hey guy i just wanna say what a help you have all been and i told my dad about this site and he asked me to see if you guys could fix his comp... Thx Logfile of HijackThis v1.99.1 Scan saved at 10:22:42 PM, on 8/22/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\WINDOWS\system32\cisvc.exe C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\BCMSMMSG.exe C:\Program Files\Logitech\iTouch\iTouch.exe C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE C:\WINDOWS\System32\DSentry.exe C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\Program Files\QuickTime\qttask.exe C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Dell Support\DSAgnt.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\Hewlett-Packard\AiO\hp officejet 7100 series\Bin\hpogrp07.exe C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE C:\WINDOWS\system32\cidaemon.exe C:\Program Files\Messenger\msmsgs.exe C:\HJT\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.begin2search.com/sidesearch.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.begin2search.com/sidesearch.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.begin2search.com/sidesearch.html R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.comcast.net R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../*http://www.yahoo.com/ext/search/search.html R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.begin2search.com/sidesearch.html R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast O1 - Hosts: 64.12.152.18 search.netscape.com O1 - Hosts: 216.130.185.143 websearch.com O1 - Hosts: 216.130.185.143 www.adwave.com O1 - Hosts: 216.130.185.143 adwave.com O1 - Hosts: 216.130.185.143 www.xzoomy.com O1 - Hosts: 216.130.185.143 xzoomy.com O1 - Hosts: 216.130.185.143 www.advnt01.com O1 - Hosts: 216.130.185.143 advnt01.com O1 - Hosts: 216.130.185.143 websearch.com O1 - Hosts: 216.130.185.143 www.adwave.com O1 - Hosts: 216.130.185.143 adwave.com O1 - Hosts: 216.130.185.143 www.xzoomy.com O1 - Hosts: 216.130.185.143 xzoomy.com O1 - Hosts: 216.130.185.143 www.advnt01.com O1 - Hosts: 216.130.185.143 advnt01.com O1 - Hosts: 216.130.185.143 websearch.com O1 - Hosts: 216.130.185.143 www.adwave.com O1 - Hosts: 216.130.185.143 websearch.com O1 - Hosts: 216.130.185.143 www.adwave.com O1 - Hosts: 216.130.185.143 adwave.com O1 - Hosts: 216.130.185.143 adwave.com O1 - Hosts: 216.130.185.143 www.xzoomy.com O1 - Hosts: 216.130.185.143 xzoomy.com O1 - Hosts: 216.130.185.143 www.advnt01.com O1 - Hosts: 216.130.185.143 xzoomy.com O1 - Hosts: 216.130.185.143 advnt01.com O1 - Hosts: 216.130.185.143 www.advnt01.com O1 - Hosts: 216.130.185.143 advnt01.com O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file) O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [SAClient] "C:\Program Files\Comcast\BBClient\Programs\RegCon.exe" /admincheck O4 - HKLM\..\Run: [SAUpdate] "C:\Program Files\Comcast\BBClient\Programs\SAUpdate.exe" O4 - HKLM\..\Run: [pupdsvcs] C:\WINDOWS\system32\pupdsvcs.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [MediaPipe P2P Loader] "C:\Program Files\p2pnetworks\mpp2pl.exe" /H O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - Global Startup: Digital Line Detect.lnk = ? O4 - Global Startup: HPAiODevice(hp officejet 7100 series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet 7100 series\Bin\hpogrp07.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll (file missing) O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll (file missing) O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing) O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Help - {3E180765-6C69-4E4C-85EF-0FFA095B12A0} - http://www.comcast.net/memberservices/ (file missing) (HKCU) O9 - Extra button: ComcastHSI - {98CEA603-AA02-40A3-BF02-9FEE98EEC4C0} - http://www.comcast.net (file missing) (HKCU) O9 - Extra button: Support - {CF5DB611-25F9-4CBC-9F09-7BD7141EC97C} - http://www.comcastsupport.com (file missing) (HKCU) O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net O16 - DPF: ppctlcab - http://69.44.122.156/scanner/ppctlcab.cab O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - http://download.mcafee.com/molbin/Shared/MGBrwFld.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://69.44.122.156/scanner/axscanner.cab O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...ple.com/drakken/us/win/QuickTimeInstaller.exe O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by106fd.bay106.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1131458958812 O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_1/axofupld.cab O16 - DPF: {A1A961DA-2BA6-4032-859E-01AC35357163} (One2One Viewer) - http://www.one2one.com/class/one2one.cab O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {C7B05B62-C8D7-438C-840B-4994DAAA8EEE} - http://webpdp.gator.com/4/download/pdpplugin_5094_bundle7v1d2.cab O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup162.cab O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.companion.yahoo.com/dl/toolbar/yiebio5_1_6_0.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
Alot of adware... Go here http://free.grisoft.com/doc/1 and download Ewdio Anti-Spyware. Install and update. Restart your computer in safe mode(press F8 upon boot, select "Safe Mode" from menu). Run a scan. When finished delete all entries. Save a log file. Run a scan only with HijackThis check and fix these if they remain. [bold]R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.begin2search.com/sidesearch.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.begin2search.com/sidesearch.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com (ONLY if you do not use dellnet.com) R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.begin2search.com/sidesearch.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr/*h... R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*h... R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.begin2search.com/sidesearch.html R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*h... O1 - Hosts: 216.130.185.143 websearch.com O1 - Hosts: 216.130.185.143 www.adwave.com O1 - Hosts: 216.130.185.143 adwave.com O1 - Hosts: 216.130.185.143 www.xzoomy.com O1 - Hosts: 216.130.185.143 xzoomy.com O1 - Hosts: 216.130.185.143 www.advnt01.com O1 - Hosts: 216.130.185.143 advnt01.com O1 - Hosts: 216.130.185.143 websearch.com O1 - Hosts: 216.130.185.143 www.adwave.com O1 - Hosts: 216.130.185.143 adwave.com O1 - Hosts: 216.130.185.143 www.xzoomy.com O1 - Hosts: 216.130.185.143 xzoomy.com O1 - Hosts: 216.130.185.143 www.advnt01.com O1 - Hosts: 216.130.185.143 advnt01.com O1 - Hosts: 216.130.185.143 websearch.com O1 - Hosts: 216.130.185.143 www.adwave.com O1 - Hosts: 216.130.185.143 websearch.com O1 - Hosts: 216.130.185.143 www.adwave.com O1 - Hosts: 216.130.185.143 adwave.com O1 - Hosts: 216.130.185.143 adwave.com O1 - Hosts: 216.130.185.143 www.xzoomy.com O1 - Hosts: 216.130.185.143 xzoomy.com O1 - Hosts: 216.130.185.143 www.advnt01.com O1 - Hosts: 216.130.185.143 xzoomy.com O1 - Hosts: 216.130.185.143 advnt01.com O1 - Hosts: 216.130.185.143 www.advnt01.com O1 - Hosts: 216.130.185.143 advnt01.com O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)[/bold] Close all windows except HijackThis and click fix. Then get Ccleaner here http://www.cclearner.com Run both the cleaner and the "Issues" fix(when prompted, backup your registry). Post a new HijackThis log with the saved Ewdio log.
Hey i did what you said and here are the two log files thx for the help Logfile of HijackThis v1.99.1 Scan saved at 9:58:05 PM, on 8/23/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\WINDOWS\system32\cisvc.exe C:\Program Files\ewido anti-spyware 4.0\guard.exe C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\BCMSMMSG.exe C:\Program Files\Logitech\iTouch\iTouch.exe C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE C:\WINDOWS\System32\DSentry.exe C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\ewido anti-spyware 4.0\ewido.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Dell Support\DSAgnt.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\Hewlett-Packard\AiO\hp officejet 7100 series\Bin\hpogrp07.exe C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE C:\WINDOWS\system32\cidaemon.exe C:\Program Files\Internet Explorer\iexplore.exe C:\HJT\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.comcast.net R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast O1 - Hosts: 64.12.152.18 search.netscape.com O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [SAClient] "C:\Program Files\Comcast\BBClient\Programs\RegCon.exe" /admincheck O4 - HKLM\..\Run: [SAUpdate] "C:\Program Files\Comcast\BBClient\Programs\SAUpdate.exe" O4 - HKLM\..\Run: [pupdsvcs] C:\WINDOWS\system32\pupdsvcs.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [MediaPipe P2P Loader] "C:\Program Files\p2pnetworks\mpp2pl.exe" /H O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - Global Startup: Digital Line Detect.lnk = ? O4 - Global Startup: HPAiODevice(hp officejet 7100 series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet 7100 series\Bin\hpogrp07.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll (file missing) O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll (file missing) O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing) O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Help - {3E180765-6C69-4E4C-85EF-0FFA095B12A0} - http://www.comcast.net/memberservices/ (file missing) (HKCU) O9 - Extra button: ComcastHSI - {98CEA603-AA02-40A3-BF02-9FEE98EEC4C0} - http://www.comcast.net (file missing) (HKCU) O9 - Extra button: Support - {CF5DB611-25F9-4CBC-9F09-7BD7141EC97C} - http://www.comcastsupport.com (file missing) (HKCU) O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net O16 - DPF: ppctlcab - http://69.44.122.156/scanner/ppctlcab.cab O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - http://download.mcafee.com/molbin/Shared/MGBrwFld.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://69.44.122.156/scanner/axscanner.cab O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...ple.com/drakken/us/win/QuickTimeInstaller.exe O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by106fd.bay106.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1131458958812 O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_1/axofupld.cab O16 - DPF: {A1A961DA-2BA6-4032-859E-01AC35357163} (One2One Viewer) - http://www.one2one.com/class/one2one.cab O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {C7B05B62-C8D7-438C-840B-4994DAAA8EEE} - http://webpdp.gator.com/4/download/pdpplugin_5094_bundle7v1d2.cab O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup162.cab O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.companion.yahoo.com/dl/toolbar/yiebio5_1_6_0.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe --------------------------------------------------------- ewido anti-spyware - Scan Report --------------------------------------------------------- + Created at: 7:14:27 PM 8/23/2006 + Scan result: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP351\A0049245.exe -> Adware.180Solutions : Cleaned with backup (quarantined). HKU\S-1-5-21-425550379-59064783-570060980-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{56F1D444-11BF-4879-A12B-79CF0177F038} -> Adware.180Solutions : Cleaned with backup (quarantined). HKU\S-1-5-21-425550379-59064783-570060980-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EA0D26BD-9029-431A-86E0-83152D67828A} -> Adware.180Solutions : Cleaned with backup (quarantined). C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP352\A0049280.dll -> Adware.Agent : Cleaned with backup (quarantined). C:\Program Files\MediaPipe\altpayV2.exe -> Adware.WeirWeb : Cleaned with backup (quarantined). C:\Program Files\altpayV2\altpayV2.exe -> Adware.WeirWeb : Cleaned with backup (quarantined). C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP351\A0049247.dll -> Adware.Zango : Cleaned with backup (quarantined). C:\Documents and Settings\Bree\Cookies\bree@2o7[2].txt -> TrackingCookie.2o7 : Cleaned. C:\Documents and Settings\Bree\Cookies\bree@microsofteup.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned. C:\Documents and Settings\Bree\Cookies\bree@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned. C:\Program Files\PestPatrol\Quarantine\20040925121733609.zip/Documents and Settings/Brian/Cookies/brian@2o7[2].txt -> TrackingCookie.2o7 : Cleaned. C:\Program Files\PestPatrol\Quarantine\20040925121733609.zip/Documents and Settings/Brian/Cookies/brian@ad-logics[2].txt -> TrackingCookie.Ad-logics : Cleaned. C:\Documents and Settings\Bree\Cookies\bree@ads.addynamix[2].txt -> TrackingCookie.Addynamix : Cleaned. C:\Documents and Settings\Brian\Cookies\brian@ads.addynamix[2].txt -> TrackingCookie.Addynamix : Cleaned. C:\Documents and Settings\Bree\Cookies\bree@rotator.adjuggler[1].txt -> TrackingCookie.Adjuggler : Cleaned. C:\Documents and Settings\Bree\Cookies\bree@adorigin[2].txt -> TrackingCookie.Adorigin : Cleaned. C:\Documents and Settings\Bree\Cookies\bree@adrevolver[1].txt -> TrackingCookie.Adrevolver : Cleaned. C:\Documents and Settings\Bree\Cookies\bree@media.adrevolver[1].txt -> TrackingCookie.Adrevolver : Cleaned. C:\Documents and Settings\Bree\Cookies\bree@z1.adserver[1].txt -> TrackingCookie.Adserver : Cleaned. C:\Documents and Settings\Brian\Cookies\brian@z1.adserver[1].txt -> TrackingCookie.Adserver : Cleaned. C:\Program Files\PestPatrol\Quarantine\20040925121733609.zip/Documents and Settings/Brian/Cookies/brian@z1.adserver[1].txt -> TrackingCookie.Adserver : Cleaned. C:\Documents and Settings\Bree\Cookies\bree@www.adtrak[1].txt -> TrackingCookie.Adtrak : Cleaned. C:\Documents and Settings\Bree\Cookies\bree@advertising[1].txt -> TrackingCookie.Advertising : Cleaned. C:\Documents and Settings\Brian\Cookies\brian@advertising[2].txt -> TrackingCookie.Advertising : Cleaned. C:\Program Files\PestPatrol\Quarantine\20040925121733609.zip/Documents and Settings/Brian/Cookies/brian@advertising[2].txt -> TrackingCookie.Advertising : Cleaned. C:\Program Files\PestPatrol\Quarantine\20040925121733609.zip/Documents and Settings/Brian/Cookies/brian@servedby.advertising[1].txt -> TrackingCookie.Advertising : Cleaned. C:\Documents and Settings\Bree\Cookies\bree@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned. C:\Documents and Settings\Brian\Cookies\brian@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned. C:\Program Files\PestPatrol\Quarantine\20040925121733609.zip/Documents and Settings/Brian/Cookies/brian@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned. C:\Program Files\PestPatrol\Quarantine\20040925121733609.zip/Documents and Settings/Brian/Cookies/brian@bfast[2].txt -> TrackingCookie.Bfast : Cleaned. C:\Documents and Settings\Bree\Cookies\bree@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned. C:\Documents and Settings\Bree\Cookies\bree@citi.bridgetrack[2].txt -> TrackingCookie.Bridgetrack : Cleaned. C:\Documents and Settings\Bree\Cookies\bree@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : Cleaned. C:\Documents and Settings\Chris\Cookies\chris@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : Cleaned. C:\Documents and Settings\Bree\Cookies\bree@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned. C:\Documents and Settings\Bree\Cookies\bree@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned. C:\Program Files\PestPatrol\Quarantine\20040925121733609.zip/Documents and Settings/Brian/Cookies/brian@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned. C:\Documents and Settings\Bree\Cookies\bree@com[1].txt -> TrackingCookie.Com : Cleaned. C:\Program Files\PestPatrol\Quarantine\20040925121733609.zip/Documents and Settings/Brian/Cookies/brian@com[2].txt -> TrackingCookie.Com : Cleaned. C:\Program Files\PestPatrol\Quarantine\20040925121733609.zip/Documents and Settings/Brian/Cookies/brian@commission-junction[1].txt -> TrackingCookie.Commission-junction : Cleaned. C:\Documents and Settings\Bree\Cookies\bree@data.coremetrics[1].txt -> TrackingCookie.Coremetrics : Cleaned. C:\Documents and Settings\Brian\Cookies\brian@data.coremetrics[1].txt -> TrackingCookie.Coremetrics : Cleaned. C:\Program Files\PestPatrol\Quarantine\20040925121733609.zip/Documents and Settings/Brian/Cookies/brian@data.coremetrics[1].txt -> TrackingCookie.Coremetrics : Cleaned. C:\Documents and Settings\Bree\Cookies\bree@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned. C:\Documents and Settings\Brian\Cookies\brian@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned. C:\Program Files\PestPatrol\Quarantine\20040925121733609.zip/Documents and Settings/Brian/Cookies/brian@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned. C:\Documents and Settings\Bree\Cookies\bree@a-1shz2prbmdj6wvny-1sez2pra2dj6wjny-1gdpcepq2dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned. C:\Documents and Settings\Bree\Cookies\bree@a-1shz2prbmdj6wvny-1sez2pra2dj6wjnyuoajkfoa-1dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned. C:\Documents and Settings\Bree\Cookies\bree@e-2dj6wfkisgc5seo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned. C:\Documents and Settings\Bree\Cookies\bree@e-2dj6wfkiugdpwcq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned. C:\Documents and Settings\Bree\Cookies\bree@e-2dj6wfkoandzsho.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned. C:\Documents and Settings\Bree\Cookies\bree@e-2dj6wfkoqpczoco.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned. C:\Documents and Settings\Bree\Cookies\bree@e-2dj6wfkyepajkko.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned. C:\Documents and Settings\Bree\Cookies\bree@e-2dj6wfkykmc5aap.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned. C:\Documents and Settings\Bree\Cookies\bree@e-2dj6wfkykod5klp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned. C:\Documents and Settings\Bree\Cookies\bree@e-2dj6wfkyopczadp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned. C:\Documents and Settings\Bree\Cookies\bree@e-2dj6wfl4knd5oap.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned. C:\Documents and Settings\Bree\Cookies\bree@e-2dj6wfliclajkhp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned. C:\Documents and Settings\Bree\Cookies\bree@e-2dj6wfliujcpwgp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned. C:\Documents and Settings\Bree\Cookies\bree@e-2dj6wflyknazceo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned. C:\Documents and Settings\Bree\Cookies\bree@e-2dj6wfmiemdjobq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned. C:\Documents and Settings\Bree\Cookies\bree@e-2dj6wfmikndjmfp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned. C:\Documents and Settings\Bree\Cookies\bree@e-2dj6wfmiomajidp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned. C:\Documents and Settings\Bree\Cookies\bree@e-2dj6wfmyggdzehq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned. C:\Documents and Settings\Bree\Cookies\bree@e-2dj6wfmyukcpofp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned. C:\Documents and Settings\Bree\Cookies\bree@e-2dj6wfmyuodjcbo.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned. C:\Documents and Settings\Bree\Cookies\bree@e-2dj6wfmywpcpkkq.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned. C:\Documents and Settings\Bree\Cookies\bree@e-2dj6wgk4khdjcgo.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned. C:\Documents and Settings\Bree\Cookies\bree@e-2dj6wgkighdpscp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned. C:\Documents and Settings\Bree\Cookies\bree@e-2dj6wgkikkcjeao.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned. C:\Documents and Settings\Bree\Cookies\bree@e-2dj6wgkiulajeko.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned. C:\Documents and Settings\Bree\Cookies\bree@e-2dj6wgkoagczeho.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned. C:\Documents and Settings\Bree\Cookies\bree@e-2dj6wgkygndjkcp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned. C:\Documents and Settings\Bree\Cookies\bree@e-2dj6wgl4qkcpmdp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned. C:\Documents and Settings\Bree\Cookies\bree@e-2dj6whl4qjcpslp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned. C:\Documents and Settings\Bree\Cookies\bree@e-2dj6wjk4apdzalp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned. C:\Documents and Settings\Bree\Cookies\bree@e-2dj6wjk4emd5eeo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned. C:\Documents and Settings\Bree\Cookies\bree@e-2dj6wjk4gjc5adq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned. C:\Documents and Settings\Bree\Cookies\bree@e-2dj6wjk4umazsdo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned. C:\Documents and Settings\Bree\Cookies\bree@e-2dj6wjkooldpmcq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned. C:\Documents and Settings\Bree\Cookies\bree@e-2dj6wjkooodjehq.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned. C:\Documents and Settings\Bree\Cookies\bree@e-2dj6wjkoqmdzcdo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned. C:\Documents and Settings\Bree\Cookies\bree@e-2dj6wjkouidzgfo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned. C:\Documents and Settings\Bree\Cookies\bree@e-2dj6wjkoukdpsap.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned. C:\Documents and Settings\Bree\Cookies\bree@e-2dj6wjkowpdjmho.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned. C:\Documents and Settings\Bree\Cookies\bree@e-2dj6wjkyqndjako.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned. C:\Documents and Settings\Bree\Cookies\bree@e-2dj6wjkyqpcpkgp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned. C:\Documents and Settings\Bree\Cookies\bree@e-2dj6wjkysgcpwko.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned. C:\Documents and Settings\Bree\Cookies\bree@e-2dj6wjl4eldzggq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned. C:\Documents and Settings\Bree\Cookies\bree@e-2dj6wjl4umdpwdp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned. C:\Documents and Settings\Bree\Cookies\bree@e-2dj6wjlieidzaaq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned. C:\Documents and Settings\Bree\Cookies\bree@e-2dj6wjliekd5wfo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned. C:\Documents and Settings\Bree\Cookies\bree@e-2dj6wjlikhdpogp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned. C:\Documents and Settings\Bree\Cookies\bree@e-2dj6wjlikldpagq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned. C:\Documents and Settings\Bree\Cookies\bree@e-2dj6wjliqjcpmco.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned. C:\Documents and Settings\Bree\Cookies\bree@e-2dj6wjlokjajsbq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned. C:\Documents and Settings\Bree\Cookies\bree@e-2dj6wjlokoazaao.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned. C:\Documents and Settings\Bree\Cookies\bree@e-2dj6wjlooidzwlp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned. C:\Documents and Settings\Bree\Cookies\bree@e-2dj6wjloomdzcbp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned. C:\Documents and Settings\Bree\Cookies\bree@e-2dj6wjlosjdzafp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned. C:\Documents and Settings\Bree\Cookies\bree@e-2dj6wjlycpdzeep.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned. C:\Documents and Settings\Bree\Cookies\bree@e-2dj6wjlygkazcco.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned. C:\Documents and Settings\Bree\Cookies\bree@e-2dj6wjlykgc5sfo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned. C:\Documents and Settings\Bree\Cookies\bree@e-2dj6wjlyknczwbo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned. C:\Documents and Settings\Bree\Cookies\bree@e-2dj6wjlyspc5odq.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned. C:\Documents and Settings\Bree\Cookies\bree@e-2dj6wjmikod5cho.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned. C:\Documents and Settings\Bree\Cookies\bree@e-2dj6wjny-1jcpad.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned. C:\Documents and Settings\Bree\Cookies\bree@e-2dj6wjny-1mcpwk.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned. C:\Documents and Settings\Bree\Cookies\bree@e-2dj6wjnyakcpmhp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned. C:\Documents and Settings\Bree\Cookies\bree@e-2dj6wjnyckd5abo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned. C:\Documents and Settings\Bree\Cookies\bree@e-2dj6wjnyckdjchq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned. C:\Documents and Settings\Bree\Cookies\bree@e-2dj6wjnyclajoao.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned. C:\Documents and Settings\Bree\Cookies\bree@e-2dj6wjnycpdjcao.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned. C:\Documents and Settings\Bree\Cookies\bree@e-2dj6wjnyeldzwfo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned. C:\Documents and Settings\Bree\Cookies\bree@e-2dj6wjnyeodjabp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned. C:\Documents and Settings\Bree\Cookies\bree@e-2dj6wjnyggajmlo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned. C:\Documents and Settings\Bree\Cookies\bree@e-2dj6wjnyohc5mhp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned. C:\Documents and Settings\Bree\Cookies\bree@e-2dj6wjnyshdzklp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned. C:\Documents and Settings\Bree\Cookies\bree@e-2dj6wjnyspc5ilo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned. C:\Documents and Settings\Bree\Cookies\bree@e-2dj6wjnyumajklq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned. C:\Documents and Settings\Bree\Cookies\bree@e-2dj6wjnywhdzcko.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned. C:\Documents and Settings\Bree\Cookies\bree@y-1shz2prbmdj6wvny-1sez2pra2dj6wjlokoazifoawdj6x9ny-1seq-2-2.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned. C:\Documents and Settings\Chris\Cookies\chris@e-2dj6wflosgd5caq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned. C:\Documents and Settings\Chris\Cookies\chris@stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned. C:\Documents and Settings\Bree\Cookies\bree@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : Cleaned. C:\Documents and Settings\Bree\Cookies\bree@as-us.falkag[2].txt -> TrackingCookie.Falkag : Cleaned. C:\Documents and Settings\Bree\Cookies\bree@fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned. C:\Program Files\PestPatrol\Quarantine\20040925121733609.zip/Documents and Settings/Brian/Cookies/brian@fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned. C:\Program Files\PestPatrol\Quarantine\20040925121733609.zip/Documents and Settings/Brian/Cookies/brian@findwhat[1].txt -> TrackingCookie.Findwhat : Cleaned. C:\Program Files\PestPatrol\Quarantine\20040925121733609.zip/Documents and Settings/Brian/Cookies/brian@gator[1].txt -> TrackingCookie.Gator : Cleaned. C:\Documents and Settings\Bree\Cookies\bree@ehg-comcast.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned. C:\Documents and Settings\Bree\Cookies\bree@ehg-espn.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned. C:\Documents and Settings\Bree\Cookies\bree@ehg-uniontrib.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned. C:\Documents and Settings\Brian\Cookies\brian@ehg-comcast.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned. C:\Program Files\PestPatrol\Quarantine\20040925121733609.zip/Documents and Settings/Brian/Cookies/brian@ehg-bcstore.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned. C:\Program Files\PestPatrol\Quarantine\20040925121733609.zip/Documents and Settings/Brian/Cookies/brian@ehg-foxsports.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned. C:\Program Files\PestPatrol\Quarantine\20040925121733609.zip/Documents and Settings/Brian/Cookies/brian@ehg-sonyesolutions.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned. C:\Program Files\PestPatrol\Quarantine\20040925121733609.zip/Documents and Settings/Brian/Cookies/brian@hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned. C:\Program Files\PestPatrol\Quarantine\20040925121733609.zip/Documents and Settings/Brian/Cookies/brian@counter2.hitslink[1].txt -> TrackingCookie.Hitslink : Cleaned. C:\Program Files\PestPatrol\Quarantine\20040925121733609.zip/Documents and Settings/Brian/Cookies/brian@hotlog[2].txt -> TrackingCookie.Hotlog : Cleaned. C:\Documents and Settings\Bree\Cookies\bree@ivwbox[1].txt -> TrackingCookie.Ivwbox : Cleaned. C:\Program Files\PestPatrol\Quarantine\20040925121733609.zip/Documents and Settings/Brian/Cookies/brian@linksynergy[1].txt -> TrackingCookie.Linksynergy : Cleaned. C:\Documents and Settings\Bree\Cookies\bree@sales.liveperson[2].txt -> TrackingCookie.Liveperson : Cleaned. C:\Documents and Settings\Bree\Cookies\bree@sec1.liveperson[2].txt -> TrackingCookie.Liveperson : Cleaned. C:\Documents and Settings\Bree\Cookies\bree@server.iad.liveperson[1].txt -> TrackingCookie.Liveperson : Cleaned. C:\Documents and Settings\Bree\Cookies\bree@image.masterstats[1].txt -> TrackingCookie.Masterstats : Cleaned. C:\Documents and Settings\Bree\Cookies\bree@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned. C:\Program Files\PestPatrol\Quarantine\20040925121733609.zip/Documents and Settings/Brian/Cookies/brian@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned. C:\Documents and Settings\Bree\Cookies\bree@www.myaffiliateprogram[1].txt -> TrackingCookie.Myaffiliateprogram : Cleaned. C:\Program Files\PestPatrol\Quarantine\20040925121733609.zip/Documents and Settings/Brian/Cookies/brian@stat.onestat[2].txt -> TrackingCookie.Onestat : Cleaned. C:\Documents and Settings\Bree\Cookies\bree@data3.perf.overture[2].txt -> TrackingCookie.Overture : Cleaned. C:\Documents and Settings\Bree\Cookies\bree@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned. C:\Documents and Settings\Bree\Cookies\bree@ads.pointroll[1].txt -> TrackingCookie.Pointroll : Cleaned. C:\Documents and Settings\Brian\Cookies\brian@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Cleaned. C:\Program Files\PestPatrol\Quarantine\20040925121733609.zip/Documents and Settings/Brian/Cookies/brian@qksrv[1].txt -> TrackingCookie.Qksrv : Cleaned. C:\Documents and Settings\Bree\Cookies\bree@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned. C:\Program Files\PestPatrol\Quarantine\20040925121733609.zip/Documents and Settings/Brian/Cookies/brian@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned. C:\Program Files\PestPatrol\Quarantine\20040925121733609.zip/Documents and Settings/Brian/Cookies/brian@web4.realtracker[1].txt -> TrackingCookie.Realtracker : Cleaned. C:\Documents and Settings\Bree\Cookies\bree@revenue[1].txt -> TrackingCookie.Revenue : Cleaned. C:\Documents and Settings\Bree\Cookies\bree@edge.ru4[2].txt -> TrackingCookie.Ru4 : Cleaned. C:\Program Files\PestPatrol\Quarantine\20040925121733609.zip/Documents and Settings/Brian/Cookies/brian@edge.ru4[1].txt -> TrackingCookie.Ru4 : Cleaned. C:\Documents and Settings\Bree\Cookies\bree@serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned. C:\Documents and Settings\Bree\Cookies\bree@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned. C:\Program Files\PestPatrol\Quarantine\20040925121733609.zip/Documents and Settings/Brian/Cookies/brian@spylog[2].txt -> TrackingCookie.Spylog : Cleaned. C:\Documents and Settings\Bree\Cookies\bree@statcounter[1].txt -> TrackingCookie.Statcounter : Cleaned. C:\Program Files\PestPatrol\Quarantine\20040925121733609.zip/Documents and Settings/Brian/Cookies/brian@statcounter[1].txt -> TrackingCookie.Statcounter : Cleaned. C:\Documents and Settings\Bree\Cookies\bree@anad.tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned. C:\Documents and Settings\Bree\Cookies\bree@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned. C:\Documents and Settings\Chris\Cookies\chris@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned. C:\Documents and Settings\Bree\Cookies\bree@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Cleaned. C:\Program Files\PestPatrol\Quarantine\20040925121733609.zip/Documents and Settings/Brian/Cookies/brian@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Cleaned. C:\Documents and Settings\Bree\Cookies\bree@trafficmp[1].txt -> TrackingCookie.Trafficmp : Cleaned. C:\Documents and Settings\Bree\Cookies\bree@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned. C:\Program Files\PestPatrol\Quarantine\20040925121733609.zip/Documents and Settings/Brian/Cookies/brian@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned. C:\Program Files\PestPatrol\Quarantine\20040925121733609.zip/Documents and Settings/Brian/Cookies/brian@valueclick[1].txt -> TrackingCookie.Valueclick : Cleaned. C:\Program Files\PestPatrol\Quarantine\20040925121733609.zip/Documents and Settings/Brian/Cookies/brian@weborama[1].txt -> TrackingCookie.Weborama : Cleaned. C:\Documents and Settings\Bree\Cookies\bree@statse.webtrendslive[2].txt -> TrackingCookie.Webtrendslive : Cleaned. C:\Documents and Settings\Bree\Cookies\bree@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned. C:\Documents and Settings\Bree\Cookies\bree@yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned. C:\Documents and Settings\Chris\Cookies\chris@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned. C:\Documents and Settings\Bree\Cookies\bree@zedo[2].txt -> TrackingCookie.Zedo : Cleaned. C:\Program Files\PestPatrol\Quarantine\20040925121733609.zip/Documents and Settings/Brian/Cookies/brian@zedo[1].txt -> TrackingCookie.Zedo : Cleaned. ::Report end
Great work! Now, fix this one with HijackThis. [bold]R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*h...[/bold] Then, go here http://www.ccleaner.com and get Ccleaner. Install and run both "Cleaner" and Issues" Fix. Run a scan with active scan http://www.pandasoftware.com/products/activescan.htm Save the results and post the log here.
Here you go but i could disinffect the files from the scan they tried to charge me money...here the logs Logfile of HijackThis v1.99.1 Scan saved at 7:25:55 PM, on 8/24/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\BCMSMMSG.exe C:\Program Files\Logitech\iTouch\iTouch.exe C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE C:\WINDOWS\System32\DSentry.exe C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\ewido anti-spyware 4.0\ewido.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Dell Support\DSAgnt.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\Hewlett-Packard\AiO\hp officejet 7100 series\Bin\hpogrp07.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\WINDOWS\system32\cisvc.exe C:\Program Files\ewido anti-spyware 4.0\guard.exe C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe C:\WINDOWS\system32\hpoipm07.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Messenger\msmsgs.exe C:\HJT\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.comcast.net R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast O1 - Hosts: 64.12.152.18 search.netscape.com O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [SAClient] "C:\Program Files\Comcast\BBClient\Programs\RegCon.exe" /admincheck O4 - HKLM\..\Run: [SAUpdate] "C:\Program Files\Comcast\BBClient\Programs\SAUpdate.exe" O4 - HKLM\..\Run: [pupdsvcs] C:\WINDOWS\system32\pupdsvcs.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [MediaPipe P2P Loader] "C:\Program Files\p2pnetworks\mpp2pl.exe" /H O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - Global Startup: Digital Line Detect.lnk = ? O4 - Global Startup: HPAiODevice(hp officejet 7100 series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet 7100 series\Bin\hpogrp07.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll (file missing) O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll (file missing) O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing) O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Help - {3E180765-6C69-4E4C-85EF-0FFA095B12A0} - http://www.comcast.net/memberservices/ (file missing) (HKCU) O9 - Extra button: ComcastHSI - {98CEA603-AA02-40A3-BF02-9FEE98EEC4C0} - http://www.comcast.net (file missing) (HKCU) O9 - Extra button: Support - {CF5DB611-25F9-4CBC-9F09-7BD7141EC97C} - http://www.comcastsupport.com (file missing) (HKCU) O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net O16 - DPF: ppctlcab - http://69.44.122.156/scanner/ppctlcab.cab O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - http://download.mcafee.com/molbin/Shared/MGBrwFld.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://69.44.122.156/scanner/axscanner.cab O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...ple.com/drakken/us/win/QuickTimeInstaller.exe O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by106fd.bay106.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1131458958812 O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_1/axofupld.cab O16 - DPF: {A1A961DA-2BA6-4032-859E-01AC35357163} (One2One Viewer) - http://www.one2one.com/class/one2one.cab O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {C7B05B62-C8D7-438C-840B-4994DAAA8EEE} - http://webpdp.gator.com/4/download/pdpplugin_5094_bundle7v1d2.cab O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup162.cab O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.companion.yahoo.com/dl/toolbar/yiebio5_1_6_0.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe Incident Status Location Dialer:dialer.bny Not disinfected c:\windows\pcconfig.dat Dialer:dialer.ckz Not disinfected c:\windows\SexNow.exe Potentially unwanted tool:application/mediapipe Not disinfected hkey_classes_root\clsid\{B3E19860-0CD5-4991-A066-4FCA2704DE59} Adware:adware/weirdontheweb Not disinfected Windows Registry Spyware:Cookie/64.62.232 Not disinfected C:\Documents and Settings\Bree\Cookies\bree@64.62.232[5].txt Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Bree\Cookies\bree@adrevolver[1].txt Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Bree\Cookies\bree@adrevolver[2].txt Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Bree\Cookies\bree@advertising[1].txt Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Bree\Cookies\bree@atdmt[2].txt Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Bree\Cookies\bree@ath.belnk[1].txt Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Bree\Cookies\bree@atwola[2].txt Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\Bree\Cookies\bree@azjmp[2].txt Spyware:Cookie/Banner Not disinfected C:\Documents and Settings\Bree\Cookies\bree@banner[2].txt Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Bree\Cookies\bree@belnk[1].txt Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Bree\Cookies\bree@casalemedia[2].txt Spyware:Cookie/360i Not disinfected C:\Documents and Settings\Bree\Cookies\bree@ct.360i[1].txt Spyware:Cookie/Coremetrics Not disinfected C:\Documents and Settings\Bree\Cookies\bree@data.coremetrics[1].txt Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\Bree\Cookies\bree@did-it[2].txt Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Bree\Cookies\bree@dist.belnk[2].txt Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Bree\Cookies\bree@doubleclick[1].txt Spyware:Cookie/Entrepreneur Not disinfected C:\Documents and Settings\Bree\Cookies\bree@entrepreneur[2].txt Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Bree\Cookies\bree@fastclick[2].txt Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Bree\Cookies\bree@go[2].txt Spyware:Cookie/DomainSponsor Not disinfected C:\Documents and Settings\Bree\Cookies\bree@landing.domainsponsor[1].txt Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Bree\Cookies\bree@mediaplex[1].txt Spyware:Cookie/OfferOptimizer Not disinfected C:\Documents and Settings\Bree\Cookies\bree@offeroptimizer[2].txt Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Bree\Cookies\bree@questionmarket[2].txt Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Bree\Cookies\bree@realmedia[2].txt Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Bree\Cookies\bree@searchportal.information[1].txt Spyware:Cookie/SpywareStormer Not disinfected C:\Documents and Settings\Bree\Cookies\bree@spywarestormer[1].txt Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Bree\Cookies\bree@target[2].txt Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Bree\Cookies\bree@trafficmp[1].txt Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Bree\Cookies\bree@tribalfusion[1].txt Spyware:Cookie/Tucows Not disinfected C:\Documents and Settings\Bree\Cookies\bree@tucows[1].txt Spyware:Cookie/seeqA Not disinfected C:\Documents and Settings\Bree\Cookies\bree@www.seeq[1].txt Spyware:Cookie/Seeq Not disinfected C:\Documents and Settings\Bree\Cookies\bree@www48.seeq[1].txt Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Bree\Cookies\bree@xiti[1].txt Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Bree\Cookies\bree@zedo[2].txt there u go
Yeah, Active Scan won't remove unless you buy. No worries though. Go here http://www.downloads.subratam.org/KillBox.zip and download KillBox. Note: Might want to print these instructions, you will be in safe mode. Restart your computer in safe mode. Open Killbox.exe. Check "Standard File Kill". In the "Full Path of File to Delete" box, copy and paste each of the following lines [bold]one at a time[/bold] then click on the button that has the red circle with the X in the middle after you enter each file. You will be prompted to confirm, click Yes. [bold] c:\windows\pcconfig.dat c:\windows\SexNow.exe[/bold] Then, restart in normal mode and fix this using HijackThis. [bold]R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*h...[/bold] Rescan with Active Scan and post the new log.
