Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Spy-sheriff And Other Browser Hijackers


  • Please log in to reply
10 replies to this topic

#1 prescience

prescience

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:12 PM

Posted 01 December 2005 - 06:55 PM

Hi, I am new to the Bleepingcomputer forums and my computer has some serious issues:

I recently got the spysheriff malware program on my computer..AGAIN :thumbsup: AND I have a ton of browser hijackers that keep redirecting my browser when I click various links..I am pretty fed up and frustrated..so please help me :flowers:

Logfile of HijackThis v1.99.1
Scan saved at 6:53:16 PM, on 12/1/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\windows\System32\nvsvc32.exe
C:\windows\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\wanmpsvc.exe
C:\windows\Explorer.EXE
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\windows\system32\pctspk.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\windows\system32\RunDll32.exe
C:\Program Files\Archive\archive.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Messenger\msmsgs.exe
C:\windows\alexa.exe
C:\Program Files\Common Files\AOL\1125756679\ee\AOLHostManager.exe
C:\winstall.exe
C:\Program Files\Common Files\AOL\1125756679\ee\AOLServiceHost.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Adobe\Acrobat 6.0\Reader\AcroRd32.exe
C:\WINDOWS\System32\wisptis.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Program Files\Common Files\AOL\1125756679\ee\AOLServiceHost.exe
C:\DOCUME~1\ROBBY~1.ROB\LOCALS~1\Temp\Rar$EX51.624\HijackThis.exe
C:\windows\system32\NOTEPAD.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
R3 - Default URLSearchHook is missing
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_12_0.dll
O2 - BHO: MySearch Search Assistant BHO - {04079851-5845-4dea-848C-3ECD647AA554} - C:\Program Files\MySearch\SrchAstt\1.bin\MYSRCHAS.DLL (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: C:\windows\system32\adsldpbe.dll - {7507739F-BC2E-4DC3-B233-816783C25DC9} - C:\windows\system32\adsldpbe.dll
O2 - BHO: C:\windows\adsldpbd.dll - {826B2228-BC09-49F2-B5F8-42CE26B1B711} - C:\windows\adsldpbd.dll (file missing)
O2 - BHO: C:\windows\q14473511_disk.dll - {B212D577-05B7-4963-911E-4A8588160DFA} - C:\windows\q14473511_disk.dll
O2 - BHO: C:\windows\system32\clbcatix.dll - {D4DFC1D8-2D2E-4962-B0D0-389FBA0F76B5} - C:\windows\system32\clbcatix.dll
O2 - BHO: (no name) - {DA223E41-3F7F-4B2B-8CC8-22C6A1197EEB} - C:\windows\mpatrol.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_12_0.dll
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\en-us\msntb.dll
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [snid] C:\WINDOWS\snid.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Archive] C:\Program Files\Archive\archive.exe
O4 - HKLM\..\Run: [eTrust PestPatrol Active Protection] none
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1125756679\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BLMessagingIntegration] C:\Program Files\Common Files\PSD Tools\blengine.exe
O4 - HKCU\..\Run: [alexa] c:\windows\alexa.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - HKCU\..\Run: [SpySheriff] C:\Program Files\SpySheriff\SpySheriff.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0a\aoltray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\windows\system32\clbcatix.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\windows\system32\clbcatix.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\windows\system32\clbcatix.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\windows\system32\clbcatix.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\windows\system32\clbcatix.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\windows\system32\clbcatix.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .asp: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O15 - Trusted Zone: *.coolwebsearch.com
O15 - Trusted Zone: *.searchmeup.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EP...ol_v1-0-3-9.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/172c772e55c835...ip/RdxIE601.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O16 - DPF: {FDDCE9FF-1FC6-413C-80B1-37B101FDA1D4} - http://download.buddylinks.net/ShellInstaller.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: clbcatex - C:\windows\system32\clbcatix.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: st3 - C:\windows\system32\st3.dll
O20 - Winlogon Notify: st3i - C:\windows\q88273911.dll
O20 - Winlogon Notify: style2 - C:\windows\q173025497.dll
O20 - Winlogon Notify: style32 - C:\windows\q14473511_disk.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: hpdj - Unknown owner - C:\DOCUME~1\ROBBY~1.ROB\LOCALS~1\Temp\hpdj.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\System32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

BC AdBot (Login to Remove)

 


#2 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:12:12 AM

Posted 04 December 2005 - 11:49 AM

Hi and :flowers:

My name is David Posted Image

:thumbsup: Click here to download smitRem.zip.
  • Save the file to your desktop.
  • Unzip smitRem.zip to extract the files it contains.
  • Do not do anything with it yet. You will run the RunThis.bat file later in safe mode.
:trumpet: Download Cleanup from Here
  • A window will open and choose SAVE, then DESKTOP as the destination.
  • On your Desktop, click on Cleanup40.exe icon.
  • Then, click RUN and place a checkmark beside "I Agree"
  • Then click NEXT followed by START and OK.
  • A window will appear with many choices, keep all the defaults as set when the Slide Bar to the left is set to Standard Quality.
  • Click OK
  • DO NOT RUN IT YET

:inlove: Download the trial version of Ewido Security Suite here.
  • Install ewido.
  • During the installation, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
  • Launch ewido
  • It will prompt you to update click the OK button and it will go to the main screen
  • On the left side of the main screen click update
  • Click on Start and let it update.
  • DO NOT run a scan yet. You will do that later in safe mode.
:woot: Click here for info on how to boot to safe mode if you don't already know how. Now copy these instructions to notepad and save them to your desktop. You will need them to refer to in safe mode. Restart your computer into safe mode now. Perform the following steps in safe mode:


:cool: Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.
Wait for the tool to complete and disk cleanup to finish.


:idea: Run Ewido:
  • Click on scanner
  • Click Complete System Scan and the scan will begin.
  • During the scan it will prompt you to clean files, click OK
  • When the scan is finished, look at the bottom of the screen and click the Save report button.
  • Save the report to your desktop
:) Start Ccleaner and click Run Cleaner


:bike: Go to Control Panel > Internet Options. Click on the Programs tab then click the "Reset Web Settings" button. Click Apply then OK.

Next go to Control Panel > Display. Click on the "Desktop" tab then click the "Customize Desktop" button. Click on the "Web" tab. Under "Web Pages" you should see an entry checked called something like "Security info" or similar. If it is there, select that entry and click the "Delete" button. Click OK then Apply and OK.

Restart back into Windows normally now.


:spam: Run ActiveScan online virus scan here

When the scan is finished, anything that it cannot clean have it delete it. Make a note of the file location of anything that cannot be deleted so you can delete it yourself.
- Save the results from the scan!

Post a new HiJackThis log along with the results from ActiveScan and the ewido scan

David

#3 prescience

prescience
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:12 PM

Posted 05 December 2005 - 01:30 AM

Hi I did everything you told me to do .. so hopefully alot of it has been cleared up .. but here is my log:

Logfile of HijackThis v1.99.1
Scan saved at 1:25:16 AM, on 12/5/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\csrss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\TPSrv.exe
C:\windows\system32\svchost.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\pavsrv51.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\AVENGINE.EXE
C:\windows\System32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\System32\svchost.exe
c:\program files\panda software\panda titanium 2006 antivirus + antispyware\firewall\PNMSRV.EXE
C:\windows\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\windows\System32\nvsvc32.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PavFnSvr.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\psimsvc.exe
C:\windows\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\wanmpsvc.exe
C:\windows\System32\alg.exe
C:\windows\Explorer.EXE
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\apvxdwin.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\WebProxy.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\windows\system32\pctspk.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\windows\system32\RunDll32.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Common Files\AOL\1125756679\ee\AOLHostManager.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Common Files\AOL\1125756679\ee\AOLServiceHost.exe
C:\Program Files\Common Files\AOL\1125756679\ee\AOLServiceHost.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\windows\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\ROBBY~1.ROB\LOCALS~1\Temp\Rar$EX00.056\HijackThis.exe

R3 - Default URLSearchHook is missing
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_12_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: C:\windows\system32\adsldpbe.dll - {7507739F-BC2E-4DC3-B233-816783C25DC9} - C:\windows\system32\adsldpbe.dll
O2 - BHO: (no name) - {DA223E41-3F7F-4B2B-8CC8-22C6A1197EEB} - C:\windows\mpatrol.dll (file missing)
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_12_0.dll
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\en-us\msntb.dll
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [snid] C:\WINDOWS\snid.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Archive] C:\Program Files\Archive\archive.exe
O4 - HKLM\..\Run: [eTrust PestPatrol Active Protection] none
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1125756679\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\APVXDWIN.EXE" /s
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [alexa] c:\windows\alexa.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0a\aoltray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\windows\system32\clbcatix.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\windows\system32\clbcatix.dll (file missing)
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\windows\system32\clbcatix.dll (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\windows\system32\clbcatix.dll (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\windows\system32\clbcatix.dll (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\windows\system32\clbcatix.dll (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .asp: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O16 - DPF: {FDDCE9FF-1FC6-413C-80B1-37B101FDA1D4} - http://download.buddylinks.net/ShellInstaller.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: avldr - C:\windows\SYSTEM32\avldr.dll
O20 - Winlogon Notify: clbcatex - C:\windows\system32\clbcatix.dll (file missing)
O20 - Winlogon Notify: st3i - C:\windows\q88273911.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: hpdj - Unknown owner - C:\DOCUME~1\ROBBY~1.ROB\LOCALS~1\Temp\hpdj.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\System32\nvsvc32.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\pavsrv51.exe
O23 - Service: Panda Network Manager (PNMSRV) - Panda Software - c:\program files\panda software\panda titanium 2006 antivirus + antispyware\firewall\PNMSRV.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software Internacional - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\psimsvc.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Software - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\TPSrv.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 11:00:53 PM, 12/4/2005
+ Report-Checksum: 20056E57

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{04079851-5845-4dea-848C-3ECD647AA554} -> Spyware.MySearchBar : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -> Spyware.MiniBug : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{1740E1C8-2504-4472-A458-4B6C31A26F5E} -> Spyware.EzSearchBar : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{04079851-5845-4dea-848C-3ECD647AA554} -> Spyware.MySearchBar : Cleaned with backup
HKU\S-1-5-21-789336058-1993962763-854245398-1004\Software\Alexa Internet -> Spyware.Alexa : Cleaned with backup
HKU\S-1-5-21-789336058-1993962763-854245398-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{014DA6C1-189F-421A-88CD-07CFE51CFF10} -> Spyware.eXact : Cleaned with backup
HKU\S-1-5-21-789336058-1993962763-854245398-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{014DA6C9-189F-421A-88CD-07CFE51CFF10} -> Spyware.MySearch : Cleaned with backup
HKU\S-1-5-21-789336058-1993962763-854245398-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{04079851-5845-4DEA-848C-3ECD647AA554} -> Spyware.MySearchBar : Cleaned with backup
HKU\S-1-5-21-789336058-1993962763-854245398-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{13197ACE-6851-45C3-A7FF-C281324D5489} -> Spyware.2nsSearch : Cleaned with backup
HKU\S-1-5-21-789336058-1993962763-854245398-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} -> Spyware.WinFavorites : Cleaned with backup
HKU\S-1-5-21-789336058-1993962763-854245398-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1678F7E1-C422-11D0-AD7D-00400515CAAA} -> Spyware.CometCursor : Cleaned with backup
HKU\S-1-5-21-789336058-1993962763-854245398-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1C78AB3F-A857-482E-80C0-3A1E5238A565} -> Spyware.iSearch : Cleaned with backup
HKU\S-1-5-21-789336058-1993962763-854245398-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{36A59337-6EEF-40AE-94B1-ED443A0C4740} -> Spyware.BetterInternet : Cleaned with backup
HKU\S-1-5-21-789336058-1993962763-854245398-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E} -> Spyware.NewDotNet : Cleaned with backup
HKU\S-1-5-21-789336058-1993962763-854245398-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7C559105-9ECF-42B8-B3F7-832E75EDD959} -> Spyware.ISTBar : Cleaned with backup
HKU\S-1-5-21-789336058-1993962763-854245398-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{87067F04-DE4C-4688-BC3C-4FCF39D609E7} -> Spyware.WebSearch : Cleaned with backup
HKU\S-1-5-21-789336058-1993962763-854245398-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99802379-7362-40E2-9D28-8A3B9AF880B7} -> Spyware.iLookup : Cleaned with backup
HKU\S-1-5-21-789336058-1993962763-854245398-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B6598677-4B54-42A9-BA67-8B64E3FCD92D} -> Spyware.ezSearching : Cleaned with backup
HKU\S-1-5-21-789336058-1993962763-854245398-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DDFFA75A-E81D-4454-89FC-B9FD0631E726} -> Spyware.VX2 : Cleaned with backup
HKU\S-1-5-21-789336058-1993962763-854245398-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FCADDC14-BD46-408A-9842-CDBE1C6D37EB} -> Spyware.ClientMan : Cleaned with backup
C:\Documents and Settings\Robby\Local Settings\Temp\msg12.tmp10693532737520.exe/QaBar.dll -> Spyware.Hijacker.Generic : Cleaned with backup
C:\Documents and Settings\Robby\Local Settings\Temp\msg12.tmp10693532737520.exe/SetupAdultLinks.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\Documents and Settings\Robby\Local Settings\Temp\msgA.tmp10691608766609.exe/QaBar.dll -> Spyware.Hijacker.Generic : Cleaned with backup
C:\Documents and Settings\Robby\Local Settings\Temp\msgA.tmp10691608766609.exe/SetupAdultLinks.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\Documents and Settings\Robby\Local Settings\Temporary Internet Files\Content.IE5\0TMJCXYB\message[1].html -> Spyware.BookedSpace : Cleaned with backup
C:\Documents and Settings\Robby\Local Settings\Temporary Internet Files\Content.IE5\6U98KXOO\93534763qMvfqK[1].html -> Spyware.BookedSpace : Cleaned with backup
C:\Documents and Settings\Robby\Local Settings\Temporary Internet Files\Content.IE5\6U98KXOO\updates[1].php/QaBar.dll -> Spyware.Hijacker.Generic : Cleaned with backup
C:\Documents and Settings\Robby\Local Settings\Temporary Internet Files\Content.IE5\6U98KXOO\updates[1].php/SetupAdultLinks.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\Documents and Settings\Robby\Local Settings\Temporary Internet Files\Content.IE5\C1EZ4TYN\89807613LCpRzH[1].html -> Spyware.BookedSpace : Cleaned with backup
C:\Documents and Settings\Robby\Local Settings\Temporary Internet Files\Content.IE5\C1EZ4TYN\90800793dvFZnc[2] -> Spyware.BookedSpace : Cleaned with backup
C:\Documents and Settings\Robby\Local Settings\Temporary Internet Files\Content.IE5\C9ULY1Y3\89807156pwrTiE[1].html -> Spyware.BookedSpace : Cleaned with backup
C:\Documents and Settings\Robby\Local Settings\Temporary Internet Files\Content.IE5\C9ULY1Y3\89807507XKRcEX[1].html -> Spyware.BookedSpace : Cleaned with backup
C:\Documents and Settings\Robby\Local Settings\Temporary Internet Files\Content.IE5\C9ULY1Y3\89808079DiNNYq[2] -> Spyware.BookedSpace : Cleaned with backup
C:\Documents and Settings\Robby\Local Settings\Temporary Internet Files\Content.IE5\FZ8KQIZH\90800691JVKOBE[1] -> Spyware.BookedSpace : Cleaned with backup
C:\Documents and Settings\Robby\Local Settings\Temporary Internet Files\Content.IE5\FZ8KQIZH\90800849TKJCjr[2] -> Spyware.BookedSpace : Cleaned with backup
C:\Documents and Settings\Robby\Local Settings\Temporary Internet Files\Content.IE5\GLOVA3KF\89807613LCpRzH[1].html -> Spyware.BookedSpace : Cleaned with backup
C:\Documents and Settings\Robby\Local Settings\Temporary Internet Files\Content.IE5\GLOVA3KF\89807613LCpRzH[2].html -> Spyware.BookedSpace : Cleaned with backup
C:\Documents and Settings\Robby\Local Settings\Temporary Internet Files\Content.IE5\GLOVA3KF\updates[4].php/QaBar.dll -> Spyware.Hijacker.Generic : Cleaned with backup
C:\Documents and Settings\Robby\Local Settings\Temporary Internet Files\Content.IE5\GLOVA3KF\updates[4].php/SetupAdultLinks.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\Documents and Settings\Robby\Local Settings\Temporary Internet Files\Content.IE5\KEIVKJC4\90800691JVKOBE[1] -> Spyware.BookedSpace : Cleaned with backup
C:\Documents and Settings\Robby\Local Settings\Temporary Internet Files\Content.IE5\KEIVKJC4\90800691JVKOBE[1].html -> Spyware.BookedSpace : Cleaned with backup
C:\Documents and Settings\Robby\Local Settings\Temporary Internet Files\Content.IE5\MFUBC7YD\89807613LCpRzH[1].html -> Spyware.BookedSpace : Cleaned with backup
C:\Documents and Settings\Robby\Local Settings\Temporary Internet Files\Content.IE5\MFUBC7YD\89808065Nkvehc[1].html -> Spyware.BookedSpace : Cleaned with backup
C:\Documents and Settings\Robby\Local Settings\Temporary Internet Files\Content.IE5\MFUBC7YD\inclAds[1].aspx -> Spyware.BookedSpace : Cleaned with backup
C:\Documents and Settings\Robby\Local Settings\Temporary Internet Files\Content.IE5\UHS3QXYF\post_temp[2].html -> Spyware.BookedSpace : Cleaned with backup
C:\Documents and Settings\Robby.ROBBY\Cookies\robby@-1shz2prbmdj6wvny-1sez2pra2dj6wjliehdzgdpa-1dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Robby.ROBBY\Cookies\robby@-1shz2prbmdj6wvny-1sez2pra2dj6wjmickczmfqa-1dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Robby.ROBBY\Cookies\robby@112.2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Robby.ROBBY\Cookies\robby@2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Robby.ROBBY\Cookies\robby@ad.adition[1].txt -> Spyware.Cookie.Adition : Cleaned with backup
C:\Documents and Settings\Robby.ROBBY\Cookies\robby@ad.adocean[2].txt -> Spyware.Cookie.Adocean : Cleaned with backup
C:\Documents and Settings\Robby.ROBBY\Cookies\robby@ad.yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Robby.ROBBY\Cookies\robby@adopt.specificclick[1].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Robby.ROBBY\Cookies\robby@ads.pointroll[1].txt -> Spyware.Cookie.Pointroll : Cleaned with backup
C:\Documents and Settings\Robby.ROBBY\Cookies\robby@advertising[1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Robby.ROBBY\Cookies\robby@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Robby.ROBBY\Cookies\robby@burstnet[2].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Robby.ROBBY\Cookies\robby@casalemedia[1].txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\Robby.ROBBY\Cookies\robby@cbs.112.2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Robby.ROBBY\Cookies\robby@centrport[1].txt -> Spyware.Cookie.Centrport : Cleaned with backup
C:\Documents and Settings\Robby.ROBBY\Cookies\robby@cnn.122.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Robby.ROBBY\Cookies\robby@com[1].txt -> Spyware.Cookie.Com : Cleaned with backup
C:\Documents and Settings\Robby.ROBBY\Cookies\robby@counter14.sextracker[1].txt -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\Documents and Settings\Robby.ROBBY\Cookies\robby@data4.perf.overture[2].txt -> Spyware.Cookie.Overture : Cleaned with backup
C:\Documents and Settings\Robby.ROBBY\Cookies\robby@doubleclick[2].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Robby.ROBBY\Cookies\robby@e-2dj6wjk4emazeaq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Robby.ROBBY\Cookies\robby@e-2dj6wjmyondzako.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Robby.ROBBY\Cookies\robby@edge.ru4[2].txt -> Spyware.Cookie.Ru4 : Cleaned with backup
C:\Documents and Settings\Robby.ROBBY\Cookies\robby@ehg-dig.hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Robby.ROBBY\Cookies\robby@ehg-foxsports.hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Robby.ROBBY\Cookies\robby@entrepreneur.122.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Robby.ROBBY\Cookies\robby@findwhat[1].txt -> Spyware.Cookie.Findwhat : Cleaned with backup
C:\Documents and Settings\Robby.ROBBY\Cookies\robby@gde.adocean[2].txt -> Spyware.Cookie.Adocean : Cleaned with backup
C:\Documents and Settings\Robby.ROBBY\Cookies\robby@hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Robby.ROBBY\Cookies\robby@ilead.itrack[1].txt -> Spyware.Cookie.Itrack : Cleaned with backup
C:\Documents and Settings\Robby.ROBBY\Cookies\robby@image.masterstats[1].txt -> Spyware.Cookie.Masterstats : Cleaned with backup
C:\Documents and Settings\Robby.ROBBY\Cookies\robby@mediaplex[1].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\Robby.ROBBY\Cookies\robby@msnportal.112.2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Robby.ROBBY\Cookies\robby@mysearch[1].txt -> Spyware.Cookie.Mysearch : Cleaned with backup
C:\Documents and Settings\Robby.ROBBY\Cookies\robby@paypopup[2].txt -> Spyware.Cookie.Paypopup : Cleaned with backup
C:\Documents and Settings\Robby.ROBBY\Cookies\robby@perf.overture[1].txt -> Spyware.Cookie.Overture : Cleaned with backup
C:\Documents and Settings\Robby.ROBBY\Cookies\robby@questionmarket[2].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Robby.ROBBY\Cookies\robby@rotator.adjuggler[1].txt -> Spyware.Cookie.Adjuggler : Cleaned with backup
C:\Documents and Settings\Robby.ROBBY\Cookies\robby@sales.liveperson[2].txt -> Spyware.Cookie.Liveperson : Cleaned with backup
C:\Documents and Settings\Robby.ROBBY\Cookies\robby@serving-sys[2].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\Robby.ROBBY\Cookies\robby@sextracker[1].txt -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\Documents and Settings\Robby.ROBBY\Cookies\robby@statse.webtrendslive[1].txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
C:\Documents and Settings\Robby.ROBBY\Cookies\robby@tribalfusion[1].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\Robby.ROBBY\Cookies\robby@tribuneinteractive.122.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Robby.ROBBY\Cookies\robby@twci.coremetrics[1].txt -> Spyware.Cookie.Coremetrics : Cleaned with backup
C:\Documents and Settings\Robby.ROBBY\Cookies\robby@www.burstbeacon[1].txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
C:\Documents and Settings\Robby.ROBBY\Cookies\robby@www.burstnet[2].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Robby.ROBBY\Cookies\robby@www.popuptraffic[2].txt -> Spyware.Cookie.Popuptraffic : Cleaned with backup
C:\Documents and Settings\Robby.ROBBY\Cookies\robby@www2.enigmasoftwaregroup[2].txt -> Spyware.Cookie.Enigmasoftwaregroup : Cleaned with backup
C:\Documents and Settings\Robby.ROBBY\Cookies\robby@xxxcounter[2].txt -> Spyware.Cookie.Xxxcounter : Cleaned with backup
C:\Documents and Settings\Robby.ROBBY\Cookies\robby@y-1shz2prbmdj6wvny-1sez2pra2dj6wfk4gldzgbqqydj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Robby.ROBBY\Cookies\robby@y-1shz2prbmdj6wvny-1sez2pra2dj6wfk4qjdjshogwdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Robby.ROBBY\Cookies\robby@y-1shz2prbmdj6wvny-1sez2pra2dj6wfkiohczelqqidj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Robby.ROBBY\Cookies\robby@y-1shz2prbmdj6wvny-1sez2pra2dj6wjk4khazoeoa2dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Robby.ROBBY\Cookies\robby@y-1shz2prbmdj6wvny-1sez2pra2dj6wjk4onc5mbpa2dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Robby.ROBBY\Cookies\robby@y-1shz2prbmdj6wvny-1sez2pra2dj6wjk4uidpglpaydj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Robby.ROBBY\Cookies\robby@y-1shz2prbmdj6wvny-1sez2pra2dj6wjk4whcpadowidj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Robby.ROBBY\Cookies\robby@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkoanajiaqamdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Robby.ROBBY\Cookies\robby@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkyejczkkowidj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Robby.ROBBY\Cookies\robby@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkygkajegqq2dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Robby.ROBBY\Cookies\robby@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkykkcpgloaydj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Robby.ROBBY\Cookies\robby@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkyuhczaeoasdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Robby.ROBBY\Cookies\robby@y-1shz2prbmdj6wvny-1sez2pra2dj6wjl4kld5gepwsdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Robby.ROBBY\Cookies\robby@y-1shz2prbmdj6wvny-1sez2pra2dj6wjl4wgc5glpgmdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Robby.ROBBY\Cookies\robby@y-1shz2prbmdj6wvny-1sez2pra2dj6wjlicgdpgcqq6dj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Robby.ROBBY\Cookies\robby@y-1shz2prbmdj6wvny-1sez2pra2dj6wjliqkdjahpgudj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Robby.ROBBY\Cookies\robby@y-1shz2prbmdj6wvny-1sez2pra2dj6wjlisicjoeowwdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Robby.ROBBY\Cookies\robby@y-1shz2prbmdj6wvny-1sez2pra2dj6wjlocnc5ikoqudj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Robby.ROBBY\Cookies\robby@y-1shz2prbmdj6wvny-1sez2pra2dj6wjlokiazgeow2dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Robby.ROBBY\Cookies\robby@y-1shz2prbmdj6wvny-1sez2pra2dj6wjlyejajkkoq2dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Robby.ROBBY\Cookies\robby@y-1shz2prbmdj6wvny-1sez2pra2dj6wjmishcpikoqqdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Robby.ROBBY\Cookies\robby@y-1shz2prbmdj6wvny-1sez2pra2dj6wjmyuid5edow6dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Robby.ROBBY\Cookies\robby@y-1shz2prbmdj6wvny-1sez2pra2dj6wjnyegazmapg6dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Robby.ROBBY\Cookies\robby@y-1shz2prbmdj6wvny-1sez2pra2dj6wjnyepczkgpwsdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Robby.ROBBY\Cookies\robby@y-1shz2prbmdj6wvny-1sez2pra2dj6wjnyogajsbpg6dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Robby.ROBBY\Cookies\robby@y-1shz2prbmdj6wvny-1sez2pra2dj6wjnyogczoaqqmdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Robby.ROBBY\Cookies\robby@y-1shz2prbmdj6wvny-1sez2pra2dj6wjnyoic5kkow2dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Robby.ROBBY\Cookies\robby@y-1shz2prbmdj6wvny-1sez2pra2dj6wjnyopajcboamdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Robby.ROBBY\Cookies\robby@y-1shz2prbmdj6wvny-1sez2pra2dj6wjnyslc5igqaudj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Robby.ROBBY\Cookies\robby@y-1shz2prbmdj6wvny-1sez2pra2dj6wjnyuld5skoqudj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Robby.ROBBY\Cookies\robby@yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Install.exe/x.bat -> Trojan.LowZones.f : Cleaned with backup
C:\Install.exe/kans.reg -> Trojan.WinREG.LowZones.f : Cleaned with backup
C:\Program Files\Access_Control\instant access.exe -> Trojan.P2E.br : Cleaned with backup
C:\Program Files\Archive\__delete_on_reboot__archive.exe -> Downloader.Small.adv : Cleaned with backup
C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll -> Spyware.Wheaterbug : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\MediaPassX.dll -> Spyware.WinAD : Cleaned with backup
C:\WINDOWS\ExeDialer.exe -> Trojan.P2E.br : Cleaned with backup
C:\WINDOWS\kans.reg -> Trojan.WinREG.LowZones.f : Cleaned with backup
C:\WINDOWS\NDNuninstall6_38.exe -> Spyware.NewDotNet : Cleaned with backup
C:\WINDOWS\netdde.dll -> Downloader.Delf.yc : Cleaned with backup
C:\WINDOWS\q100932423_disk.dll -> Downloader.Delf.h : Cleaned with backup
C:\WINDOWS\q100963708.dll -> Downloader.Delf.zu : Cleaned with backup
C:\WINDOWS\q101001121_disk.dll -> Downloader.Delf.wp : Cleaned with backup
C:\WINDOWS\q101003495_disk.dll -> Downloader.Delf.h : Cleaned with backup
C:\WINDOWS\q101033628_disk.dll -> Downloader.Delf.h : Cleaned with backup
C:\WINDOWS\q101067657_disk.dll -> Downloader.Delf.wp : Cleaned with backup
C:\WINDOWS\q101072043_disk.dll -> Downloader.Delf.h : Cleaned with backup
C:\WINDOWS\q101074437.dll -> Downloader.Delf.pa : Cleaned with backup
C:\WINDOWS\q101077902_disk.dll -> Downloader.Delf.h : Cleaned with backup
C:\WINDOWS\q101103429_disk.dll -> Downloader.Delf.h : Cleaned with backup
C:\WINDOWS\q10192345.dll -> Downloader.Delf.pa : Cleaned with backup
C:\WINDOWS\q103112968.dll -> Downloader.Delf.zu : Cleaned with backup
C:\WINDOWS\q104533991_disk.dll -> Downloader.Delf.h : Cleaned with backup
C:\WINDOWS\q104564726.dll -> Downloader.Delf.zu : Cleaned with backup
C:\WINDOWS\q104602230_disk.dll -> Downloader.Delf.wp : Cleaned with backup
C:\WINDOWS\q104608819_disk.dll -> Downloader.Delf.h : Cleaned with backup
C:\WINDOWS\q104641756_disk.dll -> Downloader.Delf.h : Cleaned with backup
C:\WINDOWS\q104668855_disk.dll -> Downloader.Delf.wp : Cleaned with backup
C:\WINDOWS\q104673192_disk.dll -> Downloader.Delf.h : Cleaned with backup
C:\WINDOWS\q104675805.dll -> Downloader.Delf.pa : Cleaned with backup
C:\WINDOWS\q104698899_disk.dll -> Downloader.Delf.h : Cleaned with backup
C:\WINDOWS\q104708823_disk.dll -> Downloader.Delf.h : Cleaned with backup
C:\WINDOWS\q104715072_disk.dll -> Downloader.Delf.h : Cleaned with backup
C:\WINDOWS\q106013369_disk.dll -> Downloader.Delf.h : Cleaned with backup
C:\WINDOWS\q10651916.dll -> Downloader.Delf.zu : Cleaned with backup
C:\WINDOWS\q108135350_disk.dll -> Downloader.Delf.h : Cleaned with backup
C:\WINDOWS\q108165794.dll -> Downloader.Delf.zu : Cleaned with backup
C:\WINDOWS\q108207283_disk.dll -> Downloader.Delf.wp : Cleaned with backup
C:\WINDOWS\q108210428_disk.dll -> Downloader.Delf.h : Cleaned with backup
C:\WINDOWS\q108277474.dll -> Downloader.Delf.pa : Cleaned with backup
C:\WINDOWS\q108314367_disk.dll -> Downloader.Delf.h : Cleaned with backup
C:\WINDOWS\q108337410_disk.dll -> Downloader.Delf.h : Cleaned with backup
C:\WINDOWS\q10867296.dll -> Downloader.Delf.pa : Cleaned with backup
C:\WINDOWS\q10870961.dll -> Downloader.Delf.pa : Cleaned with backup
C:\WINDOWS\q10871492_disk.dll -> Downloader.Delf.h : Cleaned with backup
C:\WINDOWS\q10873144.dll -> Downloader.Delf.pa : Cleaned with backup
C:\WINDOWS\q10873174_disk.dll -> Downloader.Delf.h : Cleaned with backup
C:\WINDOWS\q10874176.dll -> Downloader.Delf.zu : Cleaned with backup
C:\WINDOWS\q10877010.dll -> Downloader.Delf.zu : Cleaned with backup
C:\WINDOWS\q10877811_disk.dll -> Downloader.Delf.h : Cleaned with backup
C:\WINDOWS\q10880495_disk.dll -> Downloader.Delf.h : Cleaned with backup
C:\WINDOWS\q10881346_disk.dll -> Downloader.Delf.wp : Cleaned with backup
C:\WINDOWS\q10882398.dll -> Downloader.Delf.zu : Cleaned with backup
C:\WINDOWS\q10883699.dll -> Downloader.Delf.zu : Cleaned with backup
C:\WINDOWS\q10888576_disk.dll -> Downloader.Delf.h : Cleaned with backup
C:\WINDOWS\q10894375.dll -> Downloader.Delf.zu : Cleaned with backup
C:\WINDOWS\q10895256_disk.dll -> Downloader.Delf.h : Cleaned with backup
C:\WINDOWS\q10906893_disk.dll -> Downloader.Delf.wp : Cleaned with backup
C:\WINDOWS\q10909376_disk.dll -> Downloader.Delf.h : Cleaned with backup
C:\WINDOWS\q10926271_disk.dll -> Downloader.Delf.h : Cleaned with backup
C:\WINDOWS\q10930447_disk.dll -> Downloader.Delf.h : Cleaned with backup
C:\WINDOWS\q10942604.dll -> Downloader.Delf.pa : Cleaned with backup
C:\WINDOWS\q109614437_disk.dll -> Downloader.Delf.h : Cleaned with backup
C:\WINDOWS\q110317838.dll -> Downloader.Delf.zu : Cleaned with backup
C:\WINDOWS\q111736799_disk.dll -> Downloader.Delf.h : Cleaned with backup
C:\WINDOWS\q111766762.dll -> Downloader.Delf.zu : Cleaned with backup
C:\WINDOWS\q111808411_disk.dll -> Downloader.Delf.wp : Cleaned with backup
C:\WINDOWS\q111846927_disk.dll -> Downloader.Delf.h : Cleaned with backup
C:\WINDOWS\q111878102_disk.dll -> Downloader.Delf.wp : Cleaned with backup
C:\WINDOWS\q111904410_disk.dll -> Downloader.Delf.h : Cleaned with backup
C:\WINDOWS\q111957796_disk.dll -> Downloader.Delf.h : Cleaned with backup
C:\WINDOWS\q113924935.dll -> Downloader.Delf.zu : Cleaned with backup
C:\WINDOWS\q11421262.dll -> Downloader.Delf.zu : Cleaned with backup
C:\WINDOWS\q115381269.dll -> Downloader.Delf.zu : Cleaned with backup
C:\WINDOWS\q115479590.dll -> Downloader.Delf.pa : Cleaned with backup
C:\WINDOWS\q115489535_disk.dll -> Downloader.Delf.h : Cleaned with backup
C:\WINDOWS\q115496354_disk.dll -> Downloader.Delf.wp : Cleaned with backup
C:\WINDOWS\q115516894_disk.dll -> Downloader.Delf.h : Cleaned with backup
C:\WINDOWS\q115584722_disk.dll -> Downloader.Delf.h : Cleaned with backup
C:\WINDOWS\q116816533_disk.dll -> Downloader.Delf.h : Cleaned with backup
C:\WINDOWS\q117527085.dll -> Downloader.Delf.zu : Cleaned with backup
C:\WINDOWS\q118939155_disk.dll -> Downloader.Delf.h : Cleaned with backup
C:\WINDOWS\q119010608_disk.dll -> Downloader.Delf.wp : Cleaned with backup
C:\WINDOWS\q119080909_disk.dll -> Downloader.Delf.h : Cleaned with backup
C:\WINDOWS\q119081670.dll -> Downloader.Delf.pa : Cleaned with backup
C:\WINDOWS\q119124922_disk.dll -> Downloader.Delf.h : Cleaned with backup
C:\WINDOWS\q119192459_disk.dll -> Downloader.Delf.h : Cleaned with backup
C:\WINDOWS\q122558369_disk.dll -> Downloader.Delf.h : Cleaned with backup
C:\WINDOWS\q122587611.dll -> Downloader.Delf.zu : Cleaned with backup
C:\WINDOWS\q122615882_disk.dll -> Downloader.Delf.wp : Cleaned with backup
C:\WINDOWS\q122654718_disk.dll -> Downloader.Delf.h : Cleaned with backup
C:\WINDOWS\q122681356_disk.dll -> Downloader.Delf.h : Cleaned with backup
C:\WINDOWS\q122716396_disk.dll -> Downloader.Delf.wp : Cleaned with backup
C:\WINDOWS\q122724488_disk.dll -> Downloader.Delf.h : Cleaned with backup
C:\WINDOWS\q122811012_disk.dll -> Downloader.Delf.h : Cleaned with backup
C:\WINDOWS\q124018589_disk.dll -> Downloader.Delf.h : Cleaned with backup
C:\WINDOWS\q124731764.dll -> Downloader.Delf.zu : Cleaned with backup
C:\WINDOWS\q126164745_disk.dll -> Downloader.Delf.h : Cleaned with backup
C:\WINDOWS\q126194948.dll -> Downloader.Delf.zu : Cleaned with backup
C:\WINDOWS\q126221116_disk.dll -> Downloader.Delf.wp : Cleaned with backup
C:\WINDOWS\q126284477.dll -> Downloader.Delf.pa : Cleaned with backup
C:\WINDOWS\q126325836_disk.dll -> Downloader.Delf.h : Cleaned with backup
C:\WINDOWS\q126333397_disk.dll -> Downloader.Delf.wp : Cleaned with backup
C:\WINDOWS\q129760255_disk.dll -> Downloader.Delf.h : Cleaned with backup
C:\WINDOWS\q129797829.dll -> Downloader.Delf.zu : Cleaned with backup
C:\WINDOWS\q129826420_disk.dll -> Downloader.Delf.wp : Cleaned with backup
C:\WINDOWS\q129883432_disk.dll -> Downloader.Delf.h : Cleaned with backup
C:\WINDOWS\q129927205_disk.dll -> Downloader.Delf.h : Cleaned with backup
C:\WINDOWS\q130009393_disk.dll -> Downloader.Delf.h : Cleaned with backup
C:\WINDOWS\q131961160.dll -> Downloader.Delf.zu : Cleaned with backup
C:\WINDOWS\q133400840.dll -> Downloader.Delf.zu : Cleaned with backup
C:\WINDOWS\q133427428_disk.dll -> Downloader.Delf.wp : Cleaned with backup
C:\WINDOWS\q133484580_disk.dll -> Downloader.Delf.h : Cleaned with backup
C:\WINDOWS\q133488075.dll -> Downloader.Delf.pa : Cleaned with backup
C:\WINDOWS\q133529845_disk.dll -> Downloader.Delf.wp : Cleaned with backup
C:\WINDOWS\q133532599_disk.dll -> Downloader.Delf.h : Cleaned with backup
C:\WINDOWS\q133614908_disk.dll -> Downloader.Delf.h : Cleaned with backup
C:\WINDOWS\q136975360_disk.dll -> Downloader.Delf.h : Cleaned with backup
C:\WINDOWS\q137106809.dll -> Downloader.Delf.pa : Cleaned with backup
C:\WINDOWS\q137131044_disk.dll -> Downloader.Delf.h : Cleaned with backup
C:\WINDOWS\q137137994_disk.dll -> Downloader.Delf.h : Cleaned with backup
C:\WINDOWS\q137216296_disk.dll -> Downloader.Delf.h : Cleaned with backup
C:\WINDOWS\q139165589.dll -> Downloader.Delf.zu : Cleaned with backup
C:\WINDOWS\q140586122_disk.dll -> Downloader.Delf.h : Cleaned with backup
C:\WINDOWS\q140618238.dll -> Downloader.Delf.zu : Cleaned with backup
C:\WINDOWS\q140656222_disk.dll -> Downloader.Delf.wp : Cleaned with backup
C:\WINDOWS\q140686686_disk.dll -> Downloader.Delf.h : Cleaned with backup
C:\WINDOWS\q140723479.dll -> Downloader.Delf.pa : Cleaned with backup
C:\WINDOWS\q140743488_disk.dll -> Downloader.Delf.h : Cleaned with backup
C:\WINDOWS\q140821791_disk.dll -> Downloader.Delf.h : Cleaned with backup
C:\WINDOWS\q14253114.dll -> Downloader.Delf.zu : Cleaned with backup
C:\WINDOWS\q144196583_disk.dll -> Downloader.Delf.h : Cleaned with backup
C:\WINDOWS\q144213678.dll -> Downloader.Delf.zu : Cleaned with backup
C:\WINDOWS\q144259764_disk.dll -> Downloader.Delf.wp : Cleaned with backup
C:\WINDOWS\q144287844_disk.dll -> Downloader.Delf.h : Cleaned with backup
C:\WINDOWS\q144333160_disk.dll -> Downloader.Delf.h : Cleaned with backup
C:\WINDOWS\q144344886_disk.dll -> Downloader.Delf.h : Cleaned with backup
C:\WINDOWS\q144427305_disk.dll -> Downloader.Delf.h : Cleaned with backup
C:\WINDOWS\q14468104.dll -> Downloader.Delf.zu : Cleaned with backup
C:\WINDOWS\q14471579.dll -> Downloader.Delf.pa : Cleaned with backup
C:\WINDOWS\q14471709.dll -> Downloader.Delf.pa : Cleaned with backup
C:\WINDOWS\q14475414.dll -> Downloader.Delf.zu : Cleaned with backup
C:\WINDOWS\q14477327.dll -> Downloader.Delf.zu : Cleaned with backup
C:\WINDOWS\q14478318.dll -> Downloader.Delf.zu : Cleaned with backup
C:\WINDOWS\q14478789_disk.dll -> Downloader.Delf.h : Cleaned with backup
C:\WINDOWS\q14483265.dll -> Downloader.Delf.pa : Cleaned with backup
C:\WINDOWS\q14484858.dll -> Downloader.Delf.zu : Cleaned with backup
C:\WINDOWS\q14490626_disk.dll -> Downloader.Delf.h : Cleaned with backup
C:\WINDOWS\q14493430_disk.dll -> Downloader.Delf.wp : Cleaned with backup
C:\WINDOWS\q14495643.dll -> Downloader.Delf.zu : Cleaned with backup
C:\WINDOWS\q14504416_disk.dll -> Downloader.Delf.h : Cleaned with backup
C:\WINDOWS\q14514290.dll -> Downloader.Delf.pa : Cleaned with backup
C:\WINDOWS\q14517925_disk.dll -> Downloader.Delf.h : Cleaned with backup
C:\WINDOWS\q14521891_disk.dll -> Downloader.Delf.wp : Cleaned with backup
C:\WINDOWS\q14528981_disk.dll -> Downloader.Delf.h : Cleaned with backup
C:\WINDOWS\q14538745_disk.dll -> Downloader.Delf.h : Cleaned with backup
C:\WINDOWS\q14548860.dll -> Downloader.Delf.pa : Cleaned with backup
C:\WINDOWS\q146376338.dll -> Downloader.Delf.zu : Cleaned with backup
C:\WINDOWS\q147789510_disk.dll -> Downloader.Delf.h : Cleaned with backup
C:\WINDOWS\q147814546.dll -> Downloader.Delf.zu : Cleaned with backup
C:\WINDOWS\q147884957_disk.dll -> Downloader.Delf.wp : Cleaned with backup
C:\WINDOWS\q147934148_disk.dll -> Downloader.Delf.h : Cleaned with backup
C:\WINDOWS\q147950311_disk.dll -> Downloader.Delf.h : Cleaned with backup
C:\WINDOWS\q148032749_disk.dll -> Downloader.Delf.h : Cleaned with backup
C:\WINDOWS\q151415574.dll -> Downloader.Delf.zu : Cleaned with backup
C:\WINDOWS\q151491593_disk.dll -> Downloader.Delf.h : Cleaned with backup
C:\WINDOWS\q151498463_disk.dll -> Downloader.Delf.wp : Cleaned with backup
C:\WINDOWS\q151535366_disk.dll -> Downloader.Delf.h : Cleaned with backup
C:\WINDOWS\q151555815_disk.dll -> Downloader.Delf.h : Cleaned with backup
C:\WINDOWS\q151649089_disk.dll -> Downloader.Delf.h : Cleaned with backup
C:\WINDOWS\q153593095.dll -> Downloader.Delf.zu : Cleaned with backup
C:\WINDOWS\q154991836_disk.dll -> Downloader.Delf.h : Cleaned with backup
C:\WINDOWS\q155016592.dll -> Downloader.Delf.zu : Cleaned with backup
C:\WINDOWS\q155111808_disk.dll -> Downloader.Delf.wp : Cleaned with backup
C:\WINDOWS\q155161630_disk.dll -> Downloader.Delf.h : Cleaned with backup
C:\WINDOWS\q155276255_disk.dll -> Downloader.Delf.h : Cleaned with backup
C:\WINDOWS\q157198469.dll -> Downloader.Delf.zu : Cleaned with backup
C:\WINDOWS\q158593114_disk.dll -> Downloader.Delf.h : Cleaned with backup
C:\WINDOWS\q158617710.dll -> Downloader.Delf.zu : Cleaned with backup
C:\WINDOWS\q158693559_disk.dll -> Downloader.Delf.h : Cleaned with backup
C:\WINDOWS\q158716482_disk.dll -> Downloader.Delf.wp : Cleaned with backup
C:\WINDOWS\q158741518_disk.dll -> Downloader.Delf.h : Cleaned with backup
C:\WINDOWS\q158767425_disk.dll -> Downloader.Delf.h : Cleaned with backup
C:\WINDOWS\q158898513_disk.dll -> Downloader.Delf.h : Cleaned with backup
C:\WINDOWS\q158932462_disk.dll -> Downloader.Delf.h : Cleaned with backup
C:\WINDOWS\q162294547_disk.dll -> Downloader.Delf.h : Cleaned with backup
C:\WINDOWS\q162323068_disk.dll -> Downloader.Delf.wp : Cleaned with backup
C:\WINDOWS\q162342015_disk.dll -> Downloader.Delf.h : Cleaned with backup
C:\WINDOWS\q162342816_disk.dll -> Downloader.Delf.h : Cleaned with backup
C:\WINDOWS\q162372889_disk.dll -> Downloader.Delf.h : Cleaned with backup
C:\WINDOWS\q162530346_disk.dll -> Downloader.Delf.h : Cleaned with backup
C:\WINDOWS\q164420994.dll -> Downloader.Delf.zu : Cleaned with backup
C:\WINDOWS\q165795361_disk.dll -> Downloader.Delf.h : Cleaned with backup
C:\WINDOWS\q165819085.dll -> Downloader.Delf.zu : Cleaned with backup
C:\WINDOWS\q165947990_disk.dll -> Downloader.Delf.h : Cleaned with backup
C:\WINDOWS\q165978464_disk.dll -> Downloader.Delf.h : Cleaned with backup
C:\WINDOWS\q166147066_disk.dll -> Downloader.Delf.h : Cleaned with backup
C:\WINDOWS\q168023765.dll -> Downloader.Delf.zu : Cleaned with backup
C:\WINDOWS\q169396659_disk.dll -> Downloader.Delf.h : Cleaned with backup
C:\WINDOWS\q169420013.dll -> Downloader.Delf.zu : Cleaned with backup
C:\WINDOWS\q169496583_disk.dll -> Downloader.Delf.h : Cleaned with backup
C:\WINDOWS\q169535539_disk.dll -> Downloader.Delf.wp : Cleaned with backup
C:\WINDOWS\q169579933_disk.dll -> Downloader.Delf.h : Cleaned with backup
C:\WINDOWS\q169771879_disk.dll -> Downloader.Delf.h : Cleaned with backup
C:\WINDOWS\q172997957_disk.dll -> Downloader.Delf.h : Cleaned with backup
C:\WINDOWS\q173020930.dll -> Downloader.Delf.zu : Cleaned with backup
C:\WINDOWS\q173097681_disk.dll -> Downloader.Delf.h : Cleaned with backup
C:\WINDOWS\q173142866_disk.dll -> Downloader.Delf.wp : Cleaned with backup
C:\WINDOWS\q173154152_disk.dll -> Downloader.Delf.h : Cleaned with backup
C:\WINDOWS\q173181361_disk.dll -> Downloader.Delf.h : Cleaned with backup
C:\WINDOWS\q173381539_disk.dll -> Downloader.Delf.h : Cleaned with backup
C:\WINDOWS\q17392318.dll -> Downloader.Delf.pa : Cleaned with backup
C:\WINDOWS\q176614307_disk.dll -> Downloader.Delf.h : Cleaned with backup
C:\WINDOWS\q176622029.dll -> Downloader.Delf.zu : Cleaned with backup
C:\WINDOWS\q176698909_disk.dll -> Downloader.Delf.h : Cleaned with backup
C:\WINDOWS\q176746908_disk.dll -> Downloader.Delf.wp : Cleaned with backup
C:\WINDOWS\q176757473_disk.dll -> Downloader.Delf.h : Cleaned with backup
C:\WINDOWS\q176786785_disk.dll -> Downloader.Delf.h : Cleaned with backup
C:\WINDOWS\q176995105_disk.dll -> Downloader.Delf.h : Cleaned with backup
C:\WINDOWS\q180223097.dll -> Downloader.Delf.zu : Cleaned with backup
C:\WINDOWS\q180352082_disk.dll -> Downloader.Delf.wp : Cleaned with backup
C:\WINDOWS\q180392260_disk.dll -> Downloader.Delf.h : Cleaned with backup
C:\WINDOWS\q18072727.dll -> Downloader.Delf.pa : Cleaned with backup
C:\WINDOWS\q18073107.dll -> Downloader.Delf.pa : Cleaned with backup
C:\WINDOWS\q18073127.dll -> Downloader.Delf.pa : Cleaned with backup
C:\WINDOWS\q18075190.dll -> Downloader.Delf.pa : Cleaned with backup
C:\WINDOWS\q18076712_disk.dll -> Downloader.Delf.h : Cleaned with backup
C:\WINDOWS\q18079356_disk.dll -> Downloader.Delf.h : Cleaned with backup
C:\WINDOWS\q18080147_disk.dll -> Downloader.Delf.h : Cleaned with backup
C:\WINDOWS\q18084734.dll -> Downloader.Delf.pa : Cleaned with backup
C:\WINDOWS\q18094558_disk.dll -> Downloader.Delf.wp : Cleaned with backup
C:\WINDOWS\q18095980_disk.dll -> Downloader.Delf.h : Cleaned with backup
C:\WINDOWS\q18109299_disk.dll -> Downloader.Delf.h : Cleaned with backup
C:\WINDOWS\q18114286_disk.dll -> Downloader.Delf.h : Cleaned with backup
C:\WINDOWS\q18115979.dll -> Downloader.Delf.zu : Cleaned with backup
C:\WINDOWS\q18118533_disk.dll -> Downloader.Delf.h : Cleaned with backup
C:\WINDOWS\q18129058_disk.dll -> Downloader.Delf.wp : Cleaned with backup
C:\WINDOWS\q18133364_disk.dll -> Downloader.Delf.h : Cleaned with backup
C:\WINDOWS\q18139212_disk.dll -> Downloader.Delf.h : Cleaned with backup
C:\WINDOWS\q18156287_disk.dll -> Downloader.Delf.h : Cleaned with backup
C:\WINDOWS\q18158390_disk.dll -> Downloader.Delf.h : Cleaned with backup
C:\WINDOWS\q183817105_disk.dll -> Downloader.Delf.h : Cleaned with backup
C:\WINDOWS\q183824335.dll -> Downloader.Delf.zu : Cleaned with backup
C:\WINDOWS\q183916427_disk.dll -> Downloader.Delf.h : Cleaned with backup
C:\WINDOWS\q183957226_disk.dll -> Downloader.Delf.wp : Cleaned with backup
C:\WINDOWS\q183963725_disk.dll -> Downloader.Delf.h : Cleaned with backup
C:\WINDOWS\q184002331_disk.dll -> Downloader.Delf.h : Cleaned with backup
C:\WINDOWS\q18623789.dll -> Downloader.Delf.zu : Cleaned with backup
C:\WINDOWS\q187422248_disk.dll -> Downloader.Delf.h : Cleaned with backup
C:\WINDOWS\q187425383.dll -> Downloader.Delf.zu : Cleaned with backup
C:\WINDOWS\q187562320_disk.dll -> Downloader.Delf.wp : Cleaned with backup
C:\WINDOWS\q187571523_disk.dll -> Downloader.Delf.h : Cleaned with backup
C:\WINDOWS\q187606093_disk.dll -> Downloader.Delf.h : Cleaned with backup
C:\WINDOWS\q18920796.dll -> Downloader.Delf.zu : Cleaned with backup
C:\WINDOWS\q191026661.dll -> Downloader.Delf.zu : Cleaned with backup
C:\WINDOWS\q191143419_disk.dll -> Downloader.Delf.h : Cleaned with backup
C:\WINDOWS\q191163448_disk.dll -> Downloader.Delf.wp : Cleaned with backup
C:\WINDOWS\q191201693_disk.dll -> Downloader.Delf.h : Cleaned with backup
C:\WINDOWS\q194808529_disk.dll -> Downloader.Delf.h : Cleaned with backup
C:\WINDOWS\q19745121.dll -> Downloader.Delf.pa : Cleaned with backup
C:\WINDOWS\q19787973.dll -> Downloader.Delf.pa : Cleaned with backup
C:\WINDOWS\q198365484_disk.dll -> Downloader.Delf.wp : Cleaned with backup
C:\WINDOWS\q198371433_disk.dll -> Downloader.Delf.h : Cleaned with backup
C:\WINDOWS\q198426251_disk.dll -> Downloader.Delf.h : Cleaned with backup
C:\WINDOWS\q198435314_disk.dll -> Downloader.Delf.h : Cleaned with backup
C:\WINDOWS\q201966612_disk.dll -> Downloader.Delf.wp : Cleaned with backup
C:\WINDOWS\q201988143_disk.dll -> Downloader.Delf.h : Cleaned with backup
C:\WINDOWS\q201998939_disk.dll -> Downloader.Delf.wp : Cleaned with backup
C:\WINDOWS\q202045906_disk.dll -> Downloader.Delf.h : Cleaned with backup
C:\WINDOWS\q202047468_disk.dll -> Downloader.Delf.h : Cleaned with backup
C:\WINDOWS\q205567710_disk.dll -> Downloader.Delf.wp : Cleaned with backup
C:\WINDOWS\q205580579_disk.dll -> Downloader.Delf.h : Cleaned with backup
C:\WINDOWS\q205646904_disk.dll -> Downloader.Delf.h : Cleaned with backup
C:\WINDOWS\q20838444.dll -> Downloader.Delf.pa : Cleaned with backup
C:\WINDOWS\q209045631_disk.dll -> Downloader.Delf.h : Cleaned with backup
C:\WINDOWS\q209172874_disk.dll -> Downloader.Delf.wp : Cleaned with backup
C:\WINDOWS\q209248313_disk.dll -> Downloader.Delf.h : Cleaned with backup
C:\WINDOWS\q209264977_disk.dll -> Downloader.Delf.h : Cleaned with backup
C:\WINDOWS\q212630276.dll -> Downloader.Delf.zu : Cleaned with backup
C:\WINDOWS\q212778138_disk.dll -> Downloader.Delf.wp : Cleaned with backup
C:\WINDOWS\q212849741_disk.dll -> Downloader.Delf.h : Cleaned with backup
C:\WINDOWS\q212865874_disk.dll -> Downloader.Delf.h : Cleaned with backup
C:\WINDOWS\q21455671.dll -> Downloader.Delf.zu : Cleaned with backup
C:\WINDOWS\q216234058.dll -> Downloader.Delf.zu : Cleaned with backup
C:\WINDOWS\q216383302_disk.dll -> Downloader.Delf.wp : Cleaned with backup
C:\WINDOWS\q216451180_disk.dll -> Downloader.Delf.h : Cleaned with backup
C:\WINDOWS\q216481804_disk.dll -> Downloader.Delf.h : Cleaned with backup
C:\WINDOWS\q21669989.dll -> Downloader.Delf.zu : Cleaned with backup
C:\WINDOWS\q21676509_disk.dll -> Downloader.Delf.wp : Cleaned with backup
C:\WINDOWS\q21676529.dll -> Downloader.Delf.pa : Cleaned with backup
C:\WINDOWS\q21676949.dll -> Downloader.Delf.zu : Cleaned with backup
C:\WINDOWS\q21678371_disk.dll -> Downloader.Delf.h : Cleaned with backup
C:\WINDOWS\q21679122.dll -> Downloader.Delf.zu : Cleaned with backup
C:\WINDOWS\q21679773.dll -> Downloader.Delf.zu : Cleaned with backup
C:\WINDOWS\q21680224_disk.dll -> Downloader.Delf.h : Cleaned with backup
C:\WINDOWS\q21687655.dll -> Downloader.Delf.zu : Cleaned with backup
C:\WINDOWS\q21695636_disk.dll -> Downloader.Delf.wp : Cleaned with backup
C:\WINDOWS\q21703017_disk.dll -> Downloader.Delf.h : Cleaned with backup
C:\WINDOWS\q21709967_disk.dll -> Downloader.Delf.h : Cleaned with backup
C:\WINDOWS\q21715134_disk.dll -> Downloader.Delf.h : Cleaned with backup
C:\WINDOWS\q21718880.dll -> Downloader.Delf.pa : Cleaned with backup
C:\WINDOWS\q21727121_disk.dll -> Downloader.Delf.h : Cleaned with backup
C:\WINDOWS\q21745518_disk.dll -> Downloader.Delf.h : Cleaned with backup
C:\WINDOWS\q21749604.dll -> Downloader.Delf.pa : Cleaned with backup
C:\WINDOWS\q21772046_disk.dll -> Downloader.Delf.h : Cleaned with backup
C:\WINDOWS\q219835056.dll -> Downloader.Delf.zu : Cleaned with backup
C:\WINDOWS\q219988496_disk.dll -> Downloader.Delf.wp : Cleaned with backup
C

#4 prescience

prescience
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:12 PM

Posted 05 December 2005 - 01:32 AM

Sorry it seems to have cut off the report,

But thanks for your help .. any further things I could do?

Thanks again,

Robby

#5 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:12:12 AM

Posted 05 December 2005 - 04:26 PM

:thumbsup: You are currently using HijackThis from a temporary directory, this can cause problems.
  • Please go to My Computer, open your C:\ drive, Select: New >> Folder and name the folder HJT.
  • Download HijackThis to the new folder:
  • Double Click on 'HijackThis.zip' to extract and install HijackThis.exe to the new folder.
  • Close ALL windows except HJT
  • SCAN with HJT and SAVE LOG. (a notepad window will open with the log in it when you click Save Log) (Ctrl-A to'select all', Ctrl-C to 'copy')
  • Post the log in this thread using 'Add Reply' (Ctrl-V to 'paste')
David

#6 prescience

prescience
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:12 PM

Posted 05 December 2005 - 04:37 PM

Alot of my issues seem to have cleared up! But here is the most recent HJT file following your instructions:

Logfile of HijackThis v1.99.1
Scan saved at 4:33:59 PM, on 12/5/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\csrss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\TPSrv.exe
C:\windows\system32\svchost.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\pavsrv51.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\AVENGINE.EXE
C:\windows\System32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\System32\svchost.exe
c:\program files\panda software\panda titanium 2006 antivirus + antispyware\firewall\PNMSRV.EXE
C:\windows\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\windows\System32\nvsvc32.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PavFnSvr.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\psimsvc.exe
C:\windows\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\wanmpsvc.exe
C:\windows\System32\alg.exe
C:\windows\Explorer.EXE
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\apvxdwin.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\WebProxy.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\windows\system32\pctspk.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\windows\system32\RunDll32.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Common Files\AOL\1125756679\ee\AOLHostManager.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\AOL\1125756679\ee\AOLServiceHost.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\windows\System32\svchost.exe
C:\Program Files\Common Files\AOL\1125756679\ee\AOLServiceHost.exe
C:\HJT\HijackThis.exe

R3 - Default URLSearchHook is missing
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_12_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: C:\windows\system32\adsldpbe.dll - {7507739F-BC2E-4DC3-B233-816783C25DC9} - C:\windows\system32\adsldpbe.dll
O2 - BHO: (no name) - {DA223E41-3F7F-4B2B-8CC8-22C6A1197EEB} - C:\windows\mpatrol.dll (file missing)
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_12_0.dll
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\en-us\msntb.dll
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [snid] C:\WINDOWS\snid.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Archive] C:\Program Files\Archive\archive.exe
O4 - HKLM\..\Run: [eTrust PestPatrol Active Protection] none
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1125756679\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\APVXDWIN.EXE" /s
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [alexa] c:\windows\alexa.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0a\aoltray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\windows\system32\clbcatix.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\windows\system32\clbcatix.dll (file missing)
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\windows\system32\clbcatix.dll (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\windows\system32\clbcatix.dll (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\windows\system32\clbcatix.dll (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\windows\system32\clbcatix.dll (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .asp: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O16 - DPF: {FDDCE9FF-1FC6-413C-80B1-37B101FDA1D4} - http://download.buddylinks.net/ShellInstaller.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: avldr - C:\windows\SYSTEM32\avldr.dll
O20 - Winlogon Notify: clbcatex - C:\windows\system32\clbcatix.dll (file missing)
O20 - Winlogon Notify: st3i - C:\windows\q88273911.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: hpdj - Unknown owner - C:\DOCUME~1\ROBBY~1.ROB\LOCALS~1\Temp\hpdj.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\System32\nvsvc32.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\pavsrv51.exe
O23 - Service: Panda Network Manager (PNMSRV) - Panda Software - c:\program files\panda software\panda titanium 2006 antivirus + antispyware\firewall\PNMSRV.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software Internacional - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\psimsvc.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Software - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\TPSrv.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Thanks again,

Robby

#7 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:12:12 AM

Posted 05 December 2005 - 04:51 PM

Please do both of the following before we start if possible!:

:thumbsup: 1) Please print off these intructions - they will be needed later when internet access is not available.
:flowers: 2) Save these instructions in word/notepad to the desktop where they can be easily found for the same reasons as above.
_____________________

Go to add/remove and uninstall SpyKiller

:idea: Download KillBox here: http://www.downloads.subratam.org/KillBox.zip
Save it to your desktop.
DO NOT run it yet.
_____________________

:trumpet: With IE closed, run Hijack This again.
Put a checkmark on these entries and hit "fix checked":

R3 - Default URLSearchHook is missing
O2 - BHO: C:\windows\system32\adsldpbe.dll - {7507739F-BC2E-4DC3-B233-81683C25DC9} - C:\windows\system32\adsldpbe.dll
O2 - BHO: (no name) - {DA223E41-3F7F-4B2B-8CC8-22C6A1197EEB} - C:\windows\mpatrol.dll (file missing)
O4 - HKLM\..\Run: [snid] C:\WINDOWS\snid.exe
O4 - HKLM\..\Run: [Archive] C:\Program Files\Archive\archive.exe
O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\windows\system32\clbcatix.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\windows\system32\clbcatix.dll (file missing)
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\windows\system32\clbcatix.dll (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\windows\system32\clbcatix.dll (file missing)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E} - C:\windows\system32\clbcatix.dll (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\windows\system32\clbcatix.dll (file missing)
O16 - DPF: {FDDCE9FF-1FC6-413C-80B1-37B101FDA1D4} - http://download.buddylinks.net/ShellInstaller.cab

_____________________

:inlove: Boot into Safe Mode

:cool: Double-click on Killbox.exe to run it.
Now put a tick by Standard File Kill.
In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time then click on the button that has the red circle with the X in the middle after you enter each file.
It will ask for confimation to delete the file.
Click Yes.
Continue with that same procedure until you have copied and pasted all of these in the "Paste Full Path of File to Delete" box.

C:\WINDOWS\snid.exe
C:\Program Files\Archive\archive.exe
C:\windows\system32\adsldpbe.dll

_____________________

Manually delete this folder:

C:\Program Files\Archive
_____________________

:bike: Please Navigate to the C:\Windows\Temp folder.
Open the Temp folder and go to Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder. (if you cannot delete some items it's fine!)

Then go to Start > Run and type %temp% in the Run box.
The Temp folder will open. Click Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.f

Finally go to Control Panel > Internet Options. m
Put a check by "Delete Offline Content" and click OK.
Click on the Programs tab then click the "Reset Web Settings" button.
Click Apply then OK.
_____________________

:woot: Empty the Recycle Bin.
_____________________

:) Reboot to normal mode and post a new HJT log
David

#8 prescience

prescience
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:12 PM

Posted 05 December 2005 - 11:10 PM

One more time .. :thumbsup:

Logfile of HijackThis v1.99.1
Scan saved at 11:07:01 PM, on 12/5/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\csrss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\TPSrv.exe
C:\windows\system32\svchost.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\pavsrv51.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\AVENGINE.EXE
C:\windows\System32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\System32\svchost.exe
c:\program files\panda software\panda titanium 2006 antivirus + antispyware\firewall\PNMSRV.EXE
C:\windows\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\windows\System32\nvsvc32.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PavFnSvr.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\psimsvc.exe
C:\windows\System32\svchost.exe
C:\windows\Explorer.EXE
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\windows\system32\pctspk.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\windows\system32\RunDll32.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\APVXDWIN.EXE
C:\Program Files\AIM\aim.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\AOL\1125756679\ee\AOLHostManager.exe
C:\windows\System32\alg.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\WebProxy.exe
C:\Program Files\Common Files\AOL\1125756679\ee\AOLServiceHost.exe
C:\windows\System32\svchost.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\avciman.exe
C:\windows\system32\wuauclt.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\psimreal.exe
C:\Program Files\Common Files\AOL\1125756679\ee\AOLServiceHost.exe
C:\HJT\HijackThis.exe

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_12_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_12_0.dll
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\en-us\msntb.dll
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [eTrust PestPatrol Active Protection] none
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1125756679\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\APVXDWIN.EXE" /s
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [alexa] c:\windows\alexa.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0a\aoltray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .asp: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: avldr - C:\windows\SYSTEM32\avldr.dll
O20 - Winlogon Notify: clbcatex - C:\windows\system32\clbcatix.dll (file missing)
O20 - Winlogon Notify: st3i - C:\windows\q88273911.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: hpdj - Unknown owner - C:\DOCUME~1\ROBBY~1.ROB\LOCALS~1\Temp\hpdj.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\System32\nvsvc32.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\pavsrv51.exe
O23 - Service: Panda Network Manager (PNMSRV) - Panda Software - c:\program files\panda software\panda titanium 2006 antivirus + antispyware\firewall\PNMSRV.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software Internacional - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\psimsvc.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Software - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\TPSrv.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

#9 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:12:12 AM

Posted 06 December 2005 - 11:54 AM

Fix these two:

O20 - Winlogon Notify: clbcatex - C:\windows\system32\clbcatix.dll (file missing)
O20 - Winlogon Notify: st3i - C:\windows\q88273911.dll (file missing)

Clean Log!! Posted Image
How's everything running?

David

#10 prescience

prescience
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:12 PM

Posted 06 December 2005 - 02:51 PM

Everything is running great! ... Thank you so much!!

I was seriously considering reformatting my computer before I found these forums ... I appreciate all of your help! I will definitely make a donation...thanks again!

Edited by prescience, 06 December 2005 - 02:56 PM.


#11 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:12:12 AM

Posted 06 December 2005 - 03:07 PM

Ok! Glad i was able to help you! :thumbsup:

The log is clean! :flowers:

If i have helped you please consider making a donation using the "make a donation" button in my signature. My help is free, but please consider it to keep me fighting spyware for you and others! :trumpet: :inlove:

Now turn off System Restore:

On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

Restart your computer, turn System Restore back on and create a restore point.

To create a restore point:

Single-click Start and point to All Programs.
Mouse over Accessories, then System Tools, and select System Restore.In the System Restore wizard, select the box next the text labeled "Create a restore point" and click the Next button.
Type a description for your new restore point. Something like "After trojan/spyware cleanup". Click Create and you're done.

David




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users