Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hjt Log - Infected With Many Items Inc. Qoolaid, The Best Offers, Registry Cleaner


  • This topic is locked This topic is locked
40 replies to this topic

#1 Rickshaw Driver

Rickshaw Driver

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Location:Texas
  • Local time:10:50 PM

Posted 01 March 2006 - 07:29 AM

I ran AdAware and got it down to 0 reported, S&D couldn't get rid of everything even after 4 scans on reboot. There were 2 items it was unable to get rid of. I was able to run housecall because I could run that through firefox, but when I got to panda, the pop-up windows just wouldn't stop long enough to do anything. The Nortons definitions are now up to date (friends daughter's computer, she had not updated them), but windows update won't work. It keeps failing on installing some crucial updates and I am hoping that it might have something to do with the infections. Below is my log file, thanks for the help in advance.

Logfile of HijackThis v1.99.1
Scan saved at 6:20:48 AM, on 3/1/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\tyrnhy.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\SYSTEM32\sms_msn.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell\AccessDirect\dadapp.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\hpsw.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\rdso\eetu.exe
C:\WINDOWS\System32\r?gsvr32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\wgse.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Apoint\Apntex.exe
c:\windows\system32\qndsregq.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\WINDOWS\System32\twinorag.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Broderbund\Mavis Beacon Teaches Typing Deluxe 15\minimavis.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/DOCUME~1/MATTIE~1/LOCALS~1/Temp//promptZango.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R3 - URLSearchHook: (no name) - {415F1F5C-A194-A06A-92DF-858ADBABA9B9} - C:\WINDOWS\System32\ngkhc.dll
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Band Class - {00F1D395-4744-40f0-A611-980F61AE2C59} - C:\WINDOWS\dsr.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: (no name) - {279A1B41-6CAC-4ABF-B39C-72C8E489F685} - (no file)
O2 - BHO: Trecker Class - {39C78B50-7E98-4aa0-B007-D83114EA6E0F} - C:\PROGRA~1\Jalmp\jalmp.dll
O2 - BHO: (no name) - {415F1F5C-A194-A06A-92DF-858ADBABA9B9} - C:\WINDOWS\System32\ngkhc.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Encarta Web Companion Helper Object - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: BestOffers Shopping BHO - {F5DE8ADB-4A69-4e56-96AB-823171C8E9D8} - C:\Program Files\TBONAS\TBONlchr.dll (file missing)
O3 - Toolbar: Encarta Web Companion - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O3 - Toolbar: BestOffers Shopping v1.20 - {7FD44536-9DF0-4034-939F-5BD4D98E3187} - C:\Program Files\TBONAS\TBONlchr.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [Dinst] C:\WINDOWS\dinst.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [elitemedia] C:\WINDOWS\elitemediapop.exe
O4 - HKLM\..\Run: [{FC-C8-88-89-ZN}] c:\windows\system32\qndsregq.exe FI002
O4 - HKLM\..\Run: [sms_msn] C:\WINDOWS\SYSTEM32\sms_msn.exe
O4 - HKLM\..\Run: [xfnurhii] C:\WINDOWS\System32\osrtce\xfnurhii.exe
O4 - HKLM\..\Run: [ws9f3sO] ipvtoa.exe
O4 - HKLM\..\Run: [wgchsob] C:\WINDOWS\System32\nqeg\wgchsob.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [System service62] C:\WINDOWS\etb\pokapoka62.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [stratas] xmconfig.exe
O4 - HKLM\..\Run: [secure] C:\WINDOWS\System32\Dpilzs.exe
O4 - HKLM\..\Run: [rncsmc] C:\WINDOWS\System32\rncsmc.exe
O4 - HKLM\..\Run: [rmgmin] C:\WINDOWS\System32\r090405.Stub.exe
O4 - HKLM\..\Run: [ProSiteFinder] C:\Program Files\ProSiteFinder\prositefinder.exe
O4 - HKLM\..\Run: [Nsv] C:\WINDOWS\System32\nsvsvc\nsvsvc.exe
O4 - HKLM\..\Run: [netdriver] C:\windows\system32\elitegdz32.exe
O4 - HKLM\..\Run: [Microsoft Update Loaders 2006] winusersystem32.exe
O4 - HKLM\..\Run: [MedGS] C:\WINDOWS\System32\medgs1.exe
O4 - HKLM\..\Run: [Iomega Startup Options] C:\Program Files\Iomega\Common\ImgStart.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [susse] "C:\WINDOWS\System32\hpsw.exe"
O4 - HKLM\..\Run: [BrowserUpdateSched] C:\WINDOWS\System32\twinorag.exe FI002
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\System32\yiywky.exe reg_run
O4 - HKLM\..\Run: [eniqxiq] C:\WINDOWS\System32\tyrnhy.exe r
O4 - HKLM\..\RunServices: [SystemTools] C:\WINDOWS\System32\kernels64.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Aida] "C:\Program Files\rdso\eetu.exe" -vt yazb
O4 - HKCU\..\Run: [Vuajaq] C:\WINDOWS\System32\r?gsvr32.exe
O4 - Startup: Zeno.lnk = C:\WINDOWS\SYSTEM32\twinorag.exe
O4 - Startup: Z_Start.lnk = C:\WINDOWS\SYSTEM32\dwdsregt.exe
O4 - Global Startup: America Online 7.0 Tray Icon.lnk = C:\Program Files\America Online 7.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: Personal Coach.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O15 - Trusted Zone: *.elitemediagroup.net
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O16 - DPF: {11111111-1111-1111-1111-222222222222} - ms-its:mhtml:file://d:\foo.mht!http://www.software.topinstalls.com/mep/files/spl/jpg+chm//x.chm::/open.exe
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1135801285411
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://eu-housecall.trendmicro-europe.com/...ivex/hcImpl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {9AC54695-69A4-46F1-BE10-10C74F9520D5} - http://cabs.elitemediagroup.net/cabs/mediaview.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/as...rl/SymAData.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://download.games.yahoo.com/games/web_...outLauncher.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O18 - Filter: text/html - {2F6E85DC-8D2D-4896-8A4F-7DF8A7B1749D} - C:\PROGRA~1\Jalmp\jalmp.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IomegaAccess - Iomega Corporation - C:\WINDOWS\System32\IomegaAccess.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

BC AdBot (Login to Remove)

 


#2 Rawe

Rawe

  • Members
  • 2,363 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:06:50 AM

Posted 01 March 2006 - 12:43 PM

Hello and welcome, let's get started.. You have many infections there, we need few steps to clear entirely. :thumbsup:

Please download the latest version of Ad-Aware from HERE (if you already have Ad-Aware installed, make sure that it is the latest version 1.0.6.)

If it's NOT the version 1.0.6, can you then uninstall your current version/delete folder: C:\Program Files\Lavasoft & empty recycle bin. Finally install the latest version.

Launch Ad-Aware SE and run the WebUpdate feature. (Click on the Globe icon, Click "connect", Click "OK", Click "Finish".)

IF you are having problems with the updating, get the manual updates here; http://download.lavasoft.de.edgesuite.net/public/defs.zip

Download Lavasoft's VX2 Cleaner plug-in HERE
  • Install the VX2 Cleaner
  • Start Ad-Aware SE
  • Go to "Plug-ins"
  • Select the VX2 Cleaner plug-in and click "Run Tool" (Before running the VX2 Cleaner, make sure other anti-virus or anti-spyware applications are closed.)
  • Click "OK" when asked if you want to execute this tool.
  • If your computer isn't infected, click "Close".
If your computer is infected;
  • Select "Clean"
  • Reboot your system.
  • Scan your computer with Ad-Aware:

    Set up the Configurations as follows:
    • Click the Gear wheel at the top of the Ad-Aware window
    • Click General > Safety & Settings: Check (Green) all three.
    • Click Tweak > Cleaning Engine > UNcheck "Always try to unload modules before deletion".
    Click on "Proceed"
    Click on "Scan Now"
    Deselect "Search for negligible risk entries" as negligible risk entries (MRU's) are not considered to be a threat.
    Select "Search for low-risk threats"
    Run the scanner using the Full Scan (Perform full system scan) mode.
    When the scan has completed, select Next.
    In the Scanning Results window, select the "Scan Summary" tab.
    Check the box next to every "target family" for removal.
    Click "Next", Click "OK".

  • Reboot your computer again
  • Run a second scan (With Ad-aware & VX2 Cleaner) to make sure the files have been removed from your computer
Post a fresh HiJackThis log once done. :flowers:
Hi there, stranger!

#3 Rickshaw Driver

Rickshaw Driver
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Location:Texas
  • Local time:10:50 PM

Posted 01 March 2006 - 09:13 PM

Thank you for the help. I have done as you asked and here is my log:

Logfile of HijackThis v1.99.1
Scan saved at 8:11:28 PM, on 3/1/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\WINDOWS\elitemediapop.exe
C:\WINDOWS\SYSTEM32\sms_msn.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell\AccessDirect\dadapp.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system32\qndsregq.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\twinorag.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\hpsw.exe
C:\WINDOWS\System32\eohftu.exe
C:\WINDOWS\System32\wgse.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\rdso\eetu.exe
C:\WINDOWS\System32\r?gsvr32.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/DOCUME~1/MATTIE~1/LOCALS~1/Temp//promptZango.html
R3 - URLSearchHook: (no name) - {415F1F5C-A194-A06A-92DF-858ADBABA9B9} - C:\WINDOWS\System32\ngkhc.dll
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: (no name) - {279A1B41-6CAC-4ABF-B39C-72C8E489F685} - (no file)
O2 - BHO: Trecker Class - {39C78B50-7E98-4aa0-B007-D83114EA6E0F} - C:\PROGRA~1\Jalmp\jalmp.dll
O2 - BHO: (no name) - {415F1F5C-A194-A06A-92DF-858ADBABA9B9} - C:\WINDOWS\System32\ngkhc.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Encarta Web Companion Helper Object - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: BestOffers Shopping BHO - {F5DE8ADB-4A69-4e56-96AB-823171C8E9D8} - C:\Program Files\TBONAS\TBONlchr.dll (file missing)
O3 - Toolbar: Encarta Web Companion - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O3 - Toolbar: BestOffers Shopping v1.20 - {7FD44536-9DF0-4034-939F-5BD4D98E3187} - C:\Program Files\TBONAS\TBONlchr.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [Dinst] C:\WINDOWS\dinst.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [elitemedia] C:\WINDOWS\elitemediapop.exe
O4 - HKLM\..\Run: [{FC-C8-88-89-ZN}] c:\windows\system32\qndsregq.exe FI002
O4 - HKLM\..\Run: [sms_msn] C:\WINDOWS\SYSTEM32\sms_msn.exe
O4 - HKLM\..\Run: [xfnurhii] C:\WINDOWS\System32\osrtce\xfnurhii.exe
O4 - HKLM\..\Run: [ws9f3sO] ipvtoa.exe
O4 - HKLM\..\Run: [wgchsob] C:\WINDOWS\System32\nqeg\wgchsob.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [System service62] C:\WINDOWS\etb\pokapoka62.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [stratas] xmconfig.exe
O4 - HKLM\..\Run: [secure] C:\WINDOWS\System32\Dpilzs.exe
O4 - HKLM\..\Run: [rncsmc] C:\WINDOWS\System32\rncsmc.exe
O4 - HKLM\..\Run: [rmgmin] C:\WINDOWS\System32\r090405.Stub.exe
O4 - HKLM\..\Run: [ProSiteFinder] C:\Program Files\ProSiteFinder\prositefinder.exe
O4 - HKLM\..\Run: [Nsv] C:\WINDOWS\System32\nsvsvc\nsvsvc.exe
O4 - HKLM\..\Run: [netdriver] C:\windows\system32\elitegdz32.exe
O4 - HKLM\..\Run: [Microsoft Update Loaders 2006] winusersystem32.exe
O4 - HKLM\..\Run: [MedGS] C:\WINDOWS\System32\medgs1.exe
O4 - HKLM\..\Run: [Iomega Startup Options] C:\Program Files\Iomega\Common\ImgStart.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [susse] "C:\WINDOWS\System32\hpsw.exe"
O4 - HKLM\..\Run: [BrowserUpdateSched] C:\WINDOWS\System32\twinorag.exe
O4 - HKLM\..\Run: [aiegay] C:\WINDOWS\System32\eohftu.exe r
O4 - HKLM\..\RunServices: [SystemTools] C:\WINDOWS\System32\kernels64.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Aida] "C:\Program Files\rdso\eetu.exe" -vt yazb
O4 - HKCU\..\Run: [Vuajaq] C:\WINDOWS\System32\r?gsvr32.exe
O4 - Startup: Zeno.lnk = C:\WINDOWS\SYSTEM32\twinorag.exe
O4 - Startup: Z_Start.lnk = C:\WINDOWS\SYSTEM32\dwdsregt.exe
O4 - Global Startup: America Online 7.0 Tray Icon.lnk = C:\Program Files\America Online 7.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: Personal Coach.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O15 - Trusted Zone: *.elitemediagroup.net
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O16 - DPF: {11111111-1111-1111-1111-222222222222} - ms-its:mhtml:file://d:\foo.mht!http://www.software.topinstalls.com/mep/files/spl/jpg+chm//x.chm::/open.exe
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1135801285411
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://eu-housecall.trendmicro-europe.com/...ivex/hcImpl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {9AC54695-69A4-46F1-BE10-10C74F9520D5} - http://cabs.elitemediagroup.net/cabs/mediaview.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/as...rl/SymAData.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://download.games.yahoo.com/games/web_...outLauncher.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O18 - Filter: text/html - {2F6E85DC-8D2D-4896-8A4F-7DF8A7B1749D} - C:\PROGRA~1\Jalmp\jalmp.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IomegaAccess - Iomega Corporation - C:\WINDOWS\System32\IomegaAccess.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

#4 Rawe

Rawe

  • Members
  • 2,363 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:06:50 AM

Posted 02 March 2006 - 12:27 AM

Hi again, let's continue.. :thumbsup:

==

Please download LQfix.exe© from one of the following locations:
  • LQfix.exe
    LQfix.exe

  • Save it to your desktop.
  • Double-Click LQfix.exe and click Next > Next > Install.
  • Leave the default settings, if you change them, the fix will Fail!
  • You need an active Internet Connection, so make sure your you're not blocking any connection now.
  • Now make sure the "Launch LQfix" box is checked.
  • Click the Finish button, after clicking the Finish button the fix will start.
  • Follow the on-screen prompts.
  • Your system will reboot afterwards.
  • Please be patient after the reboot, there is a script running in the background that needs to complete.
Then do a scan with HiJackThis and post the fresh log here by using Add Reply. :flowers:

Edited by Rawe, 02 March 2006 - 12:27 AM.

Hi there, stranger!

#5 Rickshaw Driver

Rickshaw Driver
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Location:Texas
  • Local time:10:50 PM

Posted 02 March 2006 - 06:38 AM

I can tell it is improving already Rawe. I have followed your instruction and here is my new log: :thumbsup:

Logfile of HijackThis v1.99.1
Scan saved at 5:37:20 AM, on 3/2/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\System32\hhjfyk.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\windows\system32\qndsregq.exe
C:\WINDOWS\SYSTEM32\sms_msn.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell\AccessDirect\dadapp.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\System32\hpsw.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\System32\twinorag.exe
C:\WINDOWS\System32\wgse.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\rdso\eetu.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\ohpswshbdd.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/DOCUME~1/MATTIE~1/LOCALS~1/Temp//promptZango.html
R3 - URLSearchHook: (no name) - {415F1F5C-A194-A06A-92DF-858ADBABA9B9} - C:\WINDOWS\System32\ngkhc.dll
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: (no name) - {279A1B41-6CAC-4ABF-B39C-72C8E489F685} - (no file)
O2 - BHO: Trecker Class - {39C78B50-7E98-4aa0-B007-D83114EA6E0F} - C:\PROGRA~1\Jalmp\jalmp.dll
O2 - BHO: (no name) - {415F1F5C-A194-A06A-92DF-858ADBABA9B9} - C:\WINDOWS\System32\ngkhc.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Encarta Web Companion Helper Object - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: BestOffers Shopping BHO - {F5DE8ADB-4A69-4e56-96AB-823171C8E9D8} - C:\Program Files\TBONAS\TBONlchr.dll (file missing)
O3 - Toolbar: Encarta Web Companion - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O3 - Toolbar: BestOffers Shopping v1.20 - {7FD44536-9DF0-4034-939F-5BD4D98E3187} - C:\Program Files\TBONAS\TBONlchr.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [Dinst] C:\WINDOWS\dinst.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [{FC-C8-88-89-ZN}] C:\windows\system32\qndsregq.exe FI002
O4 - HKLM\..\Run: [sms_msn] C:\WINDOWS\SYSTEM32\sms_msn.exe
O4 - HKLM\..\Run: [xfnurhii] C:\WINDOWS\System32\osrtce\xfnurhii.exe
O4 - HKLM\..\Run: [ws9f3sO] ipvtoa.exe
O4 - HKLM\..\Run: [wgchsob] C:\WINDOWS\System32\nqeg\wgchsob.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [stratas] xmconfig.exe
O4 - HKLM\..\Run: [secure] C:\WINDOWS\System32\Dpilzs.exe
O4 - HKLM\..\Run: [rncsmc] C:\WINDOWS\System32\rncsmc.exe
O4 - HKLM\..\Run: [rmgmin] C:\WINDOWS\System32\r090405.Stub.exe
O4 - HKLM\..\Run: [ProSiteFinder] C:\Program Files\ProSiteFinder\prositefinder.exe
O4 - HKLM\..\Run: [Nsv] C:\WINDOWS\System32\nsvsvc\nsvsvc.exe
O4 - HKLM\..\Run: [netdriver] C:\windows\system32\elitegdz32.exe
O4 - HKLM\..\Run: [Microsoft Update Loaders 2006] winusersystem32.exe
O4 - HKLM\..\Run: [MedGS] C:\WINDOWS\System32\medgs1.exe
O4 - HKLM\..\Run: [Iomega Startup Options] C:\Program Files\Iomega\Common\ImgStart.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [susse] "C:\WINDOWS\System32\hpsw.exe"
O4 - HKLM\..\Run: [BrowserUpdateSched] C:\WINDOWS\System32\twinorag.exe FI002
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [cfbgxrq] C:\WINDOWS\System32\hhjfyk.exe r
O4 - HKLM\..\RunServices: [SystemTools] C:\WINDOWS\System32\kernels64.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Aida] "C:\Program Files\rdso\eetu.exe" -vt yazb
O4 - HKCU\..\Run: [Vuajaq] C:\WINDOWS\System32\r?gsvr32.exe
O4 - Startup: Zeno.lnk = C:\WINDOWS\SYSTEM32\twinorag.exe
O4 - Startup: Z_Start.lnk = C:\WINDOWS\SYSTEM32\dwdsregt.exe
O4 - Global Startup: America Online 7.0 Tray Icon.lnk = C:\Program Files\America Online 7.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: Personal Coach.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O16 - DPF: {11111111-1111-1111-1111-222222222222} - ms-its:mhtml:file://d:\foo.mht!http://www.software.topinstalls.com/mep/files/spl/jpg+chm//x.chm::/open.exe
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1135801285411
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://eu-housecall.trendmicro-europe.com/...ivex/hcImpl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/as...rl/SymAData.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://download.games.yahoo.com/games/web_...outLauncher.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O18 - Filter: text/html - {2F6E85DC-8D2D-4896-8A4F-7DF8A7B1749D} - C:\PROGRA~1\Jalmp\jalmp.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IomegaAccess - Iomega Corporation - C:\WINDOWS\System32\IomegaAccess.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Edited by Rickshaw Driver, 02 March 2006 - 06:39 AM.


#6 Rawe

Rawe

  • Members
  • 2,363 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:06:50 AM

Posted 02 March 2006 - 09:03 AM

Hmm, I see you have Aurora/Nail again -- that is interesting. Did you follow my first set of instructions as I asked you to? Did VX2Cleaner find anything?

==

Please print these instructions out, or write them down, as you can't read them during the fix.

Launch Notepad, copy & paste the following text from the codebox below, into a blank text file (Starting from @ECHO);

@ECHO OFF
cd\windows
Nail.exe /FULLREMOVE
sc config SvcProc start= disabled
sc stop SvcProc
sc delete SvcProc
attrib -s -r -h nail.exe
attrib -s -r -h svcproc.exe
del nail.exe
del svcproc.exe
exit

Save the file to the desktop as remove.bat and make sure the "Save as type" field says "All files".

==

Next:

Please download the trial version of Ewido Anti-malware here:
http://www.ewido.net/en/download/

Please read Ewido Setup Instructions
Install it, and update the definitions to the newest files. Do NOT run a scan yet.

==

Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.


Once in Safe Mode, please double-click on remove.bat.

A window should open and close very quickly --- this is normal.

==

Run Ewido:
  • Click on scanner
  • Click on Complete System Scan and the scan will begin.
  • While the scan is in progress you will be prompted to clean files, click OK
  • When it asks if you want to clean the first file, put a check in the lower left corner of the box that says "Perform action on all infections" then choose clean and click OK.
  • Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report.
  • Save the report .txt file to your desktop.
Close Ewido Anti-malware.

==

Now, reboot back into Normal mode, open the Report.txt file and copy & paste it's content to this thread along with a fresh HijackThis log. :thumbsup:

Edited by Rawe, 02 March 2006 - 09:46 AM.

Hi there, stranger!

#7 Rickshaw Driver

Rickshaw Driver
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Location:Texas
  • Local time:10:50 PM

Posted 02 March 2006 - 09:30 AM

I did follow the first instrucations step by step. I had them on the screen of my second computer as I was going through them on the infected computer. VX2Cleaner did find something and cleared everything on the scan. On the second scan with AdAware there was nothing found. I am downloading the Ewido now and will post the results in a little bit.

#8 Rawe

Rawe

  • Members
  • 2,363 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:06:50 AM

Posted 02 March 2006 - 09:45 AM

Did you remember to run VX2Cleaner again after reboot?? :thumbsup:
Hi there, stranger!

#9 Rickshaw Driver

Rickshaw Driver
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Location:Texas
  • Local time:10:50 PM

Posted 02 March 2006 - 10:05 AM

Ah, ok so maybe I screwed it up. I ran it, it asked me to reboot, I reboot, scanned it cleaned, then I did a reboot and scanned and it came out clean. Should I have run the vx2 addon again after the second reboot? I misunderstood if so, I'm sorry.

#10 Rawe

Rawe

  • Members
  • 2,363 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:06:50 AM

Posted 02 March 2006 - 10:23 AM

That's fine -- no other scans with VX2Cleaner necessary. Please follow the current set. :thumbsup:
Hi there, stranger!

#11 Rickshaw Driver

Rickshaw Driver
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Location:Texas
  • Local time:10:50 PM

Posted 02 March 2006 - 11:00 AM

Ediwo found 501 infected files. Here is the report:

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 9:42:23 AM, 3/2/2006
+ Report-Checksum: 37BA90E7

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{392BAF48-A26A-45B5-9263-97128E429268} -> Adware.AdBlaster : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{39C78B50-7E98-4aa0-B007-D83114EA6E0F} -> Adware.Generic : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{7FD44536-9DF0-4034-939F-5BD4D98E3187} -> Adware.Generic : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{F5DE8ADB-4A69-4e56-96AB-823171C8E9D8} -> Adware.Generic : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{39C78B50-7E98-4AA0-B007-D83114EA6E0F} -> Adware.Generic : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{7FD44536-9DF0-4034-939F-5BD4D98E3187} -> Adware.Generic : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{279A1B41-6CAC-4ABF-B39C-72C8E489F685} -> Adware.AdBlaster : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39C78B50-7E98-4aa0-B007-D83114EA6E0F} -> Adware.Generic : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F5DE8ADB-4A69-4e56-96AB-823171C8E9D8} -> Adware.Generic : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bsto-1 -> Adware.BetterInternet : Cleaned with backup
HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\ZepMon -> Adware.BetterInternet : Cleaned with backup
HKU\S-1-5-21-3357401849-1170056648-424186827-500\Software\aurora -> Adware.BetterInternet : Cleaned with backup
[748] C:\WINDOWS\System32\dpfqxs.exe -> Trojan.Agent.ay : Cleaned with backup
C:\Documents and Settings\Annie Bananie!!\Cookies\annie bananie!!@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Annie Bananie!!\Cookies\annie bananie!!@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Annie Bananie!!\Cookies\annie bananie!!@ads.realcastmedia[1].txt -> TrackingCookie.Realcastmedia : Cleaned with backup
C:\Documents and Settings\Annie Bananie!!\Cookies\annie bananie!!@ads1.revenue[1].txt -> TrackingCookie.Revenue : Cleaned with backup
C:\Documents and Settings\Annie Bananie!!\Cookies\annie bananie!!@banners.searchingbooth[1].txt -> TrackingCookie.Searchingbooth : Cleaned with backup
C:\Documents and Settings\Annie Bananie!!\Cookies\annie bananie!!@bestoffersnetworks[2].txt -> TrackingCookie.Bestoffersnetworks : Cleaned with backup
C:\Documents and Settings\Annie Bananie!!\Cookies\annie bananie!!@cliks[2].txt -> TrackingCookie.Cliks : Cleaned with backup
C:\Documents and Settings\Annie Bananie!!\Cookies\annie bananie!!@entrepreneur.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Annie Bananie!!\Cookies\annie bananie!!@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Annie Bananie!!\Cookies\annie bananie!!@shop.bestoffersnetworks[2].txt -> TrackingCookie.Bestoffersnetworks : Cleaned with backup
C:\Documents and Settings\Annie Bananie!!\Cookies\annie bananie!!@yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@c.enhance[1].txt -> TrackingCookie.Enhance : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@c.goclick[1].txt -> TrackingCookie.Goclick : Cleaned with backup
C:\Program Files\Jalmp\jalmp.dll -> Adware.Suggestor : Cleaned with backup
C:\Program Files\rdso\eetu.exe -> Downloader.PurityScan.be : Cleaned with backup
C:\Program Files\whInstall -> Adware.Webhancer : Cleaned with backup
C:\RECYCLER\NPROTECT\00056999.TXT -> TrackingCookie.Bestoffersnetworks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057000.TXT -> TrackingCookie.Cliks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057002.TXT -> TrackingCookie.Bestoffersnetworks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057003.TXT -> TrackingCookie.Cliks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057005.TXT -> TrackingCookie.Bestoffersnetworks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057006.TXT -> TrackingCookie.Cliks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057008.TXT -> TrackingCookie.Bestoffersnetworks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057009.TXT -> TrackingCookie.Cliks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057010.TXT -> TrackingCookie.Trafficmp : Cleaned with backup
C:\RECYCLER\NPROTECT\00057011.TXT -> TrackingCookie.Trafficmp : Cleaned with backup
C:\RECYCLER\NPROTECT\00057012.TXT -> TrackingCookie.Trafficmp : Cleaned with backup
C:\RECYCLER\NPROTECT\00057013.TXT -> TrackingCookie.Trafficmp : Cleaned with backup
C:\RECYCLER\NPROTECT\00057014.TXT -> TrackingCookie.Trafficmp : Cleaned with backup
C:\RECYCLER\NPROTECT\00057015.TXT -> TrackingCookie.Trafficmp : Cleaned with backup
C:\RECYCLER\NPROTECT\00057016.TXT -> TrackingCookie.Trafficmp : Cleaned with backup
C:\RECYCLER\NPROTECT\00057017.TXT -> TrackingCookie.Trafficmp : Cleaned with backup
C:\RECYCLER\NPROTECT\00057018.TXT -> TrackingCookie.Trafficmp : Cleaned with backup
C:\RECYCLER\NPROTECT\00057019.TXT -> TrackingCookie.Tribalfusion : Cleaned with backup
C:\RECYCLER\NPROTECT\00057020.TXT -> TrackingCookie.Fastclick : Cleaned with backup
C:\RECYCLER\NPROTECT\00057021.TXT -> TrackingCookie.Fastclick : Cleaned with backup
C:\RECYCLER\NPROTECT\00057030.TXT -> TrackingCookie.Advertising : Cleaned with backup
C:\RECYCLER\NPROTECT\00057032.TXT -> TrackingCookie.Bestoffersnetworks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057033.TXT -> TrackingCookie.Cliks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057035.TXT -> TrackingCookie.Trafficmp : Cleaned with backup
C:\RECYCLER\NPROTECT\00057036.TXT -> TrackingCookie.Fastclick : Cleaned with backup
C:\RECYCLER\NPROTECT\00057037.TXT -> TrackingCookie.Bestoffersnetworks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057038.TXT -> TrackingCookie.Trafficmp : Cleaned with backup
C:\RECYCLER\NPROTECT\00057039.TXT -> TrackingCookie.Fastclick : Cleaned with backup
C:\RECYCLER\NPROTECT\00057040.TXT -> TrackingCookie.Trafficmp : Cleaned with backup
C:\RECYCLER\NPROTECT\00057041.TXT -> TrackingCookie.Cliks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057043.TXT -> TrackingCookie.Bestoffersnetworks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057044.TXT -> TrackingCookie.Cliks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057045.TXT -> TrackingCookie.Advertising : Cleaned with backup
C:\RECYCLER\NPROTECT\00057047.TXT -> TrackingCookie.Bestoffersnetworks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057048.TXT -> TrackingCookie.Cliks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057050.TXT -> TrackingCookie.Bestoffersnetworks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057051.TXT -> TrackingCookie.Cliks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057053.TXT -> TrackingCookie.Bestoffersnetworks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057054.TXT -> TrackingCookie.Cliks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057055.TXT -> TrackingCookie.Casalemedia : Cleaned with backup
C:\RECYCLER\NPROTECT\00057056.TXT -> TrackingCookie.Casalemedia : Cleaned with backup
C:\RECYCLER\NPROTECT\00057058.TXT -> TrackingCookie.Casalemedia : Cleaned with backup
C:\RECYCLER\NPROTECT\00057059.TXT -> TrackingCookie.Bestoffersnetworks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057060.TXT -> TrackingCookie.Cliks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057062.TXT -> TrackingCookie.Bestoffersnetworks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057063.TXT -> TrackingCookie.Cliks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057064.TXT -> TrackingCookie.Advertising : Cleaned with backup
C:\RECYCLER\NPROTECT\00057066.TXT -> TrackingCookie.Bestoffersnetworks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057067.TXT -> TrackingCookie.Cliks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057069.TXT -> TrackingCookie.Bestoffersnetworks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057070.TXT -> TrackingCookie.Cliks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057072.TXT -> TrackingCookie.Bestoffersnetworks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057073.TXT -> TrackingCookie.Cliks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057075.TXT -> TrackingCookie.Bestoffersnetworks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057076.TXT -> TrackingCookie.Cliks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057078.TXT -> TrackingCookie.Bestoffersnetworks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057079.TXT -> TrackingCookie.Cliks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057081.TXT -> TrackingCookie.Bestoffersnetworks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057082.TXT -> TrackingCookie.Cliks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057084.TXT -> TrackingCookie.Bestoffersnetworks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057085.TXT -> TrackingCookie.Cliks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057087.TXT -> TrackingCookie.Bestoffersnetworks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057088.TXT -> TrackingCookie.Cliks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057090.TXT -> TrackingCookie.Bestoffersnetworks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057091.TXT -> TrackingCookie.Cliks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057092.TXT -> TrackingCookie.Trafficmp : Cleaned with backup
C:\RECYCLER\NPROTECT\00057093.TXT -> TrackingCookie.Trafficmp : Cleaned with backup
C:\RECYCLER\NPROTECT\00057094.TXT -> TrackingCookie.Trafficmp : Cleaned with backup
C:\RECYCLER\NPROTECT\00057095.TXT -> TrackingCookie.Trafficmp : Cleaned with backup
C:\RECYCLER\NPROTECT\00057096.TXT -> TrackingCookie.Trafficmp : Cleaned with backup
C:\RECYCLER\NPROTECT\00057097.TXT -> TrackingCookie.Trafficmp : Cleaned with backup
C:\RECYCLER\NPROTECT\00057098.TXT -> TrackingCookie.Fastclick : Cleaned with backup
C:\RECYCLER\NPROTECT\00057099.TXT -> TrackingCookie.Fastclick : Cleaned with backup
C:\RECYCLER\NPROTECT\00057100.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\RECYCLER\NPROTECT\00057101.TXT -> TrackingCookie.Trafficmp : Cleaned with backup
C:\RECYCLER\NPROTECT\00057102.TXT -> TrackingCookie.Trafficmp : Cleaned with backup
C:\RECYCLER\NPROTECT\00057103.TXT -> TrackingCookie.Trafficmp : Cleaned with backup
C:\RECYCLER\NPROTECT\00057104.TXT -> TrackingCookie.Fastclick : Cleaned with backup
C:\RECYCLER\NPROTECT\00057105.TXT -> TrackingCookie.Fastclick : Cleaned with backup
C:\RECYCLER\NPROTECT\00057106.TXT -> TrackingCookie.Casalemedia : Cleaned with backup
C:\RECYCLER\NPROTECT\00057107.TXT -> TrackingCookie.Casalemedia : Cleaned with backup
C:\RECYCLER\NPROTECT\00057108.TXT -> TrackingCookie.Casalemedia : Cleaned with backup
C:\RECYCLER\NPROTECT\00057109.TXT -> TrackingCookie.Advertising : Cleaned with backup
C:\RECYCLER\NPROTECT\00057110.TXT -> TrackingCookie.Trafficmp : Cleaned with backup
C:\RECYCLER\NPROTECT\00057111.TXT -> TrackingCookie.Trafficmp : Cleaned with backup
C:\RECYCLER\NPROTECT\00057112.TXT -> TrackingCookie.Trafficmp : Cleaned with backup
C:\RECYCLER\NPROTECT\00057113.TXT -> TrackingCookie.Trafficmp : Cleaned with backup
C:\RECYCLER\NPROTECT\00057114.TXT -> TrackingCookie.Trafficmp : Cleaned with backup
C:\RECYCLER\NPROTECT\00057115.TXT -> TrackingCookie.Trafficmp : Cleaned with backup
C:\RECYCLER\NPROTECT\00057116.TXT -> TrackingCookie.Trafficmp : Cleaned with backup
C:\RECYCLER\NPROTECT\00057117.TXT -> TrackingCookie.Trafficmp : Cleaned with backup
C:\RECYCLER\NPROTECT\00057118.TXT -> TrackingCookie.Trafficmp : Cleaned with backup
C:\RECYCLER\NPROTECT\00057119.TXT -> TrackingCookie.Trafficmp : Cleaned with backup
C:\RECYCLER\NPROTECT\00057120.TXT -> TrackingCookie.Trafficmp : Cleaned with backup
C:\RECYCLER\NPROTECT\00057121.TXT -> TrackingCookie.Trafficmp : Cleaned with backup
C:\RECYCLER\NPROTECT\00057131.TXT -> TrackingCookie.Bestoffersnetworks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057132.TXT -> TrackingCookie.Cliks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057134.TXT -> TrackingCookie.Bestoffersnetworks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057135.TXT -> TrackingCookie.Cliks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057137.TXT -> TrackingCookie.Bestoffersnetworks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057138.TXT -> TrackingCookie.Cliks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057140.TXT -> TrackingCookie.Bestoffersnetworks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057141.TXT -> TrackingCookie.Cliks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057143.TXT -> TrackingCookie.Bestoffersnetworks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057144.TXT -> TrackingCookie.Cliks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057146.TXT -> TrackingCookie.Bestoffersnetworks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057147.TXT -> TrackingCookie.Cliks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057149.TXT -> TrackingCookie.Bestoffersnetworks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057150.TXT -> TrackingCookie.Cliks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057152.TXT -> TrackingCookie.Bestoffersnetworks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057153.TXT -> TrackingCookie.Cliks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057155.TXT -> TrackingCookie.Bestoffersnetworks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057156.TXT -> TrackingCookie.Cliks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057158.TXT -> TrackingCookie.Bestoffersnetworks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057159.TXT -> TrackingCookie.Cliks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057161.TXT -> TrackingCookie.Bestoffersnetworks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057162.TXT -> TrackingCookie.Cliks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057164.TXT -> TrackingCookie.Bestoffersnetworks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057165.TXT -> TrackingCookie.Cliks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057167.TXT -> TrackingCookie.Bestoffersnetworks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057168.TXT -> TrackingCookie.Cliks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057170.TXT -> TrackingCookie.Bestoffersnetworks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057171.TXT -> TrackingCookie.Cliks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057173.TXT -> TrackingCookie.Bestoffersnetworks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057174.TXT -> TrackingCookie.Cliks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057176.TXT -> TrackingCookie.Bestoffersnetworks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057177.TXT -> TrackingCookie.Cliks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057179.TXT -> TrackingCookie.Bestoffersnetworks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057180.TXT -> TrackingCookie.Cliks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057181.TXT -> TrackingCookie.Fastclick : Cleaned with backup
C:\RECYCLER\NPROTECT\00057182.TXT -> TrackingCookie.Fastclick : Cleaned with backup
C:\RECYCLER\NPROTECT\00057183.TXT -> TrackingCookie.Trafficmp : Cleaned with backup
C:\RECYCLER\NPROTECT\00057184.TXT -> TrackingCookie.Trafficmp : Cleaned with backup
C:\RECYCLER\NPROTECT\00057185.TXT -> TrackingCookie.Trafficmp : Cleaned with backup
C:\RECYCLER\NPROTECT\00057186.TXT -> TrackingCookie.Trafficmp : Cleaned with backup
C:\RECYCLER\NPROTECT\00057187.TXT -> TrackingCookie.Trafficmp : Cleaned with backup
C:\RECYCLER\NPROTECT\00057188.TXT -> TrackingCookie.Trafficmp : Cleaned with backup
C:\RECYCLER\NPROTECT\00057189.TXT -> TrackingCookie.Fastclick : Cleaned with backup
C:\RECYCLER\NPROTECT\00057190.TXT -> TrackingCookie.Fastclick : Cleaned with backup
C:\RECYCLER\NPROTECT\00057191.TXT -> TrackingCookie.Fastclick : Cleaned with backup
C:\RECYCLER\NPROTECT\00057192.TXT -> TrackingCookie.Trafficmp : Cleaned with backup
C:\RECYCLER\NPROTECT\00057193.TXT -> TrackingCookie.Trafficmp : Cleaned with backup
C:\RECYCLER\NPROTECT\00057194.TXT -> TrackingCookie.Trafficmp : Cleaned with backup
C:\RECYCLER\NPROTECT\00057195.TXT -> TrackingCookie.Trafficmp : Cleaned with backup
C:\RECYCLER\NPROTECT\00057196.TXT -> TrackingCookie.Trafficmp : Cleaned with backup
C:\RECYCLER\NPROTECT\00057197.TXT -> TrackingCookie.Trafficmp : Cleaned with backup
C:\RECYCLER\NPROTECT\00057198.TXT -> TrackingCookie.Trafficmp : Cleaned with backup
C:\RECYCLER\NPROTECT\00057199.TXT -> TrackingCookie.Trafficmp : Cleaned with backup
C:\RECYCLER\NPROTECT\00057200.TXT -> TrackingCookie.Trafficmp : Cleaned with backup
C:\RECYCLER\NPROTECT\00057201.TXT -> TrackingCookie.Trafficmp : Cleaned with backup
C:\RECYCLER\NPROTECT\00057202.TXT -> TrackingCookie.Trafficmp : Cleaned with backup
C:\RECYCLER\NPROTECT\00057203.TXT -> TrackingCookie.Trafficmp : Cleaned with backup
C:\RECYCLER\NPROTECT\00057204.TXT -> TrackingCookie.Fastclick : Cleaned with backup
C:\RECYCLER\NPROTECT\00057205.TXT -> TrackingCookie.Fastclick : Cleaned with backup
C:\RECYCLER\NPROTECT\00057206.TXT -> TrackingCookie.Fastclick : Cleaned with backup
C:\RECYCLER\NPROTECT\00057207.TXT -> TrackingCookie.Fastclick : Cleaned with backup
C:\RECYCLER\NPROTECT\00057209.TXT -> TrackingCookie.Casalemedia : Cleaned with backup
C:\RECYCLER\NPROTECT\00057210.TXT -> TrackingCookie.Casalemedia : Cleaned with backup
C:\RECYCLER\NPROTECT\00057211.TXT -> TrackingCookie.Casalemedia : Cleaned with backup
C:\RECYCLER\NPROTECT\00057212.TXT -> TrackingCookie.Advertising : Cleaned with backup
C:\RECYCLER\NPROTECT\00057213.TXT -> TrackingCookie.Fastclick : Cleaned with backup
C:\RECYCLER\NPROTECT\00057214.TXT -> TrackingCookie.Fastclick : Cleaned with backup
C:\RECYCLER\NPROTECT\00057215.TXT -> TrackingCookie.Trafficmp : Cleaned with backup
C:\RECYCLER\NPROTECT\00057216.TXT -> TrackingCookie.Trafficmp : Cleaned with backup
C:\RECYCLER\NPROTECT\00057217.TXT -> TrackingCookie.Trafficmp : Cleaned with backup
C:\RECYCLER\NPROTECT\00057218.TXT -> TrackingCookie.Advertising : Cleaned with backup
C:\RECYCLER\NPROTECT\00057219.TXT -> TrackingCookie.Trafficmp : Cleaned with backup
C:\RECYCLER\NPROTECT\00057220.TXT -> TrackingCookie.Trafficmp : Cleaned with backup
C:\RECYCLER\NPROTECT\00057221.TXT -> TrackingCookie.Trafficmp : Cleaned with backup
C:\RECYCLER\NPROTECT\00057231.TXT -> TrackingCookie.Bestoffersnetworks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057232.TXT -> TrackingCookie.Cliks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057234.TXT -> TrackingCookie.Bestoffersnetworks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057235.TXT -> TrackingCookie.Cliks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057237.TXT -> TrackingCookie.Bestoffersnetworks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057238.TXT -> TrackingCookie.Cliks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057240.TXT -> TrackingCookie.Bestoffersnetworks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057241.TXT -> TrackingCookie.Cliks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057243.TXT -> TrackingCookie.Bestoffersnetworks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057244.TXT -> TrackingCookie.Cliks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057246.TXT -> TrackingCookie.Bestoffersnetworks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057247.TXT -> TrackingCookie.Cliks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057249.TXT -> TrackingCookie.Bestoffersnetworks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057250.TXT -> TrackingCookie.Cliks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057252.TXT -> TrackingCookie.Bestoffersnetworks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057253.TXT -> TrackingCookie.Cliks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057255.TXT -> TrackingCookie.Bestoffersnetworks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057256.TXT -> TrackingCookie.Cliks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057258.TXT -> TrackingCookie.Bestoffersnetworks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057259.TXT -> TrackingCookie.Cliks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057261.TXT -> TrackingCookie.Bestoffersnetworks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057262.TXT -> TrackingCookie.Cliks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057264.TXT -> TrackingCookie.Bestoffersnetworks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057265.TXT -> TrackingCookie.Cliks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057267.TXT -> TrackingCookie.Bestoffersnetworks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057268.TXT -> TrackingCookie.Cliks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057270.TXT -> TrackingCookie.Bestoffersnetworks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057271.TXT -> TrackingCookie.Cliks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057273.TXT -> TrackingCookie.Bestoffersnetworks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057274.TXT -> TrackingCookie.Cliks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057276.TXT -> TrackingCookie.Bestoffersnetworks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057277.TXT -> TrackingCookie.Cliks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057279.TXT -> TrackingCookie.Bestoffersnetworks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057280.TXT -> TrackingCookie.Cliks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057281.TXT -> TrackingCookie.Trafficmp : Cleaned with backup
C:\RECYCLER\NPROTECT\00057282.TXT -> TrackingCookie.Trafficmp : Cleaned with backup
C:\RECYCLER\NPROTECT\00057283.TXT -> TrackingCookie.Trafficmp : Cleaned with backup
C:\RECYCLER\NPROTECT\00057293.TXT -> TrackingCookie.Bestoffersnetworks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057294.TXT -> TrackingCookie.Cliks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057296.TXT -> TrackingCookie.Bestoffersnetworks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057297.TXT -> TrackingCookie.Cliks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057299.TXT -> TrackingCookie.Bestoffersnetworks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057300.TXT -> TrackingCookie.Cliks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057302.TXT -> TrackingCookie.Bestoffersnetworks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057303.TXT -> TrackingCookie.Cliks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057305.TXT -> TrackingCookie.Bestoffersnetworks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057306.TXT -> TrackingCookie.Cliks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057308.TXT -> TrackingCookie.Bestoffersnetworks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057309.TXT -> TrackingCookie.Cliks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057311.TXT -> TrackingCookie.Bestoffersnetworks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057312.TXT -> TrackingCookie.Cliks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057314.TXT -> TrackingCookie.Bestoffersnetworks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057315.TXT -> TrackingCookie.Cliks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057317.TXT -> TrackingCookie.Bestoffersnetworks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057318.TXT -> TrackingCookie.Cliks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057320.TXT -> TrackingCookie.Bestoffersnetworks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057321.TXT -> TrackingCookie.Trafficmp : Cleaned with backup
C:\RECYCLER\NPROTECT\00057322.TXT -> TrackingCookie.Trafficmp : Cleaned with backup
C:\RECYCLER\NPROTECT\00057323.TXT -> TrackingCookie.Trafficmp : Cleaned with backup
C:\RECYCLER\NPROTECT\00057324.TXT -> TrackingCookie.Cliks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057326.TXT -> TrackingCookie.Bestoffersnetworks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057327.TXT -> TrackingCookie.Cliks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057329.TXT -> TrackingCookie.Bestoffersnetworks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057330.TXT -> TrackingCookie.Cliks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057332.TXT -> TrackingCookie.Bestoffersnetworks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057333.TXT -> TrackingCookie.Cliks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057335.TXT -> TrackingCookie.Bestoffersnetworks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057336.TXT -> TrackingCookie.Cliks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057338.TXT -> TrackingCookie.Bestoffersnetworks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057339.TXT -> TrackingCookie.Cliks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057341.TXT -> TrackingCookie.Bestoffersnetworks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057342.TXT -> TrackingCookie.Cliks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057344.TXT -> TrackingCookie.Bestoffersnetworks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057345.TXT -> TrackingCookie.Cliks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057346.TXT -> TrackingCookie.Fastclick : Cleaned with backup
C:\RECYCLER\NPROTECT\00057347.TXT -> TrackingCookie.Fastclick : Cleaned with backup
C:\RECYCLER\NPROTECT\00057348.TXT -> TrackingCookie.Trafficmp : Cleaned with backup
C:\RECYCLER\NPROTECT\00057349.TXT -> TrackingCookie.Trafficmp : Cleaned with backup
C:\RECYCLER\NPROTECT\00057350.TXT -> TrackingCookie.Trafficmp : Cleaned with backup
C:\RECYCLER\NPROTECT\00057351.TXT -> TrackingCookie.Advertising : Cleaned with backup
C:\RECYCLER\NPROTECT\00057352.TXT -> TrackingCookie.Trafficmp : Cleaned with backup
C:\RECYCLER\NPROTECT\00057353.TXT -> TrackingCookie.Trafficmp : Cleaned with backup
C:\RECYCLER\NPROTECT\00057354.TXT -> TrackingCookie.Trafficmp : Cleaned with backup
C:\RECYCLER\NPROTECT\00057364.TXT -> TrackingCookie.Bestoffersnetworks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057365.TXT -> TrackingCookie.Cliks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057367.TXT -> TrackingCookie.Bestoffersnetworks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057368.TXT -> TrackingCookie.Cliks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057370.TXT -> TrackingCookie.Bestoffersnetworks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057371.TXT -> TrackingCookie.Cliks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057373.TXT -> TrackingCookie.Bestoffersnetworks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057374.TXT -> TrackingCookie.Cliks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057376.TXT -> TrackingCookie.Bestoffersnetworks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057377.TXT -> TrackingCookie.Cliks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057379.TXT -> TrackingCookie.Bestoffersnetworks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057380.TXT -> TrackingCookie.Cliks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057382.TXT -> TrackingCookie.Bestoffersnetworks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057383.TXT -> TrackingCookie.Cliks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057385.TXT -> TrackingCookie.Bestoffersnetworks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057386.TXT -> TrackingCookie.Cliks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057388.TXT -> TrackingCookie.Bestoffersnetworks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057389.TXT -> TrackingCookie.Cliks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057391.TXT -> TrackingCookie.Bestoffersnetworks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057392.TXT -> TrackingCookie.Cliks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057394.TXT -> TrackingCookie.Bestoffersnetworks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057395.TXT -> TrackingCookie.Cliks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057397.TXT -> TrackingCookie.Bestoffersnetworks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057398.TXT -> TrackingCookie.Cliks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057400.TXT -> TrackingCookie.Bestoffersnetworks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057401.TXT -> TrackingCookie.Cliks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057403.TXT -> TrackingCookie.Bestoffersnetworks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057404.TXT -> TrackingCookie.Cliks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057406.TXT -> TrackingCookie.Bestoffersnetworks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057407.TXT -> TrackingCookie.Cliks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057409.TXT -> TrackingCookie.Bestoffersnetworks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057410.TXT -> TrackingCookie.Cliks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057412.TXT -> TrackingCookie.Bestoffersnetworks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057413.TXT -> TrackingCookie.Cliks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057414.TXT -> TrackingCookie.Trafficmp : Cleaned with backup
C:\RECYCLER\NPROTECT\00057415.TXT -> TrackingCookie.Trafficmp : Cleaned with backup
C:\RECYCLER\NPROTECT\00057416.TXT -> TrackingCookie.Trafficmp : Cleaned with backup
C:\RECYCLER\NPROTECT\00057417.TXT -> TrackingCookie.Trafficmp : Cleaned with backup
C:\RECYCLER\NPROTECT\00057418.TXT -> TrackingCookie.Trafficmp : Cleaned with backup
C:\RECYCLER\NPROTECT\00057419.TXT -> TrackingCookie.Trafficmp : Cleaned with backup
C:\RECYCLER\NPROTECT\00057420.TXT -> TrackingCookie.Fastclick : Cleaned with backup
C:\RECYCLER\NPROTECT\00057421.TXT -> TrackingCookie.Fastclick : Cleaned with backup
C:\RECYCLER\NPROTECT\00057422.TXT -> TrackingCookie.Casalemedia : Cleaned with backup
C:\RECYCLER\NPROTECT\00057423.TXT -> TrackingCookie.Casalemedia : Cleaned with backup
C:\RECYCLER\NPROTECT\00057424.TXT -> TrackingCookie.Casalemedia : Cleaned with backup
C:\RECYCLER\NPROTECT\00057425.TXT -> TrackingCookie.Advertising : Cleaned with backup
C:\RECYCLER\NPROTECT\00057426.TXT -> TrackingCookie.Trafficmp : Cleaned with backup
C:\RECYCLER\NPROTECT\00057427.TXT -> TrackingCookie.Trafficmp : Cleaned with backup
C:\RECYCLER\NPROTECT\00057428.TXT -> TrackingCookie.Trafficmp : Cleaned with backup
C:\RECYCLER\NPROTECT\00057438.TXT -> TrackingCookie.Bestoffersnetworks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057439.TXT -> TrackingCookie.Cliks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057441.TXT -> TrackingCookie.Bestoffersnetworks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057442.TXT -> TrackingCookie.Cliks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057444.TXT -> TrackingCookie.Bestoffersnetworks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057445.TXT -> TrackingCookie.Cliks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057447.TXT -> TrackingCookie.Bestoffersnetworks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057448.TXT -> TrackingCookie.Cliks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057450.TXT -> TrackingCookie.Bestoffersnetworks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057451.TXT -> TrackingCookie.Cliks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057453.TXT -> TrackingCookie.Bestoffersnetworks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057454.TXT -> TrackingCookie.Cliks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057456.TXT -> TrackingCookie.Bestoffersnetworks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057457.TXT -> TrackingCookie.Cliks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057459.TXT -> TrackingCookie.Bestoffersnetworks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057460.TXT -> TrackingCookie.Cliks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057462.TXT -> TrackingCookie.Bestoffersnetworks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057463.TXT -> TrackingCookie.Cliks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057465.TXT -> TrackingCookie.Bestoffersnetworks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057466.TXT -> TrackingCookie.Cliks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057468.TXT -> TrackingCookie.Bestoffersnetworks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057469.TXT -> TrackingCookie.Cliks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057471.TXT -> TrackingCookie.Bestoffersnetworks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057472.TXT -> TrackingCookie.Cliks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057474.TXT -> TrackingCookie.Bestoffersnetworks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057475.TXT -> TrackingCookie.Cliks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057477.TXT -> TrackingCookie.Bestoffersnetworks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057478.TXT -> TrackingCookie.Cliks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057480.TXT -> TrackingCookie.Bestoffersnetworks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057481.TXT -> TrackingCookie.Cliks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057483.TXT -> TrackingCookie.Bestoffersnetworks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057484.TXT -> TrackingCookie.Cliks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057486.TXT -> TrackingCookie.Bestoffersnetworks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057487.TXT -> TrackingCookie.Cliks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057488.TXT -> TrackingCookie.Fastclick : Cleaned with backup
C:\RECYCLER\NPROTECT\00057489.TXT -> TrackingCookie.Fastclick : Cleaned with backup
C:\RECYCLER\NPROTECT\00057490.TXT -> TrackingCookie.Advertising : Cleaned with backup
C:\RECYCLER\NPROTECT\00057500.TXT -> TrackingCookie.Bestoffersnetworks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057501.TXT -> TrackingCookie.Cliks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057503.TXT -> TrackingCookie.Bestoffersnetworks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057504.TXT -> TrackingCookie.Cliks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057506.TXT -> TrackingCookie.Bestoffersnetworks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057507.TXT -> TrackingCookie.Cliks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057509.TXT -> TrackingCookie.Bestoffersnetworks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057510.TXT -> TrackingCookie.Cliks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057512.TXT -> TrackingCookie.Bestoffersnetworks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057513.TXT -> TrackingCookie.Cliks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057515.TXT -> TrackingCookie.Bestoffersnetworks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057516.TXT -> TrackingCookie.Cliks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057518.TXT -> TrackingCookie.Bestoffersnetworks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057519.TXT -> TrackingCookie.Cliks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057521.TXT -> TrackingCookie.Bestoffersnetworks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057522.TXT -> TrackingCookie.Cliks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057524.TXT -> TrackingCookie.Bestoffersnetworks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057525.TXT -> TrackingCookie.Cliks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057527.TXT -> TrackingCookie.Bestoffersnetworks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057528.TXT -> TrackingCookie.Cliks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057530.TXT -> TrackingCookie.Bestoffersnetworks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057531.TXT -> TrackingCookie.Cliks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057533.TXT -> TrackingCookie.Bestoffersnetworks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057534.TXT -> TrackingCookie.Cliks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057536.TXT -> TrackingCookie.Bestoffersnetworks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057537.TXT -> TrackingCookie.Cliks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057539.TXT -> TrackingCookie.Bestoffersnetworks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057540.TXT -> TrackingCookie.Cliks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057542.TXT -> TrackingCookie.Bestoffersnetworks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057543.TXT -> TrackingCookie.Cliks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057545.TXT -> TrackingCookie.Bestoffersnetworks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057546.TXT -> TrackingCookie.Cliks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057548.TXT -> TrackingCookie.Bestoffersnetworks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057549.TXT -> TrackingCookie.Cliks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057550.TXT -> TrackingCookie.Trafficmp : Cleaned with backup
C:\RECYCLER\NPROTECT\00057551.TXT -> TrackingCookie.Trafficmp : Cleaned with backup
C:\RECYCLER\NPROTECT\00057552.TXT -> TrackingCookie.Trafficmp : Cleaned with backup
C:\RECYCLER\NPROTECT\00057553.TXT -> TrackingCookie.Trafficmp : Cleaned with backup
C:\RECYCLER\NPROTECT\00057554.TXT -> TrackingCookie.Trafficmp : Cleaned with backup
C:\RECYCLER\NPROTECT\00057555.TXT -> TrackingCookie.Trafficmp : Cleaned with backup
C:\RECYCLER\NPROTECT\00057556.TXT -> TrackingCookie.Trafficmp : Cleaned with backup
C:\RECYCLER\NPROTECT\00057557.TXT -> TrackingCookie.Trafficmp : Cleaned with backup
C:\RECYCLER\NPROTECT\00057558.TXT -> TrackingCookie.Trafficmp : Cleaned with backup
C:\RECYCLER\NPROTECT\00057559.TXT -> TrackingCookie.Trafficmp : Cleaned with backup
C:\RECYCLER\NPROTECT\00057560.TXT -> TrackingCookie.Trafficmp : Cleaned with backup
C:\RECYCLER\NPROTECT\00057561.TXT -> TrackingCookie.Trafficmp : Cleaned with backup
C:\RECYCLER\NPROTECT\00057562.TXT -> TrackingCookie.Fastclick : Cleaned with backup
C:\RECYCLER\NPROTECT\00057563.TXT -> TrackingCookie.Fastclick : Cleaned with backup
C:\RECYCLER\NPROTECT\00057564.TXT -> TrackingCookie.Fastclick : Cleaned with backup
C:\RECYCLER\NPROTECT\00057565.TXT -> TrackingCookie.Fastclick : Cleaned with backup
C:\RECYCLER\NPROTECT\00057574.TXT -> TrackingCookie.Advertising : Cleaned with backup
C:\RECYCLER\NPROTECT\00057575.TXT -> TrackingCookie.Trafficmp : Cleaned with backup
C:\RECYCLER\NPROTECT\00057577.TXT -> TrackingCookie.Bestoffersnetworks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057578.TXT -> TrackingCookie.Trafficmp : Cleaned with backup
C:\RECYCLER\NPROTECT\00057579.TXT -> TrackingCookie.Trafficmp : Cleaned with backup
C:\RECYCLER\NPROTECT\00057580.TXT -> TrackingCookie.Cliks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057581.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\RECYCLER\NPROTECT\00057582.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\RECYCLER\NPROTECT\00057584.TXT -> TrackingCookie.Advertising : Cleaned with backup
C:\RECYCLER\NPROTECT\00057585.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\RECYCLER\NPROTECT\00057586.TXT -> TrackingCookie.Bestoffersnetworks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057587.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\RECYCLER\NPROTECT\00057588.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\RECYCLER\NPROTECT\00057589.TXT -> TrackingCookie.Cliks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057591.TXT -> TrackingCookie.Bestoffersnetworks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057592.TXT -> TrackingCookie.Cliks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057594.TXT -> TrackingCookie.Bestoffersnetworks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057595.TXT -> TrackingCookie.Cliks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057597.TXT -> TrackingCookie.Bestoffersnetworks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057598.TXT -> TrackingCookie.Cliks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057600.TXT -> TrackingCookie.Bestoffersnetworks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057601.TXT -> TrackingCookie.Cliks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057603.TXT -> TrackingCookie.Bestoffersnetworks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057604.TXT -> TrackingCookie.Cliks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057605.TXT -> TrackingCookie.Valueclick : Cleaned with backup
C:\RECYCLER\NPROTECT\00057607.TXT -> TrackingCookie.Bestoffersnetworks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057608.TXT -> TrackingCookie.Cliks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057610.TXT -> TrackingCookie.Bestoffersnetworks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057611.TXT -> TrackingCookie.Cliks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057613.TXT -> TrackingCookie.Bestoffersnetworks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057614.TXT -> TrackingCookie.Cliks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057616.TXT -> TrackingCookie.Bestoffersnetworks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057617.TXT -> TrackingCookie.Cliks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057619.TXT -> TrackingCookie.Bestoffersnetworks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057620.TXT -> TrackingCookie.Cliks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057622.TXT -> TrackingCookie.Bestoffersnetworks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057623.TXT -> TrackingCookie.Cliks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057625.TXT -> TrackingCookie.Bestoffersnetworks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057626.TXT -> TrackingCookie.Cliks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057628.TXT -> TrackingCookie.Bestoffersnetworks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057629.TXT -> TrackingCookie.Cliks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057631.TXT -> TrackingCookie.Bestoffersnetworks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057632.TXT -> TrackingCookie.Cliks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057634.TXT -> TrackingCookie.Bestoffersnetworks : Cleaned with backup
C:\RECYCLER\NPROTECT\00057635.TXT -> TrackingCookie.Cliks : Cleaned with backup
C:\RECYCLER\NPROTECT\00059852.TXT -> TrackingCookie.Addynamix : Cleaned with backup
C:\RECYCLER\NPROTECT\00059853.TXT -> TrackingCookie.Pointroll : Cleaned with backup
C:\RECYCLER\NPROTECT\00059854.TXT -> TrackingCookie.Advertising : Cleaned with backup
C:\RECYCLER\NPROTECT\00059855.TXT -> TrackingCookie.Falkag : Cleaned with backup
C:\RECYCLER\NPROTECT\00059856.TXT -> TrackingCookie.Falkag : Cleaned with backup
C:\RECYCLER\NPROTECT\00059857.TXT -> TrackingCookie.Falkag : Cleaned with backup
C:\RECYCLER\NPROTECT\00059858.TXT -> TrackingCookie.Atdmt : Cleaned with backup
C:\RECYCLER\NPROTECT\00059859.TXT -> TrackingCookie.Casalemedia : Cleaned with backup
C:\RECYCLER\NPROTECT\00059860.TXT -> TrackingCookie.Centrport : Cleaned with backup
C:\RECYCLER\NPROTECT\00059861.TXT -> TrackingCookie.Doubleclick : Cleaned with backup
C:\RECYCLER\NPROTECT\00059862.TXT -> TrackingCookie.Fastclick : Cleaned with backup
C:\RECYCLER\NPROTECT\00059864.TXT -> TrackingCookie.Mediaplex : Cleaned with backup
C:\RECYCLER\NPROTECT\00059865.TXT -> TrackingCookie.Questionmarket : Cleaned with backup
C:\RECYCLER\NPROTECT\00059867.TXT -> TrackingCookie.Revenue : Cleaned with backup
C:\RECYCLER\NPROTECT\00059868.TXT -> TrackingCookie.Trafficmp : Cleaned with backup
C:\RECYCLER\NPROTECT\00059869.TXT -> TrackingCookie.Tribalfusion : Cleaned with backup
C:\RECYCLER\NPROTECT\00059870.TXT -> TrackingCookie.Valuead : Cleaned with backup
C:\RECYCLER\NPROTECT\00059871.TXT -> TrackingCookie.Valueclick : Cleaned with backup
C:\RECYCLER\NPROTECT\00059872.TXT -> TrackingCookie.Zedo : Cleaned with backup
C:\WINDOWS\876057.exe -> Adware.Mirar : Cleaned with backup
C:\WINDOWS\Nail.exe -> Adware.BetterInternet : Cleaned with backup
C:\WINDOWS\SYSTEM\sngsh35.dll -> Adware.AdBlaster : Cleaned with backup
C:\WINDOWS\SYSTEM32\dpfqxs.exe -> Trojan.Agent.ay : Cleaned with backup
C:\WINDOWS\SYSTEM32\DrPMon.dll -> Adware.BetterInternet : Cleaned with backup
C:\WINDOWS\SYSTEM32\dwdsregt.exe -> Adware.ZenoSearch : Cleaned with backup
C:\WINDOWS\SYSTEM32\hpsw.exe -> Adware.Suggestor : Cleaned with backup
C:\WINDOWS\SYSTEM32\lwinssap.exe -> Adware.ZenoSearch : Cleaned with backup
C:\WINDOWS\SYSTEM32\m1z5lm1.dll -> Trojan.Kolweb.a : Cleaned with backup
C:\WINDOWS\SYSTEM32\ngkhc.dll -> Adware.PurityScan : Cleaned with backup
C:\WINDOWS\SYSTEM32\ngsh35.dll -> Adware.AdBlaster : Cleaned with backup
C:\WINDOWS\SYSTEM32\NNSCAA638.EXE -> Adware.NewDotNet : Cleaned with backup
C:\WINDOWS\SYSTEM32\qndsregq.exe -> Adware.ZenoSearch : Cleaned with backup
C:\WINDOWS\SYSTEM32\qoqeaqp.dll -> Downloader.Qoologic.be : Cleaned with backup
C:\WINDOWS\SYSTEM32\rrdsrego.exe -> Adware.ZenoSearch : Cleaned with backup
C:\WINDOWS\SYSTEM32\rеgsvr32.exe -> Adware.PurityScan : Cleaned with backup
C:\WINDOWS\SYSTEM32\sms_msn.exe -> Adware.AdBlaster : Cleaned with backup
C:\WINDOWS\SYSTEM32\wgse.exe -> Trojan.Runner.h : Cleaned with backup
C:\WINDOWS\SYSTEM32\whCC-CLICK.exe/whAgent.exe -> Adware.WebHancer : Cleaned with backup
C:\WINDOWS\SYSTEM32\zwqw -> Worm.Randon : Cleaned with backup


::Report End

Logfile of HijackThis v1.99.1
Scan saved at 9:59:49 AM, on 3/2/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\System32\rsrmfia.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell\AccessDirect\dadapp.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\twinorag.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Broderbund\Mavis Beacon Teaches Typing Deluxe 15\minimavis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/DOCUME~1/MATTIE~1/LOCALS~1/Temp//promptZango.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R3 - URLSearchHook: (no name) - {415F1F5C-A194-A06A-92DF-858ADBABA9B9} - C:\WINDOWS\System32\ngkhc.dll (file missing)
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Band Class - {00F1D395-4744-40f0-A611-980F61AE2C59} - C:\WINDOWS\dsr.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: (no name) - {415F1F5C-A194-A06A-92DF-858ADBABA9B9} - C:\WINDOWS\System32\ngkhc.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Encarta Web Companion Helper Object - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: BestOffers Shopping BHO - {F5DE8ADB-4A69-4e56-96AB-823171C8E9D8} - C:\Program Files\TBONAS\TBONlchr.dll
O3 - Toolbar: Encarta Web Companion - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: BestOffers Shopping v1.20 - {7FD44536-9DF0-4034-939F-5BD4D98E3187} - C:\Program Files\TBONAS\TBONlchr.dll
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [Dinst] C:\WINDOWS\dinst.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [xfnurhii] C:\WINDOWS\System32\osrtce\xfnurhii.exe
O4 - HKLM\..\Run: [ws9f3sO] ipvtoa.exe
O4 - HKLM\..\Run: [wgchsob] C:\WINDOWS\System32\nqeg\wgchsob.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [stratas] xmconfig.exe
O4 - HKLM\..\Run: [secure] C:\WINDOWS\System32\Dpilzs.exe
O4 - HKLM\..\Run: [rncsmc] C:\WINDOWS\System32\rncsmc.exe
O4 - HKLM\..\Run: [rmgmin] C:\WINDOWS\System32\r090405.Stub.exe
O4 - HKLM\..\Run: [ProSiteFinder] C:\Program Files\ProSiteFinder\prositefinder.exe
O4 - HKLM\..\Run: [Nsv] C:\WINDOWS\System32\nsvsvc\nsvsvc.exe
O4 - HKLM\..\Run: [netdriver] C:\windows\system32\elitegdz32.exe
O4 - HKLM\..\Run: [Microsoft Update Loaders 2006] winusersystem32.exe
O4 - HKLM\..\Run: [MedGS] C:\WINDOWS\System32\medgs1.exe
O4 - HKLM\..\Run: [Iomega Startup Options] C:\Program Files\Iomega\Common\

#12 Rawe

Rawe

  • Members
  • 2,363 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:06:50 AM

Posted 02 March 2006 - 12:20 PM

Hi, can you post the entire contents of the new HJT log, please. We'll see if Avenger handles your infections at once -- you have so badly infected PC. :thumbsup:
Hi there, stranger!

#13 Rickshaw Driver

Rickshaw Driver
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Location:Texas
  • Local time:10:50 PM

Posted 02 March 2006 - 12:38 PM

Hmmm, not sure why it cut off, sorry. Here you go Rawe, thanks. :thumbsup:

Logfile of HijackThis v1.99.1
Scan saved at 11:37:06 AM, on 3/2/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\System32\rsrmfia.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell\AccessDirect\dadapp.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\twinorag.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Broderbund\Mavis Beacon Teaches Typing Deluxe 15\minimavis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\cidaemon.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/DOCUME~1/MATTIE~1/LOCALS~1/Temp//promptZango.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R3 - URLSearchHook: (no name) - {415F1F5C-A194-A06A-92DF-858ADBABA9B9} - C:\WINDOWS\System32\ngkhc.dll (file missing)
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Band Class - {00F1D395-4744-40f0-A611-980F61AE2C59} - C:\WINDOWS\dsr.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: (no name) - {415F1F5C-A194-A06A-92DF-858ADBABA9B9} - C:\WINDOWS\System32\ngkhc.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Encarta Web Companion Helper Object - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: BestOffers Shopping BHO - {F5DE8ADB-4A69-4e56-96AB-823171C8E9D8} - C:\Program Files\TBONAS\TBONlchr.dll
O3 - Toolbar: Encarta Web Companion - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: BestOffers Shopping v1.20 - {7FD44536-9DF0-4034-939F-5BD4D98E3187} - C:\Program Files\TBONAS\TBONlchr.dll
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [Dinst] C:\WINDOWS\dinst.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [xfnurhii] C:\WINDOWS\System32\osrtce\xfnurhii.exe
O4 - HKLM\..\Run: [ws9f3sO] ipvtoa.exe
O4 - HKLM\..\Run: [wgchsob] C:\WINDOWS\System32\nqeg\wgchsob.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [stratas] xmconfig.exe
O4 - HKLM\..\Run: [secure] C:\WINDOWS\System32\Dpilzs.exe
O4 - HKLM\..\Run: [rncsmc] C:\WINDOWS\System32\rncsmc.exe
O4 - HKLM\..\Run: [rmgmin] C:\WINDOWS\System32\r090405.Stub.exe
O4 - HKLM\..\Run: [ProSiteFinder] C:\Program Files\ProSiteFinder\prositefinder.exe
O4 - HKLM\..\Run: [Nsv] C:\WINDOWS\System32\nsvsvc\nsvsvc.exe
O4 - HKLM\..\Run: [netdriver] C:\windows\system32\elitegdz32.exe
O4 - HKLM\..\Run: [Microsoft Update Loaders 2006] winusersystem32.exe
O4 - HKLM\..\Run: [MedGS] C:\WINDOWS\System32\medgs1.exe
O4 - HKLM\..\Run: [Iomega Startup Options] C:\Program Files\Iomega\Common\ImgStart.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BrowserUpdateSched] C:\WINDOWS\System32\twinorag.exe FI002
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [bzdpeys] C:\WINDOWS\System32\rsrmfia.exe r
O4 - HKLM\..\RunServices: [SystemTools] C:\WINDOWS\System32\kernels64.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Aida] "C:\Program Files\rdso\eetu.exe" -vt yazb
O4 - HKCU\..\Run: [Vuajaq] C:\WINDOWS\System32\r?gsvr32.exe
O4 - Startup: Zeno.lnk = C:\WINDOWS\SYSTEM32\twinorag.exe
O4 - Startup: Z_Start.lnk = C:\WINDOWS\SYSTEM32\dwdsregt.exe
O4 - Global Startup: America Online 7.0 Tray Icon.lnk = C:\Program Files\America Online 7.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: Personal Coach.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O16 - DPF: {11111111-1111-1111-1111-222222222222} - ms-its:mhtml:file://d:\foo.mht!http://www.software.topinstalls.com/mep/files/spl/jpg+chm//x.chm::/open.exe
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1135801285411
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://eu-housecall.trendmicro-europe.com/...ivex/hcImpl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/as...rl/SymAData.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://download.games.yahoo.com/games/web_...outLauncher.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O18 - Filter: text/html - {2F6E85DC-8D2D-4896-8A4F-7DF8A7B1749D} - C:\PROGRA~1\Jalmp\jalmp.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IomegaAccess - Iomega Corporation - C:\WINDOWS\System32\IomegaAccess.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

#14 Rawe

Rawe

  • Members
  • 2,363 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:06:50 AM

Posted 02 March 2006 - 01:30 PM

I hope you haven't rebooted yet. :thumbsup:

Please print these instructions out, or write them down, as you can't read them during the fix.

Firstly: go to -> Start -> Control Panel -> Add/Remove programs and uninstall the following entries if present:

ProSiteFinder
Jalmp
rdso
TBONAS
BestOffers


And anything else totally random.

Next..

==

Please copy the following text in the quotebox below to a blank Notepad file. Make sure the filetype is set to "All Files" and save it as Removeservice.bat. to your desktop.

@echo off
sc stop SvcProc
sc delete SvcProc


Double-click on Removeservice.bat. A window will pop up and close. This is normal.

==

Finally:

1. Please download The Avenger by Swandog46 to your Desktop.
  • Click on Avenger.zip to open the file
  • Extract Avenger.exe to your desktop.
2. Copy all the text in bold contained in the quotebox below to a blank notepad file:

Files to delete:
C:\WINDOWS\Nail.exe
C:\WINDOWS\dsr.dll
C:\WINDOWS\System32\ngkhc.dll
C:\WINDOWS\dinst.exe
C:\WINDOWS\System32\Dpilzs.exe
C:\WINDOWS\System32\rncsmc.exe
C:\WINDOWS\System32\r090405.Stub.exe
C:\windows\system32\elitegdz32.exe
C:\WINDOWS\System32\medgs1.exe
C:\WINDOWS\System32\rsrmfia.exe
C:\WINDOWS\System32\kernels64.exe
C:\WINDOWS\System32\r?gsvr32.exe
C:\WINDOWS\SYSTEM32\twinorag.exe
C:\WINDOWS\SYSTEM32\dwdsregt.exe
C:\WINDOWS\svcproc.exe

Folders to delete:
C:\PROGRA~1\Jalmp\
C:\Program Files\ProSiteFinder\
C:\Program Files\rdso\
C:\WINDOWS\System32\osrtce\
C:\WINDOWS\System32\nqeg\
C:\Program Files\TBONAS\
C:\WINDOWS\System32\nsvsvc\


Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


3. Now, start The Avenger program by clicking on its icon on your desktop.
  • Under "Script file to execute" choose "Input Script Manually".
  • Now click on the Magnifying Glass icon which will open a new window titled "View/edit script"
  • Paste the text copied to the notepad file into this window
  • Click Done
  • Now click on the Green Light to begin execution of the script
  • Answer "Yes" twice when prompted.
The Avenger will automatically do the following:
  • Restarts your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
  • On reboot, it briefly opens a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
5. Please copy/paste all the contents of avenger.txt into your reply along with a fresh HJT log by using AddReply. :flowers:
Hi there, stranger!

#15 Rickshaw Driver

Rickshaw Driver
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Location:Texas
  • Local time:10:50 PM

Posted 02 March 2006 - 01:51 PM

I had not restarted the computer yet. :thumbsup: Also, none of those programs showed up in Add/Remove programs.

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\bswplwla

*******************

Script file located at: \??\C:\Program Files\xjnpqmrb.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINDOWS\Nail.exe deleted successfully.
File C:\WINDOWS\dsr.dll deleted successfully.


File C:\WINDOWS\System32\ngkhc.dll not found!
Deletion of file C:\WINDOWS\System32\ngkhc.dll failed!

Could not process line:
C:\WINDOWS\System32\ngkhc.dll
Status: 0xc0000034



File C:\WINDOWS\dinst.exe not found!
Deletion of file C:\WINDOWS\dinst.exe failed!

Could not process line:
C:\WINDOWS\dinst.exe
Status: 0xc0000034



File C:\WINDOWS\System32\Dpilzs.exe not found!
Deletion of file C:\WINDOWS\System32\Dpilzs.exe failed!

Could not process line:
C:\WINDOWS\System32\Dpilzs.exe
Status: 0xc0000034



File C:\WINDOWS\System32\rncsmc.exe not found!
Deletion of file C:\WINDOWS\System32\rncsmc.exe failed!

Could not process line:
C:\WINDOWS\System32\rncsmc.exe
Status: 0xc0000034



File C:\WINDOWS\System32\r090405.Stub.exe not found!
Deletion of file C:\WINDOWS\System32\r090405.Stub.exe failed!

Could not process line:
C:\WINDOWS\System32\r090405.Stub.exe
Status: 0xc0000034



File C:\windows\system32\elitegdz32.exe not found!
Deletion of file C:\windows\system32\elitegdz32.exe failed!

Could not process line:
C:\windows\system32\elitegdz32.exe
Status: 0xc0000034



File C:\WINDOWS\System32\medgs1.exe not found!
Deletion of file C:\WINDOWS\System32\medgs1.exe failed!

Could not process line:
C:\WINDOWS\System32\medgs1.exe
Status: 0xc0000034



File C:\WINDOWS\System32\rsrmfia.exe not found!
Deletion of file C:\WINDOWS\System32\rsrmfia.exe failed!

Could not process line:
C:\WINDOWS\System32\rsrmfia.exe
Status: 0xc0000034



File C:\WINDOWS\System32\kernels64.exe not found!
Deletion of file C:\WINDOWS\System32\kernels64.exe failed!

Could not process line:
C:\WINDOWS\System32\kernels64.exe
Status: 0xc0000034



Could not open file C:\WINDOWS\System32\r?gsvr32.exe for deletion
Deletion of file C:\WINDOWS\System32\r?gsvr32.exe failed!

Could not process line:
C:\WINDOWS\System32\r?gsvr32.exe
Status: 0xc0000033

File C:\WINDOWS\SYSTEM32\twinorag.exe deleted successfully.


File C:\WINDOWS\SYSTEM32\dwdsregt.exe not found!
Deletion of file C:\WINDOWS\SYSTEM32\dwdsregt.exe failed!

Could not process line:
C:\WINDOWS\SYSTEM32\dwdsregt.exe
Status: 0xc0000034

File C:\WINDOWS\svcproc.exe deleted successfully.
Folder C:\PROGRA~1\Jalmp deleted successfully.


Folder C:\Program Files\ProSiteFinder not found!
Deletion of folder C:\Program Files\ProSiteFinder failed!

Could not process line:
C:\Program Files\ProSiteFinder
Status: 0xc0000034

Folder C:\Program Files\rdso deleted successfully.
Folder C:\WINDOWS\System32\osrtce deleted successfully.
Folder C:\WINDOWS\System32\nqeg deleted successfully.
Folder C:\Program Files\TBONAS deleted successfully.


Folder C:\WINDOWS\System32\nsvsvc not found!
Deletion of folder C:\WINDOWS\System32\nsvsvc failed!

Could not process line:
C:\WINDOWS\System32\nsvsvc
Status: 0xc0000034


Completed script processing.

*******************

Finished! Terminate.


Logfile of HijackThis v1.99.1
Scan saved at 12:50:45 PM, on 3/2/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell\AccessDirect\dadapp.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\System32\oyykwo.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Avenger\twinorag.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/DOCUME~1/MATTIE~1/LOCALS~1/Temp//promptZango.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R3 - URLSearchHook: (no name) - {415F1F5C-A194-A06A-92DF-858ADBABA9B9} - C:\WINDOWS\System32\ngkhc.dll (file missing)
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Band Class - {00F1D395-4744-40f0-A611-980F61AE2C59} - C:\WINDOWS\dsr.dll (file missing)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: (no name) - {415F1F5C-A194-A06A-92DF-858ADBABA9B9} - C:\WINDOWS\System32\ngkhc.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Encarta Web Companion Helper Object - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: BestOffers Shopping BHO - {F5DE8ADB-4A69-4e56-96AB-823171C8E9D8} - C:\Program Files\TBONAS\TBONlchr.dll (file missing)
O3 - Toolbar: Encarta Web Companion - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: BestOffers Shopping v1.20 - {7FD44536-9DF0-4034-939F-5BD4D98E3187} - C:\Program Files\TBONAS\TBONlchr.dll (file missing)
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [Dinst] C:\WINDOWS\dinst.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [xfnurhii] C:\WINDOWS\System32\osrtce\xfnurhii.exe
O4 - HKLM\..\Run: [ws9f3sO] ipvtoa.exe
O4 - HKLM\..\Run: [wgchsob] C:\WINDOWS\System32\nqeg\wgchsob.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [stratas] xmconfig.exe
O4 - HKLM\..\Run: [secure] C:\WINDOWS\System32\Dpilzs.exe
O4 - HKLM\..\Run: [rncsmc] C:\WINDOWS\System32\rncsmc.exe
O4 - HKLM\..\Run: [rmgmin] C:\WINDOWS\System32\r090405.Stub.exe
O4 - HKLM\..\Run: [ProSiteFinder] C:\Program Files\ProSiteFinder\prositefinder.exe
O4 - HKLM\..\Run: [Nsv] C:\WINDOWS\System32\nsvsvc\nsvsvc.exe
O4 - HKLM\..\Run: [netdriver] C:\windows\system32\elitegdz32.exe
O4 - HKLM\..\Run: [Microsoft Update Loaders 2006] winusersystem32.exe
O4 - HKLM\..\Run: [MedGS] C:\WINDOWS\System32\medgs1.exe
O4 - HKLM\..\Run: [Iomega Startup Options] C:\Program Files\Iomega\Common\ImgStart.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BrowserUpdateSched] C:\Avenger\twinorag.exe FI002
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [cgvxjg] C:\WINDOWS\System32\oyykwo.exe r
O4 - HKLM\..\RunServices: [SystemTools] C:\WINDOWS\System32\kernels64.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Aida] "C:\Program Files\rdso\eetu.exe" -vt yazb
O4 - HKCU\..\Run: [Vuajaq] C:\WINDOWS\System32\r?gsvr32.exe
O4 - Startup: Zeno.lnk = C:\Avenger\twinorag.exe
O4 - Startup: Z_Start.lnk = C:\WINDOWS\SYSTEM32\dwdsregt.exe
O4 - Global Startup: America Online 7.0 Tray Icon.lnk = C:\Program Files\America Online 7.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: Personal Coach.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O16 - DPF: {11111111-1111-1111-1111-222222222222} - ms-its:mhtml:file://d:\foo.mht!http://www.software.topinstalls.com/mep/files/spl/jpg+chm//x.chm::/open.exe
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1135801285411
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://eu-housecall.trendmicro-europe.com/...ivex/hcImpl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/as...rl/SymAData.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://download.games.yahoo.com/games/web_...outLauncher.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O18 - Filter: text/html - {2F6E85DC-8D2D-4896-8A4F-7DF8A7B1749D} - C:\PROGRA~1\Jalmp\jalmp.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IomegaAccess - Iomega Corporation - C:\WINDOWS\System32\IomegaAccess.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users