Virus Detected Help Dropper.Generic.DZD Trojan horse

Discussion in 'Windows - Virus and spyware problems' started by rogerm16, Aug 12, 2006.

  1. rogerm16

    rogerm16 Member

    Joined:
    Jun 16, 2006
    Messages:
    77
    Likes Received:
    0
    Trophy Points:
    16
    this came up after my computer restarted after a serious error i wasnt around when it happened but now internet explorer is opening internet randomly and (up to six blank pages) and nortons keeps telling me that it has detected a virus and it unable to repair the file. AVG tells me the same and gives the path

    C:\Documemts and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Portal\0f7d4058.exe

    i need help immediately
     
    rogerm16, Aug 12, 2006
    #1
  2. rogerm16

    rogerm16 Member

    Joined:
    Jun 16, 2006
    Messages:
    77
    Likes Received:
    0
    Trophy Points:
    16
    oh, sorry and here is the log

    Logfile of HijackThis v1.99.1
    Scan saved at 1:53:11 AM, on 8/13/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Apache Group\Apache2\bin\Apache.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Apache Group\Apache2\bin\Apache.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
    C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
    C:\PROGRA~1\NORTON~1\NORTON~3\NPROTECT.EXE
    C:\WINDOWS\System32\snmp.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\PROGRA~1\NORTON~1\NORTON~3\SPEEDD~1\NOPDB.EXE
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\windows\system\hpsysdrv.exe
    C:\HP\KBD\KBD.EXE
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\BroadJump\Client Foundation\CFD.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\Program Files\WhenUSearch\Search.exe
    C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
    C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
    C:\Program Files\Save\Save.exe
    C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
    C:\Program Files\Apache Group\Apache2\bin\ApacheMonitor.exe
    C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
    C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
    C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
    C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\W32BRG55.EXE
    C:\Documents and Settings\Roger\Desktop\HijackThis.exe
    C:\Program Files\Messenger\msmsgs.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr7/*http://www.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us3.hpwis.com/
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
    O2 - BHO: WhenUSearch Helper - {BA2325ED-F9EB-4830-8FCE-0BC35B16969B} - C:\Program Files\WhenUSearch\search.dll
    O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
    O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [WhenUSearch] "C:\Program Files\WhenUSearch\Search.exe"
    O4 - HKLM\..\Run: [WhenUSearchWHSE] "C:\Program Files\WhenUSearch\whse.exe"
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [WhenUSave] "C:\Program Files\Save\Save.exe"
    O4 - Global Startup: hp center.lnk = C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
    O4 - Global Startup: Monitor Apache Servers.lnk = C:\Program Files\Apache Group\Apache2\bin\ApacheMonitor.exe
    O4 - Global Startup: Norton GoBack.lnk = C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
    O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
    O4 - Global Startup: ZDWLan Utility.lnk = C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
    O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
    O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: Apache2 - Unknown owner - C:\Program Files\Apache Group\Apache2\bin\Apache.exe" -k runservice (file missing)
    O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: GoBack Polling Service (GBPoll) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\system32\ImapiRox.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
    O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~3\NPROTECT.EXE
    O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
    O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~3\SPEEDD~1\NOPDB.EXE
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

     
    rogerm16, Aug 12, 2006
    #2
  3. rogerm16

    rogerm16 Member

    Joined:
    Jun 16, 2006
    Messages:
    77
    Likes Received:
    0
    Trophy Points:
    16
    is anyone going to help at all I dont know what to do
     
    rogerm16, Aug 13, 2006
    #3
  4. maca1

    maca1 Regular member

    Joined:
    Mar 15, 2006
    Messages:
    630
    Likes Received:
    0
    Trophy Points:
    26



    Download Ewido anti-spyware from HERE
    http://www.ewido.net/en/download/
    and save that file to your desktop.


    1. Once you have downloaded ewido anti-spyware, locate the icon on the desktop and double-click it to launch the set up program.
    2. Once the setup is complete you will need run ewido and update the definition files.
    3. On the main screen select the icon "Update" then select the "Update now" link.
    * Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
    4. Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
    5. Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
    6. Under "Reports"
    * Select "Automatically generate report after every scan"
    * Un-Select "Only if threats were found"

    Close ewido anti-spyware, Do Not run a scan just yet, we will shortly.

    1. Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
    IMPORTANT: Do not open any other windows or programs while ewido is scanning, it may interfere with the scanning proccess:
    2. Lauch ewido-anti-spyware by double-clicking the icon on your desktop.
    3. Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
    4. ewido will now begin the scanning process, be patient this may take a little time.
    Once the scan is complete do the following:
    5. If you have any infections you will prompted, then select "Apply all actions"
    6. Next select the "Reports" icon at the top.
    7. Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
    8. Close ewido.



    In normal mode
    Run ActiveScan online virus scan:
    http://www.pandasoftware.com/products/activescan.htm
    When the scan is finished, save the results from the scan!

    Come back here and post a new Hijack This log along with the logs from the Ewido and Panda scans.
     
    maca1, Aug 13, 2006
    #4
  5. rogerm16

    rogerm16 Member

    Joined:
    Jun 16, 2006
    Messages:
    77
    Likes Received:
    0
    Trophy Points:
    16
    all right here we go heres the hijack this log

    Logfile of HijackThis v1.99.1
    Scan saved at 10:02:03 PM, on 8/13/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\windows\system\hpsysdrv.exe
    C:\HP\KBD\KBD.EXE
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
    C:\Program Files\BroadJump\Client Foundation\CFD.exe
    C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
    C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
    C:\PROGRA~1\NORTON~1\NORTON~3\NPROTECT.EXE
    C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
    C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
    C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
    C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
    C:\WINDOWS\System32\snmp.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\PROGRA~1\NORTON~1\NORTON~3\SPEEDD~1\NOPDB.EXE
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\W32BRG55.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
    C:\WINDOWS\system32\taskmgr.exe
    C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Documents and Settings\Roger\Desktop\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr7/*http://www.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us3.hpwis.com/
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
    O2 - BHO: WhenUSearch Helper - {BA2325ED-F9EB-4830-8FCE-0BC35B16969B} - C:\Program Files\WhenUSearch\search.dll (file missing)
    O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
    O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - Global Startup: hp center.lnk = C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
    O4 - Global Startup: Norton GoBack.lnk = C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
    O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
    O4 - Global Startup: ZDWLan Utility.lnk = C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
    O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
    O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: GoBack Polling Service (GBPoll) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\system32\ImapiRox.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
    O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~3\NPROTECT.EXE
    O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
    O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~3\SPEEDD~1\NOPDB.EXE
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

    here it the edwido log

    ewido anti-spyware - Scan Report
    ---------------------------------------------------------

    + Created at: 8:58:56 PM 8/13/2006

    + Scan result:



    C:\Documents and Settings\Roger\Desktop\PSP Stuff\backups\backup-20060803-083355-245.dll -> Adware.NewDotNet : Cleaned with backup (quarantined).
    C:\Program Files\LimeWire Extreme\NNGLZA638.EXE -> Adware.NewDotNet : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP148\A0096995.dll -> Adware.NewDotNet : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP150\A0098172.EXE -> Adware.NewDotNet : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP150\A0098173.EXE -> Adware.NewDotNet : Cleaned with backup (quarantined).
    C:\WINDOWS\NDNuninstall6_38.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
    C:\WINDOWS\NDNuninstall7_22.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
    HKU\.DEFAULT\Software\New.net -> Adware.NewDotNet : Cleaned with backup (quarantined).
    HKU\S-1-5-18\Software\New.net -> Adware.NewDotNet : Cleaned with backup (quarantined).
    HKU\S-1-5-21-2190867815-2381138938-3957454863-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E} -> Adware.NewDotNet : Cleaned with backup (quarantined).
    HKU\S-1-5-21-2190867815-2381138938-3957454863-1006\Software\New.net -> Adware.NewDotNet : Cleaned with backup (quarantined).
    C:\Documents and Settings\Roger\Start Menu\Programs\WhenU -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Documents and Settings\Roger\Start Menu\Programs\WhenU\Learn More About WhenU Save.url -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Documents and Settings\Roger\Start Menu\Programs\WhenU\Learn More About WhenU SaveNow.url -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Documents and Settings\Roger\Start Menu\Programs\WhenU\Uninstall.lnk -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Documents and Settings\Roger\Start Menu\Programs\WhenU\WhenU Help Desk.lnk -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Documents and Settings\Roger\Start Menu\Programs\WhenU\WhenU.com Website.url -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Program Files\DAEMON Tools\SetupDTSB.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Program Files\Save -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Program Files\Save\ACM.dll -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Program Files\Save\Save.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Program Files\Save\SaveUninst.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Program Files\Save\ffext.mod -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Program Files\Save\save.db -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Program Files\Save\save.htm -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Program Files\Save\store.db -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Program Files\WhenUSearch -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Program Files\WhenUSearch\Content -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Program Files\WhenUSearch\Content\css -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Program Files\WhenUSearch\Content\css\dialog.css -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Program Files\WhenUSearch\Content\css\menu.css -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Program Files\WhenUSearch\Content\css\module_weather.css -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Program Files\WhenUSearch\Content\css\module_weather_dialog.css -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Program Files\WhenUSearch\Content\css\quick.css -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Program Files\WhenUSearch\Content\customize.html -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Program Files\WhenUSearch\Content\daemon.ico -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Program Files\WhenUSearch\Content\dialog.css -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Program Files\WhenUSearch\Content\global.js -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Program Files\WhenUSearch\Content\images -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Program Files\WhenUSearch\Content\images\add_image.gif -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Program Files\WhenUSearch\Content\images\add_image_down.gif -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Program Files\WhenUSearch\Content\images\add_image_on.gif -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Program Files\WhenUSearch\Content\images\arrow_down.gif -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Program Files\WhenUSearch\Content\images\arrow_down_on.gif -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Program Files\WhenUSearch\Content\images\arrow_right.gif -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Program Files\WhenUSearch\Content\images\arrow_right_on.gif -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Program Files\WhenUSearch\Content\images\button_go.gif -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Program Files\WhenUSearch\Content\images\button_go_down.gif -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Program Files\WhenUSearch\Content\images\button_go_on.gif -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Program Files\WhenUSearch\Content\images\button_search_down.gif -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Program Files\WhenUSearch\Content\images\button_search_off.gif -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Program Files\WhenUSearch\Content\images\button_search_on.gif -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Program Files\WhenUSearch\Content\images\button_search_sm_down.gif -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Program Files\WhenUSearch\Content\images\button_search_sm_off.gif -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Program Files\WhenUSearch\Content\images\button_search_sm_on.gif -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Program Files\WhenUSearch\Content\images\button_specials_on.gif -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Program Files\WhenUSearch\Content\images\corner_bottom_left.gif -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Program Files\WhenUSearch\Content\images\corner_top_left.gif -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Program Files\WhenUSearch\Content\images\delete_button.gif -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Program Files\WhenUSearch\Content\images\delete_button_down.gif -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Program Files\WhenUSearch\Content\images\delete_button_on.gif -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Program Files\WhenUSearch\Content\images\divider.gif -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Program Files\WhenUSearch\Content\images\dot_orange.gif -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Program Files\WhenUSearch\Content\images\dt_min_logo.gif -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Program Files\WhenUSearch\Content\images\gear.gif -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Program Files\WhenUSearch\Content\images\gear_down.gif -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Program Files\WhenUSearch\Content\images\gear_grey.gif -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Program Files\WhenUSearch\Content\images\gear_on.gif -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Program Files\WhenUSearch\Content\images\instructions_border_corner.gif -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Program Files\WhenUSearch\Content\images\instructions_border_right.gif -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Program Files\WhenUSearch\Content\images\instructions_border_top.gif -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Program Files\WhenUSearch\Content\images\link.gif -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Program Files\WhenUSearch\Content\images\lock.gif -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Program Files\WhenUSearch\Content\images\lock_down.gif -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Program Files\WhenUSearch\Content\images\lock_grey.gif -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Program Files\WhenUSearch\Content\images\lock_on.gif -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Program Files\WhenUSearch\Content\images\logo_searchbar_down.gif -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Program Files\WhenUSearch\Content\images\logo_searchbar_off.gif -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Program Files\WhenUSearch\Content\images\logo_searchbar_on.gif -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Program Files\WhenUSearch\Content\images\main_bg.gif -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Program Files\WhenUSearch\Content\images\manage.gif -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Program Files\WhenUSearch\Content\images\manage_down.gif -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Program Files\WhenUSearch\Content\images\manage_grey.gif -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Program Files\WhenUSearch\Content\images\manage_on.gif -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Program Files\WhenUSearch\Content\images\menu_aim_bw.gif -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Program Files\WhenUSearch\Content\images\menu_arrow_right.gif -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Program Files\WhenUSearch\Content\images\menu_bg.gif -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Program Files\WhenUSearch\Content\images\menu_left_bg.gif -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Program Files\WhenUSearch\Content\images\menu_main_bw.gif -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Program Files\WhenUSearch\Content\images\menu_pbandit_bw.gif -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Program Files\WhenUSearch\Content\images\menu_right_bg.gif -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Program Files\WhenUSearch\Content\images\menu_ucontrol_bw.gif -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Program Files\WhenUSearch\Content\images\menu_ucontrol_filler_bw.gif -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Program Files\WhenUSearch\Content\images\menu_whenu_bw.gif -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Program Files\WhenUSearch\Content\images\message_alert.gif -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Program Files\WhenUSearch\Content\images\min_new_res_menu.gif -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Program Files\WhenUSearch\Content\images\min_new_res_menu_down.gif -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Program Files\WhenUSearch\Content\images\min_new_res_menu_on.gif -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Program Files\WhenUSearch\Content\images\min_new_results_new.gif -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Program Files\WhenUSearch\Content\images\min_new_results_new_down.gif -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Program Files\WhenUSearch\Content\images\min_new_results_new_on.gif -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Program Files\WhenUSearch\Content\images\min_new_results_new_text.gif -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Program Files\WhenUSearch\Content\images\min_new_results_new_text_on.gif -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Program Files\WhenUSearch\Content\images\module_weather_left_bg_top.gif -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Program Files\WhenUSearch\Content\images\more_bg.gif -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Program Files\WhenUSearch\Content\images\more_bottom_bg.gif -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Program Files\WhenUSearch\Content\images\more_bottom_main.gif -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Program Files\WhenUSearch\Content\images\more_bottom_main_bg.gif -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Program Files\WhenUSearch\Content\images\more_left_bg.gif -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Program Files\WhenUSearch\Content\images\more_right_bg.gif -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Program Files\WhenUSearch\Content\images\more_top_bg.gif -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Program Files\WhenUSearch\Content\images\more_top_left.gif -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Program Files\WhenUSearch\Content\images\more_top_left_bw.gif -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Program Files\WhenUSearch\Content\images\more_top_right.gif -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Program Files\WhenUSearch\Content\images\more_top_right_bw.gif -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Program Files\WhenUSearch\Content\images\more_top_x.gif -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Program Files\WhenUSearch\Content\images\more_top_x_bw.gif -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Program Files\WhenUSearch\Content\images\more_top_x_down.gif -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Program Files\WhenUSearch\Content\images\more_top_x_on.gif -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Program Files\WhenUSearch\Content\images\mount.gif -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Program Files\WhenUSearch\Content\images\mount_down.gif -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Program Files\WhenUSearch\Content\images\mount_grey.gif -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Program Files\WhenUSearch\Content\images\mount_on.gif -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Program Files\WhenUSearch\Content\images\nav_button_bg.gif -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Program Files\WhenUSearch\Content\images\nav_button_bg_down.gif -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Program Files\WhenUSearch\Content\images\nav_button_bg_on.gif -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Program Files\WhenUSearch\Content\images\notyet.gif -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Program Files\WhenUSearch\Content\images\notyet_bw.gif -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Program Files\WhenUSearch\Content\images\open_bg.gif -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Program Files\WhenUSearch\Content\images\open_bottom_bg.gif -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Program Files\WhenUSearch\Content\images\open_bottom_left.gif -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Program Files\WhenUSearch\Content\images\open_bottom_left_bw.gif -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Program Files\WhenUSearch\Content\images\open_bottom_right.gif -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Program Files\WhenUSearch\Content\images\open_bottom_right_bw.gif -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Program Files\WhenUSearch\Content\images\open_cancel.gif -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Program Files\WhenUSearch\Content\images\open_cancel_down.gif -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Program Files\WhenUSearch\Content\images\open_cancel_on.gif -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Program Files\WhenUSearch\Content\images\open_defaults.gif -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Program Files\WhenUSearch\Content\images\open_defaults_down.gif -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Program Files\WhenUSearch\Content\images\open_defaults_on.gif -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Program Files\WhenUSearch\Content\images\open_open.gif -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Program Files\WhenUSearch\Content\images\open_open_down.gif -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Program Files\WhenUSearch\Content\images\open_open_on.gif -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Program Files\WhenUSearch\Content\images\open_save.gif -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Program Files\WhenUSearch\Content\images\open_save_down.gif -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Program Files\WhenUSearch\Content\images\open_save_on.gif -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Program Files\WhenUSearch\Content\images\open_search.gif -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Program Files\WhenUSearch\Content\images\open_search_down.gif -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Program Files\WhenUSearch\Content\images\open_search_on.gif -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Program Files\WhenUSearch\Content\images\right_bg.gif -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Program Files\WhenUSearch\Content\images\right_bg_grey.gif -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Program Files\WhenUSearch\Content\images\right_instructions.gif -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Program Files\WhenUSearch\Content\images\right_instructions_on.gif -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Program Files\WhenUSearch\Content\images\right_instructions_red.gif -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Program Files\WhenUSearch\Content\images\right_left.gif -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Program Files\WhenUSearch\Content\images\right_left_grey.gif -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Program Files\WhenUSearch\Content\images\right_main_bg.gif -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Program Files\WhenUSearch\Content\images\right_more_left.gif -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Program Files\WhenUSearch\Content\images\right_more_off.gif -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Program Files\WhenUSearch\Content\images\right_more_on.gif -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Program Files\WhenUSearch\Content\images\right_more_up.gif -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Program Files\WhenUSearch\Content\images\spacer.gif -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Program Files\WhenUSearch\Content\images\tab_left_bg.gif -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Program Files\WhenUSearch\Content\images\tab_left_bw.gif -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Program Files\WhenUSearch\Content\images\tab_left_down.gif -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Program Files\WhenUSearch\Content\images\tab_left_off.gif -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Program Files\WhenUSearch\Content\images\tab_left_on.gif -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Program Files\WhenUSearch\Content\images\tab_right_down.gif -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Program Files\WhenUSearch\Content\images\tab_right_off.gif -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Program Files\WhenUSearch\Content\images\tab_right_on.gif -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Program Files\WhenUSearch\Content\images\unmount.gif -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Program Files\WhenUSearch\Content\images\unmount_down.gif -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Program Files\WhenUSearch\Content\images\unmount_grey.gif -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Program Files\WhenUSearch\Content\images\unmount_on.gif -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Program Files\WhenUSearch\Content\index.htm -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Program Files\WhenUSearch\Content\instructions.html -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Program Files\WhenUSearch\Content\loading.html -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Program Files\WhenUSearch\Content\main_menu_sub.html -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Program Files\WhenUSearch\Content\menu.css -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Program Files\WhenUSearch\Content\menu_emu.html -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Program Files\WhenUSearch\Content\menu_main.html -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Program Files\WhenUSearch\Content\menu_manage.html -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Program Files\WhenUSearch\Content\menu_opt.html -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Program Files\WhenUSearch\Content\menu_ucontrol.html -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Program Files\WhenUSearch\Content\menu_whenu.html -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Program Files\WhenUSearch\Content\message.html -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Program Files\WhenUSearch\Content\min.html -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Program Files\WhenUSearch\Content\module_weather.css -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Program Files\WhenUSearch\Content\module_weather_dialog.css -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Program Files\WhenUSearch\Content\more.html -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Program Files\WhenUSearch\Content\movement.js -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Program Files\WhenUSearch\Content\newresults.html -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Program Files\WhenUSearch\Content\notyet.html -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Program Files\WhenUSearch\Content\open_browser.html -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Program Files\WhenUSearch\Content\open_search.html -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Program Files\WhenUSearch\Content\quick.css -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Program Files\WhenUSearch\Content\quick_coupon.html -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Program Files\WhenUSearch\Content\quick_instructions.html -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Program Files\WhenUSearch\Content\quick_search.html -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Program Files\WhenUSearch\Content\quick_tutorial.html -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Program Files\WhenUSearch\Content\right.html -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Program Files\WhenUSearch\Content\search.html -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Program Files\WhenUSearch\Content\splash.html -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Program Files\WhenUSearch\Content\tooltip_emu.html -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Program Files\WhenUSearch\Content\tooltip_go.html -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Program Files\WhenUSearch\Content\tooltip_logo.html -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Program Files\WhenUSearch\Content\tooltip_manage.html -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Program Files\WhenUSearch\Content\tooltip_more.html -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Program Files\WhenUSearch\Content\tooltip_opt.html -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Program Files\WhenUSearch\Content\tooltip_search.html -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Program Files\WhenUSearch\Content\tooltip_slider.html -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Program Files\WhenUSearch\Content\tooltip_whenu.html -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Program Files\WhenUSearch\Content\tooltip_whenu2.html -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Program Files\WhenUSearch\Content\ui.cfg -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Program Files\WhenUSearch\Content\uninst.ico -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Program Files\WhenUSearch\Search.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Program Files\WhenUSearch\Uninst.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Program Files\WhenUSearch\search.db -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Program Files\WhenUSearch\search.dll -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Program Files\WhenUSearch\search.htm -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Program Files\WhenUSearch\store.db -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Program Files\WhenUSearch\whse.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\WUSE.1 -> Adware.SaveNow : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\WUSN.1 -> Adware.SaveNow : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SaveNow -> Adware.SaveNow : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WhenUSearch -> Adware.SaveNow : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\WhenUSave -> Adware.SaveNow : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\WhenUSave\Partners -> Adware.SaveNow : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\WhenUSave\Partners\WUSV -> Adware.SaveNow : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\WhenUSearch -> Adware.SaveNow : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\WhenUSearch\Partners -> Adware.SaveNow : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\WhenUSearch\Partners\desktop -> Adware.SaveNow : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\WhenUSearch\WHSE -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Documents and Settings\Roger\Start Menu\Programs\WhenUSearch -> Adware.WhenU : Cleaned with backup (quarantined).
    C:\Documents and Settings\Roger\Start Menu\Programs\WhenUSearch\WhenUSearch Desktop Toolbar.lnk -> Adware.WhenU : Cleaned with backup (quarantined).
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Portal\0F7D4058.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Portal\22060DF3.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Portal\23714264.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Portal\23AF601F.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Portal\372950B0.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Portal\37716C61.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Portal\60B826F4.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Portal\6A39567F.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
    C:\WINDOWS\browser.exe -> Hijacker.Small : Cleaned with backup (quarantined).
    C:\Documents and Settings\Roger\Cookies\roger@adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
    C:\Documents and Settings\Owner\Cookies\owner@adrevolver[3].txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
    C:\Documents and Settings\Roger\Cookies\roger@adtech[2].txt -> TrackingCookie.Adtech : Cleaned with backup (quarantined).
    C:\Documents and Settings\Owner\Cookies\owner@advertising[2].txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
    C:\Documents and Settings\Owner\Cookies\owner@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
    C:\Documents and Settings\Roger\Cookies\roger@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
    C:\Documents and Settings\Roger\Cookies\roger@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : Cleaned with backup (quarantined).
    C:\Documents and Settings\Roger\Cookies\roger@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
    C:\Documents and Settings\Roger\Cookies\roger@www.burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
    C:\Documents and Settings\Owner\Cookies\owner@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
    C:\Documents and Settings\Roger\Cookies\roger@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
    C:\Documents and Settings\Owner\Cookies\owner@centrport[1].txt -> TrackingCookie.Centrport : Cleaned with backup (quarantined).
    C:\Documents and Settings\Owner\Cookies\owner@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
    C:\Documents and Settings\Roger\Cookies\roger@doubleclick[2].txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
    C:\Documents and Settings\Owner\Cookies\owner@fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
    C:\Documents and Settings\Owner\Cookies\owner@mediaplex[2].txt -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined).
    C:\Documents and Settings\Roger\Cookies\roger@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined).
    C:\Documents and Settings\Owner\Cookies\owner@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
    C:\Documents and Settings\Roger\Cookies\roger@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
    C:\Documents and Settings\Owner\Cookies\owner@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
    C:\Documents and Settings\Roger\Cookies\roger@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
    C:\Documents and Settings\Owner\Cookies\owner@trafficmp[2].txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
    C:\Documents and Settings\Owner\Cookies\owner@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
    C:\Documents and Settings\Roger\Cookies\roger@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
    C:\Documents and Settings\Owner\Cookies\owner@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
    C:\Documents and Settings\Roger\Cookies\roger@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).


    ::Report end

    and here is the short panda file

    Incident Status Location

    Adware:adware/whenusearch Not disinfected C:\Documents and Settings\All Users\Desktop\Toolbar.lnk
    Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Owner\Cookies\owner@adrevolver[2].txt
    Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Owner\Cookies\owner@belnk[1].txt
    Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Owner\Cookies\owner@dist.belnk[2].txt
    Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Owner\Cookies\owner@realmedia[1].txt
     
    rogerm16, Aug 13, 2006
    #5
  6. maca1

    maca1 Regular member

    Joined:
    Mar 15, 2006
    Messages:
    630
    Likes Received:
    0
    Trophy Points:
    26
    check these with hijackthis and click fix checked


    O2 - BHO: WhenUSearch Helper - {BA2325ED-F9EB-4830-8FCE-0BC35B16969B} - C:\Program Files\WhenUSearch\search.dll (file missing)
    O4 - Global Startup: hp center.lnk = C:\Program Files\hp center\137903\Program\BackWeb-137903.exe



    DownLoad http://www.downloads.subratam.org/KillBox.zip

    you may want to copy these instrcutions as youll be going in to safe mode soon.

    Restart your computer into safe mode now. (Tapping F8 at the first black screen) Perform the following steps in safe mode:

    Double-click on Killbox.exe to run it. Now put a tick by Standard File Kill. In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time then click on the button that has the red circle with the X in the middle after you enter each file. It will ask for confimation to delete the file. Click Yes. Continue with that same procedure until you have copied and pasted all of these in the "Paste Full Path of File to Delete" box.

    Note: It is possible that Killbox will tell you that one or more files do not
    exist. If that happens, just continue on with all the files. Be sure you
    don't miss any.


    C:\Program Files\WhenUSearch

    C:\Program Files\hp center\137903\Program\BackWeb-137903.exe

    C:\Documents and Settings\All Users\Desktop\Toolbar.lnk




    post a new hijackthis log from normal mode

     
    maca1, Aug 13, 2006
    #6
  7. rogerm16

    rogerm16 Member

    Joined:
    Jun 16, 2006
    Messages:
    77
    Likes Received:
    0
    Trophy Points:
    16
    all right. Check it i followed you directions heres the log

    Logfile of HijackThis v1.99.1
    Scan saved at 1:56:29 AM, on 8/14/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
    C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
    C:\PROGRA~1\NORTON~1\NORTON~3\NPROTECT.EXE
    C:\windows\system\hpsysdrv.exe
    C:\HP\KBD\KBD.EXE
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\WINDOWS\System32\snmp.exe
    C:\Program Files\BroadJump\Client Foundation\CFD.exe
    C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\PROGRA~1\NORTON~1\NORTON~3\SPEEDD~1\NOPDB.EXE
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
    C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
    C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\W32BRG55.EXE
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Documents and Settings\Roger\Desktop\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr7/*http://www.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us3.hpwis.com/
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
    O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - Global Startup: Norton GoBack.lnk = C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
    O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
    O4 - Global Startup: ZDWLan Utility.lnk = C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
    O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
    O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: GoBack Polling Service (GBPoll) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\system32\ImapiRox.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
    O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~3\NPROTECT.EXE
    O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
    O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~3\SPEEDD~1\NOPDB.EXE
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

     
    rogerm16, Aug 13, 2006
    #7
  8. Niobis

    Niobis Active member

    Joined:
    Jan 30, 2005
    Messages:
    2,326
    Likes Received:
    0
    Trophy Points:
    66
    Damn rogerm16, didn't I just clean you about 2 weeks ago? :)

    You must be more careful mate.

    You look clean now, having any troubles?
     
    Last edited: Aug 13, 2006
    Niobis, Aug 13, 2006
    #8
  9. rogerm16

    rogerm16 Member

    Joined:
    Jun 16, 2006
    Messages:
    77
    Likes Received:
    0
    Trophy Points:
    16
    yeah you cleaned my comp just a little while ago, but im not the only one that uses the comp, my sis does to and she can destroy a computer in mins, i dont have any problems yet, but i probably will
     
    rogerm16, Aug 14, 2006
    #9

Share This Page