Can someone help me?

Discussion in 'Windows - Virus and spyware problems' started by frnresq, Oct 10, 2006.

Page 1 of 2
  1. frnresq

    frnresq Member

    Joined:
    Sep 14, 2004
    Messages:
    68
    Likes Received:
    0
    Trophy Points:
    16
    I followed steps you gave in other threads and here is the info from HjT and Ewido.

    ---------------------------------------------------------
    ewido anti-spyware - Scan Report
    ---------------------------------------------------------

    + Created at: 5:17:53 AM 10/10/2006

    + Scan result:



    C:\Program Files\NewDotNet -> Adware.NewDotNet : Cleaned with backup (quarantined).
    C:\Program Files\NewDotNet\newdotnet7_22.dll -> Adware.NewDotNet : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\New.net Startup -> Adware.NewDotNet : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\New.net -> Adware.NewDotNet : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\New.net -> Adware.NewDotNet : Cleaned with backup (quarantined).
    HKU\S-1-5-21-2000478354-688789844-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E} -> Adware.NewDotNet : Cleaned with backup (quarantined).
    HKU\S-1-5-21-2000478354-688789844-725345543-1003\Software\New.net -> Adware.NewDotNet : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\jkkighi.dll -> Adware.Virtumionde : Cleaned with backup (quarantined).
    C:\Documents and Settings\Shane Farr\Local Settings\Temp\Rar$EX00.125\snd-acousticacdlabelmaker2.55.keygen\keygen.exe -> Backdoor.Pakes : Cleaned with backup (quarantined).
    D:\Program Files\My Shared Folder\Acousticacdlabelmaker2.55.keygen.rar/snd-acousticacdlabelmaker2.55.keygen/keygen.exe -> Backdoor.Pakes : Error during cleaning.
    C:\23100247.exe -> Downloader.Small.dqp : Cleaned with backup (quarantined).
    C:\Documents and Settings\Shane Farr\Local Settings\Temp\crbrplin.dll -> Logger.VBStat.e : Cleaned with backup (quarantined).
    C:\Documents and Settings\Shane Farr\Local Settings\Temp\jjmblnir.dll -> Logger.VBStat.e : Cleaned with backup (quarantined).
    C:\Documents and Settings\Shane Farr\Cookies\shane farr@2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
    C:\Documents and Settings\Shane Farr\Cookies\shane farr@buycom.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
    C:\Documents and Settings\Shane Farr\Cookies\shane farr@z1.adserver[1].txt -> TrackingCookie.Adserver : Cleaned.
    C:\Documents and Settings\Shane Farr\Cookies\shane farr@advertising[1].txt -> TrackingCookie.Advertising : Cleaned.
    C:\Documents and Settings\Shane Farr\Cookies\shane farr@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
    C:\Documents and Settings\Shane Farr\Cookies\shane farr@bfast[2].txt -> TrackingCookie.Bfast : Cleaned.
    C:\Documents and Settings\Shane Farr\Cookies\shane farr@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned.
    C:\Documents and Settings\Shane Farr\Cookies\shane farr@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned.
    C:\Documents and Settings\Shane Farr\Cookies\shane farr@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
    C:\Documents and Settings\Shane Farr\Cookies\shane farr@c.enhance[1].txt -> TrackingCookie.Enhance : Cleaned.
    C:\Documents and Settings\Shane Farr\Cookies\shane farr@e-2dj6wfk4cpd5ccq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Shane Farr\Cookies\shane farr@e-2dj6wflokkdpkbq.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Shane Farr\Cookies\shane farr@e-2dj6wjlyqkdjohq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Shane Farr\Cookies\shane farr@as-us.falkag[1].txt -> TrackingCookie.Falkag : Cleaned.
    C:\Documents and Settings\Shane Farr\Cookies\shane farr@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned.
    C:\Documents and Settings\Shane Farr\Cookies\shane farr@ehg-bestbuy.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
    C:\Documents and Settings\Shane Farr\Cookies\shane farr@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
    C:\Documents and Settings\Shane Farr\Cookies\shane farr@linksynergy[2].txt -> TrackingCookie.Linksynergy : Cleaned.
    C:\Documents and Settings\Shane Farr\Cookies\shane farr@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
    C:\Documents and Settings\Shane Farr\Cookies\shane farr@stat.onestat[2].txt -> TrackingCookie.Onestat : Cleaned.
    C:\Documents and Settings\Shane Farr\Cookies\shane farr@overture[1].txt -> TrackingCookie.Overture : Cleaned.
    C:\Documents and Settings\Shane Farr\Cookies\shane farr@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned.
    C:\Documents and Settings\Shane Farr\Cookies\shane farr@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Cleaned.
    C:\Documents and Settings\Shane Farr\Cookies\shane farr@edge.ru4[2].txt -> TrackingCookie.Ru4 : Cleaned.
    C:\Documents and Settings\Shane Farr\Cookies\shane farr@statcounter[1].txt -> TrackingCookie.Statcounter : Cleaned.
    C:\Documents and Settings\Shane Farr\Cookies\shane farr@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned.
    C:\Documents and Settings\Shane Farr\Cookies\shane farr@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.
    C:\Documents and Settings\Shane Farr\Cookies\shane farr@c1.zedo[1].txt -> TrackingCookie.Zedo : Cleaned.
    C:\Documents and Settings\Shane Farr\Cookies\shane farr@zedo[1].txt -> TrackingCookie.Zedo : Cleaned.
    C:\WINDOWS\system32\gbethlns.dll -> Trojan.BHO.g : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\gfnrtcfa.dll -> Trojan.BHO.g : Cleaned with backup (quarantined).


    ::Report end

    Logfile of HijackThis v1.99.1
    Scan saved at 5:29:47 AM, on 10/10/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\WINDOWS\System32\GEARSec.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Norton Ghost\Agent\VProSvc.exe
    C:\Program Files\CyberLink\Shared files\RichVideo.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
    C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\Webroot\Accelerate\accelerate.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Norton Ghost\Agent\GhostTray.exe
    C:\Program Files\ewido anti-spyware 4.0\ewido.exe
    C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
    C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
    C:\Program Files\Linksys\WMP11 Config Utility\WMP11CFG.exe
    D:\HjT\HijackThis_v1.99.1.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: localhost 127.0.0.1
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {278B661A-14A8-D8B0-6AF4-03088B866149} - C:\WINDOWS\system32\unaoakg.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: (no name) - {849B9523-785F-4014-9CAF-079FB4A74C61} - C:\WINDOWS\system32\gbethlns.dll (file missing)
    O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
    O2 - BHO: (no name) - {F6757C82-AFFC-467E-BCC5-5C6AD2877CD9} - C:\WINDOWS\system32\pmkhi.dll
    O3 - Toolbar: &VSToolBar - {821F87FF-8245-4972-9E28-732E92EC2F51} - C:\Program Files\VSToolbar\VSToolBar.dll (file missing)
    O4 - HKLM\..\Run: [SoundMAXPnP] "C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe"
    O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
    O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
    O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
    O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
    O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
    O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
    O4 - HKLM\..\Run: [Accelerate] "C:\Program Files\Webroot\Accelerate\accelerate.exe" /S
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Norton Ghost 10.0] "C:\Program Files\Norton Ghost\Agent\GhostTray.exe"
    O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [AnyDVD] "C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe"
    O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Wireless PCI Card Configuration Utility.lnk = C:\Program Files\Linksys\WMP11 Config Utility\WMP11CFG.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
    O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
    O20 - Winlogon Notify: pmkhi - C:\WINDOWS\system32\pmkhi.dll
    O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
    O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

    Any help would be appreciated...THX
     
    frnresq, Oct 10, 2006
    #1
  2. maca1

    maca1 Regular member

    Joined:
    Mar 15, 2006
    Messages:
    630
    Likes Received:
    0
    Trophy Points:
    26
    Please download Vundofix.exe to your desktop http://www.atribune.org/ccount/click.php?id=4

    Double-click VundoFix.exe to run it.
    Click the Scan for Vundo button.
    Once it's done scanning, click the Remove Vundo button.
    You will receive a prompt asking if you want to remove the files, click YES
    Once you click yes, your desktop will go blank as it starts removing Vundo.
    When completed, it will prompt that it will reboot your computer, click OK.
    Please post the contents of C:\vundofix.txt and a fresh HijackThis log.

    Note: It is possible that VundoFix encountered a file it could not remove.
    In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.
     
    maca1, Oct 10, 2006
    #2
  3. frnresq

    frnresq Member

    Joined:
    Sep 14, 2004
    Messages:
    68
    Likes Received:
    0
    Trophy Points:
    16
    Ok, just got home from work and ran both and here is the results:


    VundoFix V6.2.1

    Checking Java version...

    Java version is 1.5.0.6

    Scan started at 4:55:05 PM 10/10/2006

    Listing files found while scanning....

    C:\WINDOWS\system32\pmkhi.dll
    C:\WINDOWS\system32\ihkmp.ini
    C:\WINDOWS\system32\ihkmp.bak1
    C:\WINDOWS\system32\ihkmp.bak2
    C:\WINDOWS\system32\qckaowfd.dll
    C:\WINDOWS\system32\unaoakg.dll
    C:\WINDOWS\system32\pvslfqyl.exe
    C:\WINDOWS\system32\pmkhi.dll
    C:\WINDOWS\system32\ihkmp.ini
    C:\WINDOWS\system32\ihkmp.bak1
    C:\WINDOWS\system32\ihkmp.bak2
    C:\WINDOWS\system32\ihkmp.ini
    C:\WINDOWS\system32\ihkmp.bak1
    C:\WINDOWS\system32\ihkmp.bak2

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\pmkhi.dll
    C:\WINDOWS\system32\pmkhi.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\ihkmp.ini
    C:\WINDOWS\system32\ihkmp.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\ihkmp.bak1
    C:\WINDOWS\system32\ihkmp.bak1 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\ihkmp.bak2
    C:\WINDOWS\system32\ihkmp.bak2 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\qckaowfd.dll
    C:\WINDOWS\system32\qckaowfd.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\unaoakg.dll
    C:\WINDOWS\system32\unaoakg.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\pvslfqyl.exe
    C:\WINDOWS\system32\pvslfqyl.exe Has been deleted!

    Performing Repairs to the registry.
    Done!



    Logfile of HijackThis v1.99.1
    Scan saved at 5:02:02 PM, on 10/10/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
    C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\Webroot\Accelerate\accelerate.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Norton Ghost\Agent\GhostTray.exe
    C:\Program Files\ewido anti-spyware 4.0\ewido.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
    C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
    C:\Program Files\Linksys\WMP11 Config Utility\WMP11CFG.exe
    C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\WINDOWS\System32\GEARSec.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Norton Ghost\Agent\VProSvc.exe
    C:\Program Files\CyberLink\Shared files\RichVideo.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\wuauclt.exe
    D:\HjT\HijackThis_v1.99.1.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: localhost 127.0.0.1
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {278B661A-14A8-D8B0-6AF4-03088B866149} - C:\WINDOWS\system32\unaoakg.dll (file missing)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: (no name) - {849B9523-785F-4014-9CAF-079FB4A74C61} - C:\WINDOWS\system32\gbethlns.dll (file missing)
    O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
    O2 - BHO: (no name) - {F6757C82-AFFC-467E-BCC5-5C6AD2877CD9} - C:\WINDOWS\system32\pmkhi.dll (file missing)
    O3 - Toolbar: &VSToolBar - {821F87FF-8245-4972-9E28-732E92EC2F51} - C:\Program Files\VSToolbar\VSToolBar.dll (file missing)
    O4 - HKLM\..\Run: [SoundMAXPnP] "C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe"
    O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
    O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
    O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
    O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
    O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
    O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
    O4 - HKLM\..\Run: [Accelerate] "C:\Program Files\Webroot\Accelerate\accelerate.exe" /S
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Norton Ghost 10.0] "C:\Program Files\Norton Ghost\Agent\GhostTray.exe"
    O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [AnyDVD] "C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe"
    O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Wireless PCI Card Configuration Utility.lnk = C:\Program Files\Linksys\WMP11 Config Utility\WMP11CFG.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
    O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
    O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
    O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

    Thank You
     
    frnresq, Oct 10, 2006
    #3
  4. maca1

    maca1 Regular member

    Joined:
    Mar 15, 2006
    Messages:
    630
    Likes Received:
    0
    Trophy Points:
    26
    Go to add/remove programs and remove:

    [bold]VSToolbar[/bold]

    Download
    http://www.ccleaner.com/

    Install.
    Deselect the Yahoo Toolbar if you don't need it.
    Start CCleaner.
    Click on the "Options" icon at the left side of the window, then click on "Advanced."
    Deselect "Only delete files in Windows Temp folders older than 48 hours".
    Click on the "Cleaner" icon on the left side of the window, then click Run Cleaner to run the program.
    After CCleaner has completed, click Exit.


    Run ActiveScan online virus scan:
    http://www.pandasoftware.com/products/activescan.htm
    Save the results from the scan when it finishes

    Paste the Panda report with a new hijackthis log here.
     
    Last edited: Oct 10, 2006
    maca1, Oct 10, 2006
    #4
  5. frnresq

    frnresq Member

    Joined:
    Sep 14, 2004
    Messages:
    68
    Likes Received:
    0
    Trophy Points:
    16
    wont let me uninstall VSToolbar....a window pops up and then disappears. Am i doing something wrong?
     
    frnresq, Oct 10, 2006
    #5
  6. maca1

    maca1 Regular member

    Joined:
    Mar 15, 2006
    Messages:
    630
    Likes Received:
    0
    Trophy Points:
    26
    Click [bold]Start -> Run[/bold]
    Type [bold]appwiz.cpl[/bold] in the open box.

    search the list for it and then click remove.
    If that's what you've already done, just continue on.

     
    maca1, Oct 10, 2006
    #6
  7. frnresq

    frnresq Member

    Joined:
    Sep 14, 2004
    Messages:
    68
    Likes Received:
    0
    Trophy Points:
    16
    Panda Report and new HjT:


    Incident Status Location

    Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\pmkhi.dll.bad
    Potentially unwanted tool:Application/VSToolbar Not disinfected C:\VundoFix Backups\pvslfqyl.exe.bad
    Adware:Adware/WebSearch Not disinfected C:\VundoFix Backups\qckaowfd.dll.bad
    Virus:Trj/DisableKey.A Disinfected C:\VundoFix Backups\unaoakg.dll.bad
    Adware:adware/winprotect Not disinfected C:\WINDOWS\balloon.wav
    Logfile of HijackThis v1.99.1
    Scan saved at 7:29:24 PM, on 10/10/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
    C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\Webroot\Accelerate\accelerate.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Norton Ghost\Agent\GhostTray.exe
    C:\Program Files\ewido anti-spyware 4.0\ewido.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
    C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
    C:\Program Files\Linksys\WMP11 Config Utility\WMP11CFG.exe
    C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\WINDOWS\System32\GEARSec.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Norton Ghost\Agent\VProSvc.exe
    C:\Program Files\CyberLink\Shared files\RichVideo.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\WINDOWS\system32\wscntfy.exe
    D:\HjT\HijackThis_v1.99.1.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: localhost 127.0.0.1
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {278B661A-14A8-D8B0-6AF4-03088B866149} - C:\WINDOWS\system32\unaoakg.dll (file missing)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: (no name) - {849B9523-785F-4014-9CAF-079FB4A74C61} - C:\WINDOWS\system32\gbethlns.dll (file missing)
    O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
    O2 - BHO: (no name) - {F6757C82-AFFC-467E-BCC5-5C6AD2877CD9} - C:\WINDOWS\system32\pmkhi.dll (file missing)
    O3 - Toolbar: &VSToolBar - {821F87FF-8245-4972-9E28-732E92EC2F51} - C:\Program Files\VSToolbar\VSToolBar.dll (file missing)
    O4 - HKLM\..\Run: [SoundMAXPnP] "C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe"
    O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
    O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
    O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
    O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
    O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
    O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
    O4 - HKLM\..\Run: [Accelerate] "C:\Program Files\Webroot\Accelerate\accelerate.exe" /S
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Norton Ghost 10.0] "C:\Program Files\Norton Ghost\Agent\GhostTray.exe"
    O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [AnyDVD] "C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe"
    O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Wireless PCI Card Configuration Utility.lnk = C:\Program Files\Linksys\WMP11 Config Utility\WMP11CFG.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
    O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
    O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

     
    frnresq, Oct 10, 2006
    #7
  8. maca1

    maca1 Regular member

    Joined:
    Mar 15, 2006
    Messages:
    630
    Likes Received:
    0
    Trophy Points:
    26
    Run Hijackthis and click Do a system scan only. place a check beside

    [bold]O2 - BHO: (no name) - {278B661A-14A8-D8B0-6AF4-03088B866149} - C:\WINDOWS\system32\unaoakg.dll (file missing)
    O2 - BHO: (no name) - {849B9523-785F-4014-9CAF-079FB4A74C61} - C:\WINDOWS\system32\gbethlns.dll (file missing)
    O2 - BHO: (no name) - {F6757C82-AFFC-467E-BCC5-5C6AD2877CD9} - C:\WINDOWS\system32\pmkhi.dll (file missing)
    O3 - Toolbar: &VSToolBar - {821F87FF-8245-4972-9E28-732E92EC2F51} - C:\Program Files\VSToolbar\VSToolBar.dll (file missing)[/bold]

    Click Fix Checked

    Go to My Computer -> Tools -> Folder Options -> View tab -> Select Show Hidden Files and Folders.

    Find and delete these in bold if still there:

    C:\WINDOWS\[bold]balloon.wav [/bold] <--file

    C:\Program Files\[bold]VSToolbar[/bold]\ <---folder

    C:\[bold]VundoFix Backups[/bold]\ <---folder

    post another hijackthis log
     
    maca1, Oct 10, 2006
    #8
  9. frnresq

    frnresq Member

    Joined:
    Sep 14, 2004
    Messages:
    68
    Likes Received:
    0
    Trophy Points:
    16
    New HjT:

    Logfile of HijackThis v1.99.1
    Scan saved at 7:53:57 PM, on 10/10/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
    C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\Webroot\Accelerate\accelerate.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Norton Ghost\Agent\GhostTray.exe
    C:\Program Files\ewido anti-spyware 4.0\ewido.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
    C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
    C:\Program Files\Linksys\WMP11 Config Utility\WMP11CFG.exe
    C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\WINDOWS\System32\GEARSec.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Norton Ghost\Agent\VProSvc.exe
    C:\Program Files\CyberLink\Shared files\RichVideo.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\WINDOWS\system32\wscntfy.exe
    D:\HjT\HijackThis_v1.99.1.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: localhost 127.0.0.1
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
    O4 - HKLM\..\Run: [SoundMAXPnP] "C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe"
    O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
    O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
    O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
    O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
    O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
    O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
    O4 - HKLM\..\Run: [Accelerate] "C:\Program Files\Webroot\Accelerate\accelerate.exe" /S
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Norton Ghost 10.0] "C:\Program Files\Norton Ghost\Agent\GhostTray.exe"
    O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [AnyDVD] "C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe"
    O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Wireless PCI Card Configuration Utility.lnk = C:\Program Files\Linksys\WMP11 Config Utility\WMP11CFG.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
    O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
    O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

     
    frnresq, Oct 10, 2006
    #9
  10. maca1

    maca1 Regular member

    Joined:
    Mar 15, 2006
    Messages:
    630
    Likes Received:
    0
    Trophy Points:
    26
    Log's clean. How are things? Hide your system files and folders again the same way.

    System Restore

    Turn off System Restore:
    click Start.
    Right-click My Computer, and then click Properties.
    On the System Restore tab, check Turn off System Restore
    Click Apply and Ok

    Turn back on System Restore:
    click Start.
    Right-click My Computer, and then click Properties.
    On the System Restore tab, uncheck Turn off System Restore.
    Click Apply and Ok
    This will create a new clean restore point.
     
    Last edited: Oct 11, 2006
    maca1, Oct 11, 2006
    #10
  11. frnresq

    frnresq Member

    Joined:
    Sep 14, 2004
    Messages:
    68
    Likes Received:
    0
    Trophy Points:
    16
    everything is running fine now. i appreciate all the help you gave me. Thanks again.
     
    frnresq, Oct 11, 2006
    #11
  12. maca1

    maca1 Regular member

    Joined:
    Mar 15, 2006
    Messages:
    630
    Likes Received:
    0
    Trophy Points:
    26
    You're welcome.
     
    maca1, Oct 11, 2006
    #12
  13. frnresq

    frnresq Member

    Joined:
    Sep 14, 2004
    Messages:
    68
    Likes Received:
    0
    Trophy Points:
    16
    Maca1 can you help me with my wifes PC?

    Ewido:

    ---------------------------------------------------------
    ewido anti-spyware - Scan Report
    ---------------------------------------------------------

    + Created at: 3:24:25 PM 10/11/2006

    + Scan result:



    C:\Program Files\Screensavers.com\Installer\bin\ScreensaversInst.dll -> Adware.Comet : Cleaned with backup (quarantined).
    C:\Program Files\eZula -> Adware.eZula : Cleaned with backup (quarantined).
    C:\Program Files\eZula\INSTALL.LOG -> Adware.eZula : Cleaned with backup (quarantined).
    C:\Program Files\eZula\Images -> Adware.eZula : Cleaned with backup (quarantined).
    C:\Program Files\eZula\Images\Layer_Bottom.gif -> Adware.eZula : Cleaned with backup (quarantined).
    C:\Program Files\eZula\Images\Layer_Center.gif -> Adware.eZula : Cleaned with backup (quarantined).
    C:\Program Files\eZula\Images\Layer_Top.gif -> Adware.eZula : Cleaned with backup (quarantined).
    C:\Program Files\eZula\Images\PopUp_Follow_Left.gif -> Adware.eZula : Cleaned with backup (quarantined).
    C:\Program Files\eZula\Images\PopUp_Follow_Off.gif -> Adware.eZula : Cleaned with backup (quarantined).
    C:\Program Files\eZula\Images\PopUp_Follow_On.gif -> Adware.eZula : Cleaned with backup (quarantined).
    C:\Program Files\eZula\Images\PopUp_Follow_Right.gif -> Adware.eZula : Cleaned with backup (quarantined).
    C:\Program Files\eZula\Images\PopUp_Follow_divider.gif -> Adware.eZula : Cleaned with backup (quarantined).
    C:\Program Files\eZula\Images\PopUp_Top.gif -> Adware.eZula : Cleaned with backup (quarantined).
    C:\Program Files\eZula\Images\PopUp_Top_Bottom.gif -> Adware.eZula : Cleaned with backup (quarantined).
    C:\Program Files\eZula\Images\Side_B.gif -> Adware.eZula : Cleaned with backup (quarantined).
    C:\Program Files\eZula\Images\Side_L.gif -> Adware.eZula : Cleaned with backup (quarantined).
    C:\Program Files\eZula\Images\Side_R.gif -> Adware.eZula : Cleaned with backup (quarantined).
    C:\Program Files\eZula\Images\Side_Top.gif -> Adware.eZula : Cleaned with backup (quarantined).
    C:\Program Files\eZula\Images\arrow1.gif -> Adware.eZula : Cleaned with backup (quarantined).
    C:\Program Files\eZula\Images\arrow2.gif -> Adware.eZula : Cleaned with backup (quarantined).
    C:\Program Files\eZula\Images\button_small.gif -> Adware.eZula : Cleaned with backup (quarantined).
    C:\Program Files\eZula\Images\icon.gif -> Adware.eZula : Cleaned with backup (quarantined).
    C:\Program Files\eZula\Images\new.gif -> Adware.eZula : Cleaned with backup (quarantined).
    C:\Program Files\eZula\Images\spacer.gif -> Adware.eZula : Cleaned with backup (quarantined).
    C:\Program Files\eZula\UNWISE.EXE -> Adware.eZula : Cleaned with backup (quarantined).
    C:\Program Files\eZula\backup.tmp -> Adware.eZula : Cleaned with backup (quarantined).
    C:\Program Files\eZula\basis.dst -> Adware.eZula : Cleaned with backup (quarantined).
    C:\Program Files\eZula\basis.kwd -> Adware.eZula : Cleaned with backup (quarantined).
    C:\Program Files\eZula\basis.pu -> Adware.eZula : Cleaned with backup (quarantined).
    C:\Program Files\eZula\basis.pu.dyn -> Adware.eZula : Cleaned with backup (quarantined).
    C:\Program Files\eZula\basis.rst -> Adware.eZula : Cleaned with backup (quarantined).
    C:\Program Files\eZula\eabh.dll -> Adware.eZula : Cleaned with backup (quarantined).
    C:\Program Files\eZula\genun.ez -> Adware.eZula : Cleaned with backup (quarantined).
    C:\Program Files\eZula\legend.lgn -> Adware.eZula : Cleaned with backup (quarantined).
    C:\Program Files\eZula\param.ez -> Adware.eZula : Cleaned with backup (quarantined).
    C:\Program Files\eZula\rwds.rst -> Adware.eZula : Cleaned with backup (quarantined).
    C:\Program Files\eZula\search.src -> Adware.eZula : Cleaned with backup (quarantined).
    C:\Program Files\eZula\upgrade.vrn -> Adware.eZula : Cleaned with backup (quarantined).
    C:\Program Files\eZula\version.vrn -> Adware.eZula : Cleaned with backup (quarantined).
    C:\Program Files\eZula\wndbannn.src -> Adware.eZula : Cleaned with backup (quarantined).
    C:\WINDOWS\iLookup -> Adware.eZula : Cleaned with backup (quarantined).
    C:\WINDOWS\iLookup\TTIL.exe -> Adware.eZula : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\AppID\eZulaBootExe.EXE -> Adware.Ezula : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\AppID\eZulaMain.EXE -> Adware.Ezula : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\EZulaAgent.PlugProt -> Adware.Ezula : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\EZulaAgent.PlugProt.1 -> Adware.Ezula : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\EZulaAgent.PlugProt\CLSID -> Adware.Ezula : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\EZulaAgent.PlugProt\CurVer -> Adware.Ezula : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\EZulaAgent.eZulaCtrlHost -> Adware.Ezula : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\EZulaAgent.eZulaCtrlHost.1 -> Adware.Ezula : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\EZulaAgent.eZulaCtrlHost\CLSID -> Adware.Ezula : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\EZulaAgent.eZulaCtrlHost\CurVer -> Adware.Ezula : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\EZulaBootExe.InstallCtrl -> Adware.Ezula : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\EZulaBootExe.InstallCtrl.1 -> Adware.Ezula : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\EZulaBootExe.InstallCtrl\CLSID -> Adware.Ezula : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\EZulaBootExe.InstallCtrl\CurVer -> Adware.Ezula : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\EZulaFSearchEng.PopupDisplay -> Adware.Ezula : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\EZulaFSearchEng.PopupDisplay.1 -> Adware.Ezula : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\EZulaFSearchEng.PopupDisplay\CLSID -> Adware.Ezula : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\EZulaFSearchEng.PopupDisplay\CurVer -> Adware.Ezula : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\EZulaFSearchEng.ResultHelper -> Adware.Ezula : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\EZulaFSearchEng.ResultHelper.1 -> Adware.Ezula : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\EZulaFSearchEng.ResultHelper\CLSID -> Adware.Ezula : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\EZulaFSearchEng.ResultHelper\CurVer -> Adware.Ezula : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\EZulaFSearchEng.SearchHelper -> Adware.Ezula : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\EZulaFSearchEng.SearchHelper.1 -> Adware.Ezula : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\EZulaFSearchEng.SearchHelper\CLSID -> Adware.Ezula : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\EZulaFSearchEng.SearchHelper\CurVer -> Adware.Ezula : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\EZulaFSearchEng.eZulaCode -> Adware.Ezula : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\EZulaFSearchEng.eZulaCode.1 -> Adware.Ezula : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\EZulaFSearchEng.eZulaCode\CLSID -> Adware.Ezula : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\EZulaFSearchEng.eZulaCode\CurVer -> Adware.Ezula : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\EZulaFSearchEng.eZulaHash -> Adware.Ezula : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\EZulaFSearchEng.eZulaHash.1 -> Adware.Ezula : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\EZulaFSearchEng.eZulaHash\CLSID -> Adware.Ezula : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\EZulaFSearchEng.eZulaHash\CurVer -> Adware.Ezula : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\EZulaFSearchEng.eZulaSearch -> Adware.Ezula : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\EZulaFSearchEng.eZulaSearch.1 -> Adware.Ezula : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\EZulaFSearchEng.eZulaSearch\CLSID -> Adware.Ezula : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\EZulaFSearchEng.eZulaSearch\CurVer -> Adware.Ezula : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\EZulaMain.TrayIConM -> Adware.Ezula : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\EZulaMain.TrayIConM.1 -> Adware.Ezula : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\EZulaMain.TrayIConM\CLSID -> Adware.Ezula : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\EZulaMain.TrayIConM\CurVer -> Adware.Ezula : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\EZulaMain.eZulaSearchPipe -> Adware.Ezula : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\EZulaMain.eZulaSearchPipe.1 -> Adware.Ezula : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\EZulaMain.eZulaSearchPipe\CLSID -> Adware.Ezula : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\EZulaMain.eZulaSearchPipe\CurVer -> Adware.Ezula : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\eZulaAgent.IEObject -> Adware.Ezula : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\eZulaAgent.IEObject.1 -> Adware.Ezula : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\eZulaAgent.IEObject\CLSID -> Adware.Ezula : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\eZulaAgent.IEObject\CurVer -> Adware.Ezula : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\eZulaAgent.ToolBarBand -> Adware.Ezula : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\eZulaAgent.ToolBarBand.1 -> Adware.Ezula : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\eZulaAgent.ToolBarBand\CLSID -> Adware.Ezula : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\eZula -> Adware.Ezula : Cleaned with backup (quarantined).
    HKU\S-1-5-21-515967899-1957994488-1801674531-1003\Software\eZula -> Adware.Ezula : Cleaned with backup (quarantined).
    HKU\S-1-5-21-515967899-1957994488-1801674531-1003\Software\eZula\Setup -> Adware.Ezula : Cleaned with backup (quarantined).
    HKU\S-1-5-21-515967899-1957994488-1801674531-1003\Software\eZula\Setup\ID -> Adware.Ezula : Cleaned with backup (quarantined).
    HKU\S-1-5-21-515967899-1957994488-1801674531-1003\Software\eZula\Setup\path -> Adware.Ezula : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Gator.com -> Adware.Gator : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Gator.com\Gator -> Adware.Gator : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Gator.com\Gator\dyn -> Adware.Gator : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Gator.com\Gator\stat -> Adware.Gator : Cleaned with backup (quarantined).
    C:\Program Files\FileSubmit\Charmed Women\nnez_388.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
    C:\WINDOWS\NDNuninstall7_22.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
    HKU\.DEFAULT\Software\New.net -> Adware.NewDotNet : Cleaned with backup (quarantined).
    HKU\S-1-5-18\Software\New.net -> Adware.NewDotNet : Cleaned with backup (quarantined).
    HKU\S-1-5-21-515967899-1957994488-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E} -> Adware.NewDotNet : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\ScreensaversInstaller.Installer -> Adware.Screensavers : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\ScreensaversInstaller.Installer.1 -> Adware.Screensavers : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\ScreensaversInstaller.Installer\CLSID -> Adware.Screensavers : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\ScreensaversInstaller.Installer\CurVer -> Adware.Screensavers : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\ScreensaversInstaller.Sinstaller -> Adware.Screensavers : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\ScreensaversInstaller.Sinstaller.1 -> Adware.Screensavers : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\ScreensaversInstaller.Sinstaller\CLSID -> Adware.Screensavers : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\ScreensaversInstaller.Sinstaller\CurVer -> Adware.Screensavers : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ScreensaversInstaller -> Adware.Screensavers : Cleaned with backup (quarantined).
    C:\Documents and Settings\All Users\Application Data\Starware -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\All Users\Application Data\Starware\SimpleUpdate -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\All Users\Application Data\Starware\SimpleUpdate\ProductMessagingConfig.xml -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\All Users\Application Data\Starware\SimpleUpdate\ProductMessagingConfig.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\All Users\Application Data\Starware\SimpleUpdate\SimpleUpdateConfig.xml -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\All Users\Application Data\Starware\SimpleUpdate\SimpleUpdateConfig.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\All Users\Application Data\Starware\SimpleUpdate\TimerManagerConfig.xml -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\All Users\Application Data\Starware\SimpleUpdate\TimerManagerConfig.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\All Users\Application Data\Starware\buttons -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\All Users\Application Data\Starware\buttons\FindIt.bmp -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\All Users\Application Data\Starware\buttons\FindItHot.bmp -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\All Users\Application Data\Starware\buttons\Highlight.bmp -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\All Users\Application Data\Starware\buttons\HighlightHot.bmp -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\All Users\Application Data\Starware\buttons\Reference.bmp -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\All Users\Application Data\Starware\buttons\ReferenceHot.bmp -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\All Users\Application Data\Starware\buttons\Weather.bmp -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\All Users\Application Data\Starware\buttons\cursorcafe.bmp -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\All Users\Application Data\Starware\buttons\cursorcafeA.bmp -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\All Users\Application Data\Starware\buttons\findithotxp.png -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\All Users\Application Data\Starware\buttons\finditxp.png -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\All Users\Application Data\Starware\buttons\games.bmp -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\All Users\Application Data\Starware\buttons\gamesA.bmp -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\All Users\Application Data\Starware\buttons\highlighthotxp.png -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\All Users\Application Data\Starware\buttons\highlightxp.png -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\All Users\Application Data\Starware\buttons\logo.bmp -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\All Users\Application Data\Starware\buttons\logoxp.bmp -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\All Users\Application Data\Starware\buttons\moviesA.bmp -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\All Users\Application Data\Starware\buttons\referencehotxp.png -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\All Users\Application Data\Starware\buttons\referencexp.png -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\All Users\Application Data\Starware\buttons\screensaver.bmp -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\All Users\Application Data\Starware\buttons\screensaverA.bmp -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\All Users\Application Data\Starware\buttons\weatherhotxp.png -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\All Users\Application Data\Starware\buttons\weatherxp.png -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\All Users\Application Data\Starware\contexts -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\All Users\Application Data\Starware\contexts\error.xml -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\All Users\Application Data\Starware\contexts\related.xml -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\All Users\Application Data\Starware\contexts\travel.xml -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\All Users\Application Data\Starware\images -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\All Users\Application Data\Starware\images\walertXP.bmp -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\Tammy Farr\Application Data\Starware -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\Tammy Farr\Application Data\Starware\BrowserSearch -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\Tammy Farr\Application Data\Starware\BrowserSearch\BrowserSearch.xml -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\Tammy Farr\Application Data\Starware\BrowserSearch\BrowserSearch.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\Tammy Farr\Application Data\Starware\ErrorSearch -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\Tammy Farr\Application Data\Starware\ErrorSearch\ErrorSearchOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\Tammy Farr\Application Data\Starware\ErrorSearch\ErrorSearchOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\Tammy Farr\Application Data\Starware\Games -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\Tammy Farr\Application Data\Starware\Games\GamesOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\Tammy Farr\Application Data\Starware\Games\GamesOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\Tammy Farr\Application Data\Starware\Layouts -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\Tammy Farr\Application Data\Starware\Layouts\PreferencesLayout.xml -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\Tammy Farr\Application Data\Starware\Layouts\PreferencesLayout.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\Tammy Farr\Application Data\Starware\Layouts\ToolbarLayout.xml -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\Tammy Farr\Application Data\Starware\Layouts\ToolbarLayout.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\Tammy Farr\Application Data\Starware\Manager -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\Tammy Farr\Application Data\Starware\Manager\ManagerOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\Tammy Farr\Application Data\Starware\Manager\ManagerOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\Tammy Farr\Application Data\Starware\Movies -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\Tammy Farr\Application Data\Starware\Movies\MoviesOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\Tammy Farr\Application Data\Starware\Movies\MoviesOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\Tammy Farr\Application Data\Starware\Reference -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\Tammy Farr\Application Data\Starware\Reference\ReferenceOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\Tammy Farr\Application Data\Starware\Reference\ReferenceOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\Tammy Farr\Application Data\Starware\RelatedSearch -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\Tammy Farr\Application Data\Starware\RelatedSearch\RelatedSearchOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\Tammy Farr\Application Data\Starware\RelatedSearch\RelatedSearchOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\Tammy Farr\Application Data\Starware\Screensavers -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\Tammy Farr\Application Data\Starware\ScreensaversMarketingSitePager -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\Tammy Farr\Application Data\Starware\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\Tammy Farr\Application Data\Starware\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\Tammy Farr\Application Data\Starware\Screensavers\ScreensaversOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\Tammy Farr\Application Data\Starware\Screensavers\ScreensaversOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\Tammy Farr\Application Data\Starware\SearchAssistPlus -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\Tammy Farr\Application Data\Starware\SearchAssistPlus\SearchAssistPlusOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\Tammy Farr\Application Data\Starware\SearchAssistPlus\SearchAssistPlusOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\Tammy Farr\Application Data\Starware\SearchMatch -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\Tammy Farr\Application Data\Starware\SearchMatch\SearchMatchOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\Tammy Farr\Application Data\Starware\SearchMatch\SearchMatchOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\Tammy Farr\Application Data\Starware\SearchMatch\searchMatchPages -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\Tammy Farr\Application Data\Starware\Toolbar -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\Tammy Farr\Application Data\Starware\ToolbarLogo -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\Tammy Farr\Application Data\Starware\ToolbarLogo\ToolbarLogoOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\Tammy Farr\Application Data\Starware\ToolbarLogo\ToolbarLogoOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\Tammy Farr\Application Data\Starware\ToolbarSearch -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\Tammy Farr\Application Data\Starware\ToolbarSearch\ToolbarSearchOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\Tammy Farr\Application Data\Starware\ToolbarSearch\ToolbarSearchOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\Tammy Farr\Application Data\Starware\Toolbar\TBProductsOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\Tammy Farr\Application Data\Starware\Toolbar\TBProductsOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\Tammy Farr\Application Data\Starware\TravelSearch -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\Tammy Farr\Application Data\Starware\TravelSearch\TravelSearchOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\Tammy Farr\Application Data\Starware\TravelSearch\TravelSearchOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\Tammy Farr\Application Data\Starware\Weather -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\Tammy Farr\Application Data\Starware\Weather\AlertArchive.xml -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\Tammy Farr\Application Data\Starware\Weather\WeatherOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\Tammy Farr\Application Data\Starware\Weather\WeatherOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Program Files\Starware -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Program Files\Starware\Setup.exe -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Program Files\Starware\StarwareConfig.xml -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Program Files\Starware\StarwareUninstall.exe -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Program Files\Starware\bin -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Program Files\Starware\bin\Starware.dll -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Program Files\Starware\brand.bmp -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Program Files\Starware\icons -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Program Files\Starware\icons\star_16.ico -> Adware.Starware : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\CLSID\{CA356D79-679B-4b4c-8E49-5AF97014F4C1} -> Adware.Starware : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\CLSID\{D49E9D35-254C-4c6a-9D17-95018D228FF5} -> Adware.Starware : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{D49E9D35-254C-4c6a-9D17-95018D228FF5} -> Adware.Starware : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA356D79-679B-4b4c-8E49-5AF97014F4C1} -> Adware.Starware : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Starware -> Adware.Starware : Cleaned with backup (quarantined).
    HKU\S-1-5-21-515967899-1957994488-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CA356D79-679B-4B4C-8E49-5AF97014F4C1} -> Adware.Starware : Cleaned with backup (quarantined).
    HKU\S-1-5-21-515967899-1957994488-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D49E9D35-254C-4C6A-9D17-95018D228FF5} -> Adware.Starware : Cleaned with backup (quarantined).
    HKU\S-1-5-21-515967899-1957994488-1801674531-1003\Software\Starware -> Adware.Starware : Cleaned with backup (quarantined).
    HKU\S-1-5-21-515967899-1957994488-1801674531-1003\Software\Starware\Options -> Adware.Starware : Cleaned with backup (quarantined).
    HKU\S-1-5-21-515967899-1957994488-1801674531-1003\Software\Starware\OriginalSearchAssistant -> Adware.Starware : Cleaned with backup (quarantined).
    HKU\S-1-5-21-515967899-1957994488-1801674531-1003\Software\Starware\OriginalURLSearchHooks -> Adware.Starware : Cleaned with backup (quarantined).
    HKU\S-1-5-21-515967899-1957994488-1801674531-1003\Software\Starware\SearchAssistant -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\Tammy Farr\Cookies\tammy farr@2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
    C:\Documents and Settings\Tammy Farr\Cookies\tammy farr@microsoftwga.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
    C:\Documents and Settings\Tammy Farr\Cookies\tammy farr@ads.addynamix[2].txt -> TrackingCookie.Addynamix : Cleaned.
    C:\Documents and Settings\Tammy Farr\Cookies\tammy farr@admarketplace[2].txt -> TrackingCookie.Admarketplace : Cleaned.
    C:\Documents and Settings\Tammy Farr\Cookies\tammy farr@adrevolver[2].txt -> TrackingCookie.Adrevolver : Cleaned.
    C:\Documents and Settings\Tammy Farr\Cookies\tammy farr@advertising[2].txt -> TrackingCookie.Advertising : Cleaned.
    C:\Documents and Settings\Tammy Farr\Cookies\tammy farr@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
    C:\Documents and Settings\Tammy Farr\Cookies\tammy farr@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
    C:\Documents and Settings\Tammy Farr\Cookies\tammy farr@e-2dj6wgkywicpskp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Tammy Farr\Cookies\tammy farr@ehg-nestleusainc.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
    C:\Documents and Settings\Tammy Farr\Cookies\tammy farr@ehg-wsseurope.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
    C:\Documents and Settings\Tammy Farr\Cookies\tammy farr@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
    C:\Documents and Settings\Tammy Farr\Cookies\tammy farr@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
    C:\Documents and Settings\Tammy Farr\Cookies\tammy farr@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Cleaned.
    C:\Documents and Settings\Tammy Farr\Cookies\tammy farr@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned.
    C:\Documents and Settings\Tammy Farr\Cookies\tammy farr@edge.ru4[2].txt -> TrackingCookie.Ru4 : Cleaned.
    C:\Documents and Settings\Tammy Farr\Cookies\tammy farr@serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned.
    C:\Documents and Settings\Tammy Farr\Cookies\tammy farr@starware[1].txt -> TrackingCookie.Starware : Cleaned.
    C:\Documents and Settings\Tammy Farr\Cookies\tammy farr@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
    C:\Documents and Settings\Tammy Farr\Cookies\tammy farr@statse.webtrendslive[1].txt -> TrackingCookie.Webtrendslive : Cleaned.
    C:\Documents and Settings\Tammy Farr\Cookies\tammy farr@zedo[2].txt -> TrackingCookie.Zedo : Cleaned.


    ::Report end

    I DL'd HjT and tried to install and got this msg:
    "This application has failed to start because MSVBVM60.DLL was not found. Re-installing the application may fix this problem."
     
    frnresq, Oct 11, 2006
    #13
  14. frnresq

    frnresq Member

    Joined:
    Sep 14, 2004
    Messages:
    68
    Likes Received:
    0
    Trophy Points:
    16
    Maca1 can you help me with my wifes PC?

    Ewido:

    ---------------------------------------------------------
    ewido anti-spyware - Scan Report
    ---------------------------------------------------------

    + Created at: 3:24:25 PM 10/11/2006

    + Scan result:



    C:\Program Files\Screensavers.com\Installer\bin\ScreensaversInst.dll -> Adware.Comet : Cleaned with backup (quarantined).
    C:\Program Files\eZula -> Adware.eZula : Cleaned with backup (quarantined).
    C:\Program Files\eZula\INSTALL.LOG -> Adware.eZula : Cleaned with backup (quarantined).
    C:\Program Files\eZula\Images -> Adware.eZula : Cleaned with backup (quarantined).
    C:\Program Files\eZula\Images\Layer_Bottom.gif -> Adware.eZula : Cleaned with backup (quarantined).
    C:\Program Files\eZula\Images\Layer_Center.gif -> Adware.eZula : Cleaned with backup (quarantined).
    C:\Program Files\eZula\Images\Layer_Top.gif -> Adware.eZula : Cleaned with backup (quarantined).
    C:\Program Files\eZula\Images\PopUp_Follow_Left.gif -> Adware.eZula : Cleaned with backup (quarantined).
    C:\Program Files\eZula\Images\PopUp_Follow_Off.gif -> Adware.eZula : Cleaned with backup (quarantined).
    C:\Program Files\eZula\Images\PopUp_Follow_On.gif -> Adware.eZula : Cleaned with backup (quarantined).
    C:\Program Files\eZula\Images\PopUp_Follow_Right.gif -> Adware.eZula : Cleaned with backup (quarantined).
    C:\Program Files\eZula\Images\PopUp_Follow_divider.gif -> Adware.eZula : Cleaned with backup (quarantined).
    C:\Program Files\eZula\Images\PopUp_Top.gif -> Adware.eZula : Cleaned with backup (quarantined).
    C:\Program Files\eZula\Images\PopUp_Top_Bottom.gif -> Adware.eZula : Cleaned with backup (quarantined).
    C:\Program Files\eZula\Images\Side_B.gif -> Adware.eZula : Cleaned with backup (quarantined).
    C:\Program Files\eZula\Images\Side_L.gif -> Adware.eZula : Cleaned with backup (quarantined).
    C:\Program Files\eZula\Images\Side_R.gif -> Adware.eZula : Cleaned with backup (quarantined).
    C:\Program Files\eZula\Images\Side_Top.gif -> Adware.eZula : Cleaned with backup (quarantined).
    C:\Program Files\eZula\Images\arrow1.gif -> Adware.eZula : Cleaned with backup (quarantined).
    C:\Program Files\eZula\Images\arrow2.gif -> Adware.eZula : Cleaned with backup (quarantined).
    C:\Program Files\eZula\Images\button_small.gif -> Adware.eZula : Cleaned with backup (quarantined).
    C:\Program Files\eZula\Images\icon.gif -> Adware.eZula : Cleaned with backup (quarantined).
    C:\Program Files\eZula\Images\new.gif -> Adware.eZula : Cleaned with backup (quarantined).
    C:\Program Files\eZula\Images\spacer.gif -> Adware.eZula : Cleaned with backup (quarantined).
    C:\Program Files\eZula\UNWISE.EXE -> Adware.eZula : Cleaned with backup (quarantined).
    C:\Program Files\eZula\backup.tmp -> Adware.eZula : Cleaned with backup (quarantined).
    C:\Program Files\eZula\basis.dst -> Adware.eZula : Cleaned with backup (quarantined).
    C:\Program Files\eZula\basis.kwd -> Adware.eZula : Cleaned with backup (quarantined).
    C:\Program Files\eZula\basis.pu -> Adware.eZula : Cleaned with backup (quarantined).
    C:\Program Files\eZula\basis.pu.dyn -> Adware.eZula : Cleaned with backup (quarantined).
    C:\Program Files\eZula\basis.rst -> Adware.eZula : Cleaned with backup (quarantined).
    C:\Program Files\eZula\eabh.dll -> Adware.eZula : Cleaned with backup (quarantined).
    C:\Program Files\eZula\genun.ez -> Adware.eZula : Cleaned with backup (quarantined).
    C:\Program Files\eZula\legend.lgn -> Adware.eZula : Cleaned with backup (quarantined).
    C:\Program Files\eZula\param.ez -> Adware.eZula : Cleaned with backup (quarantined).
    C:\Program Files\eZula\rwds.rst -> Adware.eZula : Cleaned with backup (quarantined).
    C:\Program Files\eZula\search.src -> Adware.eZula : Cleaned with backup (quarantined).
    C:\Program Files\eZula\upgrade.vrn -> Adware.eZula : Cleaned with backup (quarantined).
    C:\Program Files\eZula\version.vrn -> Adware.eZula : Cleaned with backup (quarantined).
    C:\Program Files\eZula\wndbannn.src -> Adware.eZula : Cleaned with backup (quarantined).
    C:\WINDOWS\iLookup -> Adware.eZula : Cleaned with backup (quarantined).
    C:\WINDOWS\iLookup\TTIL.exe -> Adware.eZula : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\AppID\eZulaBootExe.EXE -> Adware.Ezula : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\AppID\eZulaMain.EXE -> Adware.Ezula : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\EZulaAgent.PlugProt -> Adware.Ezula : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\EZulaAgent.PlugProt.1 -> Adware.Ezula : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\EZulaAgent.PlugProt\CLSID -> Adware.Ezula : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\EZulaAgent.PlugProt\CurVer -> Adware.Ezula : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\EZulaAgent.eZulaCtrlHost -> Adware.Ezula : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\EZulaAgent.eZulaCtrlHost.1 -> Adware.Ezula : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\EZulaAgent.eZulaCtrlHost\CLSID -> Adware.Ezula : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\EZulaAgent.eZulaCtrlHost\CurVer -> Adware.Ezula : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\EZulaBootExe.InstallCtrl -> Adware.Ezula : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\EZulaBootExe.InstallCtrl.1 -> Adware.Ezula : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\EZulaBootExe.InstallCtrl\CLSID -> Adware.Ezula : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\EZulaBootExe.InstallCtrl\CurVer -> Adware.Ezula : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\EZulaFSearchEng.PopupDisplay -> Adware.Ezula : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\EZulaFSearchEng.PopupDisplay.1 -> Adware.Ezula : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\EZulaFSearchEng.PopupDisplay\CLSID -> Adware.Ezula : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\EZulaFSearchEng.PopupDisplay\CurVer -> Adware.Ezula : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\EZulaFSearchEng.ResultHelper -> Adware.Ezula : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\EZulaFSearchEng.ResultHelper.1 -> Adware.Ezula : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\EZulaFSearchEng.ResultHelper\CLSID -> Adware.Ezula : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\EZulaFSearchEng.ResultHelper\CurVer -> Adware.Ezula : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\EZulaFSearchEng.SearchHelper -> Adware.Ezula : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\EZulaFSearchEng.SearchHelper.1 -> Adware.Ezula : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\EZulaFSearchEng.SearchHelper\CLSID -> Adware.Ezula : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\EZulaFSearchEng.SearchHelper\CurVer -> Adware.Ezula : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\EZulaFSearchEng.eZulaCode -> Adware.Ezula : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\EZulaFSearchEng.eZulaCode.1 -> Adware.Ezula : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\EZulaFSearchEng.eZulaCode\CLSID -> Adware.Ezula : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\EZulaFSearchEng.eZulaCode\CurVer -> Adware.Ezula : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\EZulaFSearchEng.eZulaHash -> Adware.Ezula : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\EZulaFSearchEng.eZulaHash.1 -> Adware.Ezula : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\EZulaFSearchEng.eZulaHash\CLSID -> Adware.Ezula : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\EZulaFSearchEng.eZulaHash\CurVer -> Adware.Ezula : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\EZulaFSearchEng.eZulaSearch -> Adware.Ezula : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\EZulaFSearchEng.eZulaSearch.1 -> Adware.Ezula : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\EZulaFSearchEng.eZulaSearch\CLSID -> Adware.Ezula : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\EZulaFSearchEng.eZulaSearch\CurVer -> Adware.Ezula : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\EZulaMain.TrayIConM -> Adware.Ezula : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\EZulaMain.TrayIConM.1 -> Adware.Ezula : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\EZulaMain.TrayIConM\CLSID -> Adware.Ezula : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\EZulaMain.TrayIConM\CurVer -> Adware.Ezula : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\EZulaMain.eZulaSearchPipe -> Adware.Ezula : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\EZulaMain.eZulaSearchPipe.1 -> Adware.Ezula : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\EZulaMain.eZulaSearchPipe\CLSID -> Adware.Ezula : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\EZulaMain.eZulaSearchPipe\CurVer -> Adware.Ezula : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\eZulaAgent.IEObject -> Adware.Ezula : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\eZulaAgent.IEObject.1 -> Adware.Ezula : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\eZulaAgent.IEObject\CLSID -> Adware.Ezula : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\eZulaAgent.IEObject\CurVer -> Adware.Ezula : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\eZulaAgent.ToolBarBand -> Adware.Ezula : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\eZulaAgent.ToolBarBand.1 -> Adware.Ezula : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\eZulaAgent.ToolBarBand\CLSID -> Adware.Ezula : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\eZula -> Adware.Ezula : Cleaned with backup (quarantined).
    HKU\S-1-5-21-515967899-1957994488-1801674531-1003\Software\eZula -> Adware.Ezula : Cleaned with backup (quarantined).
    HKU\S-1-5-21-515967899-1957994488-1801674531-1003\Software\eZula\Setup -> Adware.Ezula : Cleaned with backup (quarantined).
    HKU\S-1-5-21-515967899-1957994488-1801674531-1003\Software\eZula\Setup\ID -> Adware.Ezula : Cleaned with backup (quarantined).
    HKU\S-1-5-21-515967899-1957994488-1801674531-1003\Software\eZula\Setup\path -> Adware.Ezula : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Gator.com -> Adware.Gator : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Gator.com\Gator -> Adware.Gator : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Gator.com\Gator\dyn -> Adware.Gator : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Gator.com\Gator\stat -> Adware.Gator : Cleaned with backup (quarantined).
    C:\Program Files\FileSubmit\Charmed Women\nnez_388.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
    C:\WINDOWS\NDNuninstall7_22.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
    HKU\.DEFAULT\Software\New.net -> Adware.NewDotNet : Cleaned with backup (quarantined).
    HKU\S-1-5-18\Software\New.net -> Adware.NewDotNet : Cleaned with backup (quarantined).
    HKU\S-1-5-21-515967899-1957994488-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E} -> Adware.NewDotNet : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\ScreensaversInstaller.Installer -> Adware.Screensavers : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\ScreensaversInstaller.Installer.1 -> Adware.Screensavers : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\ScreensaversInstaller.Installer\CLSID -> Adware.Screensavers : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\ScreensaversInstaller.Installer\CurVer -> Adware.Screensavers : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\ScreensaversInstaller.Sinstaller -> Adware.Screensavers : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\ScreensaversInstaller.Sinstaller.1 -> Adware.Screensavers : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\ScreensaversInstaller.Sinstaller\CLSID -> Adware.Screensavers : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\ScreensaversInstaller.Sinstaller\CurVer -> Adware.Screensavers : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ScreensaversInstaller -> Adware.Screensavers : Cleaned with backup (quarantined).
    C:\Documents and Settings\All Users\Application Data\Starware -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\All Users\Application Data\Starware\SimpleUpdate -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\All Users\Application Data\Starware\SimpleUpdate\ProductMessagingConfig.xml -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\All Users\Application Data\Starware\SimpleUpdate\ProductMessagingConfig.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\All Users\Application Data\Starware\SimpleUpdate\SimpleUpdateConfig.xml -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\All Users\Application Data\Starware\SimpleUpdate\SimpleUpdateConfig.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\All Users\Application Data\Starware\SimpleUpdate\TimerManagerConfig.xml -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\All Users\Application Data\Starware\SimpleUpdate\TimerManagerConfig.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\All Users\Application Data\Starware\buttons -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\All Users\Application Data\Starware\buttons\FindIt.bmp -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\All Users\Application Data\Starware\buttons\FindItHot.bmp -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\All Users\Application Data\Starware\buttons\Highlight.bmp -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\All Users\Application Data\Starware\buttons\HighlightHot.bmp -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\All Users\Application Data\Starware\buttons\Reference.bmp -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\All Users\Application Data\Starware\buttons\ReferenceHot.bmp -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\All Users\Application Data\Starware\buttons\Weather.bmp -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\All Users\Application Data\Starware\buttons\cursorcafe.bmp -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\All Users\Application Data\Starware\buttons\cursorcafeA.bmp -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\All Users\Application Data\Starware\buttons\findithotxp.png -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\All Users\Application Data\Starware\buttons\finditxp.png -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\All Users\Application Data\Starware\buttons\games.bmp -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\All Users\Application Data\Starware\buttons\gamesA.bmp -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\All Users\Application Data\Starware\buttons\highlighthotxp.png -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\All Users\Application Data\Starware\buttons\highlightxp.png -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\All Users\Application Data\Starware\buttons\logo.bmp -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\All Users\Application Data\Starware\buttons\logoxp.bmp -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\All Users\Application Data\Starware\buttons\moviesA.bmp -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\All Users\Application Data\Starware\buttons\referencehotxp.png -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\All Users\Application Data\Starware\buttons\referencexp.png -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\All Users\Application Data\Starware\buttons\screensaver.bmp -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\All Users\Application Data\Starware\buttons\screensaverA.bmp -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\All Users\Application Data\Starware\buttons\weatherhotxp.png -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\All Users\Application Data\Starware\buttons\weatherxp.png -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\All Users\Application Data\Starware\contexts -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\All Users\Application Data\Starware\contexts\error.xml -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\All Users\Application Data\Starware\contexts\related.xml -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\All Users\Application Data\Starware\contexts\travel.xml -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\All Users\Application Data\Starware\images -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\All Users\Application Data\Starware\images\walertXP.bmp -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\Tammy Farr\Application Data\Starware -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\Tammy Farr\Application Data\Starware\BrowserSearch -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\Tammy Farr\Application Data\Starware\BrowserSearch\BrowserSearch.xml -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\Tammy Farr\Application Data\Starware\BrowserSearch\BrowserSearch.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\Tammy Farr\Application Data\Starware\ErrorSearch -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\Tammy Farr\Application Data\Starware\ErrorSearch\ErrorSearchOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\Tammy Farr\Application Data\Starware\ErrorSearch\ErrorSearchOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\Tammy Farr\Application Data\Starware\Games -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\Tammy Farr\Application Data\Starware\Games\GamesOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\Tammy Farr\Application Data\Starware\Games\GamesOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\Tammy Farr\Application Data\Starware\Layouts -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\Tammy Farr\Application Data\Starware\Layouts\PreferencesLayout.xml -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\Tammy Farr\Application Data\Starware\Layouts\PreferencesLayout.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\Tammy Farr\Application Data\Starware\Layouts\ToolbarLayout.xml -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\Tammy Farr\Application Data\Starware\Layouts\ToolbarLayout.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\Tammy Farr\Application Data\Starware\Manager -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\Tammy Farr\Application Data\Starware\Manager\ManagerOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\Tammy Farr\Application Data\Starware\Manager\ManagerOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\Tammy Farr\Application Data\Starware\Movies -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\Tammy Farr\Application Data\Starware\Movies\MoviesOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\Tammy Farr\Application Data\Starware\Movies\MoviesOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\Tammy Farr\Application Data\Starware\Reference -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\Tammy Farr\Application Data\Starware\Reference\ReferenceOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\Tammy Farr\Application Data\Starware\Reference\ReferenceOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\Tammy Farr\Application Data\Starware\RelatedSearch -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\Tammy Farr\Application Data\Starware\RelatedSearch\RelatedSearchOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\Tammy Farr\Application Data\Starware\RelatedSearch\RelatedSearchOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\Tammy Farr\Application Data\Starware\Screensavers -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\Tammy Farr\Application Data\Starware\ScreensaversMarketingSitePager -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\Tammy Farr\Application Data\Starware\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\Tammy Farr\Application Data\Starware\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\Tammy Farr\Application Data\Starware\Screensavers\ScreensaversOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\Tammy Farr\Application Data\Starware\Screensavers\ScreensaversOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\Tammy Farr\Application Data\Starware\SearchAssistPlus -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\Tammy Farr\Application Data\Starware\SearchAssistPlus\SearchAssistPlusOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\Tammy Farr\Application Data\Starware\SearchAssistPlus\SearchAssistPlusOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\Tammy Farr\Application Data\Starware\SearchMatch -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\Tammy Farr\Application Data\Starware\SearchMatch\SearchMatchOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\Tammy Farr\Application Data\Starware\SearchMatch\SearchMatchOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\Tammy Farr\Application Data\Starware\SearchMatch\searchMatchPages -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\Tammy Farr\Application Data\Starware\Toolbar -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\Tammy Farr\Application Data\Starware\ToolbarLogo -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\Tammy Farr\Application Data\Starware\ToolbarLogo\ToolbarLogoOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\Tammy Farr\Application Data\Starware\ToolbarLogo\ToolbarLogoOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\Tammy Farr\Application Data\Starware\ToolbarSearch -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\Tammy Farr\Application Data\Starware\ToolbarSearch\ToolbarSearchOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\Tammy Farr\Application Data\Starware\ToolbarSearch\ToolbarSearchOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\Tammy Farr\Application Data\Starware\Toolbar\TBProductsOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\Tammy Farr\Application Data\Starware\Toolbar\TBProductsOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\Tammy Farr\Application Data\Starware\TravelSearch -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\Tammy Farr\Application Data\Starware\TravelSearch\TravelSearchOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\Tammy Farr\Application Data\Starware\TravelSearch\TravelSearchOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\Tammy Farr\Application Data\Starware\Weather -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\Tammy Farr\Application Data\Starware\Weather\AlertArchive.xml -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\Tammy Farr\Application Data\Starware\Weather\WeatherOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\Tammy Farr\Application Data\Starware\Weather\WeatherOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Program Files\Starware -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Program Files\Starware\Setup.exe -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Program Files\Starware\StarwareConfig.xml -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Program Files\Starware\StarwareUninstall.exe -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Program Files\Starware\bin -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Program Files\Starware\bin\Starware.dll -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Program Files\Starware\brand.bmp -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Program Files\Starware\icons -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Program Files\Starware\icons\star_16.ico -> Adware.Starware : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\CLSID\{CA356D79-679B-4b4c-8E49-5AF97014F4C1} -> Adware.Starware : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\CLSID\{D49E9D35-254C-4c6a-9D17-95018D228FF5} -> Adware.Starware : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{D49E9D35-254C-4c6a-9D17-95018D228FF5} -> Adware.Starware : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA356D79-679B-4b4c-8E49-5AF97014F4C1} -> Adware.Starware : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Starware -> Adware.Starware : Cleaned with backup (quarantined).
    HKU\S-1-5-21-515967899-1957994488-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CA356D79-679B-4B4C-8E49-5AF97014F4C1} -> Adware.Starware : Cleaned with backup (quarantined).
    HKU\S-1-5-21-515967899-1957994488-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D49E9D35-254C-4C6A-9D17-95018D228FF5} -> Adware.Starware : Cleaned with backup (quarantined).
    HKU\S-1-5-21-515967899-1957994488-1801674531-1003\Software\Starware -> Adware.Starware : Cleaned with backup (quarantined).
    HKU\S-1-5-21-515967899-1957994488-1801674531-1003\Software\Starware\Options -> Adware.Starware : Cleaned with backup (quarantined).
    HKU\S-1-5-21-515967899-1957994488-1801674531-1003\Software\Starware\OriginalSearchAssistant -> Adware.Starware : Cleaned with backup (quarantined).
    HKU\S-1-5-21-515967899-1957994488-1801674531-1003\Software\Starware\OriginalURLSearchHooks -> Adware.Starware : Cleaned with backup (quarantined).
    HKU\S-1-5-21-515967899-1957994488-1801674531-1003\Software\Starware\SearchAssistant -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\Tammy Farr\Cookies\tammy farr@2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
    C:\Documents and Settings\Tammy Farr\Cookies\tammy farr@microsoftwga.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
    C:\Documents and Settings\Tammy Farr\Cookies\tammy farr@ads.addynamix[2].txt -> TrackingCookie.Addynamix : Cleaned.
    C:\Documents and Settings\Tammy Farr\Cookies\tammy farr@admarketplace[2].txt -> TrackingCookie.Admarketplace : Cleaned.
    C:\Documents and Settings\Tammy Farr\Cookies\tammy farr@adrevolver[2].txt -> TrackingCookie.Adrevolver : Cleaned.
    C:\Documents and Settings\Tammy Farr\Cookies\tammy farr@advertising[2].txt -> TrackingCookie.Advertising : Cleaned.
    C:\Documents and Settings\Tammy Farr\Cookies\tammy farr@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
    C:\Documents and Settings\Tammy Farr\Cookies\tammy farr@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
    C:\Documents and Settings\Tammy Farr\Cookies\tammy farr@e-2dj6wgkywicpskp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Tammy Farr\Cookies\tammy farr@ehg-nestleusainc.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
    C:\Documents and Settings\Tammy Farr\Cookies\tammy farr@ehg-wsseurope.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
    C:\Documents and Settings\Tammy Farr\Cookies\tammy farr@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
    C:\Documents and Settings\Tammy Farr\Cookies\tammy farr@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
    C:\Documents and Settings\Tammy Farr\Cookies\tammy farr@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Cleaned.
    C:\Documents and Settings\Tammy Farr\Cookies\tammy farr@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned.
    C:\Documents and Settings\Tammy Farr\Cookies\tammy farr@edge.ru4[2].txt -> TrackingCookie.Ru4 : Cleaned.
    C:\Documents and Settings\Tammy Farr\Cookies\tammy farr@serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned.
    C:\Documents and Settings\Tammy Farr\Cookies\tammy farr@starware[1].txt -> TrackingCookie.Starware : Cleaned.
    C:\Documents and Settings\Tammy Farr\Cookies\tammy farr@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
    C:\Documents and Settings\Tammy Farr\Cookies\tammy farr@statse.webtrendslive[1].txt -> TrackingCookie.Webtrendslive : Cleaned.
    C:\Documents and Settings\Tammy Farr\Cookies\tammy farr@zedo[2].txt -> TrackingCookie.Zedo : Cleaned.


    ::Report end

    I DL'd HjT and tried to install and got this msg:
    "This application has failed to start because MSVBVM60.DLL was not found. Re-installing the application may fix this problem."
     
    frnresq, Oct 11, 2006
    #14
  15. frnresq

    frnresq Member

    Joined:
    Sep 14, 2004
    Messages:
    68
    Likes Received:
    0
    Trophy Points:
    16
    sorry ...didnt mean to double post
     
    frnresq, Oct 11, 2006
    #15
  16. maca1

    maca1 Regular member

    Joined:
    Mar 15, 2006
    Messages:
    630
    Likes Received:
    0
    Trophy Points:
    26
    maca1, Oct 11, 2006
    #16
  17. frnresq

    frnresq Member

    Joined:
    Sep 14, 2004
    Messages:
    68
    Likes Received:
    0
    Trophy Points:
    16
    still saying missing that DLL, wont run
     
    frnresq, Oct 11, 2006
    #17
  18. frnresq

    frnresq Member

    Joined:
    Sep 14, 2004
    Messages:
    68
    Likes Received:
    0
    Trophy Points:
    16
    ok...got it working...HjT log:

    Logfile of HijackThis v1.99.1
    Scan saved at 4:48:33 PM, on 10/11/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\Mixer.exe
    C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
    C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\ewido anti-spyware 4.0\ewido.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
    C:\Program Files\Linksys\WMP11 Config Utility\WMP11CFG.exe
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\CyberLink\Shared files\RichVideo.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\WgaTray.exe
    D:\HJT\HijackThis.exe

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://as.starware.com/dp/search?x=...3YcNxj9Rp712hYJKcXtZ8hgl2wrQTVcgaF5cpTdpRZMyl
    R3 - URLSearchHook: (no name) - - (no file)
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
    O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
    O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
    O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
    O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [eZmmod] C:\PROGRA~1\ezula\mmod.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Wireless PCI Card Configuration Utility.lnk = C:\Program Files\Linksys\WMP11 Config Utility\WMP11CFG.exe
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe

     
    frnresq, Oct 11, 2006
    #18
  19. maca1

    maca1 Regular member

    Joined:
    Mar 15, 2006
    Messages:
    630
    Likes Received:
    0
    Trophy Points:
    26
    Go to add/remove programs and remove : (if there)

    [bold]Ezula[/bold]

    Do a system scan only and place a check beside:

    [bold]R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://as.starware.com/dp/search?x=wKX1I...cgaF5cpTdpRZMyl
    R3 - URLSearchHook: (no name) - - (no file)
    O4 - HKCU\..\Run: [eZmmod] C:\PROGRA~1\ezula\mmod.exe [/bold]

    make sure all other windows are closed including your browser before clicking Fix checked.


    Find and delete this folder in bold (if still there:

    C:\Program Files\[bold]ezula[/bold]\


    Click here to download ATF Cleaner by Atribune and save it to your desktop.

    http://majorgeeks.com/ATF_Cleaner_d4949.html


    Double-click ATF-Cleaner.exe to run the program.
    Under Main choose: Select All
    Click the Empty Selected button.
    If you use Firefox:
    Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
    If you use Opera:
    Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
    Click Exit on the Main menu to close the program.


    Run ActiveScan online virus scan:
    http://www.pandasoftware.com/products/activescan.htm
    When the scan is finished, save the results from the scan


    Post new Hijackthis log and the Activescan results
     
    maca1, Oct 11, 2006
    #19
  20. frnresq

    frnresq Member

    Joined:
    Sep 14, 2004
    Messages:
    68
    Likes Received:
    0
    Trophy Points:
    16
    Panda and HjT:


    Incident Status Location

    Adware:Adware/Comet Not disinfected C:\Program Files\Screensavers.com\Installer\bin\siuninst.exe
    Adware:Adware/Comet Not disinfected C:\Program Files\Screensavers.com\Installer\temp\pltbinst.exe["Starware.dll"]
    Adware:adware/ezula Not disinfected C:\WINDOWS\eZinstall.exe
    Adware:Adware/eZula Not disinfected C:\WINDOWS\system32\ezstub.exe
    Virus:Bck/Optix.BZ Disinfected D:\RECYCLER\S-1-5-21-329068152-2052111302-725345543-1003\Dd6\RealOne.Player.and.iQfx3.and.vTuner.Plus.v4.0 ( OK! ).zip[RealOne.Player.and.iQfx3.and.vTuner.Plus.v4.0/RealOnePlayer.exe]
    Adware:Adware/Comet Not disinfected D:\sinstaller.exe
    Logfile of HijackThis v1.99.1
    Scan saved at 5:55:54 PM, on 10/11/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\Mixer.exe
    C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
    C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\ewido anti-spyware 4.0\ewido.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
    C:\Program Files\Linksys\WMP11 Config Utility\WMP11CFG.exe
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\CyberLink\Shared files\RichVideo.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\WgaTray.exe
    D:\HJT\HijackThis.exe

    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
    O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
    O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
    O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
    O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Wireless PCI Card Configuration Utility.lnk = C:\Program Files\Linksys\WMP11 Config Utility\WMP11CFG.exe
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe

     
    frnresq, Oct 11, 2006
    #20
Page 1 of 2

Share This Page