Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijackthis Log Help


  • Please log in to reply
28 replies to this topic

#1 joemama

joemama

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:01:09 PM

Posted 31 October 2005 - 02:25 PM

Hi,

I'm having serious computer issues and am not sure how to fix it......I know enough to get a HiJackThis log file and post it here.....


Logfile of HijackThis v1.99.1
Scan saved at 1:16:11 PM, on 10/31/2005
Platform: Windows 2000 SP1 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Network Associates\VirusScan\Avsynmgr.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\mgabg.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\jmxukyk.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\Program Files\Network Associates\VirusScan\VsStat.exe
C:\Program Files\Network Associates\VirusScan\Vshwin32.exe
C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\Webscanx.exe
C:\Program Files\Network Associates\VirusScan\Avconsol.exe
C:\WINNT\Explorer.exe
C:\WINNT\System32\PDesk.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Accessories\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINNT\mwrhvyd.exe
C:\WINNT\gkfipev.exe
C:\WINNT\lcuqvtp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINNT\etb\pokapoka79.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.go2realsearch.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.go2realsearch.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.go2realsearch.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Tri-County Regional Planning
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Matrox Powerdesk] C:\WINNT\System32\PDesk.exe /Autolaunch
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\Accessories\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PS1] C:\WINNT\System32\ps1.exe
O4 - HKLM\..\Run: [checkrun] C:\winnt\system32\eliteiuk32.exe
O4 - HKLM\..\Run: [KavSvc] C:\WINNT\System32\lkalnz.exe
O4 - HKLM\..\Run: [C:\WINNT\VCMnet11.exe] C:\WINNT\VCMnet11.exe
O4 - HKLM\..\Run: [RSync] C:\WINNT\System32\netsync.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [q35W33g] paxamon.exe
O4 - HKLM\..\Run: [APD123] C:\WINNT\System32\APD123.exe
O4 - HKLM\..\Run: [mwrhvyd] C:\WINNT\mwrhvyd.exe
O4 - HKLM\..\Run: [winsync] C:\WINNT\System32\dsxddp.exe reg_run
O4 - HKLM\..\Run: [gkfipev] C:\WINNT\gkfipev.exe
O4 - HKLM\..\Run: [lcuqvtp] C:\WINNT\lcuqvtp.exe
O4 - HKLM\..\Run: [System service79] C:\WINNT\etb\pokapoka79.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {9E248641-0E24-4DDB-9A1F-705087832AD6} - C:\WINNT\System32\wuauclt.dll
O9 - Extra 'Tools' menuitem: Java - {9E248641-0E24-4DDB-9A1F-705087832AD6} - C:\WINNT\System32\wuauclt.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...613/mcfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = TRICOUNTYRPC.ORG
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = TRICOUNTYRPC.ORG
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = TRICOUNTYRPC.ORG
O23 - Service: AVSync Manager (AvSynMgr) - Unknown owner - C:\Program Files\Network Associates\VirusScan\Avsynmgr.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McShield - Unknown owner - C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
O23 - Service: MGABGEXE - Matrox Graphics Inc. - C:\WINNT\System32\mgabg.exe
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINNT\jmxukyk.exe


If anyone can help, that would be groovy.

Thanks in advance!

BC AdBot (Login to Remove)

 


#2 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:08:09 PM

Posted 01 November 2005 - 02:41 PM

Hi and Welcome to bleeping computer!! Posted Image

My name is David Posted Image

Please do both of the following before we start if possible!:

1) Please print off these intructions - they will be needed later when internet access is not available.
2) Save these instructions in word/notepad to the desktop where they can be easily found for the same reasons as above.

There is a bit to do on the log - i can almost guaruntee ewido will remove something - it's also a good free tool to keep in your arsenal! :thumbsup:

Please download ewido security suite it is a free version of the program.
  • Install ewido security suite
  • When installing, under "Additional Options" uncheck.
    • Install background guard
    • Install scan via context menu
  • Launch ewido, there should be an icon on your desktop, double-click it.
  • The program will now open to the main screen.
  • When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.
  • You will need to update ewido to the latest definition files.
    • On the left hand side of the main screen click update.
    • Then click on Start Update.
  • The update will start and a progress bar will show the updates being installed.
    (the status bar at the bottom will display ("Update successful") Posted Image
If you are having problems with the updater, you can use this link to manually update ewido.
ewido manual updates

Once the updates are installed do the following:
  • Click on scanner
  • Click on Complete System Scan and the scan will begin.
  • You will be prompted to clean the first infection.
  • Select "Perform action on all infections", then proceed.
  • Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report.
  • Save the report .txt file to your desktop or a location where you can find it easily.
Close ewido security suite.

Post a new HJT log and the ewido log at the end! :flowers:
David

#3 joemama

joemama
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:01:09 PM

Posted 02 November 2005 - 02:21 PM

David,


Thank You so much for your help!!!!.....I REALLY appreciate it. I followed your instructions to the letter and here is the HJT Log as well as the ewido log:





Logfile of HijackThis v1.99.1
Scan saved at 1:12:09 PM, on 11/2/2005
Platform: Windows 2000 SP1 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Network Associates\VirusScan\Avsynmgr.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\mgabg.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\Program Files\Network Associates\VirusScan\VsStat.exe
C:\Program Files\Network Associates\VirusScan\Vshwin32.exe
C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\Webscanx.exe
C:\Program Files\Network Associates\VirusScan\Avconsol.exe
C:\WINNT\Explorer.exe
C:\WINNT\System32\PDesk.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Accessories\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINNT\System32\dsxddp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINNT\etb\pokapoka79.exe
C:\Program Files\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.go2realsearch.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.go2realsearch.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.go2realsearch.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Tri-County Regional Planning
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Matrox Powerdesk] C:\WINNT\System32\PDesk.exe /Autolaunch
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\Accessories\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PS1] C:\WINNT\System32\ps1.exe
O4 - HKLM\..\Run: [checkrun] C:\winnt\system32\eliteiuk32.exe
O4 - HKLM\..\Run: [KavSvc] C:\WINNT\System32\lkalnz.exe
O4 - HKLM\..\Run: [C:\WINNT\VCMnet11.exe] C:\WINNT\VCMnet11.exe
O4 - HKLM\..\Run: [RSync] C:\WINNT\System32\netsync.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [q35W33g] paxamon.exe
O4 - HKLM\..\Run: [APD123] C:\WINNT\System32\APD123.exe
O4 - HKLM\..\Run: [winsync] C:\WINNT\System32\dsxddp.exe reg_run
O4 - HKLM\..\Run: [System service79] C:\WINNT\etb\pokapoka79.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: ciuc.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O9 - Extra 'Tools' menuitem: Java - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...613/mcfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = TRICOUNTYRPC.ORG
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = TRICOUNTYRPC.ORG
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = TRICOUNTYRPC.ORG
O23 - Service: AVSync Manager (AvSynMgr) - Unknown owner - C:\Program Files\Network Associates\VirusScan\Avsynmgr.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McShield - Unknown owner - C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
O23 - Service: MGABGEXE - Matrox Graphics Inc. - C:\WINNT\System32\mgabg.exe
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINNT\jmxukyk.exe (file missing)






---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 1:11:19 PM, 11/2/2005
+ Report-Checksum: 9BE6D868

+ Scan result:

HKLM\SOFTWARE\Classes\CeresDll.CeresDllObj -> Spyware.BetterInternet : Cleaned with backup
HKLM\SOFTWARE\Classes\CeresDll.CeresDllObj\CLSID -> Spyware.BetterInternet : Cleaned with backup
HKLM\SOFTWARE\Classes\CeresDll.CeresDllObj\CLSID\\ -> Spyware.BetterInternet : Cleaned with backup
HKLM\SOFTWARE\Classes\CeresDll.CeresDllObj\CurVer -> Spyware.BetterInternet : Cleaned with backup
HKLM\SOFTWARE\Classes\CeresDll.CeresDllObj.1 -> Spyware.BetterInternet : Cleaned with backup
HKLM\SOFTWARE\Classes\CeresDll.CeresDllObj.1\CLSID\\ -> Spyware.BetterInternet : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\\ -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{00000049-8F91-4D9C-9573-F016E7626484} -> Spyware.BetterInternet : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{00000049-8F91-4D9C-9573-F016E7626484}\TypeLib\\ -> Spyware.BetterInternet : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{016235BE-59D4-4CEB-ADD5-E2378282A1D9} -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{16B238D5-80DE-47CE-8F17-B3ECE2C2248D} -> Spyware.Begin2Search : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{16B238D5-80DE-47CE-8F17-B3ECE2C2248D}\TypeLib\\ -> Spyware.Begin2Search : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{2C4E6D22-B71F-491F-AAD3-B6972A650D50} -> Spyware.IBIS : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{2C4E6D22-B71F-491F-AAD3-B6972A650D50}\TypeLib\\ -> Spyware.IBIS : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{310CC549-4541-46A9-940F-52B342A6E682} -> Spyware.IBIS : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{310CC549-4541-46A9-940F-52B342A6E682}\TypeLib\\ -> Spyware.IBIS : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{417386C3-8D4A-4611-9B91-E57E89D603AC} -> Spyware.AdDestroyer : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{417386C3-8D4A-4611-9B91-E57E89D603AC}\TypeLib\\ -> Spyware.AdDestroyer : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{6EC11407-5B2E-4E25-8BDF-77445B52AB37} -> Spyware.VX2 : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{87067F04-DE4C-4688-BC3C-4FCF39D609E7} -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{8B0FA130-0C3D-4CB1-AEB7-2C29DA5509A3} -> Spyware.IBIS : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{8B0FA130-0C3D-4CB1-AEB7-2C29DA5509A3}\TypeLib\\ -> Spyware.IBIS : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{978C4EC7-60D1-4005-8CE0-D6A7169E36EA} -> Spyware.Begin2Search : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{978C4EC7-60D1-4005-8CE0-D6A7169E36EA}\ShellEx\PropertySheetHandlers\{978C4EC7-60D1-4005-8CE0-D6A7169E36EA} -> Spyware.Begin2Search : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{AF8B3C81-CD19-45FB-B6BE-160D27711DE8}\TypeLib\\ -> Spyware.IBIS : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{B5AB638F-D76C-415B-A8F2-F3CEAC502212} -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{BC333116-6EA1-40A1-9D07-ECB192DB8CEA} -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{D52433A9-A44C-43AB-A013-24B3C756DD2B}\TypeLib\\ -> Spyware.AdDestroyer : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{FB45C451-B0E9-4407-BB6A-9361013F3E9A} -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{FB45C451-B0E9-4407-BB6A-9361013F3E9A}\TypeLib\\ -> Spyware.IBIS : Cleaned with backup
HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{6EC11407-5B2E-4E25-8BDF-77445B52AB37} -> Spyware.VX2 : Cleaned with backup
HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{6EC11407-5B2E-4E25-8BDF-77445B52AB37}\\ -> Spyware.VX2 : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{10D7DB96-56DC-4617-8EAB-EC506ABE6C7E} -> Spyware.AdDestroyer : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{10D7DB96-56DC-4617-8EAB-EC506ABE6C7E}\TypeLib\\ -> Spyware.AdDestroyer : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{234F09FB-FE89-4C6D-9203-31832FC051C3} -> Spyware.IBIS : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{234F09FB-FE89-4C6D-9203-31832FC051C3}\TypeLib\\ -> Spyware.IBIS : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{3116ED38-8599-4261-8F81-F43266FFAAFF} -> Spyware.FizzleBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{3116ED38-8599-4261-8F81-F43266FFAAFF}\TypeLib\\ -> Spyware.FizzleBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{365B9A54-E613-46E5-9DB1-4F91A9DE80BD} -> Spyware.IBIS : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{365B9A54-E613-46E5-9DB1-4F91A9DE80BD}\TypeLib\\ -> Spyware.IBIS : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{36A89C39-DA76-49D6-98F8-0CBEC6B8B352} -> Spyware.FizzleBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{36A89C39-DA76-49D6-98F8-0CBEC6B8B352}\TypeLib\\ -> Spyware.FizzleBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{57CB9B97-9FF9-4C87-88A4-56A867FFC95E} -> Spyware.Begin2Search : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{57CB9B97-9FF9-4C87-88A4-56A867FFC95E}\TypeLib\\ -> Spyware.Begin2Search : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{618BE527-B7F5-417C-BC51-98FDC2D6DE61} -> Spyware.IBIS : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{618BE527-B7F5-417C-BC51-98FDC2D6DE61}\TypeLib\\ -> Spyware.IBIS : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{66C22569-F05C-4A70-A142-763B337E1002} -> Spyware.IBIS : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{66C22569-F05C-4A70-A142-763B337E1002}\TypeLib\\ -> Spyware.IBIS : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{6CDC3337-01F7-4A79-A4AF-0B19303CC0BE} -> Spyware.AdDestroyer : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{6CDC3337-01F7-4A79-A4AF-0B19303CC0BE}\TypeLib\\ -> Spyware.AdDestroyer : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{6F59D850-A155-4930-98AE-689A2BC7B8E8}\TypeLib\\ -> Spyware.IBIS : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{795398D0-DC2F-4118-A69C-592273BA9C2B} -> Spyware.AdDestroyer : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{795398D0-DC2F-4118-A69C-592273BA9C2B}\TypeLib\\ -> Spyware.AdDestroyer : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{7B8BD940-B1EF-460C-85A2-9ACAAF7F9303} -> Spyware.IBIS : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{7B8BD940-B1EF-460C-85A2-9ACAAF7F9303}\TypeLib\\ -> Spyware.IBIS : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{8EEE58D5-130E-4CBD-9C83-35A0564E1357} -> Spyware.NaviSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{8EEE58D5-130E-4CBD-9C83-35A0564E1357}\TypeLib\\ -> Spyware.NaviSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{8EEE58D5-130E-4CBD-9C83-35A0564E5678} -> Spyware.BargainBuddy : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{8EEE58D5-130E-4CBD-9C83-35A0564E5678}\TypeLib\\ -> Spyware.NaviSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{99AA88D1-D9D3-410A-BE9E-044F94C183DA} -> Spyware.IBIS : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{99AA88D1-D9D3-410A-BE9E-044F94C183DA}\TypeLib\\ -> Spyware.IBIS : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{B288F21C-A144-4CA2-9B70-8AFA1FAE4B06} -> Spyware.AdDestroyer : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{B288F21C-A144-4CA2-9B70-8AFA1FAE4B06}\TypeLib\\ -> Spyware.AdDestroyer : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{B548B7D8-3D03-4AED-A6A1-4251FAD00C10} -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{B548B7D8-3D03-4AED-A6A1-4251FAD00C10}\ProxyStubClsid32\\ -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{B99A727F-0782-4A71-BCC2-6E1E66414904} -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{B99A727F-0782-4A71-BCC2-6E1E66414904}\ProxyStubClsid32\\ -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{BB0D5ADC-028D-4185-9288-722DDCE2C757} -> Spyware.BetterInternet : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{BB0D5ADC-028D-4185-9288-722DDCE2C757}\TypeLib\\ -> Spyware.BetterInternet : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{BC333116-6EA1-40A1-9D07-ECB192DB8CEA} -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{BC333116-6EA1-40A1-9D07-ECB192DB8CEA}\ProxyStubClsid32\\ -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{C380566D-F343-42AB-987B-6B38A1A35747} -> Spyware.IBIS : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{C380566D-F343-42AB-987B-6B38A1A35747}\TypeLib\\ -> Spyware.IBIS : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{C6906A23-4717-4E1F-B6FD-F06EBED11357} -> Spyware.NaviSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{C6906A23-4717-4E1F-B6FD-F06EBED11357}\TypeLib\\ -> Spyware.NaviSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{C6906A23-4717-4E1F-B6FD-F06EBED15678} -> Spyware.BargainBuddy : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{C6906A23-4717-4E1F-B6FD-F06EBED15678}\TypeLib\\ -> Spyware.NaviSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{D1951679-1D52-43FC-9585-0737143585F5} -> Spyware.IBIS : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{D1951679-1D52-43FC-9585-0737143585F5}\TypeLib\\ -> Spyware.IBIS : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{F273D4EA-2025-4410-8408-251A0CD46BE7} -> Spyware.IBIS : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{F273D4EA-2025-4410-8408-251A0CD46BE7}\TypeLib\\ -> Spyware.IBIS : Cleaned with backup
HKLM\SOFTWARE\Classes\PopOops2.PopOops -> Spyware.AdDestroyer : Cleaned with backup
HKLM\SOFTWARE\Classes\PopOops2.PopOops\Clsid -> Spyware.AdDestroyer : Cleaned with backup
HKLM\SOFTWARE\Classes\PopOops2.PopOops\Clsid\\ -> Spyware.AdDestroyer : Cleaned with backup
HKLM\SOFTWARE\Classes\PROTOCOLS\Name-Space Handler\res -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\Radio.RadioPlayer -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\Radio.RadioPlayer\Clsid -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\Radio.RadioPlayer\Clsid\\ -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\SWLAD1.SWLAD -> Spyware.AdDestroyer : Cleaned with backup
HKLM\SOFTWARE\Classes\SWLAD1.SWLAD\Clsid -> Spyware.AdDestroyer : Cleaned with backup
HKLM\SOFTWARE\Classes\TBPS.PluginDownAdd -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\TBPS.PluginDownAdd\Clsid -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\TBPS.PluginDownAdd\Clsid\\ -> Spyware.IBIS : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{227D1E33-EAD4-4ACE-BE32-4ACFAAD072DD} -> Spyware.Begin2Search : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{4EB7BBE8-2E15-424B-9DDB-2CDB9516B2C3} -> Spyware.NaviSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{4EB7BBE8-2E15-424B-9DDB-2CDB9516C2E3} -> Spyware.NaviSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{549AD254-492D-42B5-8909-34F14348D4BC} -> Spyware.FizzleBar : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{92DAF5C1-2135-4E0C-B7A0-259ABFCD3904} -> Spyware.BetterInternet : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{B23B3ADD-84B1-414A-92B9-0CABE5A781F4} -> Spyware.IBIS : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{D0C29A75-7146-4737-98EE-BC4D7CF44AF9} -> Spyware.AdDestroyer : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{D8BD4DED-5BB2-4D4E-9A6A-F10244FED7D6} -> Spyware.IBIS : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{E0D3B292-A0B0-4640-975C-2F882E039F52} -> Spyware.AdDestroyer : Cleaned with backup
HKLM\SOFTWARE\Classes\Var3.RsyncHlpr -> Spyware.Begin2Search : Cleaned with backup
HKLM\SOFTWARE\Classes\Var3.RsyncHlpr\CLSID -> Spyware.Begin2Search : Cleaned with backup
HKLM\SOFTWARE\Classes\Var3.RsyncHlpr\CLSID\\ -> Spyware.Begin2Search : Cleaned with backup
HKLM\SOFTWARE\Classes\Var3.RsyncHlpr\CurVer -> Spyware.Begin2Search : Cleaned with backup
HKLM\SOFTWARE\Classes\Var3.RsyncHlpr.1 -> Spyware.Begin2Search : Cleaned with backup
HKLM\SOFTWARE\Classes\Var3.RsyncHlpr.1\CLSID\\ -> Spyware.Begin2Search : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{9E248641-0E24-4DDB-9A1F-705087832AD6}\\CLSID -> Spyware.VX2 : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\STO -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WAFAIE -> Adware.AFAEnhance : Cleaned with backup
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Spyware.Alexa : Cleaned with backup
[624] C:\WINNT\jmxukyk.exe -> Spyware.Hijacker.Generic : Cleaned with backup
[976] C:\WINNT\System32\wuauclt.dll -> TrojanDownloader.Small : Cleaned with backup
[1136] C:\WINNT\System32\dsfdgsk.dll -> TrojanDownloader.Qoologic.ac : Cleaned with backup
[1012] C:\WINNT\System32\dsfdgsk.dll -> TrojanDownloader.Qoologic.ac : Error during cleaning
[316] C:\WINNT\System32\dsfdgsk.dll -> TrojanDownloader.Qoologic.ac : Error during cleaning
[1000] C:\WINNT\System32\dsfdgsk.dll -> TrojanDownloader.Qoologic.ac : Error during cleaning
[1084] C:\WINNT\mwrhvyd.exe -> Spyware.Hijacker.Generic : Cleaned with backup
[1244] C:\WINNT\gkfipev.exe -> Spyware.Hijacker.Generic : Cleaned with backup
[1268] C:\WINNT\lcuqvtp.exe -> Spyware.Hijacker.Generic : Cleaned with backup
[1272] C:\WINNT\System32\dsfdgsk.dll -> TrojanDownloader.Qoologic.ac : Error during cleaning
[1284] C:\WINNT\System32\dsfdgsk.dll -> TrojanDownloader.Qoologic.ac : Error during cleaning
[1316] C:\WINNT\System32\dsfdgsk.dll -> TrojanDownloader.Qoologic.ac : Error during cleaning
C:\Documents and Settings\mlee\Cookies\mlee@112.2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\mlee\Cookies\mlee@abetterinternet[2].txt -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Documents and Settings\mlee\Cookies\mlee@ad.yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\mlee\Cookies\mlee@ad1.clickhype[1].txt -> Spyware.Cookie.Clickhype : Cleaned with backup
C:\Documents and Settings\mlee\Cookies\mlee@adopt.specificclick[1].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\Documents and Settings\mlee\Cookies\mlee@adorigin[1].txt -> Spyware.Cookie.Adorigin : Cleaned with backup
C:\Documents and Settings\mlee\Cookies\mlee@ads.pointroll[2].txt -> Spyware.Cookie.Pointroll : Cleaned with backup
C:\Documents and Settings\mlee\Cookies\mlee@ads18.bpath[1].txt -> Spyware.Cookie.Bpath : Cleaned with backup
C:\Documents and Settings\mlee\Cookies\mlee@adtrak[1].txt -> Spyware.Cookie.Adtrak : Cleaned with backup
C:\Documents and Settings\mlee\Cookies\mlee@chicagosuntimes.122.2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\mlee\Cookies\mlee@cnn.122.2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\mlee\Cookies\mlee@com[2].txt -> Spyware.Cookie.Com : Cleaned with backup
C:\Documents and Settings\mlee\Cookies\mlee@cz3.clickzs[2].txt -> Spyware.Cookie.Clickzs : Cleaned with backup
C:\Documents and Settings\mlee\Cookies\mlee@e-2dj6wgkyskdpsko.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\mlee\Cookies\mlee@e-2dj6wjlycgczogp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\mlee\Cookies\mlee@fastclick[1].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Documents and Settings\mlee\Cookies\mlee@goldenpalace[2].txt -> Spyware.Cookie.Goldenpalace : Cleaned with backup
C:\Documents and Settings\mlee\Cookies\mlee@image.masterstats[1].txt -> Spyware.Cookie.Masterstats : Cleaned with backup
C:\Documents and Settings\mlee\Cookies\mlee@news.com[2].txt -> Spyware.Cookie.Com : Cleaned with backup
C:\Documents and Settings\mlee\Cookies\mlee@perf.overture[1].txt -> Spyware.Cookie.Overture : Cleaned with backup
C:\Documents and Settings\mlee\Cookies\mlee@rotator.adjuggler[1].txt -> Spyware.Cookie.Adjuggler : Cleaned with backup
C:\Documents and Settings\mlee\Cookies\mlee@rotator.dex.adjuggler[1].txt -> Spyware.Cookie.Adjuggler : Cleaned with backup
C:\Documents and Settings\mlee\Cookies\mlee@serving-sys[2].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\mlee\Cookies\mlee@www.burstnet[1].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
C:\Documents and Settings\mlee\Cookies\mlee@www.myaffiliateprogram[1].txt -> Spyware.Cookie.Myaffiliateprogram : Cleaned with backup
C:\Documents and Settings\mlee\Local Settings\Temp\asfjkk32.tmp -> Spyware.SafeSurfing : Cleaned with backup
C:\Documents and Settings\mlee\Local Settings\Temp\cxtpls_loader.exe -> TrojanDownloader.Apropo.ab : Cleaned with backup
C:\Documents and Settings\mlee\Local Settings\Temp\DrTemp\ceres.cab/ceres.dll -> Adware.BetterInternet : Error during cleaning
C:\Documents and Settings\mlee\Local Settings\Temp\DrTemp\ceres.cab/spike.exe -> Trojan.Agent.cb : Error during cleaning
C:\Documents and Settings\mlee\Local Settings\Temp\DrTemp\ceres.dll -> Adware.BetterInternet : Cleaned with backup
C:\Documents and Settings\mlee\Local Settings\Temp\DrTemp\wupdt.exe -> TrojanDownloader.Intexp.c : Cleaned with backup
C:\Documents and Settings\mlee\Local Settings\Temp\i693.tmp -> Spyware.SurfSide : Cleaned with backup
C:\Documents and Settings\mlee\Local Settings\Temp\installer_MARKETING18.exe -> TrojanDownloader.Adload.a : Cleaned with backup
C:\Documents and Settings\mlee\Local Settings\Temp\nst4B.EXE -> Spyware.SmartPops : Cleaned with backup
C:\Documents and Settings\mlee\Local Settings\Temp\SSK3_B5 Seedcorn 4.exe -> TrojanDropper.Small.qn : Cleaned with backup
C:\Documents and Settings\mlee\Local Settings\Temp\WToolsA.exe -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\mlee\Local Settings\Temporary Internet Files\Content.IE5\C1ENWL63\pokapoka78[1].exe -> Trojan.EliteBar.g : Cleaned with backup
C:\Documents and Settings\mlee\Local Settings\Temporary Internet Files\Content.IE5\KD4347CJ\installer_MARKETING32[1].cab/installer_MARKETING32.exe -> TrojanDownloader.Adload.a : Error during cleaning
C:\Documents and Settings\mlee\Local Settings\Temporary Internet Files\Content.IE5\KD4347CJ\joysaver[1].cab/m67m.ocx -> Spyware.MediaMotor : Error during cleaning
C:\Documents and Settings\mlee\Local Settings\Temporary Internet Files\Content.IE5\XNTQQ4E1\webplugin[1].cab/wupdt.exe -> Spyware.Imiserverieplugin : Error during cleaning
C:\Documents and Settings\mlee.TRICOUNTYRPC\Cookies\mlee@2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\mlee.TRICOUNTYRPC\Cookies\mlee@a.tribalfusion[2].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\mlee.TRICOUNTYRPC\Cookies\mlee@ad.yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\mlee.TRICOUNTYRPC\Cookies\mlee@adopt.specificclick[2].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\Documents and Settings\mlee.TRICOUNTYRPC\Cookies\mlee@ads.addynamix[2].txt -> Spyware.Cookie.Addynamix : Cleaned with backup
C:\Documents and Settings\mlee.TRICOUNTYRPC\Cookies\mlee@ads.pointroll[1].txt -> Spyware.Cookie.Pointroll : Cleaned with backup
C:\Documents and Settings\mlee.TRICOUNTYRPC\Cookies\mlee@adtech[2].txt -> Spyware.Cookie.Adtech : Cleaned with backup
C:\Documents and Settings\mlee.TRICOUNTYRPC\Cookies\mlee@advertising[2].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\mlee.TRICOUNTYRPC\Cookies\mlee@as1.falkag[1].txt -> Spyware.Cookie.Falkag : Cleaned with backup
C:\Documents and Settings\mlee.TRICOUNTYRPC\Cookies\mlee@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\mlee.TRICOUNTYRPC\Cookies\mlee@burstnet[2].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
C:\Documents and Settings\mlee.TRICOUNTYRPC\Cookies\mlee@centrport[1].txt -> Spyware.Cookie.Centrport : Cleaned with backup
C:\Documents and Settings\mlee.TRICOUNTYRPC\Cookies\mlee@citi.bridgetrack[1].txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
C:\Documents and Settings\mlee.TRICOUNTYRPC\Cookies\mlee@com[2].txt -> Spyware.Cookie.Com : Cleaned with backup
C:\Documents and Settings\mlee.TRICOUNTYRPC\Cookies\mlee@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\mlee.TRICOUNTYRPC\Cookies\mlee@edge.ru4[1].txt -> Spyware.Cookie.Ru4 : Cleaned with backup
C:\Documents and Settings\mlee.TRICOUNTYRPC\Cookies\mlee@ehg-financialaid.hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\mlee.TRICOUNTYRPC\Cookies\mlee@fastclick[1].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Documents and Settings\mlee.TRICOUNTYRPC\Cookies\mlee@hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\mlee.TRICOUNTYRPC\Cookies\mlee@internetfuel[1].txt -> Spyware.Cookie.Internetfuel : Cleaned with backup
C:\Documents and Settings\mlee.TRICOUNTYRPC\Cookies\mlee@mediaplex[1].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\mlee.TRICOUNTYRPC\Cookies\mlee@msnportal.112.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\mlee.TRICOUNTYRPC\Cookies\mlee@questionmarket[1].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\mlee.TRICOUNTYRPC\Cookies\mlee@revenue[2].txt -> Spyware.Cookie.Revenue : Cleaned with backup
C:\Documents and Settings\mlee.TRICOUNTYRPC\Cookies\mlee@servedby.advertising[2].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\mlee.TRICOUNTYRPC\Cookies\mlee@server.iad.liveperson[2].txt -> Spyware.Cookie.Liveperson : Cleaned with backup
C:\Documents and Settings\mlee.TRICOUNTYRPC\Cookies\mlee@statse.webtrendslive[1].txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
C:\Documents and Settings\mlee.TRICOUNTYRPC\Cookies\mlee@tradedoubler[1].txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
C:\Documents and Settings\mlee.TRICOUNTYRPC\Cookies\mlee@trafficmp[2].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\mlee.TRICOUNTYRPC\Cookies\mlee@tribalfusion[1].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\mlee.TRICOUNTYRPC\Cookies\mlee@www.burstbeacon[1].txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
C:\Documents and Settings\mlee.TRICOUNTYRPC\Cookies\mlee@yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\mlee.TRICOUNTYRPC\Cookies\mlee@z1.adserver[1].txt -> Spyware.Cookie.Adserver : Cleaned with backup
C:\Documents and Settings\mlee.TRICOUNTYRPC\Local Settings\Temporary Internet Files\Content.IE5\XNTQQ4E1\mm[2].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\mlee.TRICOUNTYRPC\Local Settings\Temporary Internet Files\Content.IE5\XNTQQ4E1\pokapoka79[1].exe -> Trojan.EliteBar : Cleaned with backup
C:\Program Files\Windows Media Player\wmplayer.exe -> Spyware.Pacer : Cleaned with backup
C:\RECYCLER\S-1-5-21-796845957-1958367476-682003330-1670\Dc101.exe -> Spyware.Pacer : Cleaned with backup
C:\RECYCLER\S-1-5-21-796845957-1958367476-682003330-1670\Dc103.exe -> Trojan.Crypt.t : Cleaned with backup
C:\RECYCLER\S-1-5-21-796845957-1958367476-682003330-1670\Dc104.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\RECYCLER\S-1-5-21-796845957-1958367476-682003330-1670\Dc106.exe -> TrojanDownloader.Agent.qg : Cleaned with backup
C:\RECYCLER\S-1-5-21-796845957-1958367476-682003330-1670\Dc108.dat -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\RECYCLER\S-1-5-21-796845957-1958367476-682003330-1670\Dc109.cpl -> TrojanDownloader.Qoologic.ad : Cleaned with backup
C:\RECYCLER\S-1-5-21-796845957-1958367476-682003330-1670\Dc111.exe -> Spyware.ISearch : Cleaned with backup
C:\RECYCLER\S-1-5-21-796845957-1958367476-682003330-1670\Dc130.exe -> Spyware.SmartPops : Cleaned with backup
C:\RECYCLER\S-1-5-21-796845957-1958367476-682003330-1670\Dc132\dwwqbmooui.dll -> Spyware.SmartPops : Cleaned with backup
C:\WINNT\etb\pokapoka79.exe -> Trojan.EliteBar : Cleaned with backup
C:\WINNT\gkfipev.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINNT\jmxukyk.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINNT\lcuqvtp.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINNT\mwrhvyd.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINNT\system\QBUninstaller.exe -> TrojanDownloader.Small.aly : Cleaned with backup
C:\WINNT\system32\exdl.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\WINNT\system32\exul.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\WINNT\system32\javexulm.vxd -> Spyware.BargainBuddy : Cleaned with backup
C:\WINNT\system32\mqexdlm.srg -> Spyware.BargainBuddy : Cleaned with backup
C:\WINNT\system32\nsp68D.dll -> Spyware.HotBar : Cleaned with backup
C:\WINNT\system32\PSof1.exe -> Spyware.Pacer : Cleaned with backup
C:\WINNT\system32\wuauclt.dll -> TrojanDownloader.Small : Cleaned with backup
C:\WINNT\system32\ykgyv.dat -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\WINNT\tdtb.exe -> Trojan.Imiserv.c : Cleaned with backup


::Report End



Again, thank you!

michael
:thumbsup: :flowers:

#4 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:08:09 PM

Posted 02 November 2005 - 02:23 PM

Please download LQfix.exe and save it to your desktop.
  • Double-Click LQfix.exe and click Next > Next > Install.
  • Leave the default settings, if you change them, the fix will Fail!
  • Now make sure the "Launch LQfix" box is checked.
  • Click the Finish button, after clicking the Finish button the fix will start.
  • Follow the on-screen prompts.
  • Your system will now reboot afterwards.
  • Please be patient after the reboot, there is a script running in the background that needs to complete.
Now do a scan with HiJackThis and post a new log by using Add Reply

#5 joemama

joemama
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:01:09 PM

Posted 02 November 2005 - 04:48 PM

Here's my HJT Logfile:



Logfile of HijackThis v1.99.1
Scan saved at 3:43:00 PM, on 11/2/2005
Platform: Windows 2000 SP1 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Network Associates\VirusScan\Avsynmgr.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINNT\System32\mgabg.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\Program Files\Network Associates\VirusScan\VsStat.exe
C:\Program Files\Network Associates\VirusScan\Vshwin32.exe
C:\Program Files\Network Associates\VirusScan\Avconsol.exe
C:\Program Files\Network Associates\VirusScan\Webscanx.exe
C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
C:\WINNT\Explorer.exe
C:\WINNT\System32\PDesk.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Accessories\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.go2realsearch.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.go2realsearch.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.go2realsearch.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Tri-County Regional Planning
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Matrox Powerdesk] C:\WINNT\System32\PDesk.exe /Autolaunch
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\Accessories\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PS1] C:\WINNT\System32\ps1.exe
O4 - HKLM\..\Run: [KavSvc] C:\WINNT\System32\lkalnz.exe
O4 - HKLM\..\Run: [C:\WINNT\VCMnet11.exe] C:\WINNT\VCMnet11.exe
O4 - HKLM\..\Run: [RSync] C:\WINNT\System32\netsync.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [q35W33g] paxamon.exe
O4 - HKLM\..\Run: [APD123] C:\WINNT\System32\APD123.exe
O4 - HKLM\..\Run: [winsync] C:\WINNT\System32\dsxddp.exe reg_run
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O9 - Extra 'Tools' menuitem: Java - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...613/mcfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = TRICOUNTYRPC.ORG
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = TRICOUNTYRPC.ORG
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = TRICOUNTYRPC.ORG
O23 - Service: AVSync Manager (AvSynMgr) - Unknown owner - C:\Program Files\Network Associates\VirusScan\Avsynmgr.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McShield - Unknown owner - C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
O23 - Service: MGABGEXE - Matrox Graphics Inc. - C:\WINNT\System32\mgabg.exe
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINNT\jmxukyk.exe (file missing)

#6 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:08:09 PM

Posted 02 November 2005 - 05:19 PM

Hi

I need you to run the following programs and post the resulting logs when you are finished. In other words, I need 3 reports posted at once when all is finished.

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order in which they are mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.

1. Download FindQoologic-Narrator.zip save it to your Desktop.
http://forums.net-integration.net/index.ph...=post&id=134981

Extract (unzip) the files inside into their own folder called FindQoologic. preferably to your desktop
Open the FindQoologic folder.
Locate and double-click the Find-Qoologic.bat file to run it.
When a text opens, post it in a reply to your thread.

2. Download the RKFiles.zip from here:
http://skads.org/special/rkfiles.zip

Create a new folder called c:\Antispyware\RKFiles
Extract the contents of RKFiles.zip into this new RKFiles folder.

Then,

1. Reboot into Safe Mode

Restart and press the F8 key a few times after the BIOS loads -- the first thing you see when the pc "comes alive" and does its "self test" -- before windows loads).

2. Open the C:\Antispyware\RKFiles folder

* Locate and double-click the RKFILES.BAT to run this tool.
* Sit back and wait untill its finished.
* When it is finaly finished a text file will open.
* Save the contents of that text file.

Note: It should save by default to C:\Log.txt
* Find this log, right-click and rename it RKFiles_log.txt so you can post it later.

3. Reboot back to Normal Mode.

4. Post both logs as well as a new hijackthis log.

Regards,

David

#7 joemama

joemama
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:01:09 PM

Posted 02 November 2005 - 06:00 PM

David,

The first link you provided is not functioning right now. I'm at work now ......about to go home. I'll get back at it in the morning.....if the link for the FindQoologic_Narrator.zip is back up. Again, Thanks so much for your help!!

michael

#8 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:08:09 PM

Posted 03 November 2005 - 04:11 AM

If the link is still not up- say so and wqe can do another similar scan
David

#9 joemama

joemama
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:01:09 PM

Posted 03 November 2005 - 09:22 AM

David,


As of 8:15 this morning, link is still not working.

#10 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:08:09 PM

Posted 03 November 2005 - 11:37 AM

Please Download the following tools to assist us in removing this infection!
  • Download WinPFind
    • Right Click the Zip Folder and Select "Extract All"
    • Extract it somewhere you will remember like the Desktop
    • Dont do anything with it yet!
  • Download Track qoo
    • Save it somewhere you will remember like the Desktop
Reboot into Safe Mode
Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

Doubleclick WinPFind.exe
  • Click "Start Scan"
  • It will scan the entire System, so please be patient!
  • Once the Scan is Complete
  • Go to the WinPFind folder
  • Locate WinPFind.txt
  • Place those results in the next post!
Reboot back to Normal Mode!

Double Click on "Track qoo.vbs"

Note - If you Antivirus has Script Blocking, you will get a Pop Up Windows asking you what to do. Allow this Entire Script to Run, its harmless!

Wait a few seconds and a notepad page will pop up, Copy & Paste those results and place them in the next post along with the results of WinPFind!

David

#11 joemama

joemama
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:01:09 PM

Posted 03 November 2005 - 12:44 PM

David,

When I click on ANY of the links you provided in your previous posts
(http://forums.net-integration.net/index.ph...=post&id=134981,
http://skads.org/special/rkfiles.zip, WinPFind and Track qoo),
a new window comes up and the address comes up as http://www.adsourcecorp.com/404_not_found.htm,
and the page comes up as not found. Not sure if this is something that is caused by an internal problem on my computer or what.....but thats what I've got.

#12 joemama

joemama
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:01:09 PM

Posted 03 November 2005 - 12:48 PM

Scratch that....I was able to download the most recent links you gave me using another computer on our network........stay tuned.

#13 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:08:09 PM

Posted 03 November 2005 - 12:51 PM

Will do :thumbsup:

#14 joemama

joemama
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:01:09 PM

Posted 03 November 2005 - 02:33 PM

WinPFind Log:




WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

Windows OS and Versions
Product Name: Microsoft Windows 2000 Current Build: Service Pack 1 Current Build Number: 2195
Internet Explorer Version: 6.0.2800.1106

Checking Selected Standard Folders

Checking %SystemDrive% folder...

Checking %ProgramFilesDir% folder...
UPX! 1/25/2005 9:45:02 AM 197045 C:\Program Files\ExpressDataToolsInstall.exe
UPX! 2/16/2005 10:06:16 AM 218112 C:\Program Files\HijackThis.exe
KavSvc 11/2/2005 3:43:02 PM 4836 C:\Program Files\hijackthis.log
winsync 11/2/2005 3:43:02 PM 4836 C:\Program Files\hijackthis.log
UPX! 4/13/2005 4:25:12 PM 1129122 C:\Program Files\mkwact097b1.exe

Checking %WinDir% folder...

Checking %System% folder...
UPX! 5/19/2005 10:27:38 AM 14848 C:\WINNT\SYSTEM32\brebgyh.dll
ad-beh 5/19/2005 10:27:38 AM 14848 C:\WINNT\SYSTEM32\brebgyh.dll
KavSvc 5/19/2005 10:27:38 AM 14848 C:\WINNT\SYSTEM32\brebgyh.dll
69.59.186.63 11/3/2005 12:12:18 PM 46080 C:\WINNT\SYSTEM32\dsfdgsk.dll
209.66.67.134 11/3/2005 12:12:18 PM 46080 C:\WINNT\SYSTEM32\dsfdgsk.dll
web-nex 11/3/2005 12:12:18 PM 46080 C:\WINNT\SYSTEM32\dsfdgsk.dll
winsync 11/3/2005 12:12:18 PM 46080 C:\WINNT\SYSTEM32\dsfdgsk.dll
69.59.186.63 11/3/2005 12:07:10 PM 10240 C:\WINNT\SYSTEM32\karkb.dll
209.66.67.134 11/3/2005 12:07:10 PM 10240 C:\WINNT\SYSTEM32\karkb.dll
web-nex 11/3/2005 12:07:10 PM 10240 C:\WINNT\SYSTEM32\karkb.dll
winsync 11/3/2005 12:07:10 PM 10240 C:\WINNT\SYSTEM32\karkb.dll
UPX! 10/20/2005 6:53:16 PM 67584 C:\WINNT\SYSTEM32\nsxB8.dll
Umonitor 7/26/2000 11:00:00 AM 526608 C:\WINNT\SYSTEM32\rasdlg.dll
winsync 7/26/2000 11:00:00 AM 1309184 C:\WINNT\SYSTEM32\wbdbase.deu

Checking %System%\Drivers folder and sub-folders...

Items found in C:\WINNT\SYSTEM32\drivers\etc\hosts


Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
11/2/2005 3:55:36 PM H 54156 C:\WINNT\QTFont.qfn
11/3/2005 12:07:42 PM H 464902 C:\WINNT\ShellIconCache
11/3/2005 12:08:20 PM S 268 C:\WINNT\CSC\00000001
11/3/2005 12:08:20 PM S 704 C:\WINNT\CSC\00000002
10/24/2005 3:56:46 PM S 480 C:\WINNT\CSC\csc1.tmp
10/25/2005 5:17:00 PM S 320 C:\WINNT\CSC\d1\00000018
11/2/2005 5:24:50 PM S 192 C:\WINNT\CSC\d1\00000020
11/2/2005 5:24:50 PM S 1216 C:\WINNT\CSC\d2\00000011
11/2/2005 5:24:48 PM S 832 C:\WINNT\CSC\d2\00000021
11/2/2005 5:24:50 PM S 448 C:\WINNT\CSC\d3\00000012
11/2/2005 5:24:50 PM S 192 C:\WINNT\CSC\d4\00000013
11/3/2005 12:08:20 PM S 704 C:\WINNT\CSC\d4\0000001B
10/24/2005 3:56:46 PM S 960 C:\WINNT\CSC\d5\00000014
11/3/2005 11:48:54 AM S 320 C:\WINNT\CSC\d6\0000001D
11/2/2005 5:24:50 PM S 320 C:\WINNT\CSC\d8\00000017
10/26/2005 9:28:08 AM HS 113 C:\WINNT\History\History.IE5\desktop.ini
11/3/2005 12:08:28 PM H 1024 C:\WINNT\system32\config\default.LOG
11/3/2005 12:11:46 PM H 1024 C:\WINNT\system32\config\SAM.LOG
11/3/2005 12:09:36 PM H 1024 C:\WINNT\system32\config\SECURITY.LOG
11/3/2005 12:12:34 PM H 1024 C:\WINNT\system32\config\software.LOG
11/3/2005 12:08:24 PM H 6 C:\WINNT\Tasks\SA.DAT
10/26/2005 9:28:06 AM HS 67 C:\WINNT\Temporary Internet Files\Content.IE5\desktop.ini
10/26/2005 9:28:08 AM HS 67 C:\WINNT\Temporary Internet Files\Content.IE5\8HYRODIF\desktop.ini
10/26/2005 9:28:06 AM HS 67 C:\WINNT\Temporary Internet Files\Content.IE5\GPI7G5QV\desktop.ini
10/26/2005 9:28:08 AM HS 67 C:\WINNT\Temporary Internet Files\Content.IE5\S9MJ45UZ\desktop.ini
10/26/2005 9:28:06 AM HS 67 C:\WINNT\Temporary Internet Files\Content.IE5\WHM74HAN\desktop.ini

Checking for CPL files...
Microsoft Corporation 7/26/2000 11:00:00 AM 67344 C:\WINNT\SYSTEM32\access.cpl
Microsoft Corporation 7/26/2000 11:00:00 AM 296208 C:\WINNT\SYSTEM32\appwiz.cpl
4/30/2001 3:51:00 AM 98304 C:\WINNT\SYSTEM32\Avsmcpa.cpl
Microsoft Corporation 7/26/2000 11:00:00 AM 236816 C:\WINNT\SYSTEM32\desk.cpl
Microsoft Corporation 7/26/2000 11:00:00 AM 128272 C:\WINNT\SYSTEM32\hdwwiz.cpl
Microsoft Corporation 8/29/2002 7:14:40 AM 292352 C:\WINNT\SYSTEM32\inetcpl.cpl
Microsoft Corporation 7/26/2000 11:00:00 AM 118032 C:\WINNT\SYSTEM32\intl.cpl
Microsoft Corporation 7/26/2000 11:00:00 AM 36112 C:\WINNT\SYSTEM32\irprops.cpl
Microsoft Corporation 7/26/2000 11:00:00 AM 60688 C:\WINNT\SYSTEM32\joy.cpl
Microsoft Corporation 7/26/2000 11:00:00 AM 122128 C:\WINNT\SYSTEM32\main.cpl
Microsoft Corporation 7/26/2000 11:00:00 AM 303888 C:\WINNT\SYSTEM32\mmsys.cpl
Microsoft Corporation 7/26/2000 11:00:00 AM 17168 C:\WINNT\SYSTEM32\ncpa.cpl
Microsoft Corporation 7/26/2000 11:00:00 AM 41232 C:\WINNT\SYSTEM32\nwc.cpl
Microsoft Corporation 8/26/2002 11:11:40 AM 36864 C:\WINNT\SYSTEM32\odbccp32.cpl
Microsoft Corporation 7/26/2000 11:00:00 AM 90896 C:\WINNT\SYSTEM32\powercfg.cpl
Apple Computer, Inc. 9/23/2004 5:57:40 PM 323072 C:\WINNT\SYSTEM32\QuickTime.cpl
Microsoft Corporation 7/26/2000 11:00:00 AM 83216 C:\WINNT\SYSTEM32\sticpl.cpl
Microsoft Corporation 7/26/2000 11:00:00 AM 125200 C:\WINNT\SYSTEM32\sysdm.cpl
Microsoft Corporation 7/26/2000 11:00:00 AM 5904 C:\WINNT\SYSTEM32\telephon.cpl
Microsoft Corporation 7/26/2000 11:00:00 AM 61200 C:\WINNT\SYSTEM32\timedate.cpl
Microsoft Corporation 8/29/2002 7:14:40 AM 292352 C:\WINNT\SYSTEM32\dllcache\inetcpl.cpl
IBM Corporation 9/23/1999 5:44:36 PM 94208 C:\WINNT\SYSTEM32\dllcache\mwcpa32.cpl
Microsoft Corporation 7/26/2000 11:00:00 AM 41232 C:\WINNT\SYSTEM32\dllcache\nwc.cpl
Microsoft Corporation 8/26/2002 11:11:40 AM 36864 C:\WINNT\SYSTEM32\dllcache\odbccp32.cpl

Checking Selected Startup Folders

Checking files in %ALLUSERSPROFILE%\Startup folder...
4/15/2005 1:27:22 PM 717 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
11/3/2005 12:12:18 PM 91648 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ciuc.exe
1/24/2005 7:15:54 PM 1572 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
12/21/2004 12:54:22 PM 1397 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk

Checking files in %ALLUSERSPROFILE%\Application Data folder...

Checking files in %USERPROFILE%\Startup folder...

Checking files in %USERPROFILE%\Application Data folder...

Checking Selected Registry Keys

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
acc=ventura5 =
acc=none =
(none) =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\kxskqytt
{fdf80b84-aa30-4cf3-a01f-103a40d20a69} = C:\WINNT\System32\karkb.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\shell32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\shell32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\shell32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\shell32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\shell32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\shell32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{4A681BEC-7727-49BD-B695-79F8354CD2E5}
= C:\Program Files\Common Files\ESRI\esriShellExt.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= C:\WINNT\System32\docprop2.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{7f9609be-af9a-11d1-83e0-00c04fb6e984}
= %SystemRoot%\system32\faxshell.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{884EA37B-37C0-11d2-BE3F-00A0C9A83DA1}
= C:\WINNT\System32\docprop2.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{CC8D2568-3AC5-459F-851F-6F19A89CBCB1}
= C:\Program Files\Common Files\ESRI\esriShellExt.dll

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}
Google Toolbar Helper = c:\program files\google\googletoolbar2.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C370527A-24A7-4583-BE01-72E59000EB17}
= C:\WINNT\system32\n.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = %SystemRoot%\System32\shdocvw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} = &Google : c:\program files\google\googletoolbar2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{9E248641-0E24-4DDB-9A1F-705087832AD6}
MenuText = Java :

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\System32\browseui.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
Synchronization Manager mobsync.exe /logon
Matrox Powerdesk C:\WINNT\System32\PDesk.exe /Autolaunch
StorageGuard "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
WinampAgent C:\Program Files\Winamp\winampa.exe
iTunesHelper C:\Program Files\Accessories\iTunes\iTunesHelper.exe
QuickTime Task "C:\Program Files\QuickTime\qttask.exe" -atboottime
PS1 C:\WINNT\System32\ps1.exe
KavSvc C:\WINNT\System32\lkalnz.exe
C:\WINNT\VCMnet11.exe C:\WINNT\VCMnet11.exe
RSync C:\WINNT\System32\netsync.exe
TkBellExe "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
q35W33g paxamon.exe
APD123 C:\WINNT\System32\APD123.exe
winsync C:\WINNT\System32\dsxddp.exe reg_run

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon 1


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun 149


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
Network.ConnectionTray {7007ACCF-3202-11D1-AAD2-00805FC1270E} = C:\WINNT\system32\NETSHELL.dll
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll
SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = stobject.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINNT\system32\userinit.exe,
Shell = Explorer.exe
System =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs


Scan Complete
WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 11/3/2005 12:17:41 PM




Track qoo.vbs Log:

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="mobsync.exe /logon"
"Matrox Powerdesk"="C:\\WINNT\\System32\\PDesk.exe /Autolaunch"
"StorageGuard"="\"C:\\Program Files\\VERITAS Software\\Update Manager\\sgtray.exe\" /r"
"WinampAgent"="C:\\Program Files\\Winamp\\winampa.exe"
"iTunesHelper"="C:\\Program Files\\Accessories\\iTunes\\iTunesHelper.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"PS1"="C:\\WINNT\\System32\\ps1.exe"
"KavSvc"="C:\\WINNT\\System32\\lkalnz.exe"
"C:\\WINNT\\VCMnet11.exe"="C:\\WINNT\\VCMnet11.exe"
"RSync"="C:\\WINNT\\System32\\netsync.exe"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"q35W33g"="paxamon.exe"
"APD123"="C:\\WINNT\\System32\\APD123.exe"
"winsync"="C:\\WINNT\\System32\\dsxddp.exe reg_run"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

-----------------
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers


Subkey --- kxskqytt
{fdf80b84-aa30-4cf3-a01f-103a40d20a69}
C:\WINNT\System32\karkb.dll

Subkey --- Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03}
cscui.dll

Subkey --- Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936}
C:\WINNT\system32\shell32.dll

Subkey --- Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46}
C:\WINNT\system32\shell32.dll

Subkey --- WinZip
{E0D79304-84BE-11CE-9641-444553540000}
C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

=====================

HKEY_CLASSES_ROOT\Folder\shellex\ColumnHandlers


Subkey --- {0D2E74C4-3C34-11d2-A27E-00C04FC30871}
C:\WINNT\system32\shell32.dll

Subkey --- {24F14F01-7B1C-11d1-838f-0000F80461CF}
C:\WINNT\system32\shell32.dll

Subkey --- {24F14F02-7B1C-11d1-838f-0000F80461CF}
C:\WINNT\system32\shell32.dll

Subkey --- {4A681BEC-7727-49BD-B695-79F8354CD2E5}
C:\Program Files\Common Files\ESRI\esriShellExt.dll

Subkey --- {66742402-F9B9-11D1-A202-0000F81FEDEE}
C:\WINNT\System32\docprop2.dll

Subkey --- {7f9609be-af9a-11d1-83e0-00c04fb6e984}
C:\WINNT\system32\faxshell.dll

Subkey --- {884EA37B-37C0-11d2-BE3F-00A0C9A83DA1}
C:\WINNT\System32\docprop2.dll

Subkey --- {CC8D2568-3AC5-459F-851F-6F19A89CBCB1}
C:\Program Files\Common Files\ESRI\esriShellExt.dll

==============================
C:\Documents and Settings\All Users\Start Menu\Programs\Startup

Acrobat Assistant.lnk
ciuc.exe
Microsoft Office.lnk
WinZip Quick Pick.lnk
==============================
C:\Documents and Settings\mlee.TRICOUNTYRPC\Start Menu\Programs\Startup

Acrobat Assistant.lnk
ciuc.exe
Microsoft Office.lnk
WinZip Quick Pick.lnk
==============================
C:\WINNT\system32 cpl files


access.cpl Microsoft Corporation
appwiz.cpl Microsoft Corporation
Avsmcpa.cpl Network Associates, Inc.
desk.cpl Microsoft Corporation
hdwwiz.cpl Microsoft Corporation
inetcpl.cpl Microsoft Corporation
intl.cpl Microsoft Corporation
irprops.cpl Microsoft Corporation
joy.cpl Microsoft Corporation
main.cpl Microsoft Corporation
mmsys.cpl Microsoft Corporation
ncpa.cpl Microsoft Corporation
nwc.cpl Microsoft Corporation
odbccp32.cpl Microsoft Corporation
powercfg.cpl Microsoft Corporation
QuickTime.cpl Apple Computer, Inc.
sticpl.cpl Microsoft Corporation
sysdm.cpl Microsoft Corporation
telephon.cpl Microsoft Corporation
timedate.cpl Microsoft Corporation



Thanks!

#15 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:08:09 PM

Posted 03 November 2005 - 03:19 PM

Please do both of the following before we start if possible!:

1) Please print off these intructions - they will be needed later when internet access is not available.
2) Save these instructions in word/notepad to the desktop where they can be easily found for the same reasons as above.
At the moment you may feel like you battling with your computer to keep it running smoothly, but doing the following things should most certainly help getting it back to how it was

_____________________

Click Start > Run > and type in:

services.msc

Click OK.

In the services window find

Windows Overlay Components

Rightclick and choose "Properties". On the "General" tab under "Service Status" click the "Stop" button to stop the service. Beside "Startup Type" in the dropdown menu select "Disabled". Click Apply then OK. File-Exit the Services utility.

Note: You may get an error here when trying to access the properties of the service. If you do get an error, just select the service and look there in the top left of the main service window and click "Stop" to stop the service. If that gives an error or it is already stopped, just skip this step and proceed with the rest.

_______________________

Download KillBox here: http://www.downloads.subratam.org/KillBox.zip
Save it to your desktop.
DO NOT run it yet.
_____________________


With IE closed, run Hijack This again.
Put a checkmark on these entries and hit "fix checked":

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.go2realsearch.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.go2realsearch.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.go2realsearch.com/sp2.php
O4 - HKLM\..\Run: [PS1] C:\WINNT\System32\ps1.exe
O4 - HKLM\..\Run: [KavSvc] C:\WINNT\System32\lkalnz.exe
O4 - HKLM\..\Run: [C:\WINNT\VCMnet11.exe] C:\WINNT\VCMnet11.exe
O4 - HKLM\..\Run: [RSync] C:\WINNT\System32\netsync.exe
O4 - HKLM\..\Run: [q35W33g] paxamon.exe
O4 - HKLM\..\Run: [APD123] C:\WINNT\System32\APD123.exe
O4 - HKLM\..\Run: [winsync] C:\WINNT\System32\dsxddp.exe reg_run
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINNT\jmxukyk.exe (file missing)

_____________________


Boot into Safe Mode

Double-click on Killbox.exe to run it.
Now put a tick by Standard File Kill.
In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time then click on the button that has the red circle with the X in the middle after you enter each file.
It will ask for confimation to delete the file.
Click Yes.
Continue with that same procedure until you have copied and pasted all of these in the "Paste Full Path of File to Delete" box.

C:\WINNT\jmxukyk.exe
C:\WINNT\SYSTEM32\brebgyh.dll
C:\WINNT\SYSTEM32\dsfdgsk.dll
C:\WINNT\SYSTEM32\karkb.dll
C:\WINNT\SYSTEM32\nsxB8.dll
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ciuc.exe
C:\WINNT\System32\cscui.dll
C:\WINNT\system32\n.dll
C:\WINNT\System32\ps1.exe
C:\WINNT\System32\lkalnz.exe
C:\WINNT\VCMnet11.exe
C:\WINNT\System32\netsync.exe
C:\WINNT\System32\paxamon.exe
C:\WINNT\System32\APD123.exe
C:\WINNT\System32\dsxddp.exe

_____________________

Please Navigate to the C:\Windows\Temp folder.
Open the Temp folder and go to Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder. (if you cannot delete some items it's fine!)
_____________________

Then go to Start > Run and type %temp% in the Run box.
The Temp folder will open. Click Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.
_____________________

Finally go to Control Panel > Internet Options.
On the General tab under "Temporary Internet Files" Click "Delete Files".
Put a check by "Delete Offline Content" and click OK.
Click on the Programs tab then click the "Reset Web Settings" button.
Click Apply then OK.
_____________________


Empty the Recycle Bin.
_____________________


Reboot to normal mode and post a new HJT log
David

Edited by D-Trojanator, 03 November 2005 - 03:20 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users