Two files I just can't get rid of (kennyg123)[appears resolved]

Comments

• Trogan London, UK

  July 2006 edited July 2006

  Hi kennyg123,
  
  Can you do the following:
  

  • Please go to Jotti's malware scan
  • Copy and paste the following file path into the "File to upload & scan" box on the top of the page:
  • C:\WINDOWS\system32\rpgqnc.exe
  • Click on the submit button
  • Please post the results in your next reply.

  
  Do the same for the following file:
  C:\WINDOWS\system32\vryppc.exe

  0
• kennyg123 Ohio

  July 2006 edited July 2006

  Hello!
  
  Thanks for the response. When I entered the files into the site, this is all it told me.
  
  The file you uploaded is 0 bytes. It is very likely a firewall or a piece of malware is prohibiting you from uploading this file
  
  Not sure if that helps or not. :/

  0
• Trogan London, UK

  July 2006 edited July 2006

  Do you recognise this program?
  O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Browser MOUSE\mouse32a.exe
  
  Can you have these two files scanned here: www.virustotal.com
  C:\WINDOWS\system32\rpgqnc.exe
  C:\WINDOWS\system32\vryppc.exe
  
  If so, please post the results.
  
  Let me know how it goes.

  0
• kennyg123 Ohio

  July 2006 edited July 2006

  Hello!
  
  Thanks for the quick feedback!
  
  Here's my results:
  
  Complete scanning result of "rpgqnc.exe", received in VirusTotal at 07.22.2006, 04:16:44 (CET).
  
  Antivirus Version Update Result
  AntiVir n - no virus found
  Authentium n - no virus found
  Avast n - no virus found
  AVG n - no virus found
  BitDefender n - no virus found
  CAT-QuickHeal n - no virus found
  ClamAV n - no virus found
  DrWeb n - no virus found
  eTrust-InoculateIT n - no virus found
  eTrust-Vet n - no virus found
  Ewido n - no virus found
  Fortinet n - no virus found
  F-Prot n - no virus found
  F-Prot4 n - no virus found
  Ikarus n - no virus found
  Kaspersky n - no virus found
  McAfee n - no virus found
  Microsoft n - no virus found
  NOD32v2 n - no virus found
  Norman n - no virus found
  Panda n - no virus found
  Sophos n - no virus found
  Symantec n - no virus found
  TheHacker n - no virus found
  UNA n - no virus found
  VBA32 n - no virus found
  VirusBuster n - no virus found
  
  Complete scanning result of "vryppc.exe", received in VirusTotal at 07.22.2006, 04:18:50 (CET).
  
  Antivirus Version Update Result
  AntiVir n - no virus found
  Authentium n - no virus found
  Avast n - no virus found
  AVG n - no virus found
  BitDefender n - no virus found
  CAT-QuickHeal n - no virus found
  ClamAV n - no virus found
  DrWeb n - no virus found
  eTrust-InoculateIT n - no virus found
  eTrust-Vet n - no virus found
  Ewido n - no virus found
  Fortinet n - no virus found
  F-Prot n - no virus found
  F-Prot4 n - no virus found
  Ikarus n - no virus found
  Kaspersky n - no virus found
  McAfee n - no virus found
  Microsoft n - no virus found
  NOD32v2 n - no virus found
  Norman n - no virus found
  Panda n - no virus found
  Sophos n - no virus found
  Symantec n - no virus found
  TheHacker n - no virus found
  UNA n - no virus found
  VBA32 n - no virus found
  VirusBuster n - no virus found

  0
• kennyg123 Ohio

  July 2006 edited July 2006

  Trogan_1000 wrote:

  Do you recognise this program?
  O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Browser MOUSE\mouse32a.exe

  
  I think that might be my mouse program, not 100% sure on that one.

  0
• Trogan London, UK

  July 2006 edited July 2006

  I'm surprised the scans came back clean. I don't think they are legit as I do not have them on my pc. Can you do the following please:
  
  1. Go to both the files in question
  2. For both files, right click and then go to Properties.
  3. Then go to the Version tab to see what company name it's from.
  4. Tell me what is written or if they it blank.

  0
• kennyg123 Ohio

  July 2006 edited July 2006

  Well, I tried what you said in Properties, and there wasn't a version tab to click on. I looked through all the tabs though, and couldn't find a buisness name, etc.
  
  But everytime I tried to click on it, my anti-virus kept giving me warnings.
  
  So either my anti-virus is wrong, or these two files are fishy.
  
  By the way, thanks a bunch for the quick responses and help

  0
• Trogan London, UK

  July 2006 edited July 2006

  No problem! What is Trend Micro warning?
  
  I do believe the files are not legit, so I'm thinking of destroying them.

  0
• kennyg123 Ohio

  July 2006 edited July 2006

  Here's what Trend-Micro is warning me with everytime these files are scanned:
  
  
  Trend Micro PC-cillin Internet Security Notification
  
  Real-time Scan
  Trend Micro PC-cillin Internet Security has detected a virus, spyware application, or other Internet threat, and performed the action specified.
  
  Infected file: C:\WINDOWS\system32\vryppc.exe
  Virus name: ADW_ADSTART.D
  User name: Owner
  Scan action result: Denied Access.
  
  Note: If Search for and clean Trojans is enabled and is executed after scanning, you can click Next to view final scan result information.
  
  Hope this helps

  0
• Trogan London, UK

  July 2006 edited July 2006

  OK! Its late here and I've got to go. I'l check back later but for now, can you do the following:
  
  Please download Ewido to your Desktop or to your usual Download Folder.
  http://www.ewido.net/en/download/

  • Install Ewido by double clicking the installer.
  • Follow the prompts. Make sure that Launch Ewido is checked.
  • On the main screen under Your Computer's security.
    • Click on Change state next to Resident shield. It should now change to inactive.
    • Next to Last Update, click on Update now. (You will need an active internet connection to perform this)
    • Wait until you see the Update succesfull message.
      Note: If the Update now option is grayed out, follow the steps below.
      • Click on Update on the toolbar.
      • Under Manual update, click on the Start Update button.
      • Wait until you see the Update succesfull message.
  • Right-click the Ewido Tray Icon and select Exit. Confirm by clicking Yes.

  If you are having problems with the updater, you can use this link to manually update ewido.
  Ewido manual updates.
  Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that Ewido is closed before installing the update.
  
  Reboot your computer in Safe Mode.

  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.

  Once in Safe Mode:
  
  Close ALL open Windows / Programs / Folders. Please start Ewido and run a full scan.

  • Click on Scanner on the toolbar.
  • Click on the Settings tab.
    • Under How to act?
      • Click on Recommended Action and choose Quarantine from the popup menu.
    • Under How to scan?
      • All checkboxes should be ticked.
    • Under Possibly unwanted software:
      • All checkboxes should be ticked.
    • Under Reports:
      • Select Automatically generate report after every scan and uncheck Only if threats were found.
    • Under What to scan?
      • Select Scan every file.
  • Click on the Scan tab.
  • Click on Complete System Scan to start the scan process.
  • Let the program scan the machine.
  • When the scan has finished, follow the instructions below.
    IMPORTANT : Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button.
    • Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
    • At the bottom of the window click on the Apply all Actions button. (3)
      
  • When done, click the Save Scan Report button.
    • Click the Save Report as button.
    • Save the report to your Desktop.
  • Right-click the Ewido Tray Icon and select Exit. Confirm by clicking Yes.

  Reboot in Normal Mode, and post a new HJT log, along with the Ewido log.

  0
• kennyg123 Ohio

  July 2006 edited July 2006

  Hello!
  
  Well I did everything according to what you said, and let me just say I think ewido is amazing! I think I may purchase it, definently seems worth it.
  
  Anywho, here's my ewido log:
  
  

  ---

  ewido anti-spyware - Scan Report

  ---

  
  + Created at: 1:00:34 AM 7/22/2006
  
  + Scan result:
  
  
  
  C:\WINDOWS\system32\rpgqnc.exe -> Adware.Adstart : Cleaned with backup (quarantined).
  C:\WINDOWS\system32\rpgqnf.exe -> Adware.Adstart : Cleaned with backup (quarantined).
  C:\WINDOWS\system32\vryppc.exe -> Adware.Adstart : Cleaned with backup (quarantined).
  C:\WINDOWS\system32\vryppf.exe -> Adware.Adstart : Cleaned with backup (quarantined).
  HKLM\SOFTWARE\Classes\AdultBar.AdultBar -> Adware.Adultlinks : Cleaned with backup (quarantined).
  HKLM\SOFTWARE\Classes\AdultBar.AdultBar.1 -> Adware.Adultlinks : Cleaned with backup (quarantined).
  HKLM\SOFTWARE\Classes\AdultBar.AdultBar\CLSID -> Adware.Adultlinks : Cleaned with backup (quarantined).
  HKLM\SOFTWARE\Classes\AdultBar.AdultBar\CurVer -> Adware.Adultlinks : Cleaned with backup (quarantined).
  HKLM\SOFTWARE\Classes\AdultSearch.AdultSearch -> Adware.Adultlinks : Cleaned with backup (quarantined).
  HKLM\SOFTWARE\Classes\AdultSearch.AdultSearch.1 -> Adware.Adultlinks : Cleaned with backup (quarantined).
  HKLM\SOFTWARE\Classes\AdultSearch.AdultSearch\CLSID -> Adware.Adultlinks : Cleaned with backup (quarantined).
  HKLM\SOFTWARE\Classes\AdultSearch.AdultSearch\CurVer -> Adware.Adultlinks : Cleaned with backup (quarantined).
  C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll -> Adware.Aws : Cleaned with backup (quarantined).
  C:\WINDOWS\system32\BO2802040113.dll -> Adware.BargainBuddy : Cleaned with backup (quarantined).
  C:\WINDOWS\system32\mbbi8016.dll -> Adware.BargainBuddy : Cleaned with backup (quarantined).
  HKLM\SOFTWARE\Classes\CLSID\{0B480D7D-6240-7BB5-B32C-EE5F2407D9D8} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
  HKLM\SOFTWARE\Classes\CLSID\{0B9BEF6F-48A7-B4E4-9373-E344FC57DCEA} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
  HKLM\SOFTWARE\Classes\CLSID\{0E46226E-58AC-86F9-3C08-F58EAC8AF33D} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
  HKLM\SOFTWARE\Classes\CLSID\{0F313BDA-32FB-0649-F293-33716F75BAB9} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
  HKLM\SOFTWARE\Classes\CLSID\{0FB0923E-A1A6-3424-9851-3C3801EB6314} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
  HKLM\SOFTWARE\Classes\CLSID\{17FC9316-ACBE-AA3F-035A-3BB311460311} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
  HKLM\SOFTWARE\Classes\CLSID\{204CEE91-68E8-3EC3-ABB5-0CD9AEC0AA78} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
  HKLM\SOFTWARE\Classes\CLSID\{21F754C6-704E-BE2C-92E2-876F53B085E4} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
  HKLM\SOFTWARE\Classes\CLSID\{24F033BB-9F8E-21C4-6CA2-B17FBA5C124E} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
  HKLM\SOFTWARE\Classes\CLSID\{255C680E-EE44-9B93-ED72-6344AA27F1B0} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
  HKLM\SOFTWARE\Classes\CLSID\{29FC50FD-5BCC-28F1-86F9-4041A3EB87A0} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
  HKLM\SOFTWARE\Classes\CLSID\{2AA0D77D-C8A5-66CE-BC1B-8F3AAE9652B5} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
  HKLM\SOFTWARE\Classes\CLSID\{2CF3F7AD-CB85-FA6A-FA52-E649A865235B} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
  HKLM\SOFTWARE\Classes\CLSID\{31504A42-7F23-2B60-97E8-0A7435E36855} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
  HKLM\SOFTWARE\Classes\CLSID\{3411D016-D625-CFE9-E364-68E7CE563CE6} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
  HKLM\SOFTWARE\Classes\CLSID\{34594EF1-CE58-7AA1-A505-4C0DA46EDB2B} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
  HKLM\SOFTWARE\Classes\CLSID\{3595C207-5961-E10F-1D19-76E881A3A1A3} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
  HKLM\SOFTWARE\Classes\CLSID\{393086F8-8C8A-1DEE-A3F6-675E8A4AA231} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
  HKLM\SOFTWARE\Classes\CLSID\{39652FC9-57E8-9F1F-F728-8F55D9E5F49F} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
  HKLM\SOFTWARE\Classes\CLSID\{430C166C-49CE-19E8-CF15-95AB6EE7E7CE} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
  HKLM\SOFTWARE\Classes\CLSID\{4381A214-29A9-FAB0-64CC-8F09B10D492E} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
  HKLM\SOFTWARE\Classes\CLSID\{45736553-04ED-49CB-04D0-785B325B6E17} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
  HKLM\SOFTWARE\Classes\CLSID\{461F4B57-9FCB-C46E-95A1-13F3B51F1C8B} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
  HKLM\SOFTWARE\Classes\CLSID\{484906C5-5673-80DC-0AC6-EE6009066FA7} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
  HKLM\SOFTWARE\Classes\CLSID\{4C928477-3A6D-F1DD-A78A-1F75F7C46F82} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
  HKLM\SOFTWARE\Classes\CLSID\{4E08BE38-D4B4-A5CF-2262-2FA489C00DD6} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
  HKLM\SOFTWARE\Classes\CLSID\{58C69C3C-513A-77CF-F3C1-211970B62914} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
  HKLM\SOFTWARE\Classes\CLSID\{597A992E-DA16-8D00-4005-2D68DF9AD305} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
  HKLM\SOFTWARE\Classes\CLSID\{5DF68014-8E92-E1A6-CEC5-71F4FC741A18} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
  HKLM\SOFTWARE\Classes\CLSID\{5F2480E5-41C5-F1D2-7B6F-5DF83C9B61F6} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
  HKLM\SOFTWARE\Classes\CLSID\{62ADEB62-FF97-1F48-A5D0-543177178FB0} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
  HKLM\SOFTWARE\Classes\CLSID\{646D843D-7CDF-78F8-2D9D-391E871C2089} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
  HKLM\SOFTWARE\Classes\CLSID\{64C0A8DE-DF46-C97F-4EF2-6F7743228B03} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
  HKLM\SOFTWARE\Classes\CLSID\{68F79F99-75BB-3696-AC11-DC7D8241232E} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
  HKLM\SOFTWARE\Classes\CLSID\{6F839401-73C6-491F-12E1-322A9B568C20} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
  HKLM\SOFTWARE\Classes\CLSID\{7B91F2F8-A5DA-B07D-3C3A-9622872C3AEB} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
  HKLM\SOFTWARE\Classes\CLSID\{7C3EAF4B-D99D-9B30-7B6D-B2D78C7E35AC} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
  HKLM\SOFTWARE\Classes\CLSID\{7CE5DA5D-F491-C0B6-884D-D9D4A9E4C7E4} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
  HKLM\SOFTWARE\Classes\CLSID\{7E1181D1-3C72-2402-8167-9DC0FB9A9570} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
  HKLM\SOFTWARE\Classes\CLSID\{8005338C-F6C8-1567-B7F1-510AA773BCF3} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
  HKLM\SOFTWARE\Classes\CLSID\{80E8CD34-35DC-961E-EADE-11A17381D170} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
  HKLM\SOFTWARE\Classes\CLSID\{850AB9B1-1258-DE09-759D-A5B88E566256} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
  HKLM\SOFTWARE\Classes\CLSID\{88B9E4D2-1DFD-E365-CABB-E7124F455F33} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
  HKLM\SOFTWARE\Classes\CLSID\{8B11A8F2-7C5F-436A-07E5-29E3A4B58F85} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
  HKLM\SOFTWARE\Classes\CLSID\{8B818713-3A0C-4B60-78A0-D1C38B1E7C16} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
  HKLM\SOFTWARE\Classes\CLSID\{932D21BB-436A-AA18-7EFE-9D87C425742E} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
  HKLM\SOFTWARE\Classes\CLSID\{9599FA72-449A-32E4-49DA-E9481AF3FDF6} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
  HKLM\SOFTWARE\Classes\CLSID\{9A711BC8-2FF4-DE0B-C3F4-C19853966F9A} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
  HKLM\SOFTWARE\Classes\CLSID\{9C53B9C2-DA43-9FE8-1CA5-21E8B34F522A} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
  HKLM\SOFTWARE\Classes\CLSID\{9D6F8033-B7CC-014B-B088-D3E8AFEADC87} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
  HKLM\SOFTWARE\Classes\CLSID\{9FA51816-BD9F-7A8E-1737-44978508516A} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
  HKLM\SOFTWARE\Classes\CLSID\{A0FC711E-2AC4-5B52-9D75-90B797E38DED} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
  HKLM\SOFTWARE\Classes\CLSID\{A2337148-F8E7-66F7-594B-BE08A4270C1B} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
  HKLM\SOFTWARE\Classes\CLSID\{A3E8BBF8-81F7-DEB8-824C-AF76F0A72CC3} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
  HKLM\SOFTWARE\Classes\CLSID\{A5365394-C0D5-0936-EEBA-1BEC0A99D851} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
  HKLM\SOFTWARE\Classes\CLSID\{A63C74F8-0DBF-3CFE-27F1-83B90588A4CF} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
  HKLM\SOFTWARE\Classes\CLSID\{A89630A0-A2FA-322C-0FBE-630AC13A1A75} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
  HKLM\SOFTWARE\Classes\CLSID\{ABB1F3FE-0E46-961D-2C61-119316FBD320} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
  HKLM\SOFTWARE\Classes\CLSID\{AF0E6521-11D3-E910-5998-4ABEE4595D36} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
  HKLM\SOFTWARE\Classes\CLSID\{B7D83F45-8F8F-FC34-07CB-44D764802089} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
  HKLM\SOFTWARE\Classes\CLSID\{BB1F6A0B-2603-715E-4A5E-41C927C21F83} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
  HKLM\SOFTWARE\Classes\CLSID\{C2CC8C69-26FA-283B-9B58-82880E96105F} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
  HKLM\SOFTWARE\Classes\CLSID\{C7D694A6-A289-DECF-ABB2-E43C2010FD00} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
  HKLM\SOFTWARE\Classes\CLSID\{C8C44980-CEA0-205E-BE11-2658D6285E34} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
  HKLM\SOFTWARE\Classes\CLSID\{CBB588BB-0585-183D-FBBE-2C164529D830} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
  HKLM\SOFTWARE\Classes\CLSID\{CF295B84-1F3D-A13C-944E-90632373707E} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
  HKLM\SOFTWARE\Classes\CLSID\{D3086B2A-B4F9-BDB1-7B86-AF5F1A488219} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
  HKLM\SOFTWARE\Classes\CLSID\{D6F96C8F-4512-A517-5DA8-FB1C35C3D1C0} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
  HKLM\SOFTWARE\Classes\CLSID\{DB4D6993-58C5-6B05-2F5F-E1175D9C2011} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
  HKLM\SOFTWARE\Classes\CLSID\{E92FEBA8-E69D-A240-4CB7-26F77F353A3E} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
  HKLM\SOFTWARE\Classes\CLSID\{EE65FB9C-280C-02E2-8454-DC71DD55F204} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
  HKLM\SOFTWARE\Classes\CLSID\{F1958729-D80B-3491-4510-FCB85144EE36} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
  HKLM\SOFTWARE\Classes\CLSID\{F5374656-DF77-321F-8DF8-5AC3BC97C172} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
  HKLM\SOFTWARE\Classes\CLSID\{FEB759AF-0344-33C1-9B59-C5DB1E7E371F} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
  HKLM\SOFTWARE\PerfectNav -> Adware.KeenValue : Cleaned with backup (quarantined).
  C:\WINDOWS\system32\BO2802040128.exe -> Adware.VirtualBouncer : Cleaned with backup (quarantined).
  C:\WINDOWS\msoffice.ini:ikxve -> Downloader.Agent.al : Cleaned with backup (quarantined).
  C:\WINDOWS\DtcInstall.log:aqxka -> Downloader.Agent.an : Cleaned with backup (quarantined).
  C:\WINDOWS\fiz2:vrzvl -> Downloader.Agent.an : Cleaned with backup (quarantined).
  C:\WINDOWS\hpbvspst.his:ejnnl -> Downloader.Agent.an : Cleaned with backup (quarantined).
  C:\WINDOWS\orun32.isu:hvfxp -> Downloader.Agent.an : Cleaned with backup (quarantined).
  C:\WINDOWS\setuperr.log:uktfg -> Downloader.Agent.an : Cleaned with backup (quarantined).
  C:\WINDOWS\FaxSetup.log:fctgq -> Downloader.Agent.ap : Cleaned with backup (quarantined).
  C:\WINDOWS\QUICKEN.INI:adgjp -> Downloader.Agent.ap : Cleaned with backup (quarantined).
  C:\WINDOWS\$NtUninstallKB896358$\hh.exe:jbuni -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\$NtUninstallKB896358$\hh.exe:ncvvw -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\Blue Lace 16.bmp:ayyrz -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\Blue Lace 16.bmp:uawoj -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\COM+.log:iciqi -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\COM+.log:tmedn -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\Coffee Bean.bmp:rhjdc -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\Coffee Bean.bmp:uieun -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\Coffee Bean.bmp:xeajj -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\Coffee Bean.bmp:ypqqa -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\DHCPUPG.LOG:djbly -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\DHCPUPG.LOG:mpblt -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\DirectX.log:hhauy -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\EReg104.dat:hkvqf -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\EReg104.dat:korit -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\FaxSetup.log:ifxtg -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\FaxSetup.log:njosu -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\FeatherTexture.bmp:zkymc -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\Gone Fishing.bmp:dsiwg -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\Gone Fishing.bmp:ikqcl -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\Gone Fishing.bmp:rnwyv -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\Greenstone.bmp:djcqu -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\Greenstone.bmp:yichn -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\IE4 Error Log.txt:mgpty -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\INI1=No:lihzg -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\IsUninst.exe:ybpys -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\KB823980.log:cwgbl -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\KB823980.log:nhbir -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\KB828035.log:xemve -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\ODBC.INI:eljnn -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\ODBC.INI:kbarp -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\ODBC.INI:wyamm -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\ODBC.INI:xdaog -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\OEWABLog.txt:cbswj -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\OEWABLog.txt:qetuj -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\Q331958.log:hcnev -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\Q331958.log:porgf -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\Q331958.log:qocuf -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\Q331958.log:uumfk -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\Q810243.log:qfghj -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\REGLOCS.OLD:iljbx -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\REGLOCS.OLD:kbveg -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\Rhododendron.bmp:chiof -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\Rhododendron.bmp:epgds -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\River Sumida.bmp:cithu -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\River Sumida.bmp:vatth -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\Santa Fe Stucco.bmp:rgrli -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\Santa Fe Stucco.bmp:yahmj -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\Santa Fe Stucco.bmp:ynfch -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\SchedLgU.Txt:uadmo -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\Soap Bubbles.bmp:aaenx -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\Soap Bubbles.bmp:emchg -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\Sti_Trace.log:sgazh -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\TASKMAN.EXE:xbilm -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\UPGRADE.TXT:xtpal -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\WINNT32.LOG:nvjrd -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\WINNT32.LOG:tnewh -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\WMSysPrx.prx:mkvop -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\Winamp.ini:cqmhx -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\Winamp.ini:gjymh -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\Winamp.ini:gvsti -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\Windows Update.log:uremr -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\Windows Update.log:ywkyk -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\WindowsUpdate.log:lgikc -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\WindowsUpdate.log:taobn -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\WindowsUpdate.log:zangx -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\Zapotec.bmp:eqqzr -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\Zapotec.bmp:prayj -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\_default.pif:aktxf -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\_default.pif:odkrm -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\aolback.exe.lnk:whxsj -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\aolback.exe.lnk:zwzpz -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\appcn32.dll:rouus -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\b2_t_DAVE+MATTHEWS+%26+FRIENDS+MP3&673.xml:huwbc -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\b2_t_DAVE+MATTHEWS+%26+FRIENDS+MP3&673.xml:oylpf -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\b2_t_DAVE+MATTHEWS+AND+FRIENDS+MP3&812.xml:adioc -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\b2_t_DAVE+MATTHEWS+AND+FRIENDS+MP3&812.xml:xbhtn -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\b2_t_FLAVOR+CUM&903.xml:zlldr -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\b2_t_MAKE+STOMACH+STRONGER&53.xml:furdv -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\b2_t_MAKE+STOMACH+STRONGER&53.xml:pbrhp -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\b2_t_MAKE+STOMACH+STRONGER&53.xml:tdscw -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\b2_t_MARTIAN+LUTHER+%28REFORMATION%29&936.xml:hpzqs -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\b2_t_MARTIAN+LUTHER+%28REFORMATION%29&936.xml:qhwva -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\b2_t_NINTENDO+MIDI+MP3&338.xml:okems -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\b2_t_NINTENDO+MIDI+MP3&338.xml:rldqt -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\b2_t_STAYING+FIT+IN+THE+SUMMER&330.xml:iouue -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\b2_t_TERIOCHI&962.xml:ihpau -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\b2_t_THE+JUDDS+GRANDPA+TABS&266.xml:glwzu -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\b2_t_THE+JUDDS+GRANDPA+TABS&266.xml:lshue -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\b2_t_THE+JUDDS+GRANDPA+TABS&266.xml:pckjk -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\b2_t_THE+JUDDS+GRANDPA+TABS&956.xml:corfk -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\b2_t_THE+JUDDS+GRANDPA+TABS&956.xml:uxnrp -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\b2_t_THE+JUDDS+GRANDPA+TABS&956.xml:yxrfe -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\b2_t_WORKOUT+ROUTINES&443.xml:dtazh -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\bootstat.dat:dascn -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\bootstat.dat:kuahq -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\bootstat.dat:owubb -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\bootstat.dat:vupxw -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\cdplayer.ini:aiawr -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\cdplayer.ini:cbshi -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\cdplayer.ini:narlz -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\comsetup.log:nyabh -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\comsetup.log:vlkol -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\control.ini:ejxai -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\control.ini:gezbc -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\control.ini:qfkod -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\control.ini:qqieu -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\crsx.dll:bbvjt -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\crsx.dll:dommo -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\crsx.dll:gzxwp -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\crsx.dll:ozucf -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\crsx.dll:vsiox -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\d3dx.dat:uiemr -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\dasetup.log:fjucy -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\dasetup.log:liqfe -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\dasetup.log:oqqzt -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\desktop.ini:dxxqm -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\desktop.ini:fngkz -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\desktop.ini:fsowb -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\desktop.ini:vbipy -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\dirsaver.ini:gqjev -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\dirsaver.ini:vxpvg -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\dirsaver.ini:xoqxb -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\dirsaver.ini:ytgjv -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\explorer.exe:fvgdo -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\fiz2:gbrev -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\glophone.exe:dshlr -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\gscr.dll:aljpg -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\gscr.dll:jnpdp -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\hpbvspst.ini:soazv -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\hpdj3500.his:ngxfy -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\hpdj3500.his:qfwcm -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\hpdj3500.ini:clqab -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\hpdj3500.ini:jrscp -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\hphmdl11.dat:iypph -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\ieur32.dll:jkctr -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\ifwb.exe.tmp:dfmre -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\ifwb.exe.tmp:jkahk -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\iis6.log:ckmht -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\iis6.log:wmggn -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\iis6.log:yfjru -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\intuprof.ini:uouzh -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\intuprof.ini:ypgmo -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\landing.html:kblji -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\landing.html:zdxqp -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\lbbho.dll:hdxmd -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\lbbho.dll:ndvzm -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\lbbho.dll:pzngx -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\lbbho.dll:savwi -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\lbbho.dll:xqqwp -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\lbbho.ini:kzrtv -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\lbbho.ini:zhocu -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\mm_saver.exe:aevgu -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\mm_saver.exe:fwbwy -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\mm_saver.prv:ccjfh -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\mm_saver.prv:flelh -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\mm_saver.prv:ntowf -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\mm_saver.scr:xkazt -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\mm_saver.scr:yfsjc -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\msdfmap.ini:pdtmv -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\msgsocm.log:nduye -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\mslog.tmp:jgecy -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\mslog.tmp:ssfhi -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\msoffice.ini:eadvk -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\msoffice.ini:nhiqv -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\mxtarget.ini:bvnwg -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\mxtarget.ini:ogpfe -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\mxtarget.ini:picga -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\mxtarget.ini:ztlrq -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\nsreg.dat:ezouy -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\ntdtcsetup.log:bdpat -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\ocgen.log:emtkm -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\ocgen.log:fxuui -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\ocgen.log:rrrlz -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\ocmsn.log:guwax -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\ocmsn.log:pvoqx -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\orun32.isu:ygxpo -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\q329256.log:xcovi -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\q329256.log:ydaay -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\regedit.exe:lpnxq -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\regopt.log:quyhg -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\regopt.log:ucjvi -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\regopt.log:xvakp -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\ring.wav:nonvh -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\ringback.wav:mccbc -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\sdkcs32.dll:qophj -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\sdkcs32.dll:rfhqt -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\sdkcs32.dll:xizsl -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\sessmgr.setup.log:nyevs -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\sessmgr.setup.log:yzzuv -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\setupact.log:kbggi -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\setuperr.log:eaots -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\setuperr.log:kusox -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\setuperr.log:qarhx -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\setuplog.txt:dvlup -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\setuplog.txt:iamiv -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\smscfg.ini:dvlta -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\smscfg.ini:fiydk -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\smscfg.ini:fketi -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\smscfg.ini:kokvh -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\smscfg.ini:xbzzu -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\system.ini:cxxfo -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\system.ini:lgkej -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\tmpcpyis.bat:nzatg -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\tmpcpyis.bat:vludd -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\tmpcpyis.bat:wzplo -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\tmpdelis.bat:maart -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\tmpdelis.bat:ouffa -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\tmpdelis.bat:rlacf -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\tsoc.log:gzsyi -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\tsoc.log:nmnqy -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\tsoc.log:tvyac -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\twain.dll:fbsxn -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\twain.dll:vxqlq -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\twain_32.dll:fxrio -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\twain_32.dll:ioivd -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\twain_32.dll:kwidj -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\twain_32.dll:xkfgj -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\twunk_16.exe:eiwxx -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\twunk_16.exe:jmadw -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\vb.ini:omciv -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\vb.ini:qjawc -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\vbaddin.ini:atgvz -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\vbaddin.ini:tnqvw -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\vmmreg32.dll:nwjbk -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\voiceglo.ico:bjetm -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\voiceglo.ico:irgue -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\wiaservc.log:fknoo -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\wiaservc.log:xcnle -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\win.ini:csjqm -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\winampa.ini:ekqyy -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\winhelp.exe:ivmul -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\winhelp.exe:ktyyg -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\winhelp.exe:nqsgb -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\winhlp32.exe:jgstu -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\winnt.bmp:elmtw -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\winnt.bmp:voygh -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\winnt.bmp:xiebh -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\winnt.bmp:xxpld -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\winnt256.bmp:rxiqm -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\winstart.bat:dpezx -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\winstart.bat:opqmk -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\winstart.bat:qrvrx -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\winwh.dll:oxplf -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\winwh.dll:zootn -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\wsdu.log:gfrri -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\wsdu.log:pvkql -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\wsdu.log:yfvgr -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\xpsp1hfm.log:iebhe -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\Rhododendron.bmp:vbfja -> Downloader.Agent.cd : Cleaned with backup (quarantined).
  C:\WINDOWS\desktop.ini:xjmis -> Downloader.Agent.cd : Cleaned with backup (quarantined).
  C:\WINDOWS\hpdj3500.his:kgkxg -> Downloader.Agent.cd : Cleaned with backup (quarantined).
  C:\WINDOWS\lbbho.ini:falpu -> Downloader.Agent.cd : Cleaned with backup (quarantined).
  C:\WINDOWS\DirectX.log:pubho -> Downloader.WinShow.ak : Cleaned with backup (quarantined).
  C:\WINDOWS\FaxSetup.log:qaase -> Downloader.WinShow.ak : Cleaned with backup (quarantined).
  C:\WINDOWS\Q327979.log:uirzn -> Downloader.WinShow.ak : Cleaned with backup (quarantined).
  C:\WINDOWS\QUICKEN.INI:ssahj -> Downloader.WinShow.ak : Cleaned with backup (quarantined).
  C:\WINDOWS\REGLOCS.OLD:xlavx -> Downloader.WinShow.ak : Cleaned with backup (quarantined).
  C:\WINDOWS\Sti_Trace.log:itiuk -> Downloader.WinShow.ak : Cleaned with backup (quarantined).
  C:\WINDOWS\appcn32.dll:xjrpk -> Downloader.WinShow.ak : Cleaned with backup (quarantined).
  C:\WINDOWS\b2_t_DAVE+MATTHEWS+OH+ACOUSTIC&767.xml:zkgrs -> Downloader.WinShow.ak : Cleaned with backup (quarantined).
  C:\WINDOWS\b2_t_MARTIAN+LUTHER+%28REFORMATION%29&936.xml:ugivw -> Downloader.WinShow.ak : Cleaned with backup (quarantined).
  C:\WINDOWS\b2_t_MARTIAN+LUTHER+%28REFORMATION%29&936.xml:xigsb -> Downloader.WinShow.ak : Cleaned with backup (quarantined).
  C:\WINDOWS\b2_t_NINTENDO+MIDI+MP3&338.xml:yluwd -> Downloader.WinShow.ak : Cleaned with backup (quarantined).
  C:\WINDOWS\b2_t_THE+JUDDS+GRANDPA+TABS&911.xml:vbfty -> Downloader.WinShow.ak : Cleaned with backup (quarantined).
  C:\WINDOWS\b2_t_THE+JUDDS+GRANDPA+TABS&956.xml:qaqqd -> Downloader.WinShow.ak : Cleaned with backup (quarantined).
  C:\WINDOWS\comsetup.log:wcjvn -> Downloader.WinShow.ak : Cleaned with backup (quarantined).
  C:\WINDOWS\dmi.ini:mcemk -> Downloader.WinShow.ak : Cleaned with backup (quarantined).
  C:\WINDOWS\dmi.ini:qkwja -> Downloader.WinShow.ak : Cleaned with backup (quarantined).
  C:\WINDOWS\gscr.dll:vbdrz -> Downloader.WinShow.ak : Cleaned with backup (quarantined).
  C:\WINDOWS\hpbvspst.ini:ntqma -> Downloader.WinShow.ak : Cleaned with backup (quarantined).
  C:\WINDOWS\hpdj3500.ini:ebyjw -> Downloader.WinShow.ak : Cleaned with backup (quarantined).
  C:\WINDOWS\hphmdl11.dat:fxjak -> Downloader.WinShow.ak : Cleaned with backup (quarantined).
  C:\WINDOWS\iaxclient.dll:rwwbz -> Downloader.WinShow.ak : Cleaned with backup (quarantined).
  C:\WINDOWS\iis6.log:hrssz -> Downloader.WinShow.ak : Cleaned with backup (quarantined).
  C:\WINDOWS\lbbho.dll:shhjs -> Downloader.WinShow.ak : Cleaned with backup (quarantined).
  C:\WINDOWS\mfcwg.dll:uorrk -> Downloader.WinShow.ak : Cleaned with backup (quarantined).
  C:\WINDOWS\msgsocm.log:kfkkk -> Downloader.WinShow.ak : Cleaned with backup (quarantined).
  C:\WINDOWS\q329256.log:djsgt -> Downloader.WinShow.ak : Cleaned with backup (quarantined).
  C:\WINDOWS\sdkcs32.dll:bcvsa -> Downloader.WinShow.ak : Cleaned with backup (quarantined).
  C:\WINDOWS\setupact.log:fbjlk -> Downloader.WinShow.ak : Cleaned with backup (quarantined).
  C:\WINDOWS\setuplog.txt:ggesk -> Downloader.WinShow.ak : Cleaned with backup (quarantined).
  C:\WINDOWS\twunk_16.exe:jrskm -> Downloader.WinShow.ak : Cleaned with backup (quarantined).
  C:\WINDOWS\vmmreg32.dll:bjqwb -> Downloader.WinShow.ak : Cleaned with backup (quarantined).
  C:\WINDOWS\voiceglo.ico:zcrvw -> Downloader.WinShow.ak : Cleaned with backup (quarantined).
  C:\WINDOWS\winstart.bat:anwpb -> Downloader.WinShow.ak : Cleaned with backup (quarantined).
  :mozilla.45:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\zvh00y0l.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
  :mozilla.46:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\zvh00y0l.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
  :mozilla.47:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\zvh00y0l.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
  :mozilla.48:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\zvh00y0l.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
  :mozilla.49:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\zvh00y0l.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
  :mozilla.34:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\zvh00y0l.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
  :mozilla.29:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\zvh00y0l.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
  :mozilla.30:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\zvh00y0l.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
  :mozilla.31:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\zvh00y0l.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
  :mozilla.32:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\zvh00y0l.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
  :mozilla.33:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\zvh00y0l.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
  :mozilla.11:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\zvh00y0l.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
  :mozilla.12:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\zvh00y0l.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
  :mozilla.13:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\zvh00y0l.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
  :mozilla.14:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\zvh00y0l.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
  :mozilla.15:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\zvh00y0l.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
  
  
  ::Report end
  
  
  
  
  And followed up with my HijackThis! log:
  
  
  Logfile of HijackThis v1.99.1
  Scan saved at 1:13:17 AM, on 7/22/2006
  Platform: Windows XP SP1 (WinNT 5.01.2600)
  MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
  
  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\system32\spoolsv.exe
  C:\Program Files\ewido anti-spyware 4.0\guard.exe
  C:\WINDOWS\System32\nvsvc32.exe
  C:\Program Files\Softex\OmniPass\Omniserv.exe
  C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
  C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
  C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
  C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
  C:\Program Files\Softex\OmniPass\OPXPApp.exe
  C:\WINDOWS\Explorer.EXE
  C:\windows\system\hpsysdrv.exe
  C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
  C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
  C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe
  C:\Program Files\Browser MOUSE\mouse32a.exe
  C:\Program Files\iTunes\iTunesHelper.exe
  C:\Program Files\ewido anti-spyware 4.0\ewido.exe
  C:\WINDOWS\System32\rundll32.exe
  C:\Program Files\iPod\bin\iPodService.exe
  C:\Program Files\Mozilla Firefox\firefox.exe
  C:\Documents and Settings\Owner\My Documents\Kenny\HijackThis!\hijackthis\HijackThis.exe
  
  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mmhp.net/
  O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
  O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\DOCUME~1\Owner\MYDOCU~1\Kenny\SPYBOT~1\SDHelper.dll
  O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
  O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
  O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
  O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
  O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
  O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
  O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
  O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
  O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe"
  O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
  O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Browser MOUSE\mouse32a.exe
  O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
  O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
  O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
  O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
  O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
  O4 - HKCU\..\Run: [dlmMgr] "C:\Program Files\Common Files\Adobe\ESD\AdobeDownloadManager.exe" restart=1
  O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
  O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
  O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
  O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
  O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
  O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
  O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
  O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
  O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
  O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
  O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
  O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
  O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
  O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
  O9 - Extra button: Voiceglo directory - {C9B8ABB6-1CC3-4957-9CA3-053036B2EE3A} - C:\Documents and Settings\All Users\Desktop\Glophone.lnk (file missing)
  O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
  O16 - DPF: Yahoo! Blackjack - http://download.games.yahoo.com/games/clients/y/jt0_x.cab
  O16 - DPF: Yahoo! Checkers - http://download.games.yahoo.com/games/clients/y/kt4_x.cab
  O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/games/clients/y/ct2_x.cab
  O16 - DPF: Yahoo! Euchre - http://download.games.yahoo.com/games/clients/y/et1_x.cab
  O16 - DPF: Yahoo! Gin - http://download.games.yahoo.com/games/clients/y/nt1_x.cab
  O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
  O16 - DPF: {01234567-1234-1234-1234-012345678921} - http://register.voiceglo.com/neoblue.cab
  O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kavwebscan.cab
  O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
  O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
  O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
  O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
  O17 - HKLM\System\CCS\Services\Tcpip\..\{996FCB71-48BF-4278-9B7D-AE6DCA33E858}: NameServer = 68.73.184.1 68.73.184.4
  O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
  O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll
  O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
  O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
  O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
  O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
  O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
  O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
  O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
  O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
  O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
  
  
  
  Let's hope that ewido solved the problem!
  I've said it once, and I'll say it again, thanks for the help!

  0
• kennyg123 Ohio

  July 2006 edited July 2006

  Hello!
  
  I just did another Ad-Aware scan to see if those two files were gone, and they were...but unfortunantly these two new files showed up.
  
  I'm not sure if they're the same file or not, but here are the names of them:
  
  C:\System Volume Information\_restore{F20DC6C2-5212-4F33-8959-AB7D05D4CDB6}\RP411\A0039391.exe
  
  C:\System Volume Information\_restore{F20DC6C2-5212-4F33-8959-AB7D05D4CDB6}\RP411\A0039389.exe
  
  I hope we're close to fixing this!

  0
• Trogan London, UK

  July 2006 edited July 2006

  Those files are in your restore points - we'll clean them very soon, but for now can you do the following:
  
  Download CWShredder - You may need to print this bit of information out as you'll need to close all windows.

  • Go here, click on Download Now on the right and download CWShredder to your desktop.
  • Close all other windows and browsers
  • There should be a file called cwshredder on your desktop - open it
  • Click Fix and then press OK at the prompt
  • Once the scan is complete, exit CWShredder.

  
  
  I would like to see another log from HijackThis.

  • Run Hijackthis.
  • Click on Open the Misc Tools section.
  • Next click on Open uninstall manager.
  • Press the Save list button. It will open a Notepad file.
  • Copy & Paste the entire contents of that file in your in your next post.

  0
• kennyg123 Ohio

  July 2006 edited July 2006

  Hello!
  Thanks for the feedback, here my HijackThis! uninstal list.
  
  Adobe Acrobat 5.0
  Adobe Download Manager 2.0 (Remove Only)
  Adobe Reader 7.0
  AntsDownloader
  AOL Instant Messenger
  AVS AudioUtilities version 2.2.1.30
  Browser MOUSE
  Cakewalk.Pro.Audio.9.03-TcC
  Camera Driver
  dBpowerAMP Music Converter
  dBpowerAMP Real Audio Codec
  dBpowerAMP WMA V9 Codec
  DMVlite
  ewido anti-spyware 4.0
  FINAL FANTASY XI
  FINAL FANTASY XI: Chains of Promathia
  FINAL FANTASY XI: Rise of the Zilart
  FINAL FANTASY XI: Treasures of Aht Urhgan
  Google Toolbar for Internet Explorer
  HijackThis 1.99.1
  hp deskjet 3500
  HP Deskjet printer preloaded drivers
  HP Digital Imaging Album Printing 1.0
  HP Instant Support
  HP Memories Disc
  HP Photosmart printers preloaded drivers
  hp print screen utility
  InetDctr
  Intel(R) Extreme Graphics Driver
  IntelliMover Data Transfer Demo
  InterVideo WinDVD Player
  iPod for Windows 2005-10-12
  iTunes
  Kaspersky Anti-Virus Web Scanner
  Microsoft .NET Framework (English)
  Microsoft .NET Framework (English) v1.0.3705
  Microsoft .NET Framework 1.0 Hotfix (KB886906)
  Microsoft Office XP Standard for Students and Teachers
  middle_man
  mm_saver ScreenSaver
  Mozilla Firefox (1.0.7)
  NVIDIA Windows 2000/XP Display Drivers
  OmniPass
  PC-Doctor for Windows
  PlayOnline Viewer and Tetra Master
  Quicken 2003 New User Edition
  QuickTime
  RealOne Player
  RecordNow
  Security Update for Step By Step Interactive Training (KB898458)
  Security Update for Windows XP (KB890046)
  Security Update for Windows XP (KB893756)
  Security Update for Windows XP (KB896358)
  Security Update for Windows XP (KB896422)
  Security Update for Windows XP (KB896423)
  Security Update for Windows XP (KB896426)
  Security Update for Windows XP (KB896428)
  Security Update for Windows XP (KB899587)
  Security Update for Windows XP (KB899588)
  Security Update for Windows XP (KB899591)
  Security Update for Windows XP (KB900725)
  Security Update for Windows XP (KB901017)
  Security Update for Windows XP (KB901214)
  Security Update for Windows XP (KB902400)
  Security Update for Windows XP (KB904706)
  Security Update for Windows XP (KB905414)
  Security Update for Windows XP (KB905495)
  Security Update for Windows XP (KB905749)
  Shockwave
  ShowBiz DVD
  Simple Backup for My Pictures
  Simple Installer - Multilanguage Version
  Smiley Update for AOL Instant Messenger 2.0
  Spybot - Search & Destroy 1.3
  Spyware Doctor 2.1
  SpywareBlaster v3.5.1
  toolkit
  Trend Micro PC-cillin Internet Security 2005
  TrojanHunter 4.0
  Update for Windows XP (KB898461)
  Updates from HP
  Viewpoint Manager (Remove Only)
  Viewpoint Media Player
  Winamp (remove only)
  Windows Genuine Advantage v1.3.0254.0
  Windows Installer 3.1 (KB893803)
  Windows Installer 3.1 (KB893803)
  Windows Media Player 9 Hotfix [See KB885492 for more information]
  Windows XP Hotfix - KB828741
  Windows XP Hotfix - KB833987
  Windows XP Hotfix - KB835732
  Windows XP Hotfix - KB840987
  Windows XP Hotfix - KB841356
  Windows XP Hotfix - KB841533
  Windows XP Hotfix - KB842773
  Windows XP Hotfix - KB871250
  Windows XP Hotfix - KB873333
  Windows XP Hotfix - KB873339
  Windows XP Hotfix - KB873376
  Windows XP Hotfix - KB885835
  Windows XP Hotfix - KB885836
  Windows XP Hotfix - KB888113
  Windows XP Hotfix - KB888302
  Windows XP Hotfix - KB889293
  Windows XP Hotfix - KB890175
  Windows XP Hotfix - KB890859
  Windows XP Hotfix - KB890923
  Windows XP Hotfix - KB891711
  Windows XP Hotfix - KB891781
  Windows XP Hotfix - KB893066
  Windows XP Hotfix - KB893086
  Windows XP Hotfix - KB896688
  Windows XP Hotfix - KB896727
  Windows XP Hotfix (SP2) [See q329256 for more information]
  Windows XP Hotfix (SP2) Q327979
  Windows XP Hotfix (SP2) Q329909
  Windows XP Hotfix (SP2) Q331958
  Windows XP Hotfix (SP2) Q811789
  Windows XP Related
  WinZip
  Yahoo! Address AutoComplete
  Yahoo! extras
  Yahoo! Internet Mail
  Yahoo! Messenger
  Yahoo! Messenger Explorer Bar
  
  
  

  0
• Trogan London, UK

  July 2006 edited July 2006

  Uninstall the following from Add/Remove programs.
  Spybot - Search & Destroy 1.3 << this is an older version
  Viewpoint Manager (Remove Only)
  Viewpoint Media Player
  
  Download Spybot - Search & Destroy 1.4 from here >> http://www.safer-networking.org/en/download/index.html
  
  Also, download Ad-Aware SE Personal from here >> http://www.download.com/3405-8022-5153545.html?part=dl-ad-aware&subj=dl&tag=top5
  
  Update both programs, and then run full system scans. Remove everything they find.
  
  Let me know how you get on, and how the computer is running.

  0
• kennyg123 Ohio

  July 2006 edited July 2006

  Hello!
  
  I uninstalled those programs, and downloaded Spybot - Search & Destroy 1.4, I already had Ad-aware SE personal 1.06 on my computer.
  
  After doing a Spybot scan though, these 9 files came up from a Trend-Micro warning:
  
  
  C:\WINDOWS\msgsocm.log:nmvia:$DATA
  C:\WINDOWS\intuprof.ini:ltzvf:$DATA
  C:\WINDOWS\DHCPUPG.LOG:hactn:$DATA
  C:\WINDOWS\twunk_32.exe:cmodd:$DATA
  C:\WINDOWS\b2_t_MAKE+STOMACH+STRONGER&53.xml:ywnrl:$DATA
  C:\WINDOWS\Blue Lace 16.bmp:jdvlj:$DATA
  C:\WINDOWS\dasetup.log:emwdi:$DATA
  C:\WINDOWS\Gone Fishing.bmp:ezgha:$DATA
  C:\WINDOWS\mm_saver.exe:xzqwf:$DATA
  
  
  I'm not sure if this is good or bad, but I hope you'll know

  0
• kennyg123 Ohio

  July 2006 edited July 2006

  Hello!
  
  I also just did a ewido scan, here's the report:
  
  
  
  

  ---

  ewido anti-spyware - Scan Report

  ---

  
  + Created at: 12:41:15 AM 7/23/2006
  
  + Scan result:
  
  
  
  HKU\S-1-5-21-2689838440-1066608501-2883669707-1003\Software\Dvx -> Adware.Delfin : Cleaned with backup (quarantined).
  HKU\S-1-5-21-2689838440-1066608501-2883669707-1003\Software\Bundles -> Adware.SecondThought : Cleaned with backup (quarantined).
  :mozilla.35:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\zvh00y0l.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
  :mozilla.36:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\zvh00y0l.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
  :mozilla.37:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\zvh00y0l.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
  :mozilla.38:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\zvh00y0l.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
  :mozilla.39:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\zvh00y0l.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
  :mozilla.40:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\zvh00y0l.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
  :mozilla.41:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\zvh00y0l.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
  :mozilla.42:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\zvh00y0l.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
  :mozilla.43:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\zvh00y0l.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
  :mozilla.44:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\zvh00y0l.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
  :mozilla.15:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\zvh00y0l.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
  :mozilla.14:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\zvh00y0l.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
  :mozilla.29:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\zvh00y0l.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
  :mozilla.30:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\zvh00y0l.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
  :mozilla.31:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\zvh00y0l.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
  :mozilla.32:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\zvh00y0l.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
  :mozilla.33:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\zvh00y0l.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
  :mozilla.58:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\zvh00y0l.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
  :mozilla.59:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\zvh00y0l.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
  :mozilla.60:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\zvh00y0l.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
  :mozilla.61:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\zvh00y0l.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
  
  
  ::Report end
  
  
  
  
  The following files also poped up from a Trend-Micro warning:
  C:\WINDOWS\Blue Lace 16.bmp:jdvlj
  C:\WINDOWS\dasetup.log:emwdi
  C:\WINDOWS\Gone Fishing.bmp:ezgha
  C:\WINDOWS\mm_saver.exe:xzqwf
  
  
  
  I figured posting this might help

  0
• Trogan London, UK

  July 2006 edited July 2006

  Not sure what they are, although they look a bit strange. Upload them to Jotti and post the results here please.
  
  C:\WINDOWS\msgsocm.log
  C:\WINDOWS\intuprof.ini
  C:\WINDOWS\DHCPUPG.LOG
  C:\WINDOWS\twunk_32.exe
  C:\WINDOWS\b2_t_MAKE+STOMACH+STRONGER&53.xml
  C:\WINDOWS\Blue Lace 16.bmp
  C:\WINDOWS\dasetup.log
  C:\WINDOWS\Gone Fishing.bmp
  C:\WINDOWS\mm_saver.exe

  0
• kennyg123 Ohio

  July 2006 edited July 2006

  Hello!
  
  Here's the feedback from Jotti!
  
  File: msgsocm.log
  Status:
  OK
  MD5 be8f564b75d598642c1bbc7fd5132e10
  Packers detected:
  -
  Scanner results
  AntiVir
  Found nothing
  ArcaVir
  Found nothing
  Avast
  Found nothing
  AVG Antivirus
  Found nothing
  BitDefender
  Found nothing
  ClamAV
  Found nothing
  Dr.Web
  Found nothing
  F-Prot Antivirus
  Found nothing
  Fortinet
  Found nothing
  Kaspersky Anti-Virus
  Found nothing
  NOD32
  Found nothing
  Norman Virus Control
  Found nothing
  UNA
  Found nothing
  VirusBuster
  Found nothing
  VBA32
  Found nothing
  
  
  
  File: intuprof.ini
  Status:
  OK
  MD5 ed333bcb7ce6ecc2f272678bffdb3e7e
  Packers detected:
  -
  Scanner results
  AntiVir
  Found nothing
  ArcaVir
  Found nothing
  Avast
  Found nothing
  AVG Antivirus
  Found nothing
  BitDefender
  Found nothing
  ClamAV
  Found nothing
  Dr.Web
  Found nothing
  F-Prot Antivirus
  Found nothing
  Fortinet
  Found nothing
  Kaspersky Anti-Virus
  Found nothing
  NOD32
  Found nothing
  Norman Virus Control
  Found nothing
  UNA
  Found nothing
  VirusBuster
  Found nothing
  VBA32
  Found nothing
  
  
  
  
  Service load:
  0% 100%
  File: DHCPUPG.LOG
  Status:
  OK
  MD5 17ae9dda3ae5c0bd1538d0950b6f8091
  Packers detected:
  -
  Scanner results
  AntiVir
  Found nothing
  ArcaVir
  Found nothing
  Avast
  Found nothing
  AVG Antivirus
  Found nothing
  BitDefender
  Found nothing
  ClamAV
  Found nothing
  Dr.Web
  Found nothing
  F-Prot Antivirus
  Found nothing
  Fortinet
  Found nothing
  Kaspersky Anti-Virus
  Found nothing
  NOD32
  Found nothing
  Norman Virus Control
  Found nothing
  UNA
  Found nothing
  VirusBuster
  Found nothing
  VBA32
  Found nothing
  
  
  
  
  File: twunk_32.exe
  Status:
  OK
  MD5 a68224457dd43d18e40e02262d4a9398
  Packers detected:
  -
  Scanner results
  AntiVir
  Found nothing
  ArcaVir
  Found nothing
  Avast
  Found nothing
  AVG Antivirus
  Found nothing
  BitDefender
  Found nothing
  ClamAV
  Found nothing
  Dr.Web
  Found nothing
  F-Prot Antivirus
  Found nothing
  Fortinet
  Found nothing
  Kaspersky Anti-Virus
  Found nothing
  NOD32
  Found nothing
  Norman Virus Control
  Found nothing
  UNA
  Found nothing
  VirusBuster
  Found nothing
  VBA32
  Found nothing
  
  
  
  
  File: b2_t_MAKE+STOMACH+STRONGER&53.xml
  Status:
  OK
  MD5 e18dd6caca7b13a8f555266eef624d57
  Packers detected:
  -
  Scanner results
  AntiVir
  Found nothing
  ArcaVir
  Found nothing
  Avast
  Found nothing
  AVG Antivirus
  Found nothing
  BitDefender
  Found nothing
  ClamAV
  Found nothing
  Dr.Web
  Found nothing
  F-Prot Antivirus
  Found nothing
  Fortinet
  Found nothing
  Kaspersky Anti-Virus
  Found nothing
  NOD32
  Found nothing
  Norman Virus Control
  Found nothing
  UNA
  Found nothing
  VirusBuster
  Found nothing
  VBA32
  Found nothing
  
  
  
  File: Blue_Lace_16.bmp
  Status:
  OK
  MD5 dac71a10a6a71cb6e3f427ae3283734b
  Packers detected:
  -
  Scanner results
  AntiVir
  Found nothing
  ArcaVir
  Found nothing
  Avast
  Found nothing
  AVG Antivirus
  Found nothing
  BitDefender
  Found nothing
  ClamAV
  Found nothing
  Dr.Web
  Found nothing
  F-Prot Antivirus
  Found nothing
  Fortinet
  Found nothing
  Kaspersky Anti-Virus
  Found nothing
  NOD32
  Found nothing
  Norman Virus Control
  Found nothing
  UNA
  Found nothing
  VirusBuster
  Found nothing
  VBA32
  Found nothing
  
  
  
  File: dasetup.log
  Status:
  OK
  MD5 d0efe35000abebdf93df955e9e831278
  Packers detected:
  -
  Scanner results
  AntiVir
  Found nothing
  ArcaVir
  Found nothing
  Avast
  Found nothing
  AVG Antivirus
  Found nothing
  BitDefender
  Found nothing
  ClamAV
  Found nothing
  Dr.Web
  Found nothing
  F-Prot Antivirus
  Found nothing
  Fortinet
  Found nothing
  Kaspersky Anti-Virus
  Found nothing
  NOD32
  Found nothing
  Norman Virus Control
  Found nothing
  UNA
  Found nothing
  VirusBuster
  Found nothing
  VBA32
  Found nothing
  
  
  
  
  File: Gone_Fishing.bmp
  Status:
  OK
  MD5 203ef178bf8b0a8ec34e27e4dedb6349
  Packers detected:
  -
  Scanner results
  AntiVir
  Found nothing
  ArcaVir
  Found nothing
  Avast
  Found nothing
  AVG Antivirus
  Found nothing
  BitDefender
  Found nothing
  ClamAV
  Found nothing
  Dr.Web
  Found nothing
  F-Prot Antivirus
  Found nothing
  Fortinet
  Found nothing
  Kaspersky Anti-Virus
  Found nothing
  NOD32
  Found nothing
  Norman Virus Control
  Found nothing
  UNA
  Found nothing
  VirusBuster
  Found nothing
  VBA32
  Found nothing
  
  
  
  File: mm_saver.exe
  Status:
  MIGHT BE INFECTED/MALWARE (Sandbox emulation took a long time and/or runtime packers were found, this is suspicious. Normally programs aren't packed and don't force the sandbox into lengthy emulation. Do realize no scanner issued any warning, the file can very well be harmless. Caution is advised, however.)
  MD5 1e9e970c3b1093171bb7822a3c78cbe4
  Packers detected:
  SWF2EXE
  Scanner results
  AntiVir
  Found nothing
  ArcaVir
  Found nothing
  Avast
  Found nothing
  AVG Antivirus
  Found nothing
  BitDefender
  Found nothing
  ClamAV
  Found nothing
  Dr.Web
  Found nothing
  F-Prot Antivirus
  Found nothing
  Fortinet
  Found nothing
  Kaspersky Anti-Virus
  Found nothing
  NOD32
  Found nothing
  Norman Virus Control
  Found nothing
  UNA
  Found nothing
  VirusBuster
  Found nothing
  VBA32
  Found nothing
  
  

  0
• Trogan London, UK

  July 2006 edited July 2006

  All the files seem clean, but this one is still suspicious.
  
  C:\WINDOWS\mm_saver.exe
  
  As before, can you go to the file's properties and under version tell me what company it is from or if its blank.

  0
• kennyg123 Ohio

  July 2006 edited July 2006

  Hello!
  
  Here's what I found:
  
  Copyright © 1996-2000 Macromedia, Inc.
  
  

  0
• kennyg123 Ohio

  July 2006 edited July 2006

  By the way. this little sucker keeps randomly popping up on my Trend-Micro warning:
  
  C:\System Volume Information\_restore{F20DC6C2-5212-4F33-8959-AB7D05D4CDB6}\RP411\A0039389.exe
  
  

  0
• Trogan London, UK

  July 2006 edited July 2006

  The other files seem clean.
  
  Trend-Micro is warning about files in the system restore. Do the following to clean them out.
  

  • Click Start | Help and Support | Undo changes to your computer with System Restore.
  • Click Create A Restore Point then click Next. Give it a name it and then click Create, then Close.
  • Close the Help and Support Center box.
  • Click Start | Run and type Cleanmgr
  • Select (C:) then click OK.
  • Click the More Options tab.
  • Click Clean Up in the System Restore Section.

  This will remove all previous restore points except the newly created one.
  
  
  Let me know how your computer is.

  0
• kennyg123 Ohio

  July 2006 edited July 2006

  Hello!
  
  Thanks a ton for the help! Everything seems to be going smoothly
  
  One last question:
  
  Anything from my HijackThis! log I can delete? The reason I ask this is because When I reboot or startup my computer it seems to take a lot longer than it used to.
  
  Here's my HijackThis! log:
  
  
  
  Logfile of HijackThis v1.99.1
  Scan saved at 12:24:59 AM, on 7/25/2006
  Platform: Windows XP SP1 (WinNT 5.01.2600)
  MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
  
  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\system32\spoolsv.exe
  C:\Program Files\ewido anti-spyware 4.0\guard.exe
  C:\WINDOWS\System32\nvsvc32.exe
  C:\Program Files\Softex\OmniPass\Omniserv.exe
  C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
  C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
  C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
  C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
  C:\Program Files\Softex\OmniPass\OPXPApp.exe
  C:\WINDOWS\Explorer.EXE
  C:\windows\system\hpsysdrv.exe
  C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
  C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
  C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe
  C:\Program Files\Browser MOUSE\mouse32a.exe
  C:\Program Files\iTunes\iTunesHelper.exe
  C:\Program Files\ewido anti-spyware 4.0\ewido.exe
  C:\WINDOWS\System32\rundll32.exe
  C:\Program Files\iPod\bin\iPodService.exe
  C:\Program Files\Mozilla Firefox\firefox.exe
  C:\Documents and Settings\Owner\My Documents\Kenny\HijackThis!\hijackthis\HijackThis.exe
  
  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mmhp.net/
  O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
  O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\DOCUME~1\Owner\MYDOCU~1\Kenny\SPYBOT~1\SDHelper.dll
  O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
  O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
  O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
  O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
  O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
  O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
  O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
  O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
  O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe"
  O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
  O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Browser MOUSE\mouse32a.exe
  O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
  O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
  O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
  O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
  O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
  O4 - HKCU\..\Run: [dlmMgr] "C:\Program Files\Common Files\Adobe\ESD\AdobeDownloadManager.exe" restart=1
  O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
  O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
  O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
  O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
  O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
  O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
  O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
  O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
  O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
  O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
  O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
  O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
  O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
  O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
  O9 - Extra button: Voiceglo directory - {C9B8ABB6-1CC3-4957-9CA3-053036B2EE3A} - C:\Documents and Settings\All Users\Desktop\Glophone.lnk (file missing)
  O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
  O16 - DPF: Yahoo! Blackjack - http://download.games.yahoo.com/games/clients/y/jt0_x.cab
  O16 - DPF: Yahoo! Checkers - http://download.games.yahoo.com/games/clients/y/kt4_x.cab
  O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/games/clients/y/ct2_x.cab
  O16 - DPF: Yahoo! Euchre - http://download.games.yahoo.com/games/clients/y/et1_x.cab
  O16 - DPF: Yahoo! Gin - http://download.games.yahoo.com/games/clients/y/nt1_x.cab
  O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
  O16 - DPF: {01234567-1234-1234-1234-012345678921} - http://register.voiceglo.com/neoblue.cab
  O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kavwebscan.cab
  O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
  O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
  O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
  O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
  O17 - HKLM\System\CCS\Services\Tcpip\..\{996FCB71-48BF-4278-9B7D-AE6DCA33E858}: NameServer = 68.73.184.1 68.73.184.4
  O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
  O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll
  O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
  O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
  O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
  O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
  O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
  O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
  O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
  O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
  O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
  
  
  
  Thanks for all your time and patience for helping me through this!

  0
• Trogan London, UK

  July 2006 edited July 2006

  No problem!
  
  Most of the programs you have don't need to be run at startup. The best way to manage what you want or don't want to load on startup is through MSCONFIG.
  
  Go to Start > Run > type: msconfig
  Go to the Startup tab
  Go through the list and uncheck what you don't want. (It is safe to uncheck everything, but do not uncheck your AV or Firewall.)
  Click Apply > Close > Reboot.
  Once rebooted, you'll get a message popup. Check the box and press OK.
  
  I use MSCONFIG to control whats starts and what doesn't. I takes 15-20 seconds for windows to load.
  
  Let me know how you get on.

  0