Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Severe problem?

Started by mndsm , Sep 22 2005 09:00 PM

  • This topic is locked This topic is locked

#1
mndsm
Posted 22 September 2005 - 09:00 PM

mndsm

    New Member

  • Member
  • Pip
  • 9 posts
Well let me first say that this has been quite helpful so far, but I still have a mojor issue. There is something unhealthy on my computer and it is making my life miserable, to the point where I am ready to re-load XP and start from scratch. The only problem is I have thousands of hours into files and other software on this PC, and it would be very detrimental to lose these files.

A description of my problem:

My PC does not seem to want to do anything. The internet will run incredibly slowly if more than one app. is loaded up in Firefox, it will not run Yahoo at all, without crashing my pc. It has eaten all of my sound drivers, most of my video drivers, and when I went to reinstall, it crashed. I have all the hardware reload disks sitting next to me as well as a spare copy of XP Pro, although that is not the OS that it is running now. I still and running XP home on this box. It has eaten my desktop altogether, and defaulted to some random windows desktop. This also has a tendency not to work, at all, at which point it will flash to a straight blue screen. I still have all of my icons and such at this point, but who knows what has been damaged. I have run AVG, HijackThis, S&D, and Ad-aware SE through the thing and it still hasn't fixed the problem. I have downloaded and installed SP1a, as I hadn't previously. So I have followed every piece of advice, step by step, and I am still not in a position where I can have a fair running pc, let alone one I can try and repair my CD and DVD drives with. Those are also broken, but that goes in another category, I believe.

HijackThis log to follow

Thanks in advance.
  • 0

Advertisements

#2
mndsm
Posted 22 September 2005 - 09:01 PM

mndsm

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Logfile of HijackThis v1.99.1
Scan saved at 9:50:08 PM, on 9/22/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\Tablet.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Paltalk\pnetaware.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\etb\pokapoka70.exe
C:\WINDOWS\System32\devldr32.exe
C:\Documents and Settings\Tom Larson\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bestbuy.msn.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.earthlink.net/AL/Search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
O4 - HKLM\..\Run: [GWMDMpi] C:\WINDOWS\GWMDMpi.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [WebInstall2] C:\Program Files\ClipGenie\WebInstall.exe /R
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [EPSON Stylus CX4600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE /P26 "EPSON Stylus CX4600 Series" /O6 "USB001" /M "Stylus CX4600"
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [NT Logging Service] syslog32.exe
O4 - HKLM\..\Run: [Microsoft Mapped PC] mappedpc.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [System service66] C:\WINDOWS\etb\pokapoka66.exe
O4 - HKLM\..\Run: [Services] C:\WINDOWS\system32\34D.tmp
O4 - HKLM\..\Run: [SAClient] "C:\Program Files\Mediacom\BBClient\Programs\RegCon.exe"
O4 - HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe
O4 - HKLM\..\Run: [System service67] C:\WINDOWS\\etb\pokapoka67.exe
O4 - HKLM\..\Run: [a0tt478m] C:\WINDOWS\System32\a0tt478m.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O4 - HKLM\..\Run: [System service68] C:\WINDOWS\\etb\pokapoka68.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [System service69] C:\WINDOWS\\etb\pokapoka69.exe
O4 - HKLM\..\Run: [System service70] C:\WINDOWS\etb\pokapoka70.exe
O4 - HKLM\..\RunServices: [Microsoft Mapped PC] mappedpc.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: PalNetaware.lnk = C:\Program Files\Paltalk\pnetaware.exe
O4 - Startup: Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\Wtablet\TabUserW.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O10 - Broken Internet access because of LSP provider 'xfire_lsp_11078.dll' missing
O14 - IERESET.INF: START_PAGE_URL=http://www.bestbuy.msn.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...ry/msgrchkr.cab
O16 - DPF: {1CE17C82-8DE2-4EF6-ACF9-3A8B21830475} (Courier52 Control) - http://courier.sigab...riercontrol.cab
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://wdownload.wea...Transporter.cab?
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...90/mcinsctl.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...StatsClient.cab
O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} - http://static.zangoc.../bridge-c18.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://zone.msn.com/...me/ZAxRcMgr.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab34246.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,23/mcgdmgr.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/...fault/shapo.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/...aploader_v5.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: EarthLink Monitor Service (EarthLinkMonitor) - Boingo Wireless, Inc. - C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Microsoft SSL (ssl) - Unknown owner - C:\WINDOWS\System32\ssl.exe (file missing)
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\System32\Tablet.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe
O23 - Service: Windows HWinfo Loader - Unknown owner - C:\WINDOWS\iexplre.exe (file missing)
  • 0

#3
g2i2r4
Posted 23 September 2005 - 07:55 AM

g2i2r4

    retired HiJack Helper

  • Retired Staff
  • 5,080 posts
Welcome mndsm to Geeks to Go!

Let's do this one step at the time and see how things go.


I notice that you are using more than one antivirus program. This is very dangerous, as multiple AVs can interfere with one another and actually allow MORE viruses to get through.
I strongly suggest you either:(1) configure only one antivirus program to enable automatic realtime scanning, and leave the rest disabled most of the time, or
(2) go to Start -> Control Panel -> Add/Remove Programs and uninstall all but one antivirus program.
***

Download LQfix.exe and place it on your desktop.
Doubleclick LQfix.exe and click install.
This will create a new folder called LQfix on your desktop.
Open the folder and doubleclick ClickThis.bat
Your AntiVirus program may prompt you to a malicious script trying to run. Please allow the entire script to run!
Follow the prompts on the screen.
Your system will reboot afterwards.
Please be patient after reboot, because there is a script running in the background.

***

Please post back with a fresh HijackThis log. Keep me informed on what's happening.
  • 0

#4
mndsm
Posted 23 September 2005 - 08:34 AM

mndsm

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Alright.... I got it working a little bit better, but it seems to have learned a new trick in the process. I thought I had gotten rid of some [bleep] spyware that had hijacked both browsers (Firefox and Internet Explorer), but that has popped up into it again. I got rid of all the virus software I had except for Zone Alarm.
Here is the latest HJT log.

Logfile of HijackThis v1.99.1
Scan saved at 9:30:54 AM, on 9/23/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\Tablet.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\devldr32.exe
C:\WINDOWS\System32\msiexec.exe
C:\WINDOWS\GWMDMMSG.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\Logi_MwX.Exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\System32\mappedpc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\SurfAccuracy\SAcc.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\WINDOWS\system32\Wtablet\TabUserW.exe
C:\Program Files\Paltalk\pnetaware.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Documents and Settings\Tom Larson\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bestbuy.msn.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.earthlink.net/AL/Search
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.everythin....org/zango.html
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
O4 - HKLM\..\Run: [GWMDMpi] C:\WINDOWS\GWMDMpi.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [WebInstall2] C:\Program Files\ClipGenie\WebInstall.exe /R
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [EPSON Stylus CX4600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE /P26 "EPSON Stylus CX4600 Series" /O6 "USB001" /M "Stylus CX4600"
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [NT Logging Service] syslog32.exe
O4 - HKLM\..\Run: [Microsoft Mapped PC] mappedpc.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [Services] C:\WINDOWS\system32\34D.tmp
O4 - HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe
O4 - HKLM\..\Run: [a0tt478m] C:\WINDOWS\System32\a0tt478m.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\RunServices: [Microsoft Mapped PC] mappedpc.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Microsoft Mapped PC] mappedpc.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: PalNetaware.lnk = C:\Program Files\Paltalk\pnetaware.exe
O4 - Startup: Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\Wtablet\TabUserW.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O10 - Broken Internet access because of LSP provider 'xfire_lsp_11078.dll' missing
O14 - IERESET.INF: START_PAGE_URL=http://www.bestbuy.msn.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...ry/msgrchkr.cab
O16 - DPF: {1CE17C82-8DE2-4EF6-ACF9-3A8B21830475} (Courier52 Control) - http://courier.sigab...riercontrol.cab
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://wdownload.wea...Transporter.cab?
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...90/mcinsctl.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...StatsClient.cab
O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} - http://static.zangoc.../bridge-c18.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://zone.msn.com/...me/ZAxRcMgr.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab34246.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcaf...,23/mcgdmgr.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/...fault/shapo.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/...aploader_v5.cab
O23 - Service: EarthLink Monitor Service (EarthLinkMonitor) - Boingo Wireless, Inc. - C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Microsoft SSL (ssl) - Unknown owner - C:\WINDOWS\System32\ssl.exe (file missing)
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\System32\Tablet.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe
O23 - Service: Windows HWinfo Loader - Unknown owner - C:\WINDOWS\iexplre.exe (file missing)
  • 0

#5
g2i2r4
Posted 23 September 2005 - 02:29 PM

g2i2r4

    retired HiJack Helper

  • Retired Staff
  • 5,080 posts
There's a lot more trouble in there.
Let's move on to the next issue.

You removed most of the AntiVirus software.
I advise you to use the internet only to surf here and do the things I ask you to, because now you are not protected at all.

---------------

Go to Start > Run and type in Services.msc then click OK

Click the Extended tab.

Scroll down until you find the service:
Microsoft SSL (ssl).

Click once on the service to highlight it.

Click Stop

Right-Click on the service.

Click on 'Properties'

Select the 'General' tab

Click the Arrow-down tab on the right-hand side on the 'Start-up Type' box

From the drop-down menu, click on 'Disabled'

Click the 'Apply' tab, then click 'OK'

The service is now stopped and disabled.

Do the same for this service:
Windows HWinfo Loader

***

Download the Killbox.
Unzip it to the desktop

Double-click on Killbox.exe to run it. Place the following lines (complete paths) in bold in the "Full Path of File to Delete" box in Killbox, and click the red button with the white X on it after each

C:\WINDOWS\System32\mappedpc.exe
C:\Program Files\SurfAccuracy\SAcc.exe
C:\Program Files\Paltalk\pnetaware.exe
C:\Program Files\ClipGenie\WebInstall.exe
C:\WINDOWS\system32\34D.tmp
C:\WINDOWS\System32\a0tt478m.exe
C:\WINDOWS\iexplre.exe
C:\WINDOWS\System32\ssl.exe

For these file, put a mark next to "Delete on Reboot". Copy and paste each file into the file name box, then click the red button with the X after each. It will ask you if you want to reboot each time you click it, answer NO until after you've pasted the last file name, at which time you should answer Yes.
Click "No" at the Pending Operations prompt.

If your computer does not restart automatically, please restart it manually.

***

Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.

For additional help in booting into Safe Mode, see the following site:
http://www.pchell.co.../safemode.shtml

***

Then run HijackThis, click Scan, and place a checkmark by the following item:

O4 - HKLM\..\Run: [WebInstall2] C:\Program Files\ClipGenie\WebInstall.exe /R

O4 - HKLM\..\Run: [NT Logging Service] syslog32.exe

O4 - HKLM\..\Run: [Microsoft Mapped PC] mappedpc.exe

O4 - HKLM\..\Run: [Services] C:\WINDOWS\system32\34D.tmp

O4 - HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe

O4 - HKLM\..\Run: [a0tt478m] C:\WINDOWS\System32\a0tt478m.exe

O4 - HKLM\..\RunServices: [Microsoft Mapped PC] mappedpc.exe

O4 - HKCU\..\Run: [Microsoft Mapped PC] mappedpc.exe

O4 - Startup: PowerReg Scheduler.exe

O4 - Startup: PalNetaware.lnk = C:\Program Files\Paltalk\pnetaware.exe

O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://wdownload.wea...Transporter.cab?

O23 - Service: Microsoft SSL (ssl) - Unknown owner - C:\WINDOWS\System32\ssl.exe (file missing)

O23 - Service: Windows HWinfo Loader - Unknown owner - C:\WINDOWS\iexplre.exe (file missing)


Close all open windows except for HijackThis and click Fix Checked.

***

Download and install Cleanup from here (Alternate site if the above is not working, go Here)

Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
Set the program up as follows:
Click "Options..."
Move the arrow down to "Custom CleanUp!"
Put a check next to the following (Make sure nothing else is checked!):
  • Empty Recycle Bins
  • Delete Cookies
  • Delete Prefetch files
  • Cleanup! All Users
Click OK
Press the CleanUp! button to start the program.

It may ask you to reboot at the end, click NO.

Then, please run this online virus scan: ActiveScan

Copy the results of the ActiveScan and paste them here along with a new HijackThis log.
  • 0

#6
mndsm
Posted 23 September 2005 - 10:06 PM

mndsm

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Alright, everything was completed as ordered, or at least the closest to what I could measure. I couldnt find a few of the files on HJT when I booted in safe mode, so I didnt get those. Those were both the the 023 Service: files. I believe I got everything else.

The other problem is that ActiveScan was not cooperating. Problem 1: Activescan does not like Firefox. Problem 2: The button in in IE was non-functional preventing me from doing a scan.

Here however is the latest HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 11:02:38 PM, on 9/23/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\GWMDMMSG.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\System32\devldr32.exe
C:\WINDOWS\Logi_MwX.Exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\WINDOWS\system32\Wtablet\TabUserW.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\Tablet.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Tom Larson\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bestbuy.msn.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.earthlink.net/AL/Search
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.everythin....org/zango.html
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
O4 - HKLM\..\Run: [GWMDMpi] C:\WINDOWS\GWMDMpi.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [EPSON Stylus CX4600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE /P26 "EPSON Stylus CX4600 Series" /O6 "USB001" /M "Stylus CX4600"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\RunServices: [Microsoft Mapped PC] mappedpc.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Startup: Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\Wtablet\TabUserW.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O10 - Broken Internet access because of LSP provider 'xfire_lsp_11078.dll' missing
O14 - IERESET.INF: START_PAGE_URL=http://www.bestbuy.msn.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...ry/msgrchkr.cab
O16 - DPF: {1CE17C82-8DE2-4EF6-ACF9-3A8B21830475} (Courier52 Control) - http://courier.sigab...riercontrol.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...90/mcinsctl.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...StatsClient.cab
O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} - http://static.zangoc.../bridge-c18.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://zone.msn.com/...me/ZAxRcMgr.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab34246.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcaf...,23/mcgdmgr.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/...fault/shapo.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/...aploader_v5.cab
O23 - Service: EarthLink Monitor Service (EarthLinkMonitor) - Boingo Wireless, Inc. - C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\System32\Tablet.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe
  • 0

#7
g2i2r4
Posted 24 September 2005 - 04:54 AM

g2i2r4

    retired HiJack Helper

  • Retired Staff
  • 5,080 posts
please open Start> Run and type MSConfig in the 'Run' box. When the System Configuration Utility opens, go to the 'Startup Tab' and make sure there is a checkmark beside each entry. Then the general tab should have the "normal startup" option checked. REBOOT when asked to by Windows to complete the change.

Panda does require the popup. So you need to allow it. Then you will be able to push the button to start the scan. At the moment Panda is our best help in detecting leftovers. Please try again.
  • 0

#8
mndsm
Posted 24 September 2005 - 08:28 AM

mndsm

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Alright, i've done everything I can think of to get the IE button to work and it will not. I downloaded IE 6.0, I shut down ZoneAlarm, I lowered my security settings and restarted at least three different times, and it is not letting that button work in IE. Everything else seems to work fine on that site, just not that one. Is there anything else I can do? I also did the auto-startup as you asked, in the msconfig thing. Did something get changed when I was in safe mode that prevented it from working correctly? I am at a loss on this one.....
  • 0

#9
g2i2r4
Posted 24 September 2005 - 02:03 PM

g2i2r4

    retired HiJack Helper

  • Retired Staff
  • 5,080 posts
Reset your security (we don't want any more trouble). Let's use another scanner.

Please download ewido security suite it is a trial version of the program.
  • Install ewido security suite
  • When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
  • Launch ewido, there should be an icon on your desktop double-click it.
  • The program will now go to the main screen
You will need to update ewido to the latest definition files.
  • On the left hand side of the main screen click update
  • Then click on Start Update
The update will start and a progress bar will show the updates being installed.
If you are having problems with the updater, you can use this link to manually update ewido.
ewido manual updates

Once the updates are installed do the following:
  • Click on scanner
  • Click on Complete System Scan and the scan will begin.
  • NOTE: During some scans with ewido it is finding cases of false positives.**
    • You will need to step through the process of cleaning files one-by-one.
    • If ewido detects a file you KNOW to be legitimate, select none as the action.
    • DO NOT select "Perform action on all infections"
    • If you are unsure of any entry found select none for now.
  • Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report.
  • Save the report .txt file to your desktop.
Now close ewido security suite.
**(Ewido for example has been flagging parts of AVG Anti-Virus, pcAnywhere and the game "Risk")
  • 0

#10
mndsm
Posted 24 September 2005 - 09:02 PM

mndsm

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Ewido report:

+ Created on: 9:59:10 PM, 9/24/2005
+ Report-Checksum: B3237FA1

+ Scan result:

C:\WINDOWS\Downloaded Program Files\popcaploader.dll -> Not-A-Virus.RiskWare.Downloader.PopCap.a : Ignored
HKLM\SOFTWARE\Classes\CLSID\{7C559105-9ECF-42b8-B3F7-832E75EDD959} -> Spyware.ISTBar : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287} -> Spyware.Zango : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{9EB320CE-BE1D-4304-A081-4B4665414BEF} -> Spyware.PurityScan : Error during cleaning
HKLM\SOFTWARE\Classes\CLSID\{C398F337-51D5-40C3-AA3B-684E833D8888} -> Spyware.eAcceleration : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{0F2A4ADC-DABF-4980-8DB4-19F67D7B1F95} -> Spyware.ClearSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\ISTx.Installer -> Spyware.ISTBar : Cleaned with backup
HKLM\SOFTWARE\Classes\ISTx.Installer\CLSID -> Spyware.ISTBar : Cleaned with backup
HKLM\SOFTWARE\ISTbar -> Spyware.ISTBar : Error during cleaning
HKLM\SOFTWARE\ISTbar\Historyfiles -> Spyware.ISTBar : Error during cleaning
HKLM\SOFTWARE\ISTbar\Historystring -> Spyware.ISTBar : Error during cleaning
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ISTbarISTbar -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/istactivex.dll -> Spyware.ISTBar : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinDH -> Spyware.DealHelper : Cleaned with backup
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\AMeOpt -> Spyware.InternetOptimizer : Cleaned with backup
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\AMeOpt -> Spyware.InternetOptimizer : Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Cookies\tom larson@abetterinternet[1].txt -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Cookies\tom larson@specificpop[1].txt -> Spyware.Cookie.Specificpop : Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Cookies\tom [email protected][2].txt -> Spyware.Cookie.Popuptraffic : Cleaned with backup
C:\WINDOWS\system32\Skccfb.exe -> Spyware.DealHelper : Cleaned with backup
C:\WINDOWS\system32\dun.exe -> Spyware.DealHelper : Cleaned with backup
C:\WINDOWS\system32\5kmd0gnf.exe -> Adware.SAHA : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\v3.dll -> Spyware.EliteBar : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\MediaGatewayX.dll -> Spyware.WinAD : Cleaned with backup
C:\WINDOWS\bsx32 -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\TV1.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\XTFL2.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\ADVC5.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\AUTOS1.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\ADVCTX2.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\ADBN1.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\TMP1.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\INK1.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\EDU1.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\DEBT1.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\DATE3.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\SPZ3.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\DENT1.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\BID1.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\BingoRoom1.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\HEAL2.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\CASH2.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\CARD2.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\OPPR2.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\EML1.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\MORT1.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\MOVS1.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\NEWS1.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\SHOP1.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\TECH1.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\WOMEN1.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\FINC3.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\EXPE1.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\JOBS2.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\DRUG3.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\PENIS2.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\HGH2.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\FLWR1.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\HOMES2.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\GIFT1.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\INSUR3.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\CARS3.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\mm63.ocx -> Spyware.MediaMotor : Cleaned with backup
C:\WINDOWS\stubinstaller6282.exe -> TrojanDownloader.Small.asf : Cleaned with backup
C:\WINDOWS\exe82.exe -> Spyware.MediaMotor : Cleaned with backup
C:\WINDOWS\876029.exe -> Adware.SaveNow : Cleaned with backup
C:\WINDOWS\la0e7t6r.exe -> Adware.SAHA : Cleaned with backup
:mozilla.14:C:\Documents and Settings\Tom Larson\Application Data\Mozilla\Firefox\Profiles\s3xnvxoc.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.17:C:\Documents and Settings\Tom Larson\Application Data\Mozilla\Firefox\Profiles\s3xnvxoc.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.18:C:\Documents and Settings\Tom Larson\Application Data\Mozilla\Firefox\Profiles\s3xnvxoc.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.19:C:\Documents and Settings\Tom Larson\Application Data\Mozilla\Firefox\Profiles\s3xnvxoc.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.20:C:\Documents and Settings\Tom Larson\Application Data\Mozilla\Firefox\Profiles\s3xnvxoc.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.21:C:\Documents and Settings\Tom Larson\Application Data\Mozilla\Firefox\Profiles\s3xnvxoc.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.22:C:\Documents and Settings\Tom Larson\Application Data\Mozilla\Firefox\Profiles\s3xnvxoc.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.29:C:\Documents and Settings\Tom Larson\Application Data\Mozilla\Firefox\Profiles\s3xnvxoc.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.39:C:\Documents and Settings\Tom Larson\Application Data\Mozilla\Firefox\Profiles\s3xnvxoc.default\cookies.txt -> Spyware.Cookie.Myaffiliateprogram : Cleaned with backup
:mozilla.49:C:\Documents and Settings\Tom Larson\Application Data\Mozilla\Firefox\Profiles\s3xnvxoc.default\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.53:C:\Documents and Settings\Tom Larson\Application Data\Mozilla\Firefox\Profiles\s3xnvxoc.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.54:C:\Documents and Settings\Tom Larson\Application Data\Mozilla\Firefox\Profiles\s3xnvxoc.default\cookies.txt -> Spyware.Cookie.Qksrv : Cleaned with backup
:mozilla.55:C:\Documents and Settings\Tom Larson\Application Data\Mozilla\Firefox\Profiles\s3xnvxoc.default\cookies.txt -> Spyware.Cookie.Qksrv : Cleaned with backup
:mozilla.59:C:\Documents and Settings\Tom Larson\Application Data\Mozilla\Firefox\Profiles\s3xnvxoc.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.60:C:\Documents and Settings\Tom Larson\Application Data\Mozilla\Firefox\Profiles\s3xnvxoc.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.61:C:\Documents and Settings\Tom Larson\Application Data\Mozilla\Firefox\Profiles\s3xnvxoc.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.63:C:\Documents and Settings\Tom Larson\Application Data\Mozilla\Firefox\Profiles\s3xnvxoc.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.64:C:\Documents and Settings\Tom Larson\Application Data\Mozilla\Firefox\Profiles\s3xnvxoc.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.65:C:\Documents and Settings\Tom Larson\Application Data\Mozilla\Firefox\Profiles\s3xnvxoc.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.66:C:\Documents and Settings\Tom Larson\Application Data\Mozilla\Firefox\Profiles\s3xnvxoc.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.67:C:\Documents and Settings\Tom Larson\Application Data\Mozilla\Firefox\Profiles\s3xnvxoc.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.68:C:\Documents and Settings\Tom Larson\Application Data\Mozilla\Firefox\Profiles\s3xnvxoc.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.69:C:\Documents and Settings\Tom Larson\Application Data\Mozilla\Firefox\Profiles\s3xnvxoc.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.70:C:\Documents and Settings\Tom Larson\Application Data\Mozilla\Firefox\Profiles\s3xnvxoc.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.71:C:\Documents and Settings\Tom Larson\Application Data\Mozilla\Firefox\Profiles\s3xnvxoc.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.87:C:\Documents and Settings\Tom Larson\Application Data\Mozilla\Firefox\Profiles\s3xnvxoc.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.88:C:\Documents and Settings\Tom Larson\Application Data\Mozilla\Firefox\Profiles\s3xnvxoc.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.89:C:\Documents and Settings\Tom Larson\Application Data\Mozilla\Firefox\Profiles\s3xnvxoc.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.90:C:\Documents and Settings\Tom Larson\Application Data\Mozilla\Firefox\Profiles\s3xnvxoc.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.91:C:\Documents and Settings\Tom Larson\Application Data\Mozilla\Firefox\Profiles\s3xnvxoc.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.92:C:\Documents and Settings\Tom Larson\Application Data\Mozilla\Firefox\Profiles\s3xnvxoc.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.93:C:\Documents and Settings\Tom Larson\Application Data\Mozilla\Firefox\Profiles\s3xnvxoc.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.94:C:\Documents and Settings\Tom Larson\Application Data\Mozilla\Firefox\Profiles\s3xnvxoc.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.99:C:\Documents and Settings\Tom Larson\Application Data\Mozilla\Firefox\Profiles\s3xnvxoc.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.103:C:\Documents and Settings\Tom Larson\Application Data\Mozilla\Firefox\Profiles\s3xnvxoc.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.105:C:\Documents and Settings\Tom Larson\Application Data\Mozilla\Firefox\Profiles\s3xnvxoc.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.106:C:\Documents and Settings\Tom Larson\Application Data\Mozilla\Firefox\Profiles\s3xnvxoc.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.107:C:\Documents and Settings\Tom Larson\Application Data\Mozilla\Firefox\Profiles\s3xnvxoc.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.108:C:\Documents and Settings\Tom Larson\Application Data\Mozilla\Firefox\Profiles\s3xnvxoc.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.109:C:\Documents and Settings\Tom Larson\Application Data\Mozilla\Firefox\Profiles\s3xnvxoc.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.110:C:\Documents and Settings\Tom Larson\Application Data\Mozilla\Firefox\Profiles\s3xnvxoc.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.112:C:\Documents and Settings\Tom Larson\Application Data\Mozilla\Firefox\Profiles\s3xnvxoc.default\cookies.txt -> Spyware.Cookie.Targetnet : Cleaned with backup
:mozilla.113:C:\Documents and Settings\Tom Larson\Application Data\Mozilla\Firefox\Profiles\s3xnvxoc.default\cookies.txt -> Spyware.Cookie.Targetnet : Cleaned with backup
:mozilla.114:C:\Documents and Settings\Tom Larson\Application Data\Mozilla\Firefox\Profiles\s3xnvxoc.default\cookies.txt -> Spyware.Cookie.Targetnet : Cleaned with backup
:mozilla.130:C:\Documents and Settings\Tom Larson\Application Data\Mozilla\Firefox\Profiles\s3xnvxoc.default\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.134:C:\Documents and Settings\Tom Larson\Application Data\Mozilla\Firefox\Profiles\s3xnvxoc.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.135:C:\Documents and Settings\Tom Larson\Application Data\Mozilla\Firefox\Profiles\s3xnvxoc.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.136:C:\Documents and Settings\Tom Larson\Application Data\Mozilla\Firefox\Profiles\s3xnvxoc.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.137:C:\Documents and Settings\Tom Larson\Application Data\Mozilla\Firefox\Profiles\s3xnvxoc.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.138:C:\Documents and Settings\Tom Larson\Application Data\Mozilla\Firefox\Profiles\s3xnvxoc.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.139:C:\Documents and Settings\Tom Larson\Application Data\Mozilla\Firefox\Profiles\s3xnvxoc.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
C:\Program Files\Mozilla Firefox\plugins\npwthost.dll -> Spyware.WildTangent : Cleaned with backup
C:\Program Files\180searchassistant\sais.exe -> Spyware.180Solutions : Cleaned with backup
C:\Program Files\SurfAccuracy\SAccU.exe -> Spyware.SurfAccuracy : Cleaned with backup
C:\System Volume Information\_restore{C4187BA9-7563-4EFE-B482-C14A20ABCB6F}\RP974\A0075468.DLL -> Spyware.ClearSearch : Cleaned with backup
C:\System Volume Information\_restore{C4187BA9-7563-4EFE-B482-C14A20ABCB6F}\RP1038\A0085165.dll -> Spyware.WildTangent : Cleaned with backup
C:\System Volume Information\_restore{C4187BA9-7563-4EFE-B482-C14A20ABCB6F}\RP1042\A0144550.ocx -> Spyware.MediaMotor : Cleaned with backup
C:\System Volume Information\_restore{C4187BA9-7563-4EFE-B482-C14A20ABCB6F}\RP1042\A0146547.ocx -> TrojanDownloader.VB.ov : Cleaned with backup
C:\System Volume Information\_restore{C4187BA9-7563-4EFE-B482-C14A20ABCB6F}\RP1042\A0146549.ocx -> Spyware.MediaMotor : Cleaned with backup
C:\System Volume Information\_restore{C4187BA9-7563-4EFE-B482-C14A20ABCB6F}\RP1047\A0169776.exe -> TrojanDownloader.Small.aqt : Cleaned with backup
C:\System Volume Information\_restore{C4187BA9-7563-4EFE-B482-C14A20ABCB6F}\RP1047\A0173778.exe -> TrojanDownloader.IstBar.is : Cleaned with backup
C:\System Volume Information\_restore{C4187BA9-7563-4EFE-B482-C14A20ABCB6F}\RP1048\A0176789.exe -> TrojanDownloader.IstBar.is : Cleaned with backup
C:\System Volume Information\_restore{C4187BA9-7563-4EFE-B482-C14A20ABCB6F}\RP1048\A0178789.exe -> TrojanDownloader.IstBar.is : Cleaned with backup
C:\System Volume Information\_restore{C4187BA9-7563-4EFE-B482-C14A20ABCB6F}\RP1050\A0185806.exe -> TrojanDownloader.Small.aqt : Cleaned with backup
C:\System Volume Information\_restore{C4187BA9-7563-4EFE-B482-C14A20ABCB6F}\RP1051\A0192808.ocx -> Spyware.MediaMotor : Cleaned with backup
C:\System Volume Information\_restore{C4187BA9-7563-4EFE-B482-C14A20ABCB6F}\RP1051\A0192810.exe -> Spyware.WinAD : Cleaned with backup
C:\System Volume Information\_restore{C4187BA9-7563-4EFE-B482-C14A20ABCB6F}\RP1052\A0195814.exe -> TrojanDownloader.Small.aqt : Cleaned with backup
C:\System Volume Information\_restore{C4187BA9-7563-4EFE-B482-C14A20ABCB6F}\RP1058\snapshot\MFEX-1.DAT -> Spyware.SideFind : Cleaned with backup
C:\System Volume Information\_restore{C4187BA9-7563-4EFE-B482-C14A20ABCB6F}\RP1058\snapshot\MFEX-3.DAT -> Spyware.SideFind : Cleaned with backup
C:\System Volume Information\_restore{C4187BA9-7563-4EFE-B482-C14A20ABCB6F}\RP1058\snapshot\MFEX-4.DAT -> Spyware.AdMir : Cleaned with backup
C:\System Volume Information\_restore{C4187BA9-7563-4EFE-B482-C14A20ABCB6F}\RP1058\snapshot\MFEX-5.DAT -> Spyware.SideFind : Cleaned with backup
C:\System Volume Information\_restore{C4187BA9-7563-4EFE-B482-C14A20ABCB6F}\RP1058\snapshot\MFEX-20.DAT -> Spyware.SideFind : Cleaned with backup
C:\System Volume Information\_restore{C4187BA9-7563-4EFE-B482-C14A20ABCB6F}\RP1058\snapshot\MFEX-24.DAT -> Spyware.AdMir : Cleaned with backup
C:\System Volume Information\_restore{C4187BA9-7563-4EFE-B482-C14A20ABCB6F}\RP1058\A0210886.dll -> Spyware.SideFind : Cleaned with backup
C:\System Volume Information\_restore{C4187BA9-7563-4EFE-B482-C14A20ABCB6F}\RP1058\A0210887.dll -> Spyware.AdMir : Cleaned with backup
C:\System Volume Information\_restore{C4187BA9-7563-4EFE-B482-C14A20ABCB6F}\RP1045\A0153575.ocx -> Spyware.MediaMotor : Cleaned with backup
C:\System Volume Information\_restore{C4187BA9-7563-4EFE-B482-C14A20ABCB6F}\RP1045\A0158778.dll -> Spyware.WildTangent : Cleaned with backup
C:\System Volume Information\_restore{C4187BA9-7563-4EFE-B482-C14A20ABCB6F}\RP1046\A0160750.exe -> TrojanDownloader.IstBar.is : Cleaned with backup
C:\System Volume Information\_restore{C4187BA9-7563-4EFE-B482-C14A20ABCB6F}\RP1046\A0162751.exe -> TrojanDownloader.IstBar.is : Cleaned with backup
C:\System Volume Information\_restore{C4187BA9-7563-4EFE-B482-C14A20ABCB6F}\RP1046\A0163752.exe -> TrojanDownloader.Small.aqt : Cleaned with backup
C:\System Volume Information\_restore{C4187BA9-7563-4EFE-B482-C14A20ABCB6F}\RP1046\A0164754.exe -> TrojanDownloader.Small.aqt : Cleaned with backup
C:\System Volume Information\_restore{C4187BA9-7563-4EFE-B482-C14A20ABCB6F}\RP1046\A0164764.exe -> TrojanDownloader.Small.aqt : Cleaned with backup
C:\System Volume Information\_restore{C4187BA9-7563-4EFE-B482-C14A20ABCB6F}\RP1046\A0165763.exe -> TrojanDownloader.IstBar.is : Cleaned with backup
C:\System Volume Information\_restore{C4187BA9-7563-4EFE-B482-C14A20ABCB6F}\RP1053\A0198821.exe -> TrojanDropper.Small.aeq : Cleaned with backup
C:\System Volume Information\_restore{C4187BA9-7563-4EFE-B482-C14A20ABCB6F}\RP1053\A0198823.exe -> TrojanDownloader.IstBar.is : Cleaned with backup
C:\System Volume Information\_restore{C4187BA9-7563-4EFE-B482-C14A20ABCB6F}\RP1053\A0199828.exe -> Spyware.WinAD : Cleaned with backup
C:\System Volume Information\_restore{C4187BA9-7563-4EFE-B482-C14A20ABCB6F}\RP1057\A0203886.ocx -> Spyware.MediaMotor : Cleaned with backup
C:\System Volume Information\_restore{C4187BA9-7563-4EFE-B482-C14A20ABCB6F}\RP1057\A0204897.exe -> TrojanDownloader.Agent.tv : Cleaned with backup
C:\System Volume Information\_restore{C4187BA9-7563-4EFE-B482-C14A20ABCB6F}\RP1057\A0204914.dll -> Spyware.WinAD : Cleaned with backup
C:\System Volume Information\_restore{C4187BA9-7563-4EFE-B482-C14A20ABCB6F}\RP1057\A0204915.exe -> Spyware.WinAD : Cleaned with backup
C:\System Volume Information\_restore{C4187BA9-7563-4EFE-B482-C14A20ABCB6F}\RP1057\A0204916.exe -> Spyware.180Solutions : Cleaned with backup
C:\System Volume Information\_restore{C4187BA9-7563-4EFE-B482-C14A20ABCB6F}\RP1057\A0204917.exe -> Spyware.180Solutions : Cleaned with backup
C:\System Volume Information\_restore{C4187BA9-7563-4EFE-B482-C14A20ABCB6F}\RP1057\A0204919.EXE -> Spyware.HelpExpress : Cleaned with backup
C:\System Volume Information\_restore{C4187BA9-7563-4EFE-B482-C14A20ABCB6F}\RP1057\A0204921.DLL -> Spyware.ClearSearch : Cleaned with backup
C:\System Volume Information\_restore{C4187BA9-7563-4EFE-B482-C14A20ABCB6F}\RP1057\A0205884.dll -> Spyware.180Solutions : Cleaned with backup
C:\System Volume Information\_restore{C4187BA9-7563-4EFE-B482-C14A20ABCB6F}\RP1057\A0208884.dll -> Spyware.EliteBar : Cleaned with backup
C:\System Volume Information\_restore{C4187BA9-7563-4EFE-B482-C14A20ABCB6F}\RP1057\A0210119.exe -> Spyware.WinAD : Cleaned with backup
C:\System Volume Information\_restore{C4187BA9-7563-4EFE-B482-C14A20ABCB6F}\RP1057\A0210120.exe -> Spyware.PowerScan : Cleaned with backup
C:\System Volume Information\_restore{C4187BA9-7563-4EFE-B482-C14A20ABCB6F}\RP1057\A0210123.exe -> Adware.Saha : Cleaned with backup
C:\System Volume Information\_restore{C4187BA9-7563-4EFE-B482-C14A20ABCB6F}\RP1057\A0210124.exe -> Adware.SAHA : Cleaned with backup
C:\System Volume Information\_restore{C4187BA9-7563-4EFE-B482-C14A20ABCB6F}\RP1057\A0210125.exe -> Adware.SAHA : Cleaned with backup
C:\System Volume Information\_restore{C4187BA9-7563-4EFE-B482-C14A20ABCB6F}\RP1057\A0210126.dll -> Adware.SAHA : Cleaned with backup
C:\System Volume Information\_restore{C4187BA9-7563-4EFE-B482-C14A20ABCB6F}\RP1057\A0210127.dll -> Spyware.SideFind : Cleaned with backup
C:\System Volume Information\_restore{C4187BA9-7563-4EFE-B482-C14A20ABCB6F}\RP1062\A0233807.dll -> Adware.SAHA : Cleaned with backup
C:\System Volume Information\_restore{C4187BA9-7563-4EFE-B482-C14A20ABCB6F}\RP1062\A0233808.exe -> Adware.Saha : Cleaned with backup
C:\System Volume Information\_restore{C4187BA9-7563-4EFE-B482-C14A20ABCB6F}\RP1062\A0233809.exe -> Spyware.WinAD : Cleaned with backup
C:\System Volume Information\_restore{C4187BA9-7563-4EFE-B482-C14A20ABCB6F}\RP1063\A0234205.exe -> Backdoor.Rbot : Cleaned with backup
C:\System Volume Information\_restore{C4187BA9-7563-4EFE-B482-C14A20ABCB6F}\RP1063\A0234206.exe -> Spyware.SurfAccuracy : Cleaned with backup
:mozilla.11:C:\FOUND.004\FILE0000.CHK -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.21:C:\FOUND.004\FILE0000.CHK -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.27:C:\FOUND.004\FILE0000.CHK -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.28:C:\FOUND.004\FILE0000.CHK -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.29:C:\FOUND.004\FILE0000.CHK -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.31:C:\FOUND.004\FILE0000.CHK -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.32:C:\FOUND.004\FILE0000.CHK -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.64:C:\FOUND.004\FILE0000.CHK -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.65:C:\FOUND.004\FILE0000.CHK -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.81:C:\FOUND.004\FILE0000.CHK -> Spyware.Cookie.Targetnet : Cleaned with backup
:mozilla.82:C:\FOUND.004\FILE0000.CHK -> Spyware.Cookie.Targetnet : Cleaned with backup
:mozilla.83:C:\FOUND.004\FILE0000.CHK -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.84:C:\FOUND.004\FILE0000.CHK -> Spyware.Cookie.Targetnet : Cleaned with backup
:mozilla.85:C:\FOUND.004\FILE0000.CHK -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.86:C:\FOUND.004\FILE0000.CHK -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.87:C:\FOUND.004\FILE0000.CHK -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.88:C:\FOUND.004\FILE0000.CHK -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.89:C:\FOUND.004\FILE0000.CHK -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.90:C:\FOUND.004\FILE0000.CHK -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.105:C:\FOUND.004\FILE0000.CHK -> Spyware.Cookie.Coremetrics : Cleaned with backup
:mozilla.110:C:\FOUND.004\FILE0000.CHK -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.111:C:\FOUND.004\FILE0000.CHK -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.112:C:\FOUND.004\FILE0000.CHK -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.113:C:\FOUND.004\FILE0000.CHK -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.114:C:\FOUND.004\FILE0000.CHK -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.115:C:\FOUND.004\FILE0000.CHK -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.126:C:\FOUND.004\FILE0000.CHK -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.127:C:\FOUND.004\FILE0000.CHK -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.130:C:\FOUND.004\FILE0000.CHK -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.131:C:\FOUND.004\FILE0000.CHK -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.132:C:\FOUND.004\FILE0000.CHK -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.134:C:\FOUND.004\FILE0000.CHK -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.135:C:\FOUND.004\FILE0000.CHK -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.136:C:\FOUND.004\FILE0000.CHK -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.137:C:\FOUND.004\FILE0000.CHK -> Spyware.Cookie.Adbrite : Cleaned with backup
:mozilla.141:C:\FOUND.004\FILE0000.CHK -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.142:C:\FOUND.004\FILE0000.CHK -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.143:C:\FOUND.004\FILE0000.CHK -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.144:C:\FOUND.004\FILE0000.CHK -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.145:C:\FOUND.004\FILE0000.CHK -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.146:C:\FOUND.004\FILE0000.CHK -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.147:C:\FOUND.004\FILE0000.CHK -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.148:C:\FOUND.004\FILE0000.CHK -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.149:C:\FOUND.004\FILE0000.CHK -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.153:C:\FOUND.004\FILE0000.CHK -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.154:C:\FOUND.004\FILE0000.CHK -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.155:C:\FOUND.004\FILE0000.CHK -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.156:C:\FOUND.004\FILE0000.CHK -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.157:C:\FOUND.004\FILE0000.CHK -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.158:C:\FOUND.004\FILE0000.CHK -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.159:C:\FOUND.004\FILE0000.CHK -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.160:C:\FOUND.004\FILE0000.CHK -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.161:C:\FOUND.004\FILE0000.CHK -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.162:C:\FOUND.004\FILE0000.CHK -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.163:C:\FOUND.004\FILE0000.CHK -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.164:C:\FOUND.004\FILE0000.CHK -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.165:C:\FOUND.004\FILE0000.CHK -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.166:C:\FOUND.004\FILE0000.CHK -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.167:C:\FOUND.004\FILE0000.CHK -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.168:C:\FOUND.004\FILE0000.CHK -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.169:C:\FOUND.004\FILE0000.CHK -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.170:C:\FOUND.004\FILE0000.CHK -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.171:C:\FOUND.004\FILE0000.CHK -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.172:C:\FOUND.004\FILE0000.CHK -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.173:C:\FOUND.004\FILE0000.CHK -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.174:C:\FOUND.004\FILE0000.CHK -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.175:C:\FOUND.004\FILE0000.CHK -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.176:C:\FOUND.004\FILE0000.CHK -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.177:C:\FOUND.004\FILE0000.CHK -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.178:C:\FOUND.004\FILE0000.CHK -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.179:C:\FOUND.004\FILE0000.CHK -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.180:C:\FOUND.004\FILE0000.CHK -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.181:C:\FOUND.004\FILE0000.CHK -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.182:C:\FOUND.004\FILE0000.CHK -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.183:C:\FOUND.004\FILE0000.CHK -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.184:C:\FOUND.004\FILE0000.CHK -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.185:C:\FOUND.004\FILE0000.CHK -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.186:C:\FOUND.004\FILE0000.CHK -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.187:C:\FOUND.004\FILE0000.CHK -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.188:C:\FOUND.004\FILE0000.CHK -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.189:C:\FOUND.004\FILE0000.CHK -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.190:C:\FOUND.004\FILE0000.CHK -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.191:C:\FOUND.004\FILE0000.CHK -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.192:C:\FOUND.004\FILE0000.CHK -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.218:C:\FOUND.004\FILE0000.CHK -> Spyware.Cookie.Tradedoubler : Cleaned with backup
:mozilla.229:C:\FOUND.004\FILE0000.CHK -> Spyware.Cookie.Adjuggler : Cleaned with backup
:mozilla.237:C:\FOUND.004\FILE0000.CHK -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.445:C:\FOUND.004\FILE0000.CHK -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.450:C:\FOUND.004\FILE0000.CHK -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.451:C:\FOUND.004\FILE0000.CHK -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.452:C:\FOUND.004\FILE0000.CHK -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.453:C:\FOUND.004\FILE0000.CHK -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.454:C:\FOUND.004\FILE0000.CHK -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.465:C:\FOUND.004\FILE0000.CHK -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.468:C:\FOUND.004\FILE0000.CHK -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.469:C:\FOUND.004\FILE0000.CHK -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.474:C:\FOUND.004\FILE0000.CHK -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.490:C:\FOUND.004\FILE0000.CHK -> Spyware.Cookie.Qksrv : Cleaned with backup
:mozilla.492:C:\FOUND.004\FILE0000.CHK -> Spyware.Cookie.Qksrv : Cleaned with backup
:mozilla.498:C:\FOUND.004\FILE0000.CHK -> Spyware.Cookie.Clickzs : Cleaned with backup
:mozilla.499:C:\FOUND.004\FILE0000.CHK -> Spyware.Cookie.Clickzs : Cleaned with backup
:mozilla.503:C:\FOUND.004\FILE0000.CHK -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.507:C:\FOUND.004\FILE0000.CHK -> Spyware.Cookie.Realtracker : Cleaned with backup
:mozilla.508:C:\FOUND.004\FILE0000.CHK -> Spyware.Cookie.Realtracker : Cleaned with backup
:mozilla.509:C:\FOUND.004\FILE0000.CHK -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.510:C:\FOUND.004\FILE0000.CHK -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.515:C:\FOUND.004\FILE0000.CHK -> Spyware.Cookie.Bridgetrack : Cleaned with backup
:mozilla.516:C:\FOUND.004\FILE0000.CHK -> Spyware.Cookie.Bridgetrack : Cleaned with backup
:mozilla.517:C:\FOUND.004\FILE0000.CHK -> Spyware.Cookie.Bridgetrack : Cleaned with backup
:mozilla.538:C:\FOUND.004\FILE0000.CHK -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.560:C:\FOUND.004\FILE0000.CHK -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.561:C:\FOUND.004\FILE0000.CHK -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.562:C:\FOUND.004\FILE0000.CHK -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.563:C:\FOUND.004\FILE0000.CHK -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.564:C:\FOUND.004\FILE0000.CHK -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.565:C:\FOUND.004\FILE0000.CHK -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.605:C:\FOUND.004\FILE0000.CHK -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.606:C:\FOUND.004\FILE0000.CHK -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.614:C:\FOUND.004\FILE0000.CHK -> Spyware.Cookie.Bfast : Cleaned with backup
:mozilla.619:C:\FOUND.004\FILE0000.CHK -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.637:C:\FOUND.004\FILE0000.CHK -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.645:C:\FOUND.004\FILE0000.CHK -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.646:C:\FOUND.004\FILE0000.CHK -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.647:C:\FOUND.004\FILE0000.CHK -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.672:C:\FOUND.004\FILE0000.CHK -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.673:C:\FOUND.004\FILE0000.CHK -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.674:C:\FOUND.004\FILE0000.CHK -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.675:C:\FOUND.004\FILE0000.CHK -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.676:C:\FOUND.004\FILE0000.CHK -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.677:C:\FOUND.004\FILE0000.CHK -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.678:C:\FOUND.004\FILE0000.CHK -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.679:C:\FOUND.004\FILE0000.CHK -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.680:C:\FOUND.004\FILE0000.CHK -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.681:C:\FOUND.004\FILE0000.CHK -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.695:C:\FOUND.004\FILE0000.CHK -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.696:C:\FOUND.004\FILE0000.CHK -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.703:C:\FOUND.004\FILE0000.CHK -> Spyware.Cookie.Findwhat : Cleaned with backup
:mozilla.711:C:\FOUND.004\FILE0000.CHK -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.720:C:\FOUND.004\FILE0000.CHK -> Spyware.Cookie.Coremetrics : Cleaned with backup
:mozilla.721:C:\FOUND.004\FILE0000.CHK -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.722:C:\FOUND.004\FILE0000.CHK -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.723:C:\FOUND.004\FILE0000.CHK -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.724:C:\FOUND.004\FILE0000.CHK -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.735:C:\FOUND.004\FILE0000.CHK -> Spyware.Cookie.Hotlog : Cleaned with backup
:mozilla.753:C:\FOUND.004\FILE0000.CHK -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.754:C:\FOUND.004\FILE0000.CHK -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.757:C:\FOUND.004\FILE0000.CHK -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.759:C:\FOUND.004\FILE0000.CHK -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.763:C:\FOUND.004\FILE0000.CHK -> Spyware.Cookie.Revenue : Cleaned with backup
:mozilla.764:C:\FOUND.004\FILE0000.CHK -> Spyware.Cookie.Revenue : Cleaned with backup
:mozilla.779:C:\FOUND.004\FILE0000.CHK -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.781:C:\FOUND.004\FILE0000.CHK -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.782:C:\FOUND.004\FILE0000.CHK -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.796:C:\FOUND.004\FILE0000.CHK -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.800:C:\FOUND.004\FILE0000.CHK -> Spyware.Cookie.247realmedia : Cleaned with backup
:mozilla.803:C:\FOUND.004\FILE0000.CHK -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.816:C:\FOUND.004\FILE0000.CHK -> Spyware.Cookie.Masterstats : Cleaned with backup
:mozilla.818:C:\FOUND.004\FILE0000.CHK -> Spyware.Cookie.Sexlist : Cleaned with backup
:mozilla.819:C:\FOUND.004\FILE0000.CHK -> Spyware.Cookie.Sexlist : Cleaned with backup
:mozilla.820:C:\FOUND.004\FILE0000.CHK -> Spyware.Cookie.Sexlist : Cleaned with backup
:mozilla.821:C:\FOUND.004\FILE0000.CHK -> Spyware.Cookie.Sexlist : Cleaned with backup
:mozilla.822:C:\FOUND.004\FILE0000.CHK -> Spyware.Cookie.Sexlist : Cleaned with backup
:mozilla.823:C:\FOUND.004\FILE0000.CHK -> Spyware.Cookie.Sexlist : Cleaned with backup
:mozilla.824:C:\FOUND.004\FILE0000.CHK -> Spyware.Cookie.Sexlist : Cleaned with backup
:mozilla.825:C:\FOUND.004\FILE0000.CHK -> Spyware.Cookie.Sexlist : Cleaned with backup
:mozilla.826:C:\FOUND.004\FILE0000.CHK -> Spyware.Cookie.Sexlist : Cleaned with backup
:mozilla.827:C:\FOUND.004\FILE0000.CHK -> Spyware.Cookie.Sexlist : Cleaned with backup
:mozilla.828:C:\FOUND.004\FILE0000.CHK -> Spyware.Cookie.Sexlist : Cleaned with backup
:mozilla.832:C:\FOUND.004\FILE0000.CHK -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.835:C:\FOUND.004\FILE0000.CHK -> Spyware.Cookie.Paycounter : Cleaned with backup
:mozilla.838:C:\FOUND.004\FILE0000.CHK -> Spyware.Cookie.Sitestat : Cleaned with backup
:mozilla.839:C:\FOUND.004\FILE0000.CHK -> Spyware.Cookie.Sitestat : Cleaned with backup
:mozilla.846:C:\FOUND.004\FILE0000.CHK -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.847:C:\FOUND.004\FILE0000.CHK -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.878:C:\FOUND.004\FILE0000.CHK -> Spyware.Cookie.Inet-cash : Cleaned with backup
:mozilla.879:C:\FOUND.004\FILE0000.CHK -> Spyware.Cookie.Inet-cash : Cleaned with backup
:mozilla.880:C:\FOUND.004\FILE0000.CHK -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.893:C:\FOUND.004\FILE0000.CHK -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.894:C:\FOUND.004\FILE0000.CHK -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.895:C:\FOUND.004\FILE0000.CHK -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.896:C:\FOUND.004\FILE0000.CHK -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.897:C:\FOUND.004\FILE0000.CHK -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.905:C:\FOUND.004\FILE0000.CHK -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.915:C:\FOUND.004\FILE0000.CHK -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.932:C:\FOUND.004\FILE0000.CHK -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.8:C:\FOUND.026\FILE0001.CHK -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.10:C:\FOUND.026\FILE0001.CHK -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.11:C:\FOUND.026\FILE0001.CHK -> Spyware.Cookie.Addynamix : Cleaned with backup
:mozilla.12:C:\FOUND.026\FILE0001.CHK -> Spyware.Cookie.Addynamix : Cleaned with backup
:mozilla.20:C:\FOUND.026\FILE0001.CHK -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.21:C:\FOUND.026\FILE0001.CHK -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.43:C:\FOUND.026\FILE0001.CHK -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.44:C:\FOUND.026\FILE0001.CHK -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.48:C:\FOUND.026\FILE0001.CHK -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.49:C:\FOUND.026\FILE0001.CHK -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.51:C:\FOUND.026\FILE0001.CHK -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.52:C:\FOUND.026\FILE0001.CHK -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.54:C:\FOUND.026\FILE0001.CHK -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.55:C:\FOUND.026\FILE0001.CHK -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.56:C:\FOUND.026\FILE0001.CHK -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.57:C:\FOUND.026\FILE0001.CHK -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.58:C:\FOUND.026\FILE0001.CHK -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.60:C:\FOUND.026\FILE0001.CHK -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.62:C:\FOUND.026\FILE0001.CHK -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.63:C:\FOUND.026\FILE0001.CHK -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.72:C:\FOUND.026\FILE0001.CHK -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.73:C:\FOUND.026\FILE0001.CHK -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.74:C:\FOUND.026\FILE0001.CHK -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.90:C:\FOUND.026\FILE0001.CHK -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.91:C:\FOUND.026\FILE0001.CHK -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.94:C:\FOUND.026\FILE0001.CHK -> Spyware.Cookie.Revenue : Cleaned with backup
:mozilla.95:C:\FOUND.026\FILE0001.CHK -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.96:C:\FOUND.026\FILE0001.CHK -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.97:C:\FOUND.026\FILE0001.CHK -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.98:C:\FOUND.026\FILE0001.CHK -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.99:C:\FOUND.026\FILE0001.CHK -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.100:C:\FOUND.026\FILE0001.CHK -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.101:C:\FOUND.026\FILE0001.CHK -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.102:C:\FOUND.026\FILE0001.CHK -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.103:C:\FOUND.026\FILE0001.CHK -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.104:C:\FOUND.026\FILE0001.CHK -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.113:C:\FOUND.026\FILE0001.CHK -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.117:C:\FOUND.026\FILE0001.CHK -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.118:C:\FOUND.026\FILE0001.CHK -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.119:C:\FOUND.026\FILE0001.CHK -> Spyware.Cookie.Xxxtoolbar : Cleaned with backup
:mozilla.120:C:\FOUND.026\FILE0001.CHK -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.121:C:\FOUND.026\FILE0001.CHK -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.122:C:\FOUND.026\FILE0001.CHK -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.123:C:\FOUND.026\FILE0001.CHK -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.124:C:\FOUND.026\FILE0001.CHK -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.125:C:\FOUND.026\FILE0001.CHK -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.126:C:\FOUND.026\FILE0001.CHK -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.135:C:\FOUND.026\FILE0001.CHK -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.136:C:\FOUND.026\FILE0001.CHK -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.137:C:\FOUND.026\FILE0001.CHK -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.139:C:\FOUND.026\FILE0001.CHK -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.140:C:\FOUND.026\FILE0001.CHK -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.141:C:\FOUND.026\FILE0001.CHK -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.142:C:\FOUND.026\FILE0001.CHK -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.143:C:\FOUND.026\FILE0001.CHK -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.144:C:\FOUND.026\FILE0001.CHK -> Spyware.Cookie.Googleadservices : Cleaned with backup
C:\tmp.exe -> Spyware.WinAD : Cleaned with backup
C:\!Submit\mappedpc.exe -> Backdoor.Rbot : Cleaned with backup


::Report End

HJT report:


Scan saved at 10:00:37 PM, on 9/24/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\Tablet.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\GWMDMMSG.exe
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\Logi_MwX.Exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\WINDOWS\system32\Wtablet\TabUserW.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\AIM\aim.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Documents and Settings\Tom Larson\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bestbuy.msn.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.earthlink.net/AL/Search
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.everythin....org/zango.html
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
O4 - HKLM\..\Run: [GWMDMpi] C:\WINDOWS\GWMDMpi.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [EPSON Stylus CX4600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE /P26 "EPSON Stylus CX4600 Series" /O6 "USB001" /M "Stylus CX4600"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\RunServices: [Microsoft Mapped PC] mappedpc.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Startup: Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\Wtablet\TabUserW.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O10 - Broken Internet access because of LSP provider 'xfire_lsp_11078.dll' missing
O14 - IERESET.INF: START_PAGE_URL=http://www.bestbuy.msn.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...ry/msgrchkr.cab
O16 - DPF: {1CE17C82-8DE2-4EF6-ACF9-3A8B21830475} (Courier52 Control) - http://courier.sigab...riercontrol.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...90/mcinsctl.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...StatsClient.cab
O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} - http://static.zangoc.../bridge-c18.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://zone.msn.com/...me/ZAxRcMgr.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab34246.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcaf...,23/mcgdmgr.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/...fault/shapo.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/...aploader_v5.cab
O23 - Service: EarthLink Monitor Service (EarthLinkMonitor) - Boingo Wireless, Inc. - C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\System32\Tablet.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe

I think we are getting close. The problem is the other person in the house had to have her pc totally redone and has a tendency to try and use mine and complain when it doesn't work. This sucker was fine before she got a hold of it....

Again, thank you so much. It's nice to have my rig back to limping along at least.
  • 0

Advertisements

#11
g2i2r4
Posted 25 September 2005 - 08:01 AM

g2i2r4

    retired HiJack Helper

  • Retired Staff
  • 5,080 posts
'back to limping' you say, doesn't sound good yet...

Can you rerun Ewido in safe mode this time. Let it remove all it finds.

Reboot afterwards and let me know how things are now.
  • 0

#12
mndsm
Posted 25 September 2005 - 09:44 PM

mndsm

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
I think it's finally whole..... it boots super fast, it runs well, and it has not eaten anything in recent memory. Now if Winamp works, I am golden and consider this whole thing a success..... Thank you so much. I will donate as soon as I have the cash. You guys saved me.
  • 0

#13
g2i2r4
Posted 26 September 2005 - 03:10 PM

g2i2r4

    retired HiJack Helper

  • Retired Staff
  • 5,080 posts
Nice to hear we are nearly done. Do you want me to see if I can help you on the winamp problem?
  • 0

#14
mndsm
Posted 27 September 2005 - 11:38 AM

mndsm

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Well, I got Winamp to work. But something else is severly wrong with it.... I think it's hardware this time. I am actually on the other PC in the gouse, as it recently got a new life as well. My problem this time is like this.....

It has power, but the power button on the front of it will not light and I cannot get any sort of response out of the PC. When I hit the hard switch on the back of it, the power supply turns on and it sounds like it is going to fire... but then nothing.

I did have an error a bit ago that said windows was unable to start normally, and asked what I wished to do. I booted it from the last time windows worked, or so it claimed, and everything was fine. But now, I try to start it and it will do nothing. Any ideas?
  • 0

#15
g2i2r4
Posted 27 September 2005 - 12:22 PM

g2i2r4

    retired HiJack Helper

  • Retired Staff
  • 5,080 posts
I must admit I'm no tech.

I guess it's best to post a topic in the hardware section. We have a whole bunch of very capable techs on board.

It would cloud this topic to ask them to jump in.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP