1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Here's My Hijack Log....sysprotect etc... can anyone provide me some guidance. =)

Discussion in 'Windows - Virus and spyware problems' started by Lucienck, Apr 9, 2006.

  1. JaPK

    JaPK Regular member

    Joined:
    Feb 23, 2006
    Messages:
    1,269
    Likes Received:
    0
    Trophy Points:
    46
    @vghelich

    You're welcome =)

    -------------------------------------------------------------------------------------

    @ALATONY

    You don't have a firewall on your computer. Download and install one firewall.

    These are good (free) firewalls:
    ZoneAlarm --> http://www.zonelabs.com
    Kerio--> http://www.sunbelt-software.com/Kerio.cfm
    Outpost-> http://www.agnitum.com

    Then you have 3 different antiviruses running at the same time! This is not recommended (May cause slowdowns, freezes, crashes etc.)
    So you should uninstall two (2) of them.

    Go to Control Panel -> Add/Remove Programs -> Remove 2 (two) of these and leave one:
    - AVG Antivirus
    - Antivir Personal
    - Norton Antivirus

    Cleaning instructions:

    Move HijackThis into its own folder C:\HJT

    Fix the following entries with HijackThis (run HijackThis, press "Do a system scan only", close all other windows, checkmark entries and press Fix checked):

    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE

    Post a new HjT log.

    And you have many unnecessary processes running, do you want that we take those off and free your memory?
     
    Last edited: May 1, 2006
  2. ALATONY

    ALATONY Regular member

    Joined:
    Jul 23, 2004
    Messages:
    126
    Likes Received:
    0
    Trophy Points:
    26
    I'm working on what you said and pls help me free up my memory. I'll post when done thankx.
     
  3. ALATONY

    ALATONY Regular member

    Joined:
    Jul 23, 2004
    Messages:
    126
    Likes Received:
    0
    Trophy Points:
    26
    I downloaded a free firewall.


    Logfile of HijackThis v1.99.1
    Scan saved at 7:54:32 PM, on 5/1/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\Program Files\Softex\OmniPass\Omniserv.exe
    C:\Program Files\Spyware Doctor\sdhelp.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Softex\OmniPass\OPXPApp.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\Explorer.EXE
    C:\windows\system\hpsysdrv.exe
    C:\WINDOWS\System32\hkcmd.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
    C:\WINDOWS\System32\hphmon05.exe
    C:\HP\KBD\KBD.EXE
    C:\Program Files\Multimedia Card Reader\shwicon2k.exe
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\WINDOWS\System32\igfxtray.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIA.EXE
    C:\Documents and Settings\Owner\Desktop\AnyDVD\AnyDVD.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\AS3 Personal Firewall\AS3PF.exe
    C:\Documents and Settings\Owner\Desktop\HijackThis_v1.99.1.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us9.hpwis.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us9.hpwis.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us9.hpwis.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us9.hpwis.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://earthlink.net/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us9.hpwis.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us9.hpwis.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us9.hpwis.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us9.hpwis.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us9.hpwis.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
    O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
    O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
    O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
    O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpdtlk02.dll
    O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
    O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
    O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [AutoTKit] C:\hp\bin\AUTOTKIT.EXE
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
    O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [EPSON Stylus Photo R220 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIA.EXE /P30 "EPSON Stylus Photo R220 Series" /O6 "USB001" /M "Stylus Photo R220"
    O4 - HKLM\..\Run: [AnyDVD] "C:\Documents and Settings\Owner\Desktop\AnyDVD\AnyDVD.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [PCPitstop Optimize Registration Reminder] C:\Program Files\PCPitstop\Optimize\Reminder.exe
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\RunOnce: [delus] C:\DOCUME~1\Owner\LOCALS~1\Temp\delus.exe
    O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\Hewlett-Packard\Digital Imaging\bin\backupnotify.exe
    O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
    O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
    O4 - Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
    O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
    O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
    O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1141821693640
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1145545939250
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
    O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe

     
  4. JaPK

    JaPK Regular member

    Joined:
    Feb 23, 2006
    Messages:
    1,269
    Likes Received:
    0
    Trophy Points:
    46
    Hi ALATONY.

    You got a new infection...

    Cleaning instructions:

    Move HijackThis into its own folder C:\HJT

    Download and install Ewido, UPDATE it, but do NOT run a scan yet. -> http://www.ewido.net/en/download/
    We'll use this later.

    Download ATF Cleaner by Atribune to your desktop -> http://www.atribune.org/ccount/click.php?id=1
    Do NOT run yet.

    Fix the following entries with HijackThis (run HijackThis, press "Do a system scan only", close all other windows, checkmark entries and press Fix checked):

    O4 - HKLM\..\RunOnce: [delus] C:\DOCUME~1\Owner\LOCALS~1\Temp\delus.exe
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min

    Restart your computer to the safemode -> http://www.pchell.com/support/safemode.shtml

    Run ATF Cleaner -> Check select all -> Press Empty selected

    Scan and clean your computer with Ewido and save the log file.

    Restart your computer normally.

    Post a fresh HijackThis log and Ewido's log to here so we can see if your computer is now clean.

    You can fix these entries with HijackThis if you want to free your memory:

    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
    O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
    O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
    O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [AutoTKit] C:\hp\bin\AUTOTKIT.EXE
    O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
    O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
    O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [EPSON Stylus Photo R220 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIA.EXE /P30 "EPSON Stylus Photo R220 Series" /O6 "USB001" /M "Stylus Photo R220"
    O4 - HKLM\..\Run: [AnyDVD] "C:\Documents and Settings\Owner\Desktop\AnyDVD\AnyDVD.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [PCPitstop Optimize Registration Reminder] C:\Program Files\PCPitstop\Optimize\Reminder.exe
    O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe

     
  5. ryan8787

    ryan8787 Member

    Joined:
    Apr 20, 2006
    Messages:
    15
    Likes Received:
    0
    Trophy Points:
    11
    the directory of that thing is.....well the command of that thing is...
    rundll32.exe C:\windows\system32\nvcpl.dll,nvstartup

    The location is...
    software\microsoft\windows\currentversion\run


    i don't know if that is the info that you were looking for..

     
  6. ALATONY

    ALATONY Regular member

    Joined:
    Jul 23, 2004
    Messages:
    126
    Likes Received:
    0
    Trophy Points:
    26
    I cant find the 04 that you mention in my log

    this is a new log after I deleted some of the things and I didnt do anything at this time please advise if I should do the others steps mention?


    Logfile of HijackThis v1.99.1
    Scan saved at 8:55:54 AM, on 5/2/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\Program Files\Softex\OmniPass\Omniserv.exe
    C:\Program Files\Spyware Doctor\sdhelp.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Softex\OmniPass\OPXPApp.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
    C:\HP\KBD\KBD.EXE
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIA.EXE
    C:\Documents and Settings\Owner\Desktop\AnyDVD\AnyDVD.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Spyware Doctor\swdoctor.exe
    C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe
    C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
    C:\Program Files\ewido anti-malware\ewidoguard.exe
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\Documents and Settings\Owner\Desktop\HijackThis_v1.99.1.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us9.hpwis.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us9.hpwis.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us9.hpwis.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us9.hpwis.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://earthlink.net/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us9.hpwis.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us9.hpwis.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us9.hpwis.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us9.hpwis.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us9.hpwis.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
    O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
    O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
    O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
    O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpdtlk02.dll
    O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O4 - HKLM\..\Run: [EPSON Stylus Photo R220 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIA.EXE /P30 "EPSON Stylus Photo R220 Series" /O6 "USB001" /M "Stylus Photo R220"
    O4 - HKLM\..\Run: [AnyDVD] "C:\Documents and Settings\Owner\Desktop\AnyDVD\AnyDVD.exe"
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\Hewlett-Packard\Digital Imaging\bin\backupnotify.exe
    O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
    O4 - Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe
    O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
    O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
    O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1141821693640
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1145545939250
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
    O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe



     
    Last edited: May 2, 2006
  7. JaPK

    JaPK Regular member

    Joined:
    Feb 23, 2006
    Messages:
    1,269
    Likes Received:
    0
    Trophy Points:
    46
    @ryan8787
    Hi, it is a legitimate entry =) (belongs to Nvidia)

    @ALATONY
    Hi, did you run a scan with Ewido? Please post its log to here.
     
    Last edited: May 2, 2006
  8. ALATONY

    ALATONY Regular member

    Joined:
    Jul 23, 2004
    Messages:
    126
    Likes Received:
    0
    Trophy Points:
    26
    Im running a scan now, its taking a while
     
  9. JaPK

    JaPK Regular member

    Joined:
    Feb 23, 2006
    Messages:
    1,269
    Likes Received:
    0
    Trophy Points:
    46
    Ok, post the log to here when you're ready ;)
     
  10. JaPK

    JaPK Regular member

    Joined:
    Feb 23, 2006
    Messages:
    1,269
    Likes Received:
    0
    Trophy Points:
    46
    Hi ALATONY.

    Ok, looking good.

    Fix this entry with HijackThis:
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

    Then you're good to go =)
     
  11. ALATONY

    ALATONY Regular member

    Joined:
    Jul 23, 2004
    Messages:
    126
    Likes Received:
    0
    Trophy Points:
    26
    thank you so much. you are the man. any more ways on how to free up more memory
     
  12. JaPK

    JaPK Regular member

    Joined:
    Feb 23, 2006
    Messages:
    1,269
    Likes Received:
    0
    Trophy Points:
    46
  13. ALATONY

    ALATONY Regular member

    Joined:
    Jul 23, 2004
    Messages:
    126
    Likes Received:
    0
    Trophy Points:
    26
    thanks
     
  14. ryan8787

    ryan8787 Member

    Joined:
    Apr 20, 2006
    Messages:
    15
    Likes Received:
    0
    Trophy Points:
    11
    PLease help me!!!!!!!

    her's my hijackthis...

    Logfile of HijackThis v1.99.1
    Scan saved at 6:45:04 PM, on 6/29/2006
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\taskswitch.exe
    C:\WINDOWS\System32\fast.exe
    C:\WINDOWS\System32\hkcmd.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
    C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
    C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
    C:\WINDOWS\System32\ctfmon.exe
    C:\DOCUME~1\Dad\MYDOCU~1\aDOBE\ntvdm.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
    C:\Program Files\Carbon Copy Support\FXKER.exe
    C:\WINDOWS\system32\pctspk.exe
    C:\WINDOWS\System32\tcpsvcs.exe
    C:\WINDOWS\System32\snmp.exe
    C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\EarthLink TotalAccess\Spyware Blocker\WRSSSDK.exe
    C:\Program Files\EarthLink TotalAccess\Spyware Blocker\SpySweeper.exe
    C:\WINDOWS\System32\Fast.exe
    C:\Documents and Settings\Dad\Desktop\HijackThis.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\?ystem\w?nword.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.earthlink.net
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/more/msie/button/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/ymsgr/defaults/sb/*http://www.yahoo.com/ext/search/search.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.meloco.com/index.php?i=sm
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
    R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
    R3 - URLSearchHook: (no name) - _{9B986C62-A389-8D2C-FC38-F1EA1FB073B6} - (no file)
    F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\System32\iygwg.exe
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,stnbqfl.exe
    O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem220.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
    O2 - BHO: CControl Object - {3643ABC2-21BF-46B9-B230-F247DB0C6FD6} - C:\Program Files\E2G\IeBHOs.dll
    O2 - BHO: EarthLink Popup Blocker - {4B5F2E08-6F39-479a-B547-B2026E4C7EDF} - C:\Program Files\EarthLink TotalAccess\PnEL.dll
    O2 - BHO: RieMon Class - {70F6A776-579A-4C95-BA88-134253907752} - C:\WINDOWS\System32\irsmriqb.dll
    O2 - BHO: BHObj Class - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:\WINDOWS\wsem303.dll
    O2 - BHO: Related Page - {9A9C9B69-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\System32\WinNB57.dll
    O2 - BHO: (no name) - {9B986C62-A389-8D2C-FC38-F1EA1FB073B6} - C:\WINDOWS\System32\vmor.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
    O2 - BHO: WhIeHelperObj Class - {c900b400-cdfe-11d3-976a-00e02913a9e0} - C:\Program Files\webHancer\programs\whiehlpr.dll
    O2 - BHO: Banner Rotator - {D117A61F-92C3-4450-A0C8-F425B14D4127} - C:\WINDOWS\System32\adrotate.dll
    O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: EarthLink Toolbar - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - C:\Program Files\EarthLink TotalAccess\PnEL.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: Related Page - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\System32\WinNB57.dll
    O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\System32\taskswitch.exe
    O4 - HKLM\..\Run: [FastUser] C:\WINDOWS\System32\fast.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [EPSON Stylus C82 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0HIC1.EXE /P32 "EPSON Stylus C82 Series (Copy 1)" /O5 "LPT1:" /M "Stylus C82"
    O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"
    O4 - HKLM\..\Run: [adstart] iexplore.exe http://iesettingsupdate
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [Sroc] "C:\DOCUME~1\Dad\MYDOCU~1\aDOBE\ntvdm.exe" -vt mt
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {06FE5D02-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=avlinksearch&c=3c00&LC=0409 (file missing)
    O9 - Extra 'Tools' menuitem: &Find Pages Linking to this URL - {06FE5D02-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=avlinksearch&c=3c00&LC=0409 (file missing)
    O9 - Extra button: (no name) - {06FE5D03-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=avhostsearch&c=3c00&LC=0409 (file missing)
    O9 - Extra 'Tools' menuitem: Find Other Pages on this &Host - {06FE5D03-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=avhostsearch&c=3c00&LC=0409 (file missing)
    O9 - Extra button: (no name) - {06FE5D04-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=altavista&c=3c00&LC=0409 (file missing)
    O9 - Extra 'Tools' menuitem: AV Live - {06FE5D04-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=altavista&c=3c00&LC=0409 (file missing)
    O9 - Extra button: Translate - {06FE5D05-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=avbabelfish&c=3c00&LC=0409 (file missing)
    O9 - Extra 'Tools' menuitem: AV &Translate - {06FE5D05-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=avbabelfish&c=3c00&LC=0409 (file missing)
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
    O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\System32\dmonwv.dll
    O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\System32\dmonwv.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O10 - Hijacked Internet access by WebHancer
    O10 - Hijacked Internet access by WebHancer
    O10 - Hijacked Internet access by WebHancer
    O12 - Plugin for .cdx: C:\Program Files\Internet Explorer\plugins\Npcdn32.dll
    O12 - Plugin for .csm: C:\Program Files\Internet Explorer\Plugins\npchime.dll
    O12 - Plugin for .csml: C:\Program Files\Internet Explorer\Plugins\npchime.dll
    O12 - Plugin for .cub: C:\Program Files\Internet Explorer\Plugins\npchime.dll
    O12 - Plugin for .cube: C:\Program Files\Internet Explorer\Plugins\npchime.dll
    O12 - Plugin for .dx: C:\Program Files\Internet Explorer\Plugins\npchime.dll
    O12 - Plugin for .emb: C:\Program Files\Internet Explorer\Plugins\npchime.dll
    O12 - Plugin for .embl: C:\Program Files\Internet Explorer\Plugins\npchime.dll
    O12 - Plugin for .gau: C:\Program Files\Internet Explorer\Plugins\npchime.dll
    O12 - Plugin for .ipp: C:\Program Files\Internet Explorer\Plugins\npimth32.dll
    O12 - Plugin for .ipt: C:\Program Files\Internet Explorer\Plugins\npimth32.dll
    O12 - Plugin for .jdx: C:\Program Files\Internet Explorer\Plugins\npchime.dll
    O12 - Plugin for .mol: C:\Program Files\Internet Explorer\Plugins\npchime.dll
    O12 - Plugin for .mop: C:\Program Files\Internet Explorer\Plugins\npchime.dll
    O12 - Plugin for .pdb: C:\Program Files\Internet Explorer\Plugins\npchime.dll
    O12 - Plugin for .rxn: C:\Program Files\Internet Explorer\Plugins\npchime.dll
    O12 - Plugin for .scr: C:\Program Files\Internet Explorer\Plugins\npchime.dll
    O12 - Plugin for .skc: C:\Program Files\Internet Explorer\Plugins\npchime.dll
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O12 - Plugin for .spt: C:\Program Files\Internet Explorer\Plugins\npchime.dll
    O12 - Plugin for .tgf: C:\Program Files\Internet Explorer\Plugins\npchime.dll
    O12 - Plugin for .xyz: C:\Program Files\Internet Explorer\Plugins\npchime.dll
    O15 - Trusted Zone: *.adgate.info
    O15 - Trusted Zone: *.dollarrevenue.com
    O15 - Trusted Zone: *.errorsafe.com
    O15 - Trusted Zone: *.imagesrvr.com
    O15 - Trusted Zone: *.matcash.com
    O15 - Trusted Zone: *.media-motor.com
    O15 - Trusted Zone: *.media-motor.net
    O15 - Trusted Zone: *.mediatickets.net
    O15 - Trusted Zone: *.mmohsix.com
    O15 - Trusted Zone: *.mt-download.com
    O15 - Trusted Zone: *.snipernet.biz
    O15 - Trusted Zone: *.snipernet.us
    O15 - Trusted Zone: *.sxload.com
    O15 - Trusted Zone: *.systemdoctor.com
    O15 - Trusted Zone: *.winantivirus.com
    O15 - Trusted Zone: *.winfixer.com
    O15 - Trusted Zone: *.adgate.info (HKLM)
    O15 - Trusted Zone: *.dollarrevenue.com (HKLM)
    O15 - Trusted Zone: *.errorsafe.com (HKLM)
    O15 - Trusted Zone: http://click.getmirar.com (HKLM)
    O15 - Trusted Zone: *.imagesrvr.com (HKLM)
    O15 - Trusted Zone: *.matcash.com (HKLM)
    O15 - Trusted Zone: *.media-motor.com (HKLM)
    O15 - Trusted Zone: *.media-motor.net (HKLM)
    O15 - Trusted Zone: *.mediatickets.net (HKLM)
    O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
    O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
    O15 - Trusted Zone: *.mt-download.com (HKLM)
    O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
    O15 - Trusted Zone: *.snipernet.biz (HKLM)
    O15 - Trusted Zone: *.snipernet.us (HKLM)
    O15 - Trusted Zone: *.systemdoctor.com (HKLM)
    O15 - Trusted Zone: *.winantivirus.com (HKLM)
    O15 - Trusted Zone: *.winfixer.com (HKLM)
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...pple.com/borris/us/win/QuickTimeInstaller.exe
    O16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} (mm06ocx.mm06ocxf) - mk:mad:MSITStore:C:\DOCUME~1\Dad\LOCALS~1\Temp\mma.chm::/joysavsht.cab
    O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab?refid=3084
    O20 - AppInit_DLLs: inicfg32.dll ping.dll C:\WINDOWS\System32\ping.dll
    O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
    O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
    O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\EarthLink TotalAccess\Spyware Blocker\WRSSSDK.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

     
  15. JaPK

    JaPK Regular member

    Joined:
    Feb 23, 2006
    Messages:
    1,269
    Likes Received:
    0
    Trophy Points:
    46
    @ryan8787

    You got a massive malware collection there, it is a shame to destroy such a beautiful collection.. :p

    Cleaning instructions:

    Move HijackThis into its own folder C:\HJT

    Download and install Ewido Anti-Spyware 4.0 -> http://www.ewido.net/en/download/

    -> Open Ewido Anti-Spyware
    -> Click the Update icon at the top of the window
    -> Click the Start update button
    -> Wait for the update to download and install
    -> Quit the program, we'll use this later.

    Download ATF Cleaner by Atribune to your desktop -> http://www.atribune.org/ccount/click.php?id=1
    Do NOT run yet.

    Donwload LSPFix -> http://www.cexx.org/lspfix.htm to yuor desktop.
    DON'T run this program yet. This program is used only if you lost your internet connection during the cleaning.

    Go to Control Panel -> Add/Remove programs -> Remove SafeSurfing, InternetOptimizer, DyFuCa, WebHancer, PuritySCAN By OIN, OuterInfo, OIN if found

    If PuritySCAN By OIN, OuterInfo, OIN were not listed, download and run this uninstaller -> http://www.outerinfo.com/OiUninstaller.exe
    Tutorial for the uninstaller if needed -> http://www.outerinfo.com/howto.html

    Please download Brute Force Uninstaller to your desktop.
    http://www.merijn.org/files/bfu.zip

    -> Right-click the BFU folder on your desktop, and choose Extract All
    -> Click Next
    -> In the box to choose where to extract the files to,
    -> Click Browse
    -> Click on the + sign next to My Computer
    -> Click on Local Disk ( C: ) or whatever your primary drive is
    -> Click Make New Folder
    -> Type in BFU
    -> Click Next, and Uncheck the Show Extracted Files box and then click Finish.


    RIGHT-CLICK the following link and choose "Save As" (in IE it's "Save Target As") in order to download QooFix.bat by LonnyRJones -> http://downloads.subratam.org/Lon/qooFix.bat
    Save it in the same folder you made earlier (c:\BFU).

    Please close ALL other open windows & explorer folder's, then double-click on QooFix.bat
    Choose option #1 (Qoolfix autofix) and follow the prompts.
    Please be patient, it will take about five minutes.

    Download E2TakeOut.exe and unzip it to your desktop -> http://www.malwarebytes.org/E2TakeOut.zip
    -> Doubleclick E2TakeOut.exe
    -> Click Begin Removal
    -> Wait for the scan to end
    -> Restart your computer
    -> A logfile should open, copy its contents to your next reply

    Run HijackThis. Press Do a system scan only, then close all other windows, checkmark the following entries and press Fix checked

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/ymsgr/defaults/sb/*http://www.yahoo...
    R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
    R3 - URLSearchHook: (no name) - _{9B986C62-A389-8D2C-FC38-F1EA1FB073B6} - (no file)
    F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\System32\iygwg.exe
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,stnbqfl.exe
    O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem220.dll
    O2 - BHO: CControl Object - {3643ABC2-21BF-46B9-B230-F247DB0C6FD6} - C:\Program Files\E2G\IeBHOs.dll
    O2 - BHO: RieMon Class - {70F6A776-579A-4C95-BA88-134253907752} - C:\WINDOWS\System32\irsmriqb.dll
    O2 - BHO: BHObj Class - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:\WINDOWS\wsem303.dll
    O2 - BHO: Related Page - {9A9C9B69-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\System32\WinNB57.dll
    O2 - BHO: (no name) - {9B986C62-A389-8D2C-FC38-F1EA1FB073B6} - C:\WINDOWS\System32\vmor.dll
    O2 - BHO: WhIeHelperObj Class - {c900b400-cdfe-11d3-976a-00e02913a9e0} - C:\Program Files\webHancer\programs\whiehlpr.dll
    O2 - BHO: Banner Rotator - {D117A61F-92C3-4450-A0C8-F425B14D4127} - C:\WINDOWS\System32\adrotate.dll
    O3 - Toolbar: Related Page - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\System32\WinNB57.dll
    O4 - HKLM\..\Run: [adstart] iexplore.exe http://iesettingsupdate
    O4 - HKCU\..\Run: [Sroc] "C:\DOCUME~1\Dad\MYDOCU~1\aDOBE\ntvdm.exe" -vt mt
    O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\System32\dmonwv.dll
    O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\System32\dmonwv.dll
    O15 - Trusted Zone: *.adgate.info
    O15 - Trusted Zone: *.dollarrevenue.com
    O15 - Trusted Zone: *.errorsafe.com
    O15 - Trusted Zone: *.imagesrvr.com
    O15 - Trusted Zone: *.matcash.com
    O15 - Trusted Zone: *.media-motor.com
    O15 - Trusted Zone: *.media-motor.net
    O15 - Trusted Zone: *.mediatickets.net
    O15 - Trusted Zone: *.mmohsix.com
    O15 - Trusted Zone: *.mt-download.com
    O15 - Trusted Zone: *.snipernet.biz
    O15 - Trusted Zone: *.snipernet.us
    O15 - Trusted Zone: *.sxload.com
    O15 - Trusted Zone: *.systemdoctor.com
    O15 - Trusted Zone: *.winantivirus.com
    O15 - Trusted Zone: *.winfixer.com
    O15 - Trusted Zone: *.adgate.info (HKLM)
    O15 - Trusted Zone: *.dollarrevenue.com (HKLM)
    O15 - Trusted Zone: *.errorsafe.com (HKLM)
    O15 - Trusted Zone: http://click.getmirar.com (HKLM)
    O15 - Trusted Zone: *.imagesrvr.com (HKLM)
    O15 - Trusted Zone: *.matcash.com (HKLM)
    O15 - Trusted Zone: *.media-motor.com (HKLM)
    O15 - Trusted Zone: *.media-motor.net (HKLM)
    O15 - Trusted Zone: *.mediatickets.net (HKLM)
    O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
    O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
    O15 - Trusted Zone: *.mt-download.com (HKLM)
    O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
    O15 - Trusted Zone: *.snipernet.biz (HKLM)
    O15 - Trusted Zone: *.snipernet.us (HKLM)
    O15 - Trusted Zone: *.systemdoctor.com (HKLM)
    O15 - Trusted Zone: *.winantivirus.com (HKLM)
    O15 - Trusted Zone: *.winfixer.com (HKLM)
    O16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} (mm06ocx.mm06ocxf) - mk:mad:MSITStore:C:\DOCUME~1\Dad\LOCALS~1\Temp\mma.chm::/joysavsht.cab
    O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab?refid=3084
    O20 - AppInit_DLLs: inicfg32.dll ping.dll C:\WINDOWS\System32\ping.dll

    Fix this too if you haven't blocked acces to IE settings:
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

    Make your hidden files visible -> http://www.bleepingcomputer.com/tutorials/tutorial62.html
    Restart your computer to the safemode -> http://www.pchell.com/support/safemode.shtml

    Delete these folders (if found):
    C:\Program Files\WebHancer
    C:\Program Files\PurityScan
    C:\Program Files\SafeSurfing
    C:\Program Files\InternetOptimizer
    C:\Program Files\DyFuCa

    Delete these files (if found):
    C:\WINDOWS\nem220.dll
    C:\WINDOWS\System32\irsmriqb.dll
    C:\WINDOWS\wsem303.dll
    C:\WINDOWS\System32\WinNB57.dll
    C:\WINDOWS\System32\vmor.dll
    C:\WINDOWS\System32\adrotate.dll
    C:\WINDOWS\System32\WinNB57.dll

    Run ATF Cleaner -> Check select all -> Press Empty selected

    -> Open Ewido Anti-Spyware
    -> Click the Scanner icon at the top of the window
    -> Click the Settings tab then select Recommended Options and choose Quarantine
    -> Click the Scan tab
    -> Select Complete System Scan. The scanning begins.
    -> When the scan has completed, click on the Save Scan Report button and save the scan to your Desktop.
    -> Copy and paste the scan results into your next post

    Clean the Recycle bin and make your hidden files visible again.

    Restart your computer normally.

    Post the following logs to here:
    -> a fresh HijackThis log
    -> Ewido's log
    -> E2TakeOut log

    (IF you lost your internet connection during the new.net removal, doubleclik LSPFix.exe. Check "I know what I'm doing" option.You see two panels; If something is listed in "Remove" panel on the right side, leave it there and press "Finish>>". Then restart your computer and the connection should work. If nothing is listed in "Remove" panel, DO NOTHING, close LSPFix. Go to some different machine to get help. (This is just a precaution. Usually the internet connection stays ok ;) )
     
  16. ryan8787

    ryan8787 Member

    Joined:
    Apr 20, 2006
    Messages:
    15
    Likes Received:
    0
    Trophy Points:
    11
    I think that my laptop might have a minor infection. It seems to be lagging more than it used to.......would you mind taking a look at my log???

    Logfile of HijackThis v1.99.1
    Scan saved at 1:29:29 AM, on 7/2/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\pctspk.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\RAM Idle\RAM_XP.exe
    C:\Program Files\Ahead\InCD\InCD.exe
    C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZSTC07.EXE
    C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32Info.exe
    C:\Documents and Settings\Joshua\Desktop\hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.netscape.com/
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
    O4 - HKLM\..\Run: [PVR Agent] C:\Program Files\Airlink101\PVR-PLUS\TVR\Scheduled.exe
    O4 - HKLM\..\Run: [RAM Idle Professional] C:\Program Files\RAM Idle\RAM_XP.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: hp psc 1000 series.lnk = ?
    O4 - Global Startup: hpoddt01.exe.lnk = ?
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: InCD Helper (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

    THANKS!!
     
  17. JaPK

    JaPK Regular member

    Joined:
    Feb 23, 2006
    Messages:
    1,269
    Likes Received:
    0
    Trophy Points:
    46
    Hi ryan8787, your laptop seems to be clean but you should install a firewall and an antivirus into it.

    These are good (free) firewalls:
    ZoneAlarm --> http://www.zonelabs.com
    Kerio--> http://www.sunbelt-software.com/Kerio.cfm
    Outpost-> http://www.agnitum.com

    These are good (free) antiviruses:
    AVG Antivirus --> http://www.grisoft.com
    Avast --> http://www.avast.com

    You can fix these with HijackThis if you want to free your memory:

    O4 - HKLM\..\Run: [RAM Idle Professional] C:\Program Files\RAM Idle\RAM_XP.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: hp psc 1000 series.lnk = ?
    O4 - Global Startup: hpoddt01.exe.lnk = ?

    Could you please post the logs from the first computer when you have completed the steps in my last message.
     
    Last edited: Jul 1, 2006
  18. ryan8787

    ryan8787 Member

    Joined:
    Apr 20, 2006
    Messages:
    15
    Likes Received:
    0
    Trophy Points:
    11
    Here are all of my log files.... some of the entries that you said i needed to fix were gone when i tried..... I hope it is a little better......

    ---------------------------------------------------------
    ewido anti-spyware - Scan Report
    ---------------------------------------------------------

    + Created at: 6:37:24 PM 7/3/2006

    + Scan result:



    C:\Recycled\NPROTECT\00252479.exe -> Adware.180Solutions : Cleaned with backup (quarantined).
    C:\Recycled\NPROTECT\00252484.DLL -> Adware.180Solutions : Cleaned with backup (quarantined).
    C:\Recycled\NPROTECT\00252489.exe -> Adware.180Solutions : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{2658ADF7-86F7-4F39-9865-291390ADE737}\RP1015\A0124742.exe -> Adware.180Solutions : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{2658ADF7-86F7-4F39-9865-291390ADE737}\RP1016\A0125577.exe -> Adware.180Solutions : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{2658ADF7-86F7-4F39-9865-291390ADE737}\RP1016\A0125773.dll -> Adware.180Solutions : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{2658ADF7-86F7-4F39-9865-291390ADE737}\RP942\A0111797.dll -> Adware.180Solutions : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{2658ADF7-86F7-4F39-9865-291390ADE737}\RP952\A0112818.dll -> Adware.180Solutions : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{2658ADF7-86F7-4F39-9865-291390ADE737}\RP952\A0112819.dll -> Adware.180Solutions : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{2658ADF7-86F7-4F39-9865-291390ADE737}\RP958\A0112848.dll -> Adware.180Solutions : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{2658ADF7-86F7-4F39-9865-291390ADE737}\RP958\A0112849.dll -> Adware.180Solutions : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{2658ADF7-86F7-4F39-9865-291390ADE737}\RP969\A0112964.exe -> Adware.180Solutions : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{2658ADF7-86F7-4F39-9865-291390ADE737}\RP970\A0112994.exe -> Adware.180Solutions : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{2658ADF7-86F7-4F39-9865-291390ADE737}\RP970\A0112998.dll -> Adware.180Solutions : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{2658ADF7-86F7-4F39-9865-291390ADE737}\RP970\A0112999.dll -> Adware.180Solutions : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{2658ADF7-86F7-4F39-9865-291390ADE737}\RP970\A0113000.dll -> Adware.180Solutions : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{2658ADF7-86F7-4F39-9865-291390ADE737}\RP973\A0113894.dll -> Adware.180Solutions : Cleaned with backup (quarantined).
    C:\Program Files\Pocket Hosts\Hosts.MIPSH.exe -> Adware.Agent : Cleaned with backup (quarantined).
    C:\Recycled\NPROTECT\00252965.exe -> Adware.Agent : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{2658ADF7-86F7-4F39-9865-291390ADE737}\RP1016\A0127536.exe -> Adware.Agent : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{2658ADF7-86F7-4F39-9865-291390ADE737}\RP1016\A0128528.exe -> Adware.Agent : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{2658ADF7-86F7-4F39-9865-291390ADE737}\RP1016\A0128539.exe -> Adware.Agent : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{2658ADF7-86F7-4F39-9865-291390ADE737}\RP1016\A0128556.exe -> Adware.Agent : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{2658ADF7-86F7-4F39-9865-291390ADE737}\RP1016\A0129557.exe -> Adware.Agent : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{2658ADF7-86F7-4F39-9865-291390ADE737}\RP1017\A0130556.exe -> Adware.Agent : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{2658ADF7-86F7-4F39-9865-291390ADE737}\RP1018\A0131556.exe -> Adware.Agent : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{2658ADF7-86F7-4F39-9865-291390ADE737}\RP1018\A0131566.exe -> Adware.Agent : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{2658ADF7-86F7-4F39-9865-291390ADE737}\RP1018\A0131621.exe -> Adware.Agent : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{2658ADF7-86F7-4F39-9865-291390ADE737}\RP1018\A0131632.exe -> Adware.Agent : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{2658ADF7-86F7-4F39-9865-291390ADE737}\RP1018\A0131665.exe -> Adware.Agent : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{2658ADF7-86F7-4F39-9865-291390ADE737}\RP1018\A0131666.EXE -> Adware.Agent : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{2658ADF7-86F7-4F39-9865-291390ADE737}\RP1018\A0132643.exe -> Adware.Agent : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{2658ADF7-86F7-4F39-9865-291390ADE737}\RP1018\A0133644.exe -> Adware.Agent : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{2658ADF7-86F7-4F39-9865-291390ADE737}\RP1018\A0134644.exe -> Adware.Agent : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{2658ADF7-86F7-4F39-9865-291390ADE737}\RP1018\A0135646.exe -> Adware.Agent : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{2658ADF7-86F7-4F39-9865-291390ADE737}\RP1018\A0136643.exe -> Adware.Agent : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{2658ADF7-86F7-4F39-9865-291390ADE737}\RP1018\A0137643.exe -> Adware.Agent : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{2658ADF7-86F7-4F39-9865-291390ADE737}\RP1018\A0138660.exe -> Adware.Agent : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{2658ADF7-86F7-4F39-9865-291390ADE737}\RP1018\A0139660.exe -> Adware.Agent : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{2658ADF7-86F7-4F39-9865-291390ADE737}\RP1018\A0140664.exe -> Adware.Agent : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{2658ADF7-86F7-4F39-9865-291390ADE737}\RP1018\A0140692.exe -> Adware.Agent : Cleaned with backup (quarantined).
    C:\Program Files\Altnet -> Adware.Altnet : Cleaned with backup (quarantined).
    C:\Program Files\Altnet\Points Manager -> Adware.Altnet : Cleaned with backup (quarantined).
    C:\Program Files\Altnet\Points Manager\Points Manager.exe -> Adware.Altnet : Cleaned with backup (quarantined).
    C:\Program Files\PestPatrol\Quarantine\20050121200053.zip/Program Files/altnet/download manager/adm25.dll -> Adware.Altnet : Cleaned with backup (quarantined).
    C:\Program Files\PestPatrol\Quarantine\20050121200053.zip/Program Files/altnet/download manager/adm4.dll -> Adware.Altnet : Cleaned with backup (quarantined).
    C:\Program Files\PestPatrol\Quarantine\20050121200053.zip/Program Files/altnet/download manager/adm4005.exe -> Adware.Altnet : Cleaned with backup (quarantined).
    C:\Program Files\PestPatrol\Quarantine\20050121200053.zip/Program Files/altnet/download manager/admdloader.dll -> Adware.Altnet : Cleaned with backup (quarantined).
    C:\Program Files\PestPatrol\Quarantine\20050121200053.zip/Program Files/altnet/download manager/admfdi.dll -> Adware.Altnet : Cleaned with backup (quarantined).
    C:\Program Files\PestPatrol\Quarantine\20050121200053.zip/Program Files/altnet/download manager/admprog.dll -> Adware.Altnet : Cleaned with backup (quarantined).
    C:\Program Files\PestPatrol\Quarantine\20050121200053.zip/Program Files/altnet/download manager/altnetuninstall.exe -> Adware.Altnet : Cleaned with backup (quarantined).
    C:\Program Files\PestPatrol\Quarantine\20050121200053.zip/Program Files/altnet/download manager/asm.exe -> Adware.Altnet : Cleaned with backup (quarantined).
    C:\Program Files\PestPatrol\Quarantine\20050121200053.zip/Program Files/altnet/download manager/asmps.dll -> Adware.Altnet : Cleaned with backup (quarantined).
    C:\Program Files\PestPatrol\Quarantine\20050121200053.zip/WINDOWS/temp/altnet/Setup.exe -> Adware.Altnet : Cleaned with backup (quarantined).
    C:\Program Files\PestPatrol\Quarantine\20050121200053.zip/WINDOWS/temp/altnet/adm.exe -> Adware.Altnet : Cleaned with backup (quarantined).
    C:\Program Files\PestPatrol\Quarantine\20050121200053.zip/WINDOWS/temp/altnet/adm25.dll -> Adware.Altnet : Cleaned with backup (quarantined).
    C:\Program Files\PestPatrol\Quarantine\20050121200053.zip/WINDOWS/temp/altnet/adm4.dll -> Adware.Altnet : Cleaned with backup (quarantined).
    C:\Program Files\PestPatrol\Quarantine\20050121200053.zip/WINDOWS/temp/altnet/admdloader.dll -> Adware.Altnet : Cleaned with backup (quarantined).
    C:\Program Files\PestPatrol\Quarantine\20050121200053.zip/WINDOWS/temp/altnet/admfdi.dll -> Adware.Altnet : Cleaned with backup (quarantined).
    C:\Program Files\PestPatrol\Quarantine\20050121200053.zip/WINDOWS/temp/altnet/admprog.dll -> Adware.Altnet : Cleaned with backup (quarantined).
    C:\Program Files\PestPatrol\Quarantine\20050121200053.zip/WINDOWS/temp/altnet/dmfiles.cab/AltnetUninstall.exe -> Adware.Altnet : Cleaned with backup (quarantined).
    C:\Program Files\PestPatrol\Quarantine\20050121200053.zip/WINDOWS/temp/altnet/pmexe.cab/Points Manager.exe -> Adware.Altnet : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\ADM.ADM -> Adware.Altnet : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\ADM.ADM.1 -> Adware.Altnet : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\ADM.ADM\CLSID -> Adware.Altnet : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\ADM.ADM\CurVer -> Adware.Altnet : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\ADM25.ADM25 -> Adware.Altnet : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\ADM25.ADM25.1 -> Adware.Altnet : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\ADM25.ADM25\CurVer -> Adware.Altnet : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\ADM4.ADM4 -> Adware.Altnet : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\ADM4.ADM4.1 -> Adware.Altnet : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\ADM4.ADM4\CurVer -> Adware.Altnet : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\AppID\Altnet Signing Module.EXE -> Adware.Altnet : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\AppID\adm.EXE -> Adware.Altnet : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\SigningModule.SigningModule -> Adware.Altnet : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\SigningModule.SigningModule.1 -> Adware.Altnet : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\SigningModule.SigningModule\CLSID -> Adware.Altnet : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\SigningModule.SigningModule\CurVer -> Adware.Altnet : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\TopSearch.TSLink -> Adware.Altnet : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\TopSearch.TSLink.1 -> Adware.Altnet : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\TopSearch.TSLink\CLSID -> Adware.Altnet : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\TopSearch.TSLink\CurVer -> Adware.Altnet : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AltnetDM -> Adware.Altnet : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{2658ADF7-86F7-4F39-9865-291390ADE737}\RP1018\A0140676.DLL -> Adware.BetterInternet : Cleaned with backup (quarantined).
    C:\Program Files\PestPatrol\Quarantine\20050121200053.zip/Program Files/altnet/points manager/sysdetect.dll -> Adware.BrilliantDigital : Cleaned with backup (quarantined).
    C:\Program Files\PestPatrol\Quarantine\20050121200053.zip/WINDOWS/temp/altnet/pmfiles.cab/sysdetect.dll -> Adware.BrilliantDigital : Cleaned with backup (quarantined).
    C:\Program Files\PestPatrol\Quarantine\20041031162248182.zip/WINDOWS/system32/cd_clint.dll -> Adware.Cydoor : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{2658ADF7-86F7-4F39-9865-291390ADE737}\RP1018\A0140669.dll -> Adware.E2Give : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{2658ADF7-86F7-4F39-9865-291390ADE737}\RP1018\A0140694.dll -> Adware.E2give : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{2658ADF7-86F7-4F39-9865-291390ADE737}\RP1018\A0135640.dll -> Adware.EZula : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{2658ADF7-86F7-4F39-9865-291390ADE737}\RP1018\A0135641.dll -> Adware.Ezula : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Microsoft\Netstat -> Adware.Ezula : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Avenue Media -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Avenue Media\Internet Optimizer -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Avenue Media\Internet Optimizer\Active Alert -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Avenue Media\Internet Optimizer\Active Alert\cf1 -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Avenue Media\Internet Optimizer\Software Installer -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Avenue Media\Internet Optimizer\WSE -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Avenue Media\Internet Optimizer\WSE\cf1 -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Avenue Media\Internet Optimizer\WSE\cf2 -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Avenue Media\Internet Optimizer\WSE\cf3 -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Avenue Media\Internet Optimizer\WSE\cf4 -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Avenue Media\Internet Optimizer\WSE\cf5 -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Optimizer -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Kapabout -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Rotue -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\AMeOpt -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Policies\Avenue Media -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
    HKU\S-1-5-21-343818398-1606980848-1957994488-1005\Software\Avenue Media -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
    HKU\S-1-5-21-343818398-1606980848-1957994488-1005\Software\Microsoft\Windows\CurrentVersion\Policies\AMeOpt -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
    HKU\S-1-5-21-343818398-1606980848-1957994488-1005\Software\Policies\Avenue Media -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
    C:\HJT\backups\backup-20060703-175235-717.dll -> Adware.MediaMotor : Cleaned with backup (quarantined).
    C:\Recycled\NPROTECT\00253146.ocx -> Adware.MediaMotor : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{2658ADF7-86F7-4F39-9865-291390ADE737}\RP1016\A0127539.ocx -> Adware.MediaMotor : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{2658ADF7-86F7-4F39-9865-291390ADE737}\RP1016\A0129560.ocx -> Adware.MediaMotor : Cleaned with backup (quarantined).
    C:\WINDOWS\pop06ap2.exe -> Adware.MediaMotor : Cleaned with backup (quarantined).
    C:\WINDOWS\unstall.exe -> Adware.MediaMotor : Cleaned with backup (quarantined).
    C:\WINDOWS\up9.exe -> Adware.MediaMotor : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\media-motor -> Adware.MediaMotor : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{2658ADF7-86F7-4F39-9865-291390ADE737}\RP1016\A0128568.exe -> Adware.MediaTickets : Cleaned with backup (quarantined).
    C:\WINDOWS\mtuninst.exe -> Adware.MediaTickets : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{2658ADF7-86F7-4F39-9865-291390ADE737}\RP1018\A0140675.dll -> Adware.Mirar : Cleaned with backup (quarantined).
    C:\WINDOWS\SYSTEM32\WinATS.dll -> Adware.Mirar : Cleaned with backup (quarantined).
    C:\WINDOWS\SYSTEM32\WinDmy.dll -> Adware.Mirar : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\DyFuCA_BH.BHObj -> Adware.MoneyTree : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\DyFuCA_BH.BHObj.1 -> Adware.MoneyTree : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\DyFuCA_BH.BHObj\CLSID -> Adware.MoneyTree : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\DyFuCA_BH.BHObj\CurVer -> Adware.MoneyTree : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\DyFuCA_BH.SinkObj -> Adware.MoneyTree : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\DyFuCA_BH.SinkObj.1 -> Adware.MoneyTree : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\DyFuCA_BH.SinkObj\CLSID -> Adware.MoneyTree : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\DyFuCA_BH.SinkObj\CurVer -> Adware.MoneyTree : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DyFuCA -> Adware.MoneyTree : Cleaned with backup (quarantined).
    C:\WINDOWS\mirar.exe -> Adware.NetNucleus : Cleaned with backup (quarantined).
    C:\WINDOWS\SYSTEM32\P2P Networking -> Adware.P2PNetworking : Cleaned with backup (quarantined).
    C:\WINDOWS\SYSTEM32\P2P Networking\P2P Networking.exe -> Adware.P2PNetworking : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\WebP2PInstaller.Installer -> Adware.P2PNetworking : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\WebP2PInstaller.Installer.1 -> Adware.P2PNetworking : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\WebP2PInstaller.Installer\CLSID -> Adware.P2PNetworking : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\WebP2PInstaller.Installer\CurVer -> Adware.P2PNetworking : Cleaned with backup (quarantined).
    C:\WINDOWS\Downloaded Program Files\WebP2PInstaller.dll -> Adware.PeerNet : Cleaned with backup (quarantined).
    C:\Recycled\NPROTECT\00252312.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{2658ADF7-86F7-4F39-9865-291390ADE737}\RP1018\A0133640.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{2658ADF7-86F7-4F39-9865-291390ADE737}\RP1018\A0134640.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{2658ADF7-86F7-4F39-9865-291390ADE737}\RP1018\A0140680.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{2658ADF7-86F7-4F39-9865-291390ADE737}\RP1018\A0140695.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Clickspring -> Adware.PurityScan : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Optimizer Active Alert -> Adware.SafeSurfing : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Optimizer Software Installer -> Adware.SafeSurfing : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{2658ADF7-86F7-4F39-9865-291390ADE737}\RP1016\A0127532.dll -> Adware.SideFind : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{2658ADF7-86F7-4F39-9865-291390ADE737}\RP1018\A0131647.dll -> Adware.SideFind : Cleaned with backup (quarantined).
    C:\HJT\backups\backup-20060703-175234-471.dll -> Adware.Trafgen : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{2658ADF7-86F7-4F39-9865-291390ADE737}\RP1018\A0140704.dll -> Adware.Trafgen : Cleaned with backup (quarantined).
    C:\Program Files\whInstall -> Adware.Webhancer : Cleaned with backup (quarantined).
    C:\Program Files\whInstall\WhSurvey.exe -> Adware.Webhancer : Cleaned with backup (quarantined).
    C:\Program Files\whInstall\license.txt -> Adware.Webhancer : Cleaned with backup (quarantined).
    C:\Program Files\whInstall\readme.txt -> Adware.Webhancer : Cleaned with backup (quarantined).
    C:\Program Files\whInstall\whAgent.inf -> Adware.Webhancer : Cleaned with backup (quarantined).
    C:\Program Files\whInstall\whAgent.ini -> Adware.Webhancer : Cleaned with backup (quarantined).
    C:\Program Files\whInstall\whInstaller.ini -> Adware.Webhancer : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{2658ADF7-86F7-4F39-9865-291390ADE737}\RP1016\A0127527.exe -> Adware.WebHancer : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{2658ADF7-86F7-4F39-9865-291390ADE737}\RP1016\A0127528.dll -> Adware.WebHancer : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{2658ADF7-86F7-4F39-9865-291390ADE737}\RP1016\A0127529.exe -> Adware.WebHancer : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{2658ADF7-86F7-4F39-9865-291390ADE737}\RP1016\A0127530.dll -> Adware.WebHancer : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{2658ADF7-86F7-4F39-9865-291390ADE737}\RP1016\A0127543.dll -> Adware.WebHancer : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{2658ADF7-86F7-4F39-9865-291390ADE737}\RP1016\A0127544.exe -> Adware.WebHancer : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{2658ADF7-86F7-4F39-9865-291390ADE737}\RP1018\A0131648.EXE/whAgent.exe -> Adware.WebHancer : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{2658ADF7-86F7-4F39-9865-291390ADE737}\RP1018\A0140666.dll -> Adware.WebHancer : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{2658ADF7-86F7-4F39-9865-291390ADE737}\RP1018\A0140671.dll -> Adware.WebHancer : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{2658ADF7-86F7-4F39-9865-291390ADE737}\RP1018\A0140713.exe -> Adware.WebHancer : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{2658ADF7-86F7-4F39-9865-291390ADE737}\RP1018\A0140714.exe -> Adware.WebHancer : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{2658ADF7-86F7-4F39-9865-291390ADE737}\RP1018\A0140715.exe -> Adware.WebHancer : Cleaned with backup (quarantined).
    C:\WINDOWS\webhdll.dll -> Adware.WebHancer : Cleaned with backup (quarantined).
    C:\WINDOWS\whCC-GIANT.exe/WhAgent.exe -> Adware.WebHancer : Cleaned with backup (quarantined).
    C:\WINDOWS\whInstaller.exe -> Adware.WebHancer : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\WhIeHelperObj.WhIeHelperObj -> Adware.WebHancer : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\WhIeHelperObj.WhIeHelperObj.1 -> Adware.WebHancer : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\WhIeHelperObj.WhIeHelperObj\CurVer -> Adware.WebHancer : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\webHancer -> Adware.WebHancer : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\webHancer\CC -> Adware.WebHancer : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\webHancer\ESO -> Adware.WebHancer : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{2658ADF7-86F7-4F39-9865-291390ADE737}\RP1015\A0124791.dll -> Adware.Zango : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{2658ADF7-86F7-4F39-9865-291390ADE737}\RP1015\A0124792.dll -> Adware.Zango : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{2658ADF7-86F7-4F39-9865-291390ADE737}\RP1016\A0125580.dll -> Adware.Zango : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{2658ADF7-86F7-4F39-9865-291390ADE737}\RP1016\A0125581.dll -> Adware.Zango : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{2658ADF7-86F7-4F39-9865-291390ADE737}\RP1018\A0135642.dll -> Adware.Zango : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{2658ADF7-86F7-4F39-9865-291390ADE737}\RP969\A0112964.exe/Plugins\npclntax.dll -> Adware.Zango : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{2658ADF7-86F7-4F39-9865-291390ADE737}\RP970\A0112997.dll -> Adware.Zango : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{2658ADF7-86F7-4F39-9865-291390ADE737}\RP973\A0113892.dll -> Adware.Zango : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{2658ADF7-86F7-4F39-9865-291390ADE737}\RP973\A0113895.dll -> Adware.Zango : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{2658ADF7-86F7-4F39-9865-291390ADE737}\RP973\A0113896.dll -> Adware.Zango : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{2658ADF7-86F7-4F39-9865-291390ADE737}\RP973\A0113912.dll -> Adware.Zango : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{2658ADF7-86F7-4F39-9865-291390ADE737}\RP973\A0113913.DLL -> Adware.Zango : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{2658ADF7-86F7-4F39-9865-291390ADE737}\RP993\A0116858.dll -> Adware.Zango : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{2658ADF7-86F7-4F39-9865-291390ADE737}\RP994\A0116950.DLL -> Adware.Zango : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{2658ADF7-86F7-4F39-9865-291390ADE737}\RP994\A0116951.DLL -> Adware.Zango : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{2658ADF7-86F7-4F39-9865-291390ADE737}\RP997\A0119479.dll -> Adware.Zango : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{2658ADF7-86F7-4F39-9865-291390ADE737}\RP997\A0119480.dll -> Adware.Zango : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{2658ADF7-86F7-4F39-9865-291390ADE737}\RP999\A0121601.dll -> Adware.Zango : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{2658ADF7-86F7-4F39-9865-291390ADE737}\RP999\A0121602.dll -> Adware.Zango : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{2658ADF7-86F7-4F39-9865-291390ADE737}\RP1018\A0140673.DLL -> Downloader.Agent.agw : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{2658ADF7-86F7-4F39-9865-291390ADE737}\RP1018\A0140672.DLL -> Downloader.Dyfuca : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{2658ADF7-86F7-4F39-9865-291390ADE737}\RP1018\A0140670.DLL -> Downloader.Dyfuca.dt : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{2658ADF7-86F7-4F39-9865-291390ADE737}\RP1018\A0140705.exe -> Downloader.Dyfuca.ey : Cleaned with backup (quarantined).
    C:\WINDOWS\optimize.exe -> Downloader.Dyfuca.ey : Cleaned with backup (quarantined).
    C:\Program Files\PestPatrol\Quarantine\20041031162248182.zip/WINDOWS/browserxtras/pn/remove.exe -> Downloader.Keenval.f : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{2658ADF7-86F7-4F39-9865-291390ADE737}\RP1016\A0128567.exe -> Downloader.PurityScan.cp : Cleaned with backup (quarantined).
    C:\WINDOWS\SYSTEM32\oins.exe -> Downloader.PurityScan.cp : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{2658ADF7-86F7-4F39-9865-291390ADE737}\RP1016\A0127525.exe -> Downloader.Qoologic.at : Cleaned with backup (quarantined).
    C:\Recycled\NPROTECT\00253086.exe -> Downloader.Qoologic.bj : Cleaned with backup (quarantined).
    C:\Recycled\NPROTECT\00253087.dat -> Downloader.Qoologic.bj : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{2658ADF7-86F7-4F39-9865-291390ADE737}\RP1018\A0140667.exe -> Downloader.Qoologic.bj : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{2658ADF7-86F7-4F39-9865-291390ADE737}\RP1018\A0140668.dll -> Downloader.Qoologic.bj : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{2658ADF7-86F7-4F39-9865-291390ADE737}\RP1018\A0140674.exe -> Downloader.Qoologic.bj : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{2658ADF7-86F7-4F39-9865-291390ADE737}\RP1018\A0140681.exe -> Downloader.Qoologic.bj : Cleaned with backup (quarantined).
    C:\WINDOWS\pi1_36.exe -> Downloader.Small.cqy : Cleaned with backup (quarantined).
    C:\WINDOWS\xload.exe -> Downloader.VB.wz : Cleaned with backup (quarantined).
    C:\Recycled\NPROTECT\00253066.OCX -> Dropper.PurityScan.ae : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{2658ADF7-86F7-4F39-9865-291390ADE737}\RP1016\A0128566.exe -> Hijacker.VB.lb : Cleaned with backup (quarantined).
    C:\WINDOWS\SYSTEM32\a.exe -> Hijacker.VB.lb : Cleaned with backup (quarantined).
    C:\Recycled\NPROTECT\00253127.exe -> Logger.VB.eh : Cleaned with backup (quarantined).
    C:\Recycled\NPROTECT\00253128.exe -> Logger.VB.eh : Cleaned with backup (quarantined).
    C:\WINDOWS\Downloaded Program Files\CONFLICT.1\USDR6_0001_D08M0404NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.l : Cleaned with backup (quarantined).
    C:\WINDOWS\Downloaded Program Files\CONFLICT.2\USDR6_0001_D08M0404NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.l : Cleaned with backup (quarantined).
    C:\WINDOWS\Downloaded Program Files\USDR6_0001_D08M0404NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.l : Cleaned with backup (quarantined).
    C:\Program Files\PestPatrol\Quarantine\20050307154040.zip/Documents and Settings/Dad/Cookies/dad@2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    C:\Program Files\PestPatrol\Quarantine\20050307154040.zip/Documents and Settings/Dad/Cookies/dad@z1.adserver[1].txt -> TrackingCookie.Adserver : Cleaned with backup (quarantined).
    C:\Program Files\PestPatrol\Quarantine\20050307154040.zip/Documents and Settings/Dad/Cookies/dad@atdmt[1].txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
    C:\Program Files\PestPatrol\Quarantine\20050307154040.zip/Documents and Settings/Dad/Cookies/dad@bfast[2].txt -> TrackingCookie.Bfast : Cleaned with backup (quarantined).
    C:\Program Files\PestPatrol\Quarantine\20050307154040.zip/Documents and Settings/Dad/Cookies/dad@centrport[1].txt -> TrackingCookie.Centrport : Cleaned with backup (quarantined).
    C:\Program Files\PestPatrol\Quarantine\20050307154040.zip/Documents and Settings/Dad/Cookies/dad@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
    C:\Program Files\PestPatrol\Quarantine\20050307154040.zip/Documents and Settings/Dad/Cookies/dad@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
    C:\Program Files\PestPatrol\Quarantine\20050307154040.zip/Documents and Settings/Dad/Cookies/dad@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined).
    C:\Program Files\PestPatrol\Quarantine\20050307154040.zip/Documents and Settings/Dad/Cookies/dad@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
    C:\Program Files\PestPatrol\Quarantine\20050307154040.zip/Documents and Settings/Dad/Cookies/dad@statcounter[1].txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
    C:\Program Files\PestPatrol\Quarantine\20050307154040.zip/Documents and Settings/Dad/Cookies/dad@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{2658ADF7-86F7-4F39-9865-291390ADE737}\RP1018\A0140682.exe -> Trojan.Qoologic : Cleaned with backup (quarantined).
    C:\Program Files\Bano\Ylet.exe -> Trojan.Small.cy : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{2658ADF7-86F7-4F39-9865-291390ADE737}\RP1018\A0140710.exe -> Trojan.Small.cy : Cleaned with backup (quarantined).


    ::Report end

    E2TakeOut v1.01 [http://www.malwarebytes.org]

    Removed! C:\WINDOWS\System32\inicfg32.dll
    Removed directory and files! C:\Program Files\E2G
    Removed orphaned leftovers
    AppInit key reset

    Logfile of HijackThis v1.99.1
    Scan saved at 6:40:40 PM, on 7/3/2006
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\EarthLink TotalAccess\Spyware Blocker\WRSSSDK.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\ewido anti-spyware 4.0\ewido.exe
    C:\HJT\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.earthlink.net
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/more/msie/button/search.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.meloco.com/index.php?i=sm
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
    O2 - BHO: EarthLink Popup Blocker - {4B5F2E08-6F39-479a-B547-B2026E4C7EDF} - C:\Program Files\EarthLink TotalAccess\PnEL.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
    O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: EarthLink Toolbar - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - C:\Program Files\EarthLink TotalAccess\PnEL.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\System32\taskswitch.exe
    O4 - HKLM\..\Run: [FastUser] C:\WINDOWS\System32\fast.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [EPSON Stylus C82 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0HIC1.EXE /P32 "EPSON Stylus C82 Series (Copy 1)" /O5 "LPT1:" /M "Stylus C82"
    O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"
    O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {06FE5D02-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=avlinksearch&c=3c00&LC=0409 (file missing)
    O9 - Extra 'Tools' menuitem: &Find Pages Linking to this URL - {06FE5D02-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=avlinksearch&c=3c00&LC=0409 (file missing)
    O9 - Extra button: (no name) - {06FE5D03-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=avhostsearch&c=3c00&LC=0409 (file missing)
    O9 - Extra 'Tools' menuitem: Find Other Pages on this &Host - {06FE5D03-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=avhostsearch&c=3c00&LC=0409 (file missing)
    O9 - Extra button: (no name) - {06FE5D04-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=altavista&c=3c00&LC=0409 (file missing)
    O9 - Extra 'Tools' menuitem: AV Live - {06FE5D04-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=altavista&c=3c00&LC=0409 (file missing)
    O9 - Extra button: Translate - {06FE5D05-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=avbabelfish&c=3c00&LC=0409 (file missing)
    O9 - Extra 'Tools' menuitem: AV &Translate - {06FE5D05-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=avbabelfish&c=3c00&LC=0409 (file missing)
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O12 - Plugin for .cdx: C:\Program Files\Internet Explorer\plugins\Npcdn32.dll
    O12 - Plugin for .csm: C:\Program Files\Internet Explorer\Plugins\npchime.dll
    O12 - Plugin for .csml: C:\Program Files\Internet Explorer\Plugins\npchime.dll
    O12 - Plugin for .cub: C:\Program Files\Internet Explorer\Plugins\npchime.dll
    O12 - Plugin for .cube: C:\Program Files\Internet Explorer\Plugins\npchime.dll
    O12 - Plugin for .dx: C:\Program Files\Internet Explorer\Plugins\npchime.dll
    O12 - Plugin for .emb: C:\Program Files\Internet Explorer\Plugins\npchime.dll
    O12 - Plugin for .embl: C:\Program Files\Internet Explorer\Plugins\npchime.dll
    O12 - Plugin for .gau: C:\Program Files\Internet Explorer\Plugins\npchime.dll
    O12 - Plugin for .ipp: C:\Program Files\Internet Explorer\Plugins\npimth32.dll
    O12 - Plugin for .ipt: C:\Program Files\Internet Explorer\Plugins\npimth32.dll
    O12 - Plugin for .jdx: C:\Program Files\Internet Explorer\Plugins\npchime.dll
    O12 - Plugin for .mol: C:\Program Files\Internet Explorer\Plugins\npchime.dll
    O12 - Plugin for .mop: C:\Program Files\Internet Explorer\Plugins\npchime.dll
    O12 - Plugin for .pdb: C:\Program Files\Internet Explorer\Plugins\npchime.dll
    O12 - Plugin for .rxn: C:\Program Files\Internet Explorer\Plugins\npchime.dll
    O12 - Plugin for .scr: C:\Program Files\Internet Explorer\Plugins\npchime.dll
    O12 - Plugin for .skc: C:\Program Files\Internet Explorer\Plugins\npchime.dll
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O12 - Plugin for .spt: C:\Program Files\Internet Explorer\Plugins\npchime.dll
    O12 - Plugin for .tgf: C:\Program Files\Internet Explorer\Plugins\npchime.dll
    O12 - Plugin for .xyz: C:\Program Files\Internet Explorer\Plugins\npchime.dll
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...pple.com/borris/us/win/QuickTimeInstaller.exe
    O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
    O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
    O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\EarthLink TotalAccess\Spyware Blocker\WRSSSDK.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

     
  19. JaPK

    JaPK Regular member

    Joined:
    Feb 23, 2006
    Messages:
    1,269
    Likes Received:
    0
    Trophy Points:
    46
    Ok, looks quite good :)

    Download F-Secure Blacklight and save it to your desktop -> http://www.f-secure.com/blacklight/try.shtml

    Doubleclick blbeta.exe, accept the agreement, click Scan, then click Next

    You'll see a list what have been found. A log will appear to your desktop, it is named fsbl.xxxxxxx.log (xxxxxxx will be random numbers).

    DON'T choose Rename if something was found!

    Post the contents of fsbl.xxxx.log to here (blacklight log from your desktop)

    Post a fresh HijackThis log to here too.
     

Share This Page