[dopeysang]

I have tried using my Nortan Anti-virus, and it has about 15 files. But for some reason, It couldn't delete. Spyware Doctor & SpyBot Search & Destroy deleted the files BUT everytime I scan later on, the file is still there. Same thing with my Ad-Aware, the file keeps showing up. Than, I just did "CleanUp". My computer is like slow sometimes, and when I go on Internet Explorer, I type in the address/URL, it says "Cannot find 'THE URL I TYPED'. Make sure the path or Internet address is correct." I'm pretty sure the address corrects because I have tried, www.google.com and www.yahoo.com. So now, I'm here. I hope someone can help me and I appreciate it. Oh yeah, I'm using Dial-Up, which is called PeoplePC. Here is my HiJackThis log.

Logfile of HijackThis v1.99.1
Scan saved at 5:48:08 PM, on 10/20/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\ProcessGuard\dcsuserprot.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\system32\PV92Tray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\PeoplePC Accelerated\propelac.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\ISP50\bin\bartshel.exe
C:\Program Files\ProcessGuard\pgaccount.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\AdsGone\adsgone.exe
C:\PROGRA~1\ISP50\bin\ppshared.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Sang\Desktop\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.peoplepc.com/search/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapp...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.home.peoplepc.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8081
O2 - BHO: ZServObj Class - {00000000-C1EC-0345-6EC2-4D0300000000} - C:\WINDOWS\ZServ.dll (file missing)
O2 - BHO: Band Class - {0007522A-2297-43C1-8EB1-C90B0FF20DA5} - C:\WINDOWS\enhtb.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1EFE605B-BC61-7CEB-D559-655504AF2F1A} - C:\WINDOWS\System32\bnkalbpd.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll
O2 - BHO: PeoplePal Toolbar - {A8FB8EB3-183B-4598-924D-86F0E5E37085} - C:\Program Files\PeoplePC\Toolbar\PPCToolbar.dll
O2 - BHO: (no name) - {B38CB8D8-A81F-46BE-B487-21B5BBE27643} - C:\WINDOWS\system32\icah.dll (file missing)
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: PeoplePal Toolbar - {A8FB8EB3-183B-4598-924D-86F0E5E37085} - C:\Program Files\PeoplePC\Toolbar\PPCToolbar.dll
O3 - Toolbar: MBKWBar - {EA5A82FB-D6BE-44F9-9363-B1ABABC153C1} - C:\Program Files\MBKWBar\IEToolBar.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [PV92TRAY] PV92Tray.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Propel Accelerator] "C:\Program Files\PeoplePC Accelerated\propelac.exe"
O4 - HKLM\..\Run: [Bart Station] C:\Program Files\ISP50\hta\station.sbrt
O4 - HKLM\..\Run: [won update] wapdate.exe
O4 - HKLM\..\Run: [!1_pgaccount] "C:\Program Files\ProcessGuard\pgaccount.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [zkqvrq] c:\windows\system32\hwnthr.exe r
O4 - HKLM\..\RunServices: [won update] wapdate.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: AdsGone.lnk = C:\Program Files\AdsGone\adsgone.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Refresh Pa&ge with Full Quality - C:\Program Files\PeoplePC Accelerated\pac-page.html
O8 - Extra context menu item: Refresh Pi&cture with Full Quality - C:\Program Files\PeoplePC Accelerated\pac-image.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O13 - DefaultPrefix:
O13 - WWW Prefix:
O16 - DPF: {11111111-1111-1111-1111-111111111732} - file://c:\progra~1\pl.exe
O16 - DPF: {11111111-1111-1111-1111-111111113456} - file://c:\info6.cab
O16 - DPF: {11120607-1001-1111-1000-110199901123} - ms-its:mhtml:file://C:\foo.mht!http://81.211.105.37...m::/on-line.exe
O16 - DPF: {192F9A01-8030-48CE-9BC6-B03DE3E613C6} (PeoplePC Web Installer) - http://www.peoplepc....oad/ppcwebi.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} - http://www.spywarest...es2/Install.cab
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} - http://install.wildt...iveLauncher.cab
O16 - DPF: {B94B4225-E02E-4D3F-BADB-026F1E2F3AD7} (HttpDownloader Control) - http://www.instantpl...xDownloader.cab
O18 - Filter: text/html - {934ABE31-0347-48EA-81C5-6514E13EC0E3} - C:\WINDOWS\system32\icah.dll
O20 - Winlogon Notify: iexplorer - C:\WINDOWS\SYSTEM32\iexplorer.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: DiamondCS Process Guard Service v3.000 (DCSPGSRV) - DiamondCS - C:\Program Files\ProcessGuard\dcsuserprot.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

Edited by dopeysang, 20 October 2005 - 07:07 PM.

[Advertisements]

Hi there dopeysang and welcome
Sorry for the delay in response could you post back a fresh HJT log for me please

[don77]

Hi there dopeysang and welcome
Sorry for the delay in response could you post back a fresh HJT log for me please

[dopeysang]

Yeah! I got someone to help me. =D Sure, i can do a FRESH HJT log. Here it is:

Logfile of HijackThis v1.99.1
Scan saved at 5:19:50 PM, on 10/27/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\ProcessGuard\dcsuserprot.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\system32\PV92Tray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\PeoplePC Accelerated\propelac.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\ISP50\bin\bartshel.exe
C:\Program Files\ProcessGuard\pgaccount.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\ISP50\bin\ppshared.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\ISP50\bin\bartshel.exe
C:\PROGRA~1\ISP50\dialer\DIALER.EXE
C:\Program Files\AIM\aim.exe
C:\Documents and Settings\Sang\My Documents\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.peoplepc.com/search/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapp...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.home.peoplepc.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8081
O2 - BHO: ZServObj Class - {00000000-C1EC-0345-6EC2-4D0300000000} - C:\WINDOWS\ZServ.dll (file missing)
O2 - BHO: Band Class - {0007522A-2297-43C1-8EB1-C90B0FF20DA5} - C:\WINDOWS\enhtb.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1EFE605B-BC61-7CEB-D559-655504AF2F1A} - C:\WINDOWS\System32\bnkalbpd.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll
O2 - BHO: PeoplePal Toolbar - {A8FB8EB3-183B-4598-924D-86F0E5E37085} - C:\Program Files\PeoplePC\Toolbar\PPCToolbar.dll
O2 - BHO: (no name) - {B38CB8D8-A81F-46BE-B487-21B5BBE27643} - C:\WINDOWS\system32\icah.dll (file missing)
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: PeoplePal Toolbar - {A8FB8EB3-183B-4598-924D-86F0E5E37085} - C:\Program Files\PeoplePC\Toolbar\PPCToolbar.dll
O3 - Toolbar: MBKWBar - {EA5A82FB-D6BE-44F9-9363-B1ABABC153C1} - C:\Program Files\MBKWBar\IEToolBar.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [PV92TRAY] PV92Tray.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Propel Accelerator] "C:\Program Files\PeoplePC Accelerated\propelac.exe"
O4 - HKLM\..\Run: [Bart Station] C:\Program Files\ISP50\hta\station.sbrt
O4 - HKLM\..\Run: [won update] wapdate.exe
O4 - HKLM\..\Run: [!1_pgaccount] "C:\Program Files\ProcessGuard\pgaccount.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [zkqvrq] c:\windows\system32\hwnthr.exe r
O4 - HKLM\..\RunServices: [won update] wapdate.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: AdsGone.lnk = C:\Program Files\AdsGone\adsgone.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Refresh Pa&ge with Full Quality - C:\Program Files\PeoplePC Accelerated\pac-page.html
O8 - Extra context menu item: Refresh Pi&cture with Full Quality - C:\Program Files\PeoplePC Accelerated\pac-image.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O13 - DefaultPrefix:
O13 - WWW Prefix:
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {11111111-1111-1111-1111-111111111732} - file://c:\progra~1\pl.exe
O16 - DPF: {11111111-1111-1111-1111-111111113456} - file://c:\info6.cab
O16 - DPF: {11120607-1001-1111-1000-110199901123} - ms-its:mhtml:file://C:\foo.mht!http://81.211.105.37...m::/on-line.exe
O16 - DPF: {192F9A01-8030-48CE-9BC6-B03DE3E613C6} (PeoplePC Web Installer) - http://www.peoplepc....oad/ppcwebi.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} - http://www.spywarest...es2/Install.cab
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} - http://install.wildt...iveLauncher.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {B94B4225-E02E-4D3F-BADB-026F1E2F3AD7} (HttpDownloader Control) - http://www.instantpl...xDownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{88A5C2CE-C230-4D6B-94F1-4CD0A46ED74C}: NameServer = 205.171.3.65 205.171.2.65
O18 - Filter: text/html - {934ABE31-0347-48EA-81C5-6514E13EC0E3} - C:\WINDOWS\system32\icah.dll
O20 - Winlogon Notify: iexplorer - C:\WINDOWS\SYSTEM32\iexplorer.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: DiamondCS Process Guard Service v3.000 (DCSPGSRV) - DiamondCS - C:\Program Files\ProcessGuard\dcsuserprot.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

[don77]

BEFORE BEGINNING, Please read completely through the instructions below and download the files from the links provided. You may want to save or print out these instructions for easier reference.

First, download Ewido Security Suite.

Next, download Lavasoft's Ad-Aware and the VX2 Cleaner Plug-in. Install Ad-Aware using the default options, then install vx2cleaner_inst.exe, taking all the defaults there as well.

Run Ad-Aware, update to the latest definitions, then click on Add-ons in the lefthand column. Select VX2 Cleaner V2.0 and click Run Tool. Click "OK", then, if something is found, click "Clean" as in the directions given. Click "Close", and exit Ad-Aware.

Reboot your PC and run Ad-Aware again. This time, click on the Start button in Ad-Aware, select "Perform smart system scan" and click Next. Once the scan finishes, click "Next" again. Select all objects found (right click anywhere in the list of found objects and click "Select All Objects"). Click "Next" one more time, then "OK" to confirm the removal.

You will be prompted to set Ad-Aware to run on reboot, click "OK". Exit Ad-Aware and restart your PC once again.

When Ad-Aware starts up, click on "Start", then "Next". Follow the steps above if anything is found, or click "Finish", then exit Ad-Aware.

For a final cleanup, please install and run Ewido.

• When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
• When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.
• From the main ewido screen, click on update in the left menu, then click the Start update button.
• After the update finishes (the status bar at the bottom will display "Update successful")
• Click on the Scanner button in the left menu, then click on Complete System Scan. This scan can take quite a while to run.
• If ewido finds anything, it will pop up a notification. We have been finding some cases of false positives with the new version of Ewido, so we need to step through the fixes one-by-one. If Ewido finds something that you KNOW is legitimate (for example, parts of AVG Antivirus, pcAnywhere and the game "Risk" have been flagged), select "none" as the action. DO NOT check "Perform action with all infections". If you are unsure of an entry, select "none" for the time being. I'll see that in the log you will post later and let you know if ewido needs to be run again.
• When the scan finishes, click on "Save Report". This will create a text file. Make sure you know where to find this file again.

Please finish up by rebooting your system once more, and posting a new HijackThis log and the log from the Ewido scan.

[dopeysang]

Okay, I'm done Don77. I did everything what you said. ^^ I was surprised there was 242 Infections with the Ewido program & about 56 on Ad-Aware. o.O Jeeze, I don't like my brother on my comp, so many infections. Thanks for you're help so far. =D Here's the new HJL:

Logfile of HijackThis v1.99.1
Scan saved at 10:27:57 PM, on 10/27/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\ProcessGuard\dcsuserprot.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\system32\PV92Tray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\PeoplePC Accelerated\propelac.exe
C:\Program Files\ISP50\bin\bartshel.exe
C:\Program Files\ProcessGuard\pgaccount.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\AdsGone\adsgone.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\PROGRA~1\ISP50\bin\ppshared.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ISP50\bin\bartshel.exe
C:\PROGRA~1\ISP50\dialer\DIALER.EXE
C:\Documents and Settings\Sang\My Documents\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.peoplepc.com/search/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapp...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.home.peoplepc.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8081
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1EFE605B-BC61-7CEB-D559-655504AF2F1A} - C:\WINDOWS\System32\bnkalbpd.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll
O2 - BHO: PeoplePal Toolbar - {A8FB8EB3-183B-4598-924D-86F0E5E37085} - C:\Program Files\PeoplePC\Toolbar\PPCToolbar.dll
O2 - BHO: (no name) - {B38CB8D8-A81F-46BE-B487-21B5BBE27643} - C:\WINDOWS\system32\icah.dll (file missing)
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: PeoplePal Toolbar - {A8FB8EB3-183B-4598-924D-86F0E5E37085} - C:\Program Files\PeoplePC\Toolbar\PPCToolbar.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [PV92TRAY] PV92Tray.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Propel Accelerator] "C:\Program Files\PeoplePC Accelerated\propelac.exe"
O4 - HKLM\..\Run: [Bart Station] C:\Program Files\ISP50\hta\station.sbrt
O4 - HKLM\..\Run: [won update] wapdate.exe
O4 - HKLM\..\Run: [!1_pgaccount] "C:\Program Files\ProcessGuard\pgaccount.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\RunServices: [won update] wapdate.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: AdsGone.lnk = C:\Program Files\AdsGone\adsgone.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Refresh Pa&ge with Full Quality - C:\Program Files\PeoplePC Accelerated\pac-page.html
O8 - Extra context menu item: Refresh Pi&cture with Full Quality - C:\Program Files\PeoplePC Accelerated\pac-image.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {11111111-1111-1111-1111-111111111732} - file://c:\progra~1\pl.exe
O16 - DPF: {192F9A01-8030-48CE-9BC6-B03DE3E613C6} (PeoplePC Web Installer) - http://www.peoplepc....oad/ppcwebi.cab
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} - http://install.wildt...iveLauncher.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {B94B4225-E02E-4D3F-BADB-026F1E2F3AD7} (HttpDownloader Control) - http://www.instantpl...xDownloader.cab
O20 - Winlogon Notify: iexplorer - iexplorer.dll (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: DiamondCS Process Guard Service v3.000 (DCSPGSRV) - DiamondCS - C:\Program Files\ProcessGuard\dcsuserprot.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

The LOG for Ewido

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 10:22:54 PM, 10/27/2005
+ Report-Checksum: 76D9C1DC

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{0007522A-2297-43C1-8EB1-C90B0FF20DA5} -> Spyware.ShopNav : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -> Spyware.MiniBug : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{EA5A82FB-D6BE-44F9-9363-B1ABABC153C1} -> Spyware.BetterInternet : Cleaned with backup
HKLM\SOFTWARE\Classes\IEToolBar.ToolBarImpl\CLSID\\ -> Spyware.BetterInternet : Cleaned with backup
HKLM\SOFTWARE\Classes\IEToolBar.ToolBarImpl.1\CLSID\\ -> Spyware.BetterInternet : Cleaned with backup
HKLM\SOFTWARE\Classes\MiniBugTransporter.MiniBugTransporterX\CLSID\\ -> Spyware.MiniBug : Cleaned with backup
HKLM\SOFTWARE\Classes\MiniBugTransporter.MiniBugTransporterX.1\CLSID\\ -> Spyware.MiniBug : Cleaned with backup
HKLM\SOFTWARE\Classes\PeoplePC.FixedBandBHO\CLSID\\ -> Spyware.BandObjects : Cleaned with backup
HKLM\SOFTWARE\Classes\PeoplePC.FixedBandBHO.1\CLSID\\ -> Spyware.BandObjects : Cleaned with backup
HKLM\SOFTWARE\ISP50RegistryBackup\HKCR\CLSID\{3DE88907-3E38-11D4-BEB2-CBE76C0598DD} -> Spyware.BandObjects : Cleaned with backup
HKLM\SOFTWARE\ISP50RegistryBackup\HKCR\PeoplePC.FixedBandBHO\CLSID\\ -> Spyware.BandObjects : Cleaned with backup
HKLM\SOFTWARE\ISP50RegistryBackup\HKCR\PeoplePC.FixedBandBHO.1\CLSID\\ -> Spyware.BandObjects : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{11111111-1111-1111-1111-111111113456} -> Spyware.TrojanActiveX.A : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{EA5A82FB-D6BE-44F9-9363-B1ABABC153C1} -> Spyware.BetterInternet : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0007522A-2297-43C1-8EB1-C90B0FF20DA5} -> Spyware.ShopNav : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/mfc42.dll\\{9EB320CE-BE1D-4304-A081-4B4665414BEF} -> Spyware.PurityScan : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/msvcrt.dll\\{9EB320CE-BE1D-4304-A081-4B4665414BEF} -> Spyware.PurityScan : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/olepro32.dll\\{9EB320CE-BE1D-4304-A081-4B4665414BEF} -> Spyware.PurityScan : Cleaned with backup
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{43F02779-6D88-4958-8AD3-83C12D86ADC7} -> Spyware.AdvancedSearchbar : Cleaned with backup
HKU\S-1-5-21-1343024091-1958367476-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-C1EC-0345-6EC2-4D0300000000} -> Spyware.Transponder : Cleaned with backup
HKU\S-1-5-21-1343024091-1958367476-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0007522A-2297-43C1-8EB1-C90B0FF20DA5} -> Spyware.ShopNav : Cleaned with backup
HKU\S-1-5-21-1343024091-1958367476-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EA5A82FB-D6BE-44F9-9363-B1ABABC153C1} -> Spyware.BetterInternet : Cleaned with backup
HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{43F02779-6D88-4958-8AD3-83C12D86ADC7} -> Spyware.AdvancedSearchbar : Error during cleaning
:mozilla.31:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\inzhsud7.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.32:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\inzhsud7.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.33:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\inzhsud7.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.34:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\inzhsud7.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.35:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\inzhsud7.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.39:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\inzhsud7.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.40:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\inzhsud7.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.41:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\inzhsud7.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.42:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\inzhsud7.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.43:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\inzhsud7.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.44:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\inzhsud7.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.49:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\inzhsud7.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.54:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\inzhsud7.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.61:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\inzhsud7.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.62:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\inzhsud7.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.68:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\inzhsud7.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.69:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\inzhsud7.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.70:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\inzhsud7.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.109:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\inzhsud7.default\cookies.txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
:mozilla.131:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\inzhsud7.default\cookies.txt -> Spyware.Cookie.Euniverseads : Cleaned with backup
:mozilla.132:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\inzhsud7.default\cookies.txt -> Spyware.Cookie.Euniverseads : Cleaned with backup
:mozilla.11:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\kqrhhz8d.slt\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.12:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\kqrhhz8d.slt\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.13:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\kqrhhz8d.slt\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.24:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\kqrhhz8d.slt\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.28:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\kqrhhz8d.slt\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.29:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\kqrhhz8d.slt\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.30:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\kqrhhz8d.slt\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.31:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\kqrhhz8d.slt\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.32:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\kqrhhz8d.slt\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.37:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\kqrhhz8d.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.38:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\kqrhhz8d.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.39:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\kqrhhz8d.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.40:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\kqrhhz8d.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.41:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\kqrhhz8d.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.42:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\kqrhhz8d.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.47:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\kqrhhz8d.slt\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.48:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\kqrhhz8d.slt\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.49:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\kqrhhz8d.slt\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.50:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\kqrhhz8d.slt\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.51:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\kqrhhz8d.slt\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.59:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\kqrhhz8d.slt\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.88:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\kqrhhz8d.slt\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.89:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\kqrhhz8d.slt\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.93:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\kqrhhz8d.slt\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.94:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\kqrhhz8d.slt\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.137:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\kqrhhz8d.slt\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.138:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\kqrhhz8d.slt\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.142:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\kqrhhz8d.slt\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.150:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\kqrhhz8d.slt\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
:mozilla.156:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\kqrhhz8d.slt\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.157:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\kqrhhz8d.slt\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.158:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\kqrhhz8d.slt\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.159:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\kqrhhz8d.slt\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.160:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\kqrhhz8d.slt\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.167:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\kqrhhz8d.slt\cookies.txt -> Spyware.Cookie.Valuead : Cleaned with backup
:mozilla.168:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\kqrhhz8d.slt\cookies.txt -> Spyware.Cookie.Valuead : Cleaned with backup
:mozilla.169:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\kqrhhz8d.slt\cookies.txt -> Spyware.Cookie.Valuead : Cleaned with backup
:mozilla.184:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\kqrhhz8d.slt\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.185:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\kqrhhz8d.slt\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.206:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\kqrhhz8d.slt\cookies.txt -> Spyware.Cookie.Masterstats : Cleaned with backup
:mozilla.30:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\Nick\p7uiet28.slt\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.31:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\Nick\p7uiet28.slt\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.42:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\Nick\p7uiet28.slt\cookies.txt -> Spyware.Cookie.Targetnet : Cleaned with backup
:mozilla.43:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\Nick\p7uiet28.slt\cookies.txt -> Spyware.Cookie.Targetnet : Cleaned with backup
:mozilla.44:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\Nick\p7uiet28.slt\cookies.txt -> Spyware.Cookie.Targetnet : Cleaned with backup
:mozilla.47:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\Nick\p7uiet28.slt\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.48:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\Nick\p7uiet28.slt\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.49:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\Nick\p7uiet28.slt\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.50:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\Nick\p7uiet28.slt\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.51:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\Nick\p7uiet28.slt\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.52:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\Nick\p7uiet28.slt\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.53:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\Nick\p7uiet28.slt\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.54:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\Nick\p7uiet28.slt\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.58:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\Nick\p7uiet28.slt\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.59:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\Nick\p7uiet28.slt\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.64:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\Nick\p7uiet28.slt\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
:mozilla.75:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\Nick\p7uiet28.slt\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.76:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\Nick\p7uiet28.slt\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.77:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\Nick\p7uiet28.slt\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.78:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\Nick\p7uiet28.slt\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.79:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\Nick\p7uiet28.slt\cookies.txt -> Spyware.Cookie.Addynamix : Cleaned with backup
:mozilla.80:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\Nick\p7uiet28.slt\cookies.txt -> Spyware.Cookie.Addynamix : Cleaned with backup
:mozilla.81:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\Nick\p7uiet28.slt\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.82:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\Nick\p7uiet28.slt\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.94:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\Nick\p7uiet28.slt\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.95:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\Nick\p7uiet28.slt\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.96:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\Nick\p7uiet28.slt\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.97:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\Nick\p7uiet28.slt\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.98:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\Nick\p7uiet28.slt\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.104:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\Nick\p7uiet28.slt\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.105:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\Nick\p7uiet28.slt\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.106:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\Nick\p7uiet28.slt\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.109:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\Nick\p7uiet28.slt\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.110:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\Nick\p7uiet28.slt\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.143:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\Nick\p7uiet28.slt\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.144:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\Nick\p7uiet28.slt\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.146:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\Nick\p7uiet28.slt\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.147:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\Nick\p7uiet28.slt\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.148:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\Nick\p7uiet28.slt\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.178:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\Nick\p7uiet28.slt\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.180:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\Nick\p7uiet28.slt\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.181:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\Nick\p7uiet28.slt\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.222:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\Nick\p7uiet28.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.223:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\Nick\p7uiet28.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.224:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\Nick\p7uiet28.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.225:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\Nick\p7uiet28.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.226:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\Nick\p7uiet28.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.227:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\Nick\p7uiet28.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.228:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\Nick\p7uiet28.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.229:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\Nick\p7uiet28.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.230:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\Nick\p7uiet28.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.231:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\Nick\p7uiet28.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.232:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\Nick\p7uiet28.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.233:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\Nick\p7uiet28.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.234:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\Nick\p7uiet28.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.235:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\Nick\p7uiet28.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.236:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\Nick\p7uiet28.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.237:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\Nick\p7uiet28.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.238:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\Nick\p7uiet28.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.240:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\Nick\p7uiet28.slt\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.241:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\Nick\p7uiet28.slt\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.243:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\Nick\p7uiet28.slt\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.247:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\Nick\p7uiet28.slt\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.254:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\Nick\p7uiet28.slt\cookies.txt -> Spyware.Cookie.Spylog : Cleaned with backup
:mozilla.275:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\Nick\p7uiet28.slt\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.277:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\Nick\p7uiet28.slt\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.278:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\Nick\p7uiet28.slt\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.279:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\Nick\p7uiet28.slt\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.281:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\Nick\p7uiet28.slt\cookies.txt -> Spyware.Cookie.Valuead : Cleaned with backup
:mozilla.282:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\Nick\p7uiet28.slt\cookies.txt -> Spyware.Cookie.Valuead : Cleaned with backup
:mozilla.283:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\Nick\p7uiet28.slt\cookies.txt -> Spyware.Cookie.Valuead : Cleaned with backup
:mozilla.284:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\Nick\p7uiet28.slt\cookies.txt -> Spyware.Cookie.Valuead : Cleaned with backup
:mozilla.10:C:\Documents and Settings\Sang\Application Data\Mozilla\Firefox\Profiles\xqhrnbmg.Sang\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.11:C:\Documents and Settings\Sang\Application Data\Mozilla\Firefox\Profiles\xqhrnbmg.Sang\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.13:C:\Documents and Settings\Sang\Application Data\Mozilla\Firefox\Profiles\xqhrnbmg.Sang\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.43:C:\Documents and Settings\Sang\Application Data\Mozilla\Firefox\Profiles\xqhrnbmg.Sang\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.44:C:\Documents and Settings\Sang\Application Data\Mozilla\Firefox\Profiles\xqhrnbmg.Sang\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.51:C:\Documents and Settings\Sang\Application Data\Mozilla\Firefox\Profiles\xqhrnbmg.Sang\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.52:C:\Documents and Settings\Sang\Application Data\Mozilla\Firefox\Profiles\xqhrnbmg.Sang\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.66:C:\Documents and Settings\Sang\Application Data\Mozilla\Firefox\Profiles\xqhrnbmg.Sang\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.67:C:\Documents and Settings\Sang\Application Data\Mozilla\Firefox\Profiles\xqhrnbmg.Sang\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.68:C:\Documents and Settings\Sang\Application Data\Mozilla\Firefox\Profiles\xqhrnbmg.Sang\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.69:C:\Documents and Settings\Sang\Application Data\Mozilla\Firefox\Profiles\xqhrnbmg.Sang\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.70:C:\Documents and Settings\Sang\Application Data\Mozilla\Firefox\Profiles\xqhrnbmg.Sang\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.71:C:\Documents and Settings\Sang\Application Data\Mozilla\Firefox\Profiles\xqhrnbmg.Sang\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.74:C:\Documents and Settings\Sang\Application Data\Mozilla\Firefox\Profiles\xqhrnbmg.Sang\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.75:C:\Documents and Settings\Sang\Application Data\Mozilla\Firefox\Profiles\xqhrnbmg.Sang\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.76:C:\Documents and Settings\Sang\Application Data\Mozilla\Firefox\Profiles\xqhrnbmg.Sang\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.77:C:\Documents and Settings\Sang\Application Data\Mozilla\Firefox\Profiles\xqhrnbmg.Sang\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.78:C:\Documents and Settings\Sang\Application Data\Mozilla\Firefox\Profiles\xqhrnbmg.Sang\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.79:C:\Documents and Settings\Sang\Application Data\Mozilla\Firefox\Profiles\xqhrnbmg.Sang\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.80:C:\Documents and Settings\Sang\Application Data\Mozilla\Firefox\Profiles\xqhrnbmg.Sang\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.81:C:\Documents and Settings\Sang\Application Data\Mozilla\Firefox\Profiles\xqhrnbmg.Sang\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.82:C:\Documents and Settings\Sang\Application Data\Mozilla\Firefox\Profiles\xqhrnbmg.Sang\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.86:C:\Documents and Settings\Sang\Application Data\Mozilla\Firefox\Profiles\xqhrnbmg.Sang\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.113:C:\Documents and Settings\Sang\Application Data\Mozilla\Firefox\Profiles\xqhrnbmg.Sang\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.114:C:\Documents and Settings\Sang\Application Data\Mozilla\Firefox\Profiles\xqhrnbmg.Sang\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.115:C:\Documents and Settings\Sang\Application Data\Mozilla\Firefox\Profiles\xqhrnbmg.Sang\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.116:C:\Documents and Settings\Sang\Application Data\Mozilla\Firefox\Profiles\xqhrnbmg.Sang\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.117:C:\Documents and Settings\Sang\Application Data\Mozilla\Firefox\Profiles\xqhrnbmg.Sang\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.118:C:\Documents and Settings\Sang\Application Data\Mozilla\Firefox\Profiles\xqhrnbmg.Sang\cookies.txt -> Spyware.Cookie.Targetnet : Cleaned with backup
:mozilla.119:C:\Documents and Settings\Sang\Application Data\Mozilla\Firefox\Profiles\xqhrnbmg.Sang\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.120:C:\Documents and Settings\Sang\Application Data\Mozilla\Firefox\Profiles\xqhrnbmg.Sang\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.121:C:\Documents and Settings\Sang\Application Data\Mozilla\Firefox\Profiles\xqhrnbmg.Sang\cookies.txt -> Spyware.Cookie.Targetnet : Cleaned with backup
:mozilla.122:C:\Documents and Settings\Sang\Application Data\Mozilla\Firefox\Profiles\xqhrnbmg.Sang\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.123:C:\Documents and Settings\Sang\Application Data\Mozilla\Firefox\Profiles\xqhrnbmg.Sang\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.124:C:\Documents and Settings\Sang\Application Data\Mozilla\Firefox\Profiles\xqhrnbmg.Sang\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.127:C:\Documents and Settings\Sang\Application Data\Mozilla\Firefox\Profiles\xqhrnbmg.Sang\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.128:C:\Documents and Settings\Sang\Application Data\Mozilla\Firefox\Profiles\xqhrnbmg.Sang\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.129:C:\Documents and Settings\Sang\Application Data\Mozilla\Firefox\Profiles\xqhrnbmg.Sang\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.130:C:\Documents and Settings\Sang\Application Data\Mozilla\Firefox\Profiles\xqhrnbmg.Sang\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.138:C:\Documents and Settings\Sang\Application Data\Mozilla\Firefox\Profiles\xqhrnbmg.Sang\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.139:C:\Documents and Settings\Sang\Application Data\Mozilla\Firefox\Profiles\xqhrnbmg.Sang\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.150:C:\Documents and Settings\Sang\Application Data\Mozilla\Firefox\Profiles\xqhrnbmg.Sang\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.152:C:\Documents and Settings\Sang\Application Data\Mozilla\Firefox\Profiles\xqhrnbmg.Sang\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
:mozilla.187:C:\Documents and Settings\Sang\Application Data\Mozilla\Firefox\Profiles\xqhrnbmg.Sang\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.188:C:\Documents and Settings\Sang\Application Data\Mozilla\Firefox\Profiles\xqhrnbmg.Sang\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.212:C:\Documents and Settings\Sang\Application Data\Mozilla\Firefox\Profiles\xqhrnbmg.Sang\cookies.txt -> Spyware.Cookie.Adbrite : Cleaned with backup
:mozilla.213:C:\Documents and Settings\Sang\Application Data\Mozilla\Firefox\Profiles\xqhrnbmg.Sang\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.214:C:\Documents and Settings\Sang\Application Data\Mozilla\Firefox\Profiles\xqhrnbmg.Sang\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.215:C:\Documents and Settings\Sang\Application Data\Mozilla\Firefox\Profiles\xqhrnbmg.Sang\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.216:C:\Documents and Settings\Sang\Application Data\Mozilla\Firefox\Profiles\xqhrnbmg.Sang\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.217:C:\Documents and Settings\Sang\Application Data\Mozilla\Firefox\Profiles\xqhrnbmg.Sang\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.218:C:\Documents and Settings\Sang\Application Data\Mozilla\Firefox\Profiles\xqhrnbmg.Sang\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
:mozilla.234:C:\Documents and Settings\Sang\Application Data\Mozilla\Firefox\Profiles\xqhrnbmg.Sang\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.242:C:\Documents and Settings\Sang\Application Data\Mozilla\Firefox\Profiles\xqhrnbmg.Sang\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.243:C:\Documents and Settings\Sang\Application Data\Mozilla\Firefox\Profiles\xqhrnbmg.Sang\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.244:C:\Documents and Settings\Sang\Application Data\Mozilla\Firefox\Profiles\xqhrnbmg.Sang\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.245:C:\Documents and Settings\Sang\Application Data\Mozilla\Firefox\Profiles\xqhrnbmg.Sang\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.257:C:\Documents and Settings\Sang\Application Data\Mozilla\Firefox\Profiles\xqhrnbmg.Sang\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.258:C:\Documents and Settings\Sang\Application Data\Mozilla\Firefox\Profiles\xqhrnbmg.Sang\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.262:C:\Documents and Settings\Sang\Application Data\Mozilla\Firefox\Profiles\xqhrnbmg.Sang\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.263:C:\Documents and Settings\Sang\Application Data\Mozilla\Firefox\Profiles\xqhrnbmg.Sang\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.264:C:\Documents and Settings\Sang\Application Data\Mozilla\Firefox\Profiles\xqhrnbmg.Sang\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.265:C:\Documents and Settings\Sang\Application Data\Mozilla\Firefox\Profiles\xqhrnbmg.Sang\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.267:C:\Documents and Settings\Sang\Application Data\Mozilla\Firefox\Profiles\xqhrnbmg.Sang\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.269:C:\Documents and Settings\Sang\Application Data\Mozilla\Firefox\Profiles\xqhrnbmg.Sang\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.282:C:\Documents and Settings\Sang\Application Data\Mozilla\Firefox\Profiles\xqhrnbmg.Sang\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.292:C:\Documents and Settings\Sang\Application Data\Mozilla\Firefox\Profiles\xqhrnbmg.Sang\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.294:C:\Documents and Settings\Sang\Application Data\Mozilla\Firefox\Profiles\xqhrnbmg.Sang\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.295:C:\Documents and Settings\Sang\Application Data\Mozilla\Firefox\Profiles\xqhrnbmg.Sang\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.297:C:\Documents and Settings\Sang\Application Data\Mozilla\Firefox\Profiles\xqhrnbmg.Sang\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.304:C:\Documents and Settings\Sang\Application Data\Mozilla\Firefox\Profiles\xqhrnbmg.Sang\cookies.txt -> Spyware.Cookie.Ne : Cleaned with backup
:mozilla.334:C:\Documents and Settings\Sang\Application Data\Mozilla\Firefox\Profiles\xqhrnbmg.Sang\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.335:C:\Documents and Settings\Sang\Application Data\Mozilla\Firefox\Profiles\xqhrnbmg.Sang\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.344:C:\Documents and Settings\Sang\Application Data\Mozilla\Firefox\Profiles\xqhrnbmg.Sang\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.345:C:\Documents and Settings\Sang\Application Data\Mozilla\Firefox\Profiles\xqhrnbmg.Sang\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.346:C:\Documents and Settings\Sang\Application Data\Mozilla\Firefox\Profiles\xqhrnbmg.Sang\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.347:C:\Documents and Settings\Sang\Application Data\Mozilla\Firefox\Profiles\xqhrnbmg.Sang\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.348:C:\Documents and Settings\Sang\Application Data\Mozilla\Firefox\Profiles\xqhrnbmg.Sang\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.350:C:\Documents and Settings\Sang\Application Data\Mozilla\Firefox\Profiles\xqhrnbmg.Sang\cookies.txt -> Spyware.Cookie.Clickhype : Cleaned with backup
:mozilla.351:C:\Documents and Settings\Sang\Application Data\Mozilla\Firefox\Profiles\xqhrnbmg.Sang\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.386:C:\Documents and Settings\Sang\Application Data\Mozilla\Firefox\Profiles\xqhrnbmg.Sang\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup
:mozilla.387:C:\Documents and Settings\Sang\Application Data\Mozilla\Firefox\Profiles\xqhrnbmg.Sang\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup
C:\info6_s.cab/Information.exe -> Dialer.Generic : Error during cleaning
C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll -> Spyware.Wheaterbug : Cleaned with backup
C:\Program Files\MBKWBar\IEToolBar.dll -> Spyware.MBKWBar : Cleaned with backup
C:\WINDOWS\enhtb.exe -> Trojan.Imiserv.c : Cleaned with backup


::Report End

Edited by dopeysang, 27 October 2005 - 11:34 PM.

[don77]

That did what we wanted it to
Ok lets clean up the rest here,

Make sure you can view all Hidden Files/Folders


Please restart HJT put a check next to the following, close all open windows and click “Fix Checked”

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = about:blank
O2 - BHO: (no name) - {1EFE605B-BC61-7CEB-D559-655504AF2F1A} - C:\WINDOWS\System32\bnkalbpd.dll (file missing)
O2 - BHO: (no name) - {B38CB8D8-A81F-46BE-B487-21B5BBE27643} - C:\WINDOWS\system32\icah.dll (file missing)
O4 - HKLM\..\Run: [won update] wapdate.exe
O4 - HKLM\..\RunServices: [won update] wapdate.exe
O16 - DPF: {11111111-1111-1111-1111-111111111732} - file://c:\progra~1\pl.exe
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} - http://install.wildt...iveLauncher.cab
O20 - Winlogon Notify: iexplorer - iexplorer.dll (file missing)



Next Reboot into SAFE MODE
Search for and delete the Folders/Files highlighted in BOLD

wapdate.exe <--This will likely be sitting in your system32 folder


Restart your computer, Post back a fresh log please

[dopeysang]

Umm, I can't find the wapdate.exe. When I went on safemode, I went to my system32 folder, and i can't find it. Then, I used the search and I still can't find it. x]

But.. Here's the HJT log though.

Logfile of HijackThis v1.99.1
Scan saved at 2:56:25 PM, on 10/29/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\ProcessGuard\dcsuserprot.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\system32\PV92Tray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\PeoplePC Accelerated\propelac.exe
C:\Program Files\ISP50\bin\bartshel.exe
C:\Program Files\ProcessGuard\pgaccount.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ISP50\bin\ppshared.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\ISP50\bin\bartshel.exe
C:\PROGRA~1\ISP50\dialer\DIALER.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\Sang\My Documents\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.peoplepc.com/search/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapp...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.home.peoplepc.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8081
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll
O2 - BHO: PeoplePal Toolbar - {A8FB8EB3-183B-4598-924D-86F0E5E37085} - C:\Program Files\PeoplePC\Toolbar\PPCToolbar.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: PeoplePal Toolbar - {A8FB8EB3-183B-4598-924D-86F0E5E37085} - C:\Program Files\PeoplePC\Toolbar\PPCToolbar.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [PV92TRAY] PV92Tray.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Propel Accelerator] "C:\Program Files\PeoplePC Accelerated\propelac.exe"
O4 - HKLM\..\Run: [Bart Station] C:\Program Files\ISP50\hta\station.sbrt
O4 - HKLM\..\Run: [!1_pgaccount] "C:\Program Files\ProcessGuard\pgaccount.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: AdsGone.lnk = C:\Program Files\AdsGone\adsgone.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Refresh Pa&ge with Full Quality - C:\Program Files\PeoplePC Accelerated\pac-page.html
O8 - Extra context menu item: Refresh Pi&cture with Full Quality - C:\Program Files\PeoplePC Accelerated\pac-image.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {192F9A01-8030-48CE-9BC6-B03DE3E613C6} (PeoplePC Web Installer) - http://www.peoplepc....oad/ppcwebi.cab
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {B94B4225-E02E-4D3F-BADB-026F1E2F3AD7} (HttpDownloader Control) - http://www.instantpl...xDownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{88A5C2CE-C230-4D6B-94F1-4CD0A46ED74C}: NameServer = 205.171.3.65 205.171.2.65
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: DiamondCS Process Guard Service v3.000 (DCSPGSRV) - DiamondCS - C:\Program Files\ProcessGuard\dcsuserprot.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

[don77]

Nice job your log is clean !
How is it running ?
Please use the following suggestion to help prevent reinfection

*Be sure and rehide your hidden Files/Folder*
Click Start.

Open My Computer.

Select the Tools menu and click Folder Options.

Select the View Tab.

Under the Hidden files and folders heading uncheck Show hidden files and folders.

Check the Hide protected operating system files (recommended) option.

Click Yes to confirm.

Click OK.

Download the following program, For keeping crap off your system to begin with
Prevent the installation of ActiveX-based spyware, adware, browser hijackers, dialers, and other potentially unwanted pests. Block spyware/tracking cookies in Internet Explorer and Mozilla/Firefox. Restrict the actions of potentially dangerous sites in Internet Explorer.
Download Spyware Blaster

Keep AD-Aware. and Spybot 1.3 handy, Check them for updates prior to running and run them weekly
Same with your Anti Virus,

For an added check run an online virus scan, you can use one of the 2 below,
TrendMicro's HouseCall
ActiveScan

Be sure and give the Temp folders a cleaning out now and then as well, Make sure after you clean your Temp files to empty out your Recycle bin as well.
Click Start | Run | type in cleanmgr | OK

Let it scan your system for files to remove.

Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.

Press OK to remove them.


Remeber to Check Windows for updates

Probably a good time to create a new restore point See Here for XP

See Here for ME Name it clean or something like that,

[dopeysang]

It's running FINE. I can finally GO TO SITES on IE. Thank you so much for you're time to help me. =] I have Spyware Blaster but I don't get how it's used. I had it quite a long time when I was tryin to get rid of my virus/trojan/malware/spyware/etc. I don't get how it's used or HOW to use it. I'll do as you say. Thanks in ADVANCE! =D

[don77]

Did you install and check it for updates,, I sniped this from an article of Tony Klein's,

It will protect you from most spy/foistware in it's database by blocking installation of their ActiveX objects.

Download and install, download the latest updates, and you'll see a list of all spyware programs covered by the program (NOTE: this is NOT spyware found on your computer)
Press "select all", then "kill all checked", and you're done.
The spyware that you told Spywareblaster to set the "kill bit" for won't be a hazard to you any longer.
Although it won't protect you from every form of spyware known to man, it is a very potent extra layer of protection.
Don't forget to check for updates every week or so.

So basivally once its installed, your job is to check for updates weekly download the if any and thats it spywareblaster does the rest

[don77]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.