[lissener]

Hi--

I'm a non-geek. Well, semi; I've been working on computers for 10 years, but as a graphic designer. I have very little experience troubleshooting serious issues.

In ten years on the Internet, I've never had a single virus, and I've been very good at managing my spyware. But this "The Best Offers" nightmare has me ready to throw everything out the window and limit my design work to stone tablets.

In my desperation to get rid of this, I've done a couple of stupid things, which seem to have made things worse. I've been using Mozilla for a long time now, and don't use IE at all. So, after trying everything I could to get rid of TBO--yes, I downloaded their uninstall, but it didn't work--I tried trashing my IE.

Meanwhile, I finally heard back from TBO, after asking them for help removing their software. All I can get from them is "go into IE, Tools"--etc. I don't have IE anymore to go into Tools.

Am I screwed? do I have to reinstall my entire system now? I'm a graphics person so it will take me WEEKS to backup all my files, if I have to do that first.

On top of which, I bought a new Dell last year but then went into the hospital for several months. It ended up being almost a year before I took it out of the box. When I finally set it up I found that that CD burner I had paid for was not in place. By now, I'm past warranty, so it may be too late to do anything about it. So I'll have to get that fixed first, before I can back up my files.

So having painted myself into this corner in the first place, is TBO just some kind of demonic last straw that has stuck a fork in my system? SHOULD I just throw it out the window at this point?

[Advertisements]

Hi lissener and welcome to the Geeks to Go Forums.

My name is Trevuren and I will be helping you with your log.

1. If you haven't logged in go to Geeks to Go and do so. Then proceed to item a.

If you already have logged in, go directly to item a.

• Click on My Controls at the top right hand corner of the window.
  
• In the left hand column, click "View Topics"
  
• If you click on the title of your post, you will be taken there

2. Also, while at the My Controls page, check the box to the right of your post and then scroll down.
.Where it says "unsubscribe" click the pull-down menu and select "immediate email notification"

3. Please DELETE your current HJT program from its present location.

4. Download and run the following HijackThis autoinstall program from Here . Please choose the default location of C:\Program Files\ as the destination. HJT needs to be in its own folder so that the program itself isn't deleted by accident. Having the backups could be VITAL to restoring your system if something went wrong in the FIX process!

• Run HijackThis
  
• Click SCAN and SAVE LOG. (a notepad window will open with the log in it when you click Save Log) (Ctrl-A to'select all', Ctrl-C to 'copy')
  
• POST the log into this thread using 'Add Reply' (Ctrl-V to 'paste')

DO NOT MAKE ANY CHANGES OR CLICK "FIX CHECKED" UNTIL WE CHECK THE LOG, AS MOST OF THE FILES ARE LEGIT AND VITAL TO THE FUNCTION OF YOUR COMPUTER


Regards,

Trevuren

[Trevuren]

Hi lissener and welcome to the Geeks to Go Forums.

My name is Trevuren and I will be helping you with your log.

1. If you haven't logged in go to Geeks to Go and do so. Then proceed to item a.

If you already have logged in, go directly to item a.

• Click on My Controls at the top right hand corner of the window.
  
• In the left hand column, click "View Topics"
  
• If you click on the title of your post, you will be taken there

2. Also, while at the My Controls page, check the box to the right of your post and then scroll down.
.Where it says "unsubscribe" click the pull-down menu and select "immediate email notification"

3. Please DELETE your current HJT program from its present location.

4. Download and run the following HijackThis autoinstall program from Here . Please choose the default location of C:\Program Files\ as the destination. HJT needs to be in its own folder so that the program itself isn't deleted by accident. Having the backups could be VITAL to restoring your system if something went wrong in the FIX process!

• Run HijackThis
  
• Click SCAN and SAVE LOG. (a notepad window will open with the log in it when you click Save Log) (Ctrl-A to'select all', Ctrl-C to 'copy')
  
• POST the log into this thread using 'Add Reply' (Ctrl-V to 'paste')

DO NOT MAKE ANY CHANGES OR CLICK "FIX CHECKED" UNTIL WE CHECK THE LOG, AS MOST OF THE FILES ARE LEGIT AND VITAL TO THE FUNCTION OF YOUR COMPUTER


Regards,

Trevuren

[lissener]

I'm sorry to be so dense about this, but my McAfee won't let me install the HJT, and I can't figure out a way around it.

[Trevuren]

Please try these :

Here are a couple of steps to try and run HijackThis. Follow them in order. If one step doesn't work, continue to the next step:

Step # 1

Rename HijackThis.exe to H.exe. Try a scan. If it works, post the log back here. If not, proceed to the next step.

Step # 2

Go to this link and download the 1.98 version of HijackThis.exe:

http:/www.tomcoyote.org/hjt/

Try a scan. If it works, post the log back here. If not, proceed to the next step.

Step # 3

Click here and download Itty Bitty Process Manager (IBProcMan.zip): http://www.merijn.or...s/ibprocman.zip .

Unzip it to it's own directory and try running it - it will provide a 'taskmanager' like process viewer in which you can stop running processes. Don't stop any yet, just list all that it has so I can check them and give advice. Post the list back here.



Regards,

Trevuren

Edited by Trevuren, 08 October 2005 - 09:42 AM.

[lissener]

Please try these :

Here are a couple of steps to try and run HijackThis. Follow them in order. If one step doesn't work, continue to the next step:

Step # 1

Rename HijackThis.exe to H.exe. Try a scan. If it works, post the log back here. If not, proceed to the next step.

Did not work; no such file. At least, when I run the install, it isn't allowed to finish to the point where there IS such a file. When I find the HighjackThis folder in Program Files, it contains only an unistall file.

Step # 2

Go to this link and download the 1.98 version of HijackThis.exe:

http:/www.tomcoyote.org/hjt/

Try a scan. If it works, post the log back here. If not, proceed to the next step.

Done, with this result:

Outdated version of HijackThis detected!!

I have the log; is there a trick to posting it? can I insert a character or two to bypass the version screen?

[lissener]

Logfile of HijackThis v1.99.1 <==version number changed to allow posting
Scan saved at 7:32:02 PM, on 10/7/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\thgbyo.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\PROGRA~1\mcafee.com\agent\McAgent.exe
C:\Program Files\Dell Support\DSAgnt.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\system32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\Yahoo!\Messenger\YPager.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\DOCUME~1\CHAREL~1\LOCALS~1\Temp\Temporary Directory 1 for hijackthis-1.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe
O2 - BHO: Band Class - {0007522A-2297-43C1-8EB1-C90B0FF20DA5} - C:\WINDOWS\enhtb.dll (file missing)
O2 - BHO: Band Class - {00F1D395-4744-40f0-A611-980F61AE2C59} - C:\WINDOWS\dsr.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Control Popups in Internet Explorer - {41353F8B-78CE-48A5-BE44-153ED293D192} - C:\PROGRA~1\POPUPP~1\PopLib.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [Dinst] C:\WINDOWS\dinst.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\McAgent.exe
O4 - HKLM\..\Run: [znoqdcx] C:\WINDOWS\system32\thgbyo.exe r
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Search - http://bar.mywebsear...earch.html?p=ZN
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: PopupPopper Control Panel - {3E94F358-9537-4BBA-8D12-D7F8A0136973} - C:\Program Files\PopupPopper\SiteList.exe
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.c...utocomplete.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

[Trevuren]

BEFORE BEGINNING, Please read completely through the instructions below and download the files from the links provided. You may want to save or print out these instructions for easier reference.

1. Download Ewido Security Suite.

2. Download Lavasoft's Ad-Aware and the VX2 Cleaner Plug-in.

• Install Ad-Aware using the default options.
• Then install vx2cleaner_inst.exe, using all the defaults there as well.

3. Run Ad-Aware

• Update to the latest definitions
• Then click on Add-ons in the lefthand column.
• Select VX2 Cleaner V2.0 and click Run Tool. Click "OK".
• If something is found, click "Clean" as in the directions given.
• Click "Close", and EXIT Ad-Aware.

4. Reboot your PC and run Ad-Aware again.

• This time, click on the Start button in Ad-Aware
• Select "Perform smart system scan" and click Next.
• Once the scan finishes, click "Next" again.
• Select all objects found ("right click anywhere in the list of found objects and click "Select All Objects").
• Click "Next" one more time, then "OK" to confirm the removal.
• You will be prompted to set Ad-Aware to run on reboot, click "OK".
• Exit Ad-Aware
• REBOOT your PC
• When Ad-Aware starts up, click on "Start", then "Next".
• Follow the steps above if anything is found, or click "Finish", then EXIT Ad-Aware.

5. For a final cleanup, please install and run Ewido.

• When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
• When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.
• From the main ewido screen, click on update in the left menu, then click the Start update button.
• After the update finishes (the status bar at the bottom will display "Update successful")
• Click on the Scanner button in the left menu, then click on Complete System Scan. This scan can take quite a while to run.
• If ewido finds anything, it will pop up a notification. We have been finding some cases of false positives with the new version of Ewido, so we need to step through the fixes one-by-one. If Ewido finds something that you KNOW is legitimate (for example, parts of AVG Antivirus, pcAnywhere and the game "Risk" have been flagged), select "none" as the action. DO NOT check "Perform action with all infections". If you are unsure of an entry, select "none" for the time being. I'll see that in the log you will post later and let you know if ewido needs to be run again.
• When the scan finishes, click on "Save Report". This will create a text file. Make sure you know where to find this file again.

6. Please finish up by rebooting your system once more, and posting a new HijackThis log and the log from the Ewido scan.

Regards,

Trevuren

[lissener]

K, here's the HT log:

Logfile of HijackThis v1.99.1 <== NOT
Scan saved at 12:57:29 AM, on 10/8/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\PROGRA~1\mcafee.com\agent\McAgent.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\Dell Support\DSAgnt.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\system32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\DOCUME~1\CHAREL~1\LOCALS~1\Temp\Temporary Directory 1 for hijackthis-1.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe
O2 - BHO: Band Class - {00F1D395-4744-40f0-A611-980F61AE2C59} - C:\WINDOWS\dsr.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Control Popups in Internet Explorer - {41353F8B-78CE-48A5-BE44-153ED293D192} - C:\PROGRA~1\POPUPP~1\PopLib.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\McAgent.exe
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Search - http://bar.mywebsear...earch.html?p=ZN
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: PopupPopper Control Panel - {3E94F358-9537-4BBA-8D12-D7F8A0136973} - C:\Program Files\PopupPopper\SiteList.exe
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.c...utocomplete.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

[lissener]

--and this is the Ewido log:


---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 12:52:30 AM, 10/8/2005
+ Report-Checksum: DDCF5D97

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{0007522A-2297-43C1-8EB1-C90B0FF20DA5} -> Spyware.ShopNav : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA} -> Spyware.MyWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{8C505A6B-124B-4768-8FD3-1A066C839848} -> Spyware.BlazeFind : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{8C505A6B-124B-4768-8FD3-1A066C839848}\TypeLib\\ -> Spyware.BlazeFind : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0007522A-2297-43C1-8EB1-C90B0FF20DA5} -> Spyware.ShopNav : Cleaned with backup
HKU\S-1-5-21-3309433966-1824912880-749991559-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-C1EC-0345-6EC2-4D0300000000} -> Spyware.Transponder : Cleaned with backup
HKU\S-1-5-21-3309433966-1824912880-749991559-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000010-6F7D-442C-93E3-4A4827C2E4C8} -> Spyware.InternetOptimizer : Cleaned with backup
HKU\S-1-5-21-3309433966-1824912880-749991559-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0007522A-2297-43C1-8EB1-C90B0FF20DA5} -> Spyware.ShopNav : Cleaned with backup
HKU\S-1-5-21-3309433966-1824912880-749991559-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} -> Spyware.MyWebSearch : Cleaned with backup
HKU\S-1-5-21-3309433966-1824912880-749991559-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{01F44A8A-8C97-4325-A378-76E68DC4AB2E} -> Spyware.IEPlugin : Cleaned with backup
HKU\S-1-5-21-3309433966-1824912880-749991559-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA} -> Spyware.MyWebSearch : Cleaned with backup
HKU\S-1-5-21-3309433966-1824912880-749991559-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83DE62E0-5805-11D8-9B25-00E04C60FAF2} -> Spyware.BlazeFind : Cleaned with backup
HKU\S-1-5-21-3309433966-1824912880-749991559-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} -> Spyware.MoneyTree : Cleaned with backup
[388] C:\WINDOWS\system32\xmrutqa.exe -> Trojan.Agent.cp : Cleaned with backup
:mozilla.31:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.32:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.33:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.34:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.46:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.47:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.48:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.49:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.50:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.72:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.74:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.75:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.76:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.77:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.78:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.79:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.80:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.81:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.82:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.83:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.84:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.85:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.86:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.87:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.88:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.89:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.90:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.91:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.92:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.93:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.94:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.95:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.96:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.97:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.98:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.99:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.100:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.101:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.102:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.103:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.104:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.105:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.106:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.107:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.108:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.109:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.110:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.111:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.112:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.113:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.114:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.115:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.116:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.117:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.118:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.119:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.122:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.123:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.126:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.127:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.128:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.129:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.188:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.189:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.190:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.191:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.192:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.193:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.194:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.195:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.196:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.197:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.198:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.199:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.200:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.201:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.202:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.203:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.204:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.205:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.206:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.207:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.208:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.209:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.210:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.211:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.212:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.213:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.214:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.215:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.216:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.217:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.218:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.219:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.220:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.221:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.222:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.223:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.224:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.225:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.226:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.227:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.228:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.229:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.230:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.231:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.232:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.233:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.234:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.235:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.236:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.237:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.246:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup
:mozilla.247:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.248:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.249:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup
:mozilla.250:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.251:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.265:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.Addynamix : Cleaned with backup
:mozilla.266:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.Addynamix : Cleaned with backup
:mozilla.267:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.Addynamix : Cleaned with backup
:mozilla.268:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.269:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.271:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.272:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.273:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.274:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.306:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.318:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.338:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.339:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.340:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.341:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.406:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.Coremetrics : Cleaned with backup
:mozilla.429:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.Bfast : Cleaned with backup
:mozilla.430:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.431:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.440:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.441:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.444:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.445:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.454:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
:mozilla.501:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.502:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.517:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.519:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.520:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.521:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.522:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.523:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.524:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.525:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.526:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.527:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.528:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.529:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.530:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.531:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.532:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.533:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.534:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.535:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.536:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.537:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.538:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.539:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.540:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.541:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.542:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.543:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.544:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.545:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.546:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.547:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.548:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.549:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.550:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.555:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.556:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.557:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.567:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.568:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.572:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.573:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.574:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.575:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.576:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.577:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.578:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.579:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.589:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.598:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.599:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.600:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.601:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.602:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.603:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.604:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.620:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
:mozilla.621:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
:mozilla.622:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
:mozilla.623:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.639:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.640:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.641:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.642:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.645:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.Excite : Cleaned with backup
:mozilla.646:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.Excite : Cleaned with backup
:mozilla.647:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.Excite : Cleaned with backup
:mozilla.657:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.658:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.659:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.660:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.661:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.662:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.663:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.673:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.699:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.700:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.701:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.702:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.703:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.727:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.247realmedia : Cleaned with backup
:mozilla.728:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.247realmedia : Cleaned with backup
:mozilla.735:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.736:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.762:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.763:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.764:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.765:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.766:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.767:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.769:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.770:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.772:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.802:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.803:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.804:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.805:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.806:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.807:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.808:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.809:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.810:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.840:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.Ivwbox : Cleaned with backup
:mozilla.893:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.Oewabox : Cleaned with backup
:mozilla.897:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.898:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.Pro-market : Cleaned with backup
:mozilla.903:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.904:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.905:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.906:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.907:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.916:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.917:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.918:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.919:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.920:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\5o5g3nm7.Default User\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.6:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\bhmovlzi.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.7:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\bhmovlzi.default\cookies.txt -> Spyware.Cookie.247realmedia : Cleaned with backup
:mozilla.8:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\bhmovlzi.default\cookies.txt -> Spyware.Cookie.247realmedia : Cleaned with backup
:mozilla.9:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\bhmovlzi.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.10:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\bhmovlzi.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.11:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\bhmovlzi.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.12:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\bhmovlzi.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.13:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\bhmovlzi.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.14:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\bhmovlzi.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.15:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\bhmovlzi.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.16:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\bhmovlzi.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.17:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\bhmovlzi.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.18:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\bhmovlzi.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.19:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\bhmovlzi.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.20:C:\Documents and Settings\Charely Cvercko\Application Data\Mozilla\Firefox\Profiles\bhmovlzi.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.21:C:\Documents and Settings\

[Trevuren]

1. Please DELETE your current HJT program from its present location.

2. Download and run the following HijackThis autoinstall program from Here . Please choose the default location of C:\Program Files\ as the destination. HJT needs to be in its own folder so that the program itself isn't deleted by accident. Having the backups could be VITAL to restoring your system if something went wrong in the FIX process!

3. Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order in which they are mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.

• First we need to make all files and folders VISIBLE:
  
  • Go to start>control panel>folder options>view (tab)
  • Choose to "show hidden files and folders,"
  • Uncheck the "hide protected operating system files" and the "hide extensions for know file types" boxes.
  • Close the window with ok
• Please RUN HijackThis.
  . Click the SCAN button to produce a log.
  
  
• Place a check mark beside each one of the following items:
  
  R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
  R3 - Default URLSearchHook is missing
  F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
  O2 - BHO: Band Class - {00F1D395-4744-40f0-A611-980F61AE2C59} - C:\WINDOWS\dsr.dll (file missing)
  O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
  O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
  O8 - Extra context menu item: &Search - http://bar.mywebsear...earch.html?p=ZN
  O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
  
  
• Now with all the items selected, and all windows closed except for HJT, delete them by clicking the FIX checked button. Close the HijackThis window.
  
  
• Reboot Your System in Safe Mode
  
  How to use the F8 method to Start Your Computer in Safe Mode
  
  
  • Restart the computer.
  • As soon as BIOS is loaded begin tapping the F8 key until the Advanced Options menu appears.
  • Use the arrow keys to select the Safe mode menu item
  • Press Enter.
• Using Windows Explorer, locate the following files/folders, and DELETE them (if they are present):
  
  C:\WINDOWS\Nail.exe<==This may not delete and we will have to use another method of getting rid of it.
  
  
• Exit Explorer, and REBOOT BACK INTO NORMAL MODE
  
  
• Finally, RUN Hijackthis again and produce a new HJT log. Post it in the forum so we can check how everything looks now.

Regards,

Trevuren

[lissener]

WAIT!

Tried one more thing, after posting this. Log in next post.

1. Please DELETE your current HJT program from its present location.

2. Download and run the following HijackThis autoinstall program from Here .  Please choose the default location of C:\Program Files\ as the destination.  HJT needs to be in its own folder so that the program itself isn't deleted by accident.  Having the backups could be VITAL to restoring your system if something went wrong in the FIX process!

Well, it still won't let me do that. Here’s what I get:

C:\Program Files\Hijackthis\Hijackthis\HijackThis.exe

An error occurred while trying to rename a file in the distination directory:
MoveFile failed; code 5.
Access is denied.

Click Retry to try again, Ignore to skip this file (not recommended), or Abort to cancel installation.

Retry gets me the same thing; Abort gets me nothing; and Ignore gets me:

Unable to execute file:
C:\Program Files\Hijackthis\Hijackthis\HijackThis.exe

Creat Process failed; code 2.
The system cannot find the file specified.

3. Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order in which they are mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.

• First we need to make all files and folders VISIBLE:
  [list]
  
  
• Go to start>control panel>folder options>view (tab)
  
  
• Choose to "show hidden files and folders,"
  
  
• Uncheck the "hide protected operating system files" and the "hide extensions for know file types" boxes.
  
  
• Close the window with ok

[*] Please RUN HijackThis.

It still wouldn’t let me do this, until I restarted in Safe mode, as Administrator.

. Click  the SCAN button to produce a log.
[*] Place a check mark beside each one of the following items:

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe

These first three boxes are not there.

O2 - BHO: Band Class - {00F1D395-4744-40f0-A611-980F61AE2C59} - C:\WINDOWS\dsr.dll (file missing)
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O8 - Extra context menu item: &Search - http://bar.mywebsear...earch.html?p=ZN

The O2s are there; the O8 is not.

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
[*] Now with all the items selected, and all windows closed except for HJT, delete them by clicking the FIX checked button.  Close the HijackThis window.
[*] Reboot Your System in Safe Mode

How to use the F8 method to Start Your Computer in Safe Mode

• Restart the computer.
  
  
• As soon as BIOS is loaded begin tapping the F8 key until the Advanced Options menu appears.
  
  
• Use the arrow keys to select the Safe mode menu item
  
  
• Press Enter.

[*]Using Windows Explorer, locate the following files/folders, and DELETE them (if they are present):

C:\WINDOWS\Nail.exe<==This may not delete and we will have to use another method of getting rid of it.
[*]Exit Explorer, and REBOOT BACK INTO NORMAL MODE
[*] Finally, RUN Hijackthis again and produce a new HJT log.  Post it in the forum so we can check how everything looks now.

Can’t run Hijack in Normal, because I can’t install it except in Administrator mode, and I don’t know how to get to Admin mode except in safe mode. I tried navigating to the Admin desktop in explorer and opening it that way, but I didn’t have “permissions.”

Edited by lissener, 08 October 2005 - 05:13 PM.

[lissener]

Log:

Logfile of HijackThis v1.99.1
Scan saved at 4:09:25 PM, on 10/8/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\Program Files\Hijackthis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Control Popups in Internet Explorer - {41353F8B-78CE-48A5-BE44-153ED293D192} - C:\PROGRA~1\POPUPP~1\PopLib.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\McAgent.exe
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [McRegWiz] c:\PROGRA~1\mcafee.com\agent\mcregwiz.exe /autorun
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: PopupPopper Control Panel - {3E94F358-9537-4BBA-8D12-D7F8A0136973} - C:\Program Files\PopupPopper\SiteList.exe
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.c...utocomplete.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: LavasoftStartupCleaner - C:\WINDOWS\vx2cleaner.dlx (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - c:\windows\SvcProc.exe

[Trevuren]

I love it when a plan comes together

Because your system appears to be in need of repair, we will have to try different things to get rid if the infection.

We want to stop, disable and delete an added service (023)

A. To stop a service and set to 'disabled'

• Go to Start > Run and type in Services.msc then click OK
  
• Click the Extended tab.
  
• Scroll down until you find the service.
  ===>System Startup Service
  
• Click once on the service to highlight it.
  
• Click Stop
  
• Right-Click on the service.
  
• Click on 'Properties'
  
• Select the 'General' tab
  
• Click the Arrow-down tab on the right-hand side on the 'Start-up Type' box
  
• From the drop-down menu, click on 'Disabled'
  
• Click the 'Apply' tab, then click 'OK'

The service is now stopped and disabled.


B. We will now delete the service:

1. Open HJT

2. Click on Config>>Misc Tools>>Delete an NT Service

3. Copy/Paste SvcProc in the space provided and click OK

4. The program will ask you to REBOOT --- Accept

5. REBOOT into SAFE MODE

6. Using Windows Explorer, locate and DELETE the following file (if it still is present):

C:\WINDOWS\svcproc.exe

7. REBOOT back into Normal Mode

8. Finally, run HijackThis, click SCAN, produce a LOG and POST it in this thread for review.

Regards,

Trevuren

[lissener]

Because (apparently) of McAfee, I can only run HJT in Safe mode. So where you instructed me to reboot in Normal, then run HJT, I had to stray from the letter of your instructions, and do so in Safe mode. In case that's relevant.

So here, the log generated when I rant HJT in Safe mode:


Logfile of HijackThis v1.99.1
Scan saved at 4:45:25 PM, on 10/8/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Control Popups in Internet Explorer - {41353F8B-78CE-48A5-BE44-153ED293D192} - C:\PROGRA~1\POPUPP~1\PopLib.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\McAgent.exe
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [McRegWiz] c:\PROGRA~1\mcafee.com\agent\mcregwiz.exe /autorun
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: PopupPopper Control Panel - {3E94F358-9537-4BBA-8D12-D7F8A0136973} - C:\Program Files\PopupPopper\SiteList.exe
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.c...utocomplete.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: LavasoftStartupCleaner - C:\WINDOWS\vx2cleaner.dlx (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe

[Trevuren]

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order in which they are mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.

Download Killbox here: http://www.downloads...org/KillBox.exe and put it on your desktop

Open Killbox

Check the following boxes:

Standard File Kill
End Explorer Shell While Killing file

Copy & paste the full path of the file below into the Killbox topmost box.

C:\WINDOWS\Nail.exe

With the full path to the file name in the topmost textbox, Click the Red X ...and for the confirmation message that will appear, you will need to click Yes

The file may not delete

If the file isn't deleted, use killbox to delete it as follows:

Open Killbox

Check the following boxes:

Delete on Reboot

With the full path to the file name in the topmost textbox. Click the Red X ...and for the confirmation message that will appear, you will need to click Yes

A second message will ask to Reboot now? you will need to click Yes


Note: Killbox will let you know if the file does not exist.

After the reboot scan with hijackthis and fix the following if they are still listed

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe

Reboot and Post a new hijackthis log.

Note:You may have to repeat the above procedures a couple of times before being successfull. Nail is a hard nut to crack.

Regards,

Trevuren