7C27B7\83E5EEC9-EF39-4F68-BD93-76AF38 -> Spyware.BookedSpace : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\636E23FD-FD22-4A55-A383-E89E52\F54CC907-6064-4826-B691-D9E718 -> Spyware.BookedSpace : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\7101DDC6-17BA-4AB3-AF22-33B03D\ABA2E200-78BF-4B63-88E0-AC1C30 -> Adware.BetterInternet : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\761A273D-06A1-4D21-AB51-AC24F6\702B9562-F62A-450D-B70E-476869 -> Adware.BetterInternet : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\78D54477-8C52-4C5A-997C-1C9864\897AB967-B47E-43C5-A74F-8BA309 -> Adware.BetterInternet : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\791EAFF7-45AA-440D-A772-A5DA3D\9CCA4A37-0F9E-4C7C-B896-AABAC9 -> Spyware.Hijacker.Generic : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\7F2A7DFF-6E35-4F7F-AA4E-4C498F\7C0C8F79-C656-4FC9-954A-B2AAC8 -> Spyware.Hijacker.Generic : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\7FA5F6CB-88CA-4A5A-9B10-73DACB\A016EF9D-F6CA-4EB9-9B92-F91A16 -> Spyware.Hijacker.Generic : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\84CC5370-CC86-4D29-9C72-764FC2\ECB51AC6-E3A7-4AAE-99AB-96C8C4 -> Adware.BetterInternet : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\87E64200-9B87-4059-B8B3-8F682A\C92225AA-7CAA-4A32-B411-65D913 -> TrojanDownloader.Agent.qg : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\8E155F7A-213D-4372-ACE7-0D4767\A02DEBD7-886A-4226-9036-5F040D -> Spyware.BargainBuddy : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\8E20EF8C-43F1-4955-9B99-A63380\9C614199-36BB-47D7-BBCE-872208 -> Adware.BetterInternet : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\8E42CB28-D110-48A8-A72C-563987\C18B08FD-A0FE-4FBA-AEDB-13385E -> TrojanDownloader.Qoologic.p : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\8F979A2B-FC9F-4AF3-B654-DF319A\D07B176D-E56C-4539-ABD7-509AEB -> Spyware.Hijacker.Generic : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\90208FDD-F80C-4A5C-AFF1-F9C875\B8B848C8-59A2-44A0-9BE9-A15573 -> Spyware.CashBack : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\90208FDD-F80C-4A5C-AFF1-F9C875\D5B80018-40F5-4044-9D38-814001 -> Spyware.BargainBuddy : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\91CFE5BF-6163-4981-82FB-CE3F48\CB236BB0-8E66-4B4C-9467-79FED8 -> Spyware.Hijacker.Generic : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\96B20595-A4DB-47F1-8FCC-043BE6\E3AEC274-1B46-496D-8F65-51C430 -> TrojanDownloader.Qoologic.p : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\96C328BE-77B5-44F1-9F65-7A57F1\B3F30505-009E-40AD-BDB9-F7B095 -> Spyware.HotSearchBar : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\9902D78F-F721-47C8-A840-3DFD79\6D407AA8-68F0-4C26-B9D6-8D040B -> Spyware.WinAD : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\9902D78F-F721-47C8-A840-3DFD79\93C67257-6E66-4729-87F7-ADD4CE -> Spyware.WinAD : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\9902D78F-F721-47C8-A840-3DFD79\A1BB13E0-4037-4380-B51D-C93FD0 -> Spyware.WinAD : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\9C1E0AFC-920A-459A-BE57-0716B4\8B645976-096E-4696-8B1A-30ACF0 -> Spyware.Hijacker.Generic : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\9D632FD3-CB7B-4E26-971D-69748C\EF634489-2385-4181-8EFE-77EE44 -> Adware.BetterInternet : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\A49AA294-CC28-4DCB-AAB0-F55143\A49FBAE5-1BA2-40B6-9AB3-344942 -> Spyware.Hijacker.Generic : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\A8990C6C-FAD4-4ED0-8EBE-DDD430\FD3ED14D-D376-4973-BF00-1BA8ED -> Adware.eZula : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\B2A120D3-EF4D-4DD1-A503-9B3C75\D72CC26A-1202-4517-AA6A-F7097A -> Adware.eZula : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\B2F61FFD-7702-4C8D-A368-2410D3\ABF0C25B-3196-48B6-9CBC-B026CC -> Spyware.BargainBuddy : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\BCBBA29F-F5A2-44D2-8557-31DC54\BB1CCF3C-406A-46E6-9B9F-5E4CB9 -> Spyware.Hijacker.Generic : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\BD7511CA-0CA7-4C4C-BCBB-034D6B\C5FDA521-8446-4F98-9C17-27BD2C -> Spyware.BargainBuddy : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\BD7511CA-0CA7-4C4C-BCBB-034D6B\DD475278-1309-4382-8466-C268EA -> Spyware.BargainBuddy : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\BD7511CA-0CA7-4C4C-BCBB-034D6B\F526C9BD-52E0-446B-8A70-18411B -> Spyware.BargainBuddy : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\C11B9FB0-37F4-4298-8F43-2C3B09\722E264C-1BB6-44D7-820E-6F6C95 -> Spyware.BookedSpace : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\C9EBBC47-BE98-47B5-A6BB-77A552\C9E81E32-504C-4B8B-93E9-B54CD7 -> Spyware.BookedSpace : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\D83B220B-77BD-441B-8F32-60EADE\C6C1CA0B-E76C-4709-BFE1-0E5E97 -> Spyware.BargainBuddy : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\D83B220B-77BD-441B-8F32-60EADE\DF9DEF5D-5325-427F-8812-43A108 -> Spyware.BargainBuddy : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\DA97E5B7-FB30-4E18-B07E-0D7DA6\94CD5849-4EC2-49FE-BB04-03EBBC -> Spyware.Hijacker.Generic : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\E0258492-F406-4BAF-8EE0-58862F\C2651B11-45EA-49C9-990C-909401 -> Adware.BetterInternet : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\E2B4A8A7-31FF-4EE1-8A07-5EEA1C\19F030AA-934C-4CEC-A3CA-FEAB4E -> TrojanDownloader.Qoologic.u : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\E2B4A8A7-31FF-4EE1-8A07-5EEA1C\240039FC-A743-42AF-BFB0-6627BE -> TrojanDownloader.Qoologic.s : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\E2B4A8A7-31FF-4EE1-8A07-5EEA1C\78CCBC49-016C-4497-8E9B-3E1ABF -> TrojanDownloader.Qoologic.u : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\E2B4A8A7-31FF-4EE1-8A07-5EEA1C\9EC507B6-1386-4BF6-8A32-CF217A -> TrojanDownloader.Qoologic.u : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\E2B4A8A7-31FF-4EE1-8A07-5EEA1C\A0A5BA17-8C15-4051-AAF0-BFFC8A -> TrojanDownloader.Qoologic.x : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\E2B4A8A7-31FF-4EE1-8A07-5EEA1C\D760039F-CEB3-489D-85C6-1E3510 -> TrojanDownloader.Qoologic.u : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\E9D630BD-3910-4989-8EC7-662F01\7D82F417-6D50-4933-8E85-EF9888 -> TrojanDownloader.Qoologic.n : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\EA43CA67-F96C-415D-AE94-591EDA\BD44090A-CAEC-4A34-B67E-B42131 -> Spyware.CashBack : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\EA43CA67-F96C-415D-AE94-591EDA\C9CB215D-F836-4AC8-BB4C-06BCDD -> Spyware.BargainBuddy : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\EA43CA67-F96C-415D-AE94-591EDA\FA8FF3B3-03D4-4FAE-A1A4-ACE7D2 -> Spyware.BargainBuddy : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\EB2D0A8A-F8F4-486A-A2E3-B8161A\0CB9254F-D17A-4349-9CF0-5D4E5A -> Spyware.BargainBuddy : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\EB2D0A8A-F8F4-486A-A2E3-B8161A\24340879-BFF4-4120-A241-F7C9E8 -> Spyware.BargainBuddy : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\EB2D0A8A-F8F4-486A-A2E3-B8161A\B646DF81-5F76-48DE-AC8D-3404AD -> Spyware.BargainBuddy : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\EE97B01F-74C3-4948-86FA-139A04\1B8FC885-5825-48E8-A1BA-9C924F -> TrojanDownloader.Qoologic.x : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\EE97B01F-74C3-4948-86FA-139A04\408AAAF1-8BB7-45DA-8041-EF37C1 -> TrojanDownloader.Qoologic.n : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\EE97B01F-74C3-4948-86FA-139A04\53E1A503-D900-4159-BE6C-1EB69E -> TrojanDownloader.Qoologic.p : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\EE97B01F-74C3-4948-86FA-139A04\8126D53E-5417-441E-B594-F7D58D -> TrojanDownloader.Qoologic.n : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\EE97B01F-74C3-4948-86FA-139A04\E368174E-0D6E-4074-8382-A721E8 -> TrojanDownloader.Qoologic.n : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\EE97B01F-74C3-4948-86FA-139A04\ECDA0F12-670D-4A5B-8B74-B5C629 -> TrojanDownloader.Qoologic.n : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\EE97B01F-74C3-4948-86FA-139A04\EF7F4CF2-D151-412C-962B-F9C56A -> TrojanDownloader.Qoologic.n : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\EEFCF963-22B9-453F-92A0-C5345F\6E9525FB-1762-4261-AEDD-90A5E8 -> Adware.BetterInternet : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\F02EE3C7-D39E-4BDD-B20B-B612B5\C00D0FD6-0998-4685-83FA-D733FF -> Adware.BetterInternet : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\F699ADE2-DB8E-4402-BA72-71A612\BED62C0C-72E1-45FB-AA5A-4787A2 -> Adware.eZula : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\FEEE213A-37D8-4086-9DE3-C47E2C\26CAF4AA-41E5-4E18-8

[Advertisements]

I need to see a new HiJackThis log, please.

[Michelle]

I need to see a new HiJackThis log, please.

[Zaphod18]

my bad-- thought i put it in there

Logfile of HijackThis v1.99.1
Scan saved at 3:54:52 AM, on 8/28/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
C:\Program Files\VIAudioi\SBADeck\ADeck.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\U2ltaSBEZXNpZ25z\command.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe
C:\Program Files\Netropa\Onscreen Display\OSD.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Documents and Settings\Simi Designs\Desktop\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE

O2 - BHO: (no name) - {00F1D395-4744-40f0-A611-980F61AE2C59} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage) - http://go.microsoft....467&clcid=0x409
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\U2ltaSBEZXNpZ25z\command.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

[Michelle]

Copy everything inside the code box below and paste it into notepad. Go up to File > Save As, then click the drop-down box to change the "Save As Type" to "All Files". Save it as remserv.bat on your desktop.

@echo off
sc stop cmdService
sc delete cmdService

Double-click remserv.bat

Delete this whole folder:

C:\WINDOWS\U2ltaSBEZXNpZ25z

Then please run this online virus scan: ActiveScan

Save the results from ActiveScan!

Post the ActiveScan log as well as a new HiJackTHis log.

Edited by Michelle, 28 August 2005 - 09:39 PM.

[Zaphod18]

I'm trying to delete C:\WINDOWS\U2ltaSBEZXNpZ25z , but apparently it's write-protected.

Prior to following your last set of instructions my comp crashed and I had to restart it-- perhaps this had something to do with it? Arg this is frustrating.

[Michelle]

Please reboot into safe mode and see if you are able to delete the folder there.

[Zaphod18]

Incident Status Location

Spyware:spyware/surfsidekick No disinfected C:\Documents and Settings\Simi Designs\Application Data\Sskknwrd.dll
Spyware:Spyware/Media-motor No disinfected C:\Documents and Settings\Simi Designs\Desktop\backups\backup-20050606-192840-266.inf
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\Simi Designs\Desktop\l2mfix\backup.zip[abl.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\Simi Designs\Desktop\l2mfix\backup.zip[agsmsext.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\Simi Designs\Desktop\l2mfix\backup.zip[avvapi32.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\Simi Designs\Desktop\l2mfix\backup.zip[cvcfg32.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\Simi Designs\Desktop\l2mfix\backup.zip[cyyptsvc.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\Simi Designs\Desktop\l2mfix\backup.zip[dmskcopy.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\Simi Designs\Desktop\l2mfix\backup.zip[drvmgr.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\Simi Designs\Desktop\l2mfix\backup.zip[dwound3d.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\Simi Designs\Desktop\l2mfix\backup.zip[FF20.DLL]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\Simi Designs\Desktop\l2mfix\backup.zip[hxk3anim.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\Simi Designs\Desktop\l2mfix\backup.zip[iIsrecst.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\Simi Designs\Desktop\l2mfix\backup.zip[kodusx.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\Simi Designs\Desktop\l2mfix\backup.zip[kvdal.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\Simi Designs\Desktop\l2mfix\backup.zip[mbad.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\Simi Designs\Desktop\l2mfix\backup.zip[mbwstr10.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\Simi Designs\Desktop\l2mfix\backup.zip[mddmo.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\Simi Designs\Desktop\l2mfix\backup.zip[mrl_mtf.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\Simi Designs\Desktop\l2mfix\backup.zip[nntshell.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\Simi Designs\Desktop\l2mfix\backup.zip[ohfox32.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\Simi Designs\Desktop\l2mfix\backup.zip[pklmon.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\Simi Designs\Desktop\l2mfix\backup.zip[rfched32.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\Simi Designs\Desktop\l2mfix\backup.zip[tdflog.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\Simi Designs\Desktop\l2mfix\backup.zip[thappcmp.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\Simi Designs\Desktop\l2mfix\backup.zip[tqemeui.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\Simi Designs\Desktop\l2mfix\backup.zip[uaer32.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\Simi Designs\Desktop\l2mfix\backup.zip[uhrdpa.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\Simi Designs\Desktop\l2mfix\backup.zip[vmdex.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\Simi Designs\Desktop\l2mfix\backup.zip[wlpui.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\Simi Designs\Desktop\l2mfix\backup.zip[guard.tmp]
Spyware:Spyware/BargainBuddy No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\2AB97F17-8800-4E75-ACAD-34BB40\4D927ADC-D4C2-45BB-BC1B-9600C5
Spyware:Spyware/BargainBuddy No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\2AB97F17-8800-4E75-ACAD-34BB40\67506C9E-AE9D-4565-9715-AD9873
Spyware:Spyware/BargainBuddy No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\2AB97F17-8800-4E75-ACAD-34BB40\A244DE61-1000-4253-95DD-AEFDC3
Spyware:Spyware/BargainBuddy No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\2AB97F17-8800-4E75-ACAD-34BB40\F4089BC7-FC04-4338-AB29-19D692
Adware:Adware/AdDestroyer No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\32ED7A1B-9555-4EC2-82B8-12E0E5\A1C24BA6-C391-4CF4-B4C6-B76A4F
Adware:Adware/AdDestroyer No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\40B7EE79-847E-412F-8623-1C66AB\A44C3B5F-8954-44D5-A1A8-8898FB
Spyware:Spyware/BargainBuddy No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\4F1F3139-1066-4A36-B651-F4458A\ABF85FEC-769E-466B-9AE3-615FAD
Spyware:Spyware/BargainBuddy No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\4F1F3139-1066-4A36-B651-F4458A\D37E22B6-C645-49CA-8E9E-9C1CE5
Spyware:Spyware/BargainBuddy No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\4F1F3139-1066-4A36-B651-F4458A\E87B4B97-4B6C-4384-B331-0B28B8
Adware:Adware/Imibar No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\581E2EF4-5064-4557-97F9-0B8C12\017380DE-2809-40BE-9C9B-5C7E29
Spyware:Spyware/BargainBuddy No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\5C6CEA60-A420-4359-902D-A28F26\015C4555-051A-4B50-968C-C346A5
Spyware:Spyware/BargainBuddy No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\5C6CEA60-A420-4359-902D-A28F26\64CBA588-8A1B-40B4-97C6-674726
Spyware:Spyware/BargainBuddy No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\5C6CEA60-A420-4359-902D-A28F26\8CF7F310-C9BF-4A0A-9EAC-27A3C5
Spyware:Spyware/BargainBuddy No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\5C6CEA60-A420-4359-902D-A28F26\CC9C7272-EF9F-4493-80B2-FD242A
Spyware:Spyware/BargainBuddy No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\646F89B9-B7F3-460D-BFAD-2C35CC\DBE8EE94-0684-4296-9C5C-5A1980
Spyware:Spyware/BargainBuddy No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\90208FDD-F80C-4A5C-AFF1-F9C875\541540E9-D690-43DC-BC78-8D98EA
Spyware:Spyware/BargainBuddy No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\90208FDD-F80C-4A5C-AFF1-F9C875\69C70AE2-038C-4CFE-9394-8486BB
Spyware:Spyware/BargainBuddy No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\90208FDD-F80C-4A5C-AFF1-F9C875\AC38390B-1FC1-4185-8FA7-F88E0A
Spyware:Spyware/BargainBuddy No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\90208FDD-F80C-4A5C-AFF1-F9C875\F0C08DE1-4834-4DB8-A2BC-EF1F55
Spyware:Spyware/BargainBuddy No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\90208FDD-F80C-4A5C-AFF1-F9C875\FD323F79-9F39-40F0-8494-D16A42
Spyware:Spyware/BargainBuddy No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\B2F61FFD-7702-4C8D-A368-2410D3\46C976C2-C9C8-42DF-9AA9-2DF732
Spyware:Spyware/BargainBuddy No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\B2F61FFD-7702-4C8D-A368-2410D3\B3B53466-E6E0-404F-B801-8D3A9E
Spyware:Spyware/BargainBuddy No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\B2F61FFD-7702-4C8D-A368-2410D3\C1919C37-5EA1-4E69-9505-4BFD8E
Spyware:Spyware/BargainBuddy No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\B2F61FFD-7702-4C8D-A368-2410D3\C50F7163-7778-446F-8A45-C8F8F6
Spyware:Spyware/BargainBuddy No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\BD7511CA-0CA7-4C4C-BCBB-034D6B\32A158C9-B5A5-4886-98CF-34CA65
Spyware:Spyware/BargainBuddy No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\BD7511CA-0CA7-4C4C-BCBB-034D6B\32AF567D-360D-417A-8C3C-F8ACF4
Spyware:Spyware/BargainBuddy No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\BD7511CA-0CA7-4C4C-BCBB-034D6B\3D1E59CB-A8E7-4ADE-A029-3953BE
Spyware:Spyware/BargainBuddy No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\BD7511CA-0CA7-4C4C-BCBB-034D6B\E68E575B-CE0E-4C3E-BA33-80F0A0
Spyware:Spyware/BargainBuddy No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\C704E389-2C97-4485-A8A6-BAC8FF\665D3CDD-0A1F-4BF3-9A6E-765BA3
Spyware:Spyware/BargainBuddy No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\C704E389-2C97-4485-A8A6-BAC8FF\8A7B74B7-003E-4E98-882A-F0B74D
Spyware:Spyware/BargainBuddy No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\C704E389-2C97-4485-A8A6-BAC8FF\D0DFB3FA-4B56-4055-AE8A-517690
Spyware:Spyware/BargainBuddy No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\D83B220B-77BD-441B-8F32-60EADE\CF2D03C9-7EF5-46B7-91EB-296786
Spyware:Spyware/BargainBuddy No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\D83B220B-77BD-441B-8F32-60EADE\D1C6F222-808C-42C5-87D6-5FEE53
Spyware:Spyware/BargainBuddy No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\EA43CA67-F96C-415D-AE94-591EDA\E8E7FD0A-B55F-4020-A704-6005E8
Spyware:Spyware/BargainBuddy No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\EA43CA67-F96C-415D-AE94-591EDA\FB43E49C-55AA-42E2-ACF1-99556A
Spyware:Spyware/BargainBuddy No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\EB2D0A8A-F8F4-486A-A2E3-B8161A\204FCCEB-013E-4259-9EE1-17A8F0
Spyware:Spyware/BargainBuddy No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\EB2D0A8A-F8F4-486A-A2E3-B8161A\622D374E-A986-4A96-93C7-25D56B
Spyware:Spyware/BargainBuddy No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\EB2D0A8A-F8F4-486A-A2E3-B8161A\728D515D-22C2-4F33-A84E-233E9E
Spyware:Spyware/BargainBuddy No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\EB2D0A8A-F8F4-486A-A2E3-B8161A\812BC970-0205-4736-92C4-42E2DC
Adware:Adware/AdDestroyer No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\F27FDB20-C8AB-4B30-BD40-0C368E\8060DD06-7BE4-4EE3-8700-14F132
Adware:adware/transponder No disinfected C:\WINDOWS\abiuninst.htm
Adware:adware/bookedspace No disinfected C:\WINDOWS\cfgmgr52.ini
Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\etb\xml\images\casino.bmp
Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\etb\xml\images\dating.bmp
Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\etb\xml\images\drugs.bmp
Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\etb\xml\images\fav.bmp
Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\etb\xml\images\virus.bmp
Virus:Trj/Downloader.AE Disinfected C:\WINDOWS\gwrrasj.exe
Adware:adware/sidesearch No disinfected C:\WINDOWS\sepsd.bin
Spyware:spyware/bargainbuddy No disinfected C:\WINDOWS\system32\exclean.exe
Adware:Adware/PurityScan No disinfected C:\WINDOWS\system32\Shex.exe
Adware:adware/ezula No disinfected C:\WINDOWS\system32\sysfile.dll
Adware:Adware/PurityScan No disinfected C:\WINDOWS\system32\vpsnvxk.dll
Adware:Adware/WhileUSurf No disinfected C:\WINDOWS\system32\wys.dll
Adware:Adware/BuddyLinks No disinfected D:\Program Files\Common Files\PSD Tools\ChannelUp.exe
Adware:Adware/BrilliantDigitalNo disinfected D:\Program Files\KaZaA Lite\bdcore.dll
Adware:Adware/WinTools No disinfected D:\Program Files\Search Toolbar\toolbar.dll
Adware:Adware/MyWebSearch No disinfected D:\Program Files\Toolbar\TBPSSvc.exe
Adware:Adware/WinTools No disinfected D:\WINDOWS\Temp\~983347.tmp



Logfile of HijackThis v1.99.1
Scan saved at 10:37:26 PM, on 8/28/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
C:\Program Files\VIAudioi\SBADeck\ADeck.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe
C:\Program Files\Netropa\Onscreen Display\OSD.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\WINDOWS\System32\imapi.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Simi Designs\Desktop\HijackThis.exe

O2 - BHO: (no name) - {00F1D395-4744-40f0-A611-980F61AE2C59} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

[Michelle]

First, I strongly recommend getting rid of Kazaa as it is the main source of your problems...

You did uninstall Microsoft Anti-Spyware through Add/Remove programs correct?
If so, then delete this folder:

C:\Program Files\Microsoft AntiSpyware

* Please download the Killbox by Option^Explicit.

* Save it to your desktop.

* Run Killbox.exe.

* Select "Delete on Reboot".

* Copy the file names below to the clipboard by highlighting ALL of them then press CTRL + C

C:\Documents and Settings\Simi Designs\Application Data\Sskknwrd.dll
C:\WINDOWS\abiuninst.htm
C:\WINDOWS\cfgmgr52.ini
C:\WINDOWS\etb\xml\images\casino.bmp
C:\WINDOWS\etb\xml\images\dating.bmp
C:\WINDOWS\etb\xml\images\drugs.bmp
C:\WINDOWS\etb\xml\images\fav.bmp
C:\WINDOWS\etb\xml\images\virus.bmp
C:\WINDOWS\etb
C:\WINDOWS\sepsd.bin
C:\WINDOWS\system32\exclean.exe
C:\WINDOWS\system32\Shex.exe
C:\WINDOWS\system32\sysfile.dll
C:\WINDOWS\system32\vpsnvxk.dll
C:\WINDOWS\system32\wys.dll
D:\Program Files\Common Files\PSD Tools\ChannelUp.exe
D:\Program Files\KaZaA Lite\bdcore.dll
D:\Program Files\Search Toolbar\toolbar.dll
D:\Program Files\Search Toolbar
D:\Program Files\Toolbar\TBPSSvc.exe
D:\Program Files\Toolbar
D:\WINDOWS\Temp\~983347.tmp

* Return to Killbox, go to the File menu, and choose "Paste from Clipboard".

* Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. If your computer does not restart automatically, please restart it manually.

After your computer reboots, post a new HiJackThis log and let me know if you're having any other problems!

[Zaphod18]

Ach-- I accidentally logged out (out of habit when i went to a class today)-- I dunno if that'll mess things up more

I'll delete that file (yeah pretty sure it's uninstalled) I don't think I've ever had kazaa on this comp before, but i'll check that out.

Should I follow the instructions you just listed anyway?

[Michelle]

You can log out and shut off the computer as much as you like now

That was just in the first sets of instructions because there ws a trojan that would continue to change names, but we got rid of it already. Yes, please continue with the rest of my instructions. You definitely have Kazaa installed otherwise ActiveScan would not have shown this:

D:\Program Files\KaZaA Lite

[Zaphod18]

Ahh my old harddrive.

Logfile of HijackThis v1.99.1
Scan saved at 8:47:27 AM, on 8/29/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
C:\Program Files\VIAudioi\SBADeck\ADeck.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe
C:\Program Files\Netropa\Onscreen Display\OSD.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Simi Designs\Desktop\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe

O2 - BHO: (no name) - {00F1D395-4744-40f0-A611-980F61AE2C59} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe


Thanks Michelle

[Michelle]

You're very welcome!

Are you having any other problems?

One more program I want you to run for a final clean-up:

Please download WebRoot SpySweeper from HERE (It's a 2 week trial):

• Click the Free Trial link under to "SpySweeper" to download the program.
• Install it.
• Once the program is installed, it will open.
• It will prompt you to update to the latest definitions, click Yes.
• Once the definitions are installed, click Sweep Now on the left side.
• Click the Start button.
• When it's done scanning, click the Next button.
• Make sure everything has a check next to it, then click the Next button.
• It will remove all of the items found.
• Click Session Log in the upper right corner, copy everything in that window.
• Click the Summary tab and click Finish.
• Paste the contents of the session log you copied into your next reply.

[Zaphod18]

Spy Sweeper will provide you with detailed information about the operations being performed in this area.
Spy News is provided to help you get the most out of Spy Sweeper by providing you with real-time information such as usability tips and news regarding the latest threats.
Automated check for new spyware definitions now underway.
Your definitions are up to date.
Automated check for program update in progress.
Your Spy Sweeper application is up to date.
Automated check for news in progress.
... news is ready for your viewing.

To ensure proper removal of spyware, adware and other unwanted items, be sure to close any programs that are open.
Your Sweep Options indicate the following will be swept:
Drives: C:
Also sweeping: Memory, Cookies, Registry, Do Not Sweep System Restore Folder
Adware found: begin2search
Adware found: hotsearchbar toolbar
Adware found: bookedspace
Adware found: cas
Adware found: ieplugin
Adware found: drsnsrch.com hijack
Adware found: roings search enhancment
Adware found: shopathomeselect
Adware found: surfsidekick
Adware found: abetterinternet
Adware found: icannnews
Adware found: drsnsrch hijacker
Spy Cookie found: 2o7.net cookie
Spy Cookie found: yieldmanager cookie
Spy Cookie found: pointroll cookie
Spy Cookie found: advertising cookie
Spy Cookie found: atwola cookie
Spy Cookie found: ask cookie
Spy Cookie found: atlas dmt cookie
Spy Cookie found: fastclick cookie
Spy Cookie found: servedby advertising cookie
Spy Cookie found: tribalfusion cookie
Trojan Horse found: trojan-downloader-bookedspace
Adware found: delfin
Adware found: purityscan
Adware found: ezula ilookup
Adware found: exact cashback/bargain buddy
Adware found: upspiral toolbar
Adware found: quicklink search toolbar
Adware found: personal money tree
Adware found: adlogix
Full Sweep has completed. Elapsed time 00:08:23
Traces Found: 912

[Zaphod18]

Err

Spy Sweeper will provide you with detailed information about the operations being performed in this area.
Spy News is provided to help you get the most out of Spy Sweeper by providing you with real-time information such as usability tips and news regarding the latest threats.
Automated check for new spyware definitions now underway.
Your definitions are up to date.
Automated check for program update in progress.
Your Spy Sweeper application is up to date.
Automated check for news in progress.
... news is ready for your viewing.

To ensure proper removal of spyware, adware and other unwanted items, be sure to close any programs that are open.
Your Sweep Options indicate the following will be swept:
Drives: C:
Also sweeping: Memory, Cookies, Registry, Do Not Sweep System Restore Folder
Adware found: begin2search
Adware found: hotsearchbar toolbar
Adware found: bookedspace
Adware found: cas
Adware found: ieplugin
Adware found: drsnsrch.com hijack
Adware found: roings search enhancment
Adware found: shopathomeselect
Adware found: surfsidekick
Adware found: abetterinternet
Adware found: icannnews
Adware found: drsnsrch hijacker
Spy Cookie found: 2o7.net cookie
Spy Cookie found: yieldmanager cookie
Spy Cookie found: pointroll cookie
Spy Cookie found: advertising cookie
Spy Cookie found: atwola cookie
Spy Cookie found: ask cookie
Spy Cookie found: atlas dmt cookie
Spy Cookie found: fastclick cookie
Spy Cookie found: servedby advertising cookie
Spy Cookie found: tribalfusion cookie
Trojan Horse found: trojan-downloader-bookedspace
Adware found: delfin
Adware found: purityscan
Adware found: ezula ilookup
Adware found: exact cashback/bargain buddy
Adware found: upspiral toolbar
Adware found: quicklink search toolbar
Adware found: personal money tree
Adware found: adlogix
Full Sweep has completed. Elapsed time 00:08:23
Traces Found: 912

[Michelle]

I'm not sure what you copied, but, per my instructions, you need to make sure all of those items have a check next to them then click the NEXT button to remove them. Then, click Session Log in the upper right corner and that's where you copy everything in the window and paste it for me.