Websearch, popups, Registry Cleaner etc.

Unknown

I have problems with my computer. I already run Ad-aware and Spy-bot and followed your instructions. I also run my McAfee scan and tool for websearch from Semantic, it did not find anything, but there are popups from websearch all the time. I also run tool for IEplug. Here are my logs:

Symantec Adware.IEPlugin Removal Tool 1.0.5

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\O68A6S82\spacer[1].gif: (deleted)
C:\Documents and Settings\Sonya\Local Settings\Temp\Comcast High-Speed Internet Install Wizard\selfprov\images\pixelclear.gif: (deleted)
C:\Documents and Settings\Sonya\Local Settings\Temp\Temporary Internet Files\Content.IE5\01M3W52B\26Mytoken%3D20050612090409%26ifid%3DMFoGCSsGAQQBgjdYA6BNMEsGCisGAQQBgjdYAwGgPTA7AgMCAAECAmYDAgIAwAQIeqj7PSbVnwAEEIlmRlkT5xbEkL%252F8%252BVDjEGsEELk9%252Fq4fhuQ09tQbry%252BZrOo%253D (WARNING: not scanned, path to long)
C:\Documents and Settings\Sonya\Local Settings\Temp\Temporary Internet Files\Content.IE5\01M3W52B\CA6BIVMT.gif: (deleted)
C:\Documents and Settings\Sonya\Local Settings\Temp\Temporary Internet Files\Content.IE5\01M3W52B\CAWXEZS5.gif: (deleted)
C:\Documents and Settings\Sonya\Local Settings\Temp\Temporary Internet Files\Content.IE5\0H678DMF\CAHWKBH9.gif: (deleted)
C:\Documents and Settings\Sonya\Local Settings\Temp\Temporary Internet Files\Content.IE5\0H678DMF\CAZRL14Q.gif: (deleted)
C:\Documents and Settings\Sonya\Local Settings\Temp\Temporary Internet Files\Content.IE5\0H678DMF\pixy[1].gif: (deleted)
C:\Documents and Settings\Sonya\Local Settings\Temp\Temporary Internet Files\Content.IE5\0L2JOLAB\1x1[1].gif: (deleted)
C:\Documents and Settings\Sonya\Local Settings\Temp\Temporary Internet Files\Content.IE5\0L2JOLAB\CAPCW3XT.gif: (deleted)
C:\Documents and Settings\Sonya\Local Settings\Temp\Temporary Internet Files\Content.IE5\0L2JOLAB\dotclear[1].gif: (deleted)
C:\Documents and Settings\Sonya\Local Settings\Temp\Temporary Internet Files\Content.IE5\0L2JOLAB\Type=click&FlightID=1901&AdID=2687&TargetID=286&Segments=4,7,11,23,26,43,48,60,64,85,86,119,130,133,154,249,278&Targets=5,353,151,203,99,234,223,393,177,286,297,51,235,225,[1].htm (WARNING: not scanned, path to long)
C:\Documents and Settings\Sonya\Local Settings\Temp\Temporary Internet Files\Content.IE5\1YJL9UK6\adstracking[10].gif: (deleted)
C:\Documents and Settings\Sonya\Local Settings\Temp\Temporary Internet Files\Content.IE5\1YJL9UK6\adstracking[1].gif: (deleted)
C:\Documents and Settings\Sonya\Local Settings\Temp\Temporary Internet Files\Content.IE5\1YJL9UK6\adstracking[2].gif: (deleted)
C:\Documents and Settings\Sonya\Local Settings\Temp\Temporary Internet Files\Content.IE5\1YJL9UK6\adstracking[3].gif: (deleted)
C:\Documents and Settings\Sonya\Local Settings\Temp\Temporary Internet Files\Content.IE5\1YJL9UK6\adstracking[4].gif: (deleted)
C:\Documents and Settings\Sonya\Local Settings\Temp\Temporary Internet Files\Content.IE5\1YJL9UK6\adstracking[5].gif: (deleted)
C:\Documents and Settings\Sonya\Local Settings\Temp\Temporary Internet Files\Content.IE5\1YJL9UK6\adstracking[6].gif: (deleted)
C:\Documents and Settings\Sonya\Local Settings\Temp\Temporary Internet Files\Content.IE5\1YJL9UK6\adstracking[7].gif: (deleted)
C:\Documents and Settings\Sonya\Local Settings\Temp\Temporary Internet Files\Content.IE5\1YJL9UK6\adstracking[8].gif: (deleted)
C:\Documents and Settings\Sonya\Local Settings\Temp\Temporary Internet Files\Content.IE5\1YJL9UK6\adstracking[9].gif: (deleted)
C:\Documents and Settings\Sonya\Local Settings\Temp\Temporary Internet Files\Content.IE5\1YJL9UK6\CA5DVRZN.gif: (deleted)
C:\Documents and Settings\Sonya\Local Settings\Temp\Temporary Internet Files\Content.IE5\1YJL9UK6\CASPCJC3.gif: (deleted)
C:\Documents and Settings\Sonya\Local Settings\Temp\Temporary Internet Files\Content.IE5\1YJL9UK6\count[1].gif: (deleted)
C:\Documents and Settings\Sonya\Local Settings\Temp\Temporary Internet Files\Content.IE5\1YJL9UK6\Type=click&FlightID=376&AdID=601&TargetID=134&Segments=3,7,21,26,36,42,43,48,60,85,86,119,130,133,154,249,296,299&Targets=4,351,151,157,24,222,133,134,252,328,417,12,32&Val[1] (WARNING: not scanned, path to long)
C:\Documents and Settings\Sonya\Local Settings\Temp\Temporary Internet Files\Content.IE5\1YJL9UK6\Type=click&FlightID=376&AdID=601&TargetID=134&Segments=3,7,21,26,36,42,43,48,60,85,86,119,130,133,154,249,296,299&Targets=4,351,151,157,24,222,133,134,252,328,417,12,32&Val[1].htm (WARNING: not scanned, path to long)
C:\Documents and Settings\Sonya\Local Settings\Temp\Temporary Internet Files\Content.IE5\4XEVC1EN\%3D0%26sid%3D0%26cat%3D26%26scat%3D0%26sub%3D0%26pop%3D%26cpc%3DTrue%26ref%3D81939389352424969696238698928974767823768886%26frq%3D%26ccb%3D73826445%26typ%3D2%26src%3Dredir%26url%3D (WARNING: not scanned, path to long)
C:\Documents and Settings\Sonya\Local Settings\Temp\Temporary Internet Files\Content.IE5\4XEVC1EN\1x1[1].gif: (deleted)
C:\Documents and Settings\Sonya\Local Settings\Temp\Temporary Internet Files\Content.IE5\4XEVC1EN\2Eyieldmanager%2Ecom%2Fclick%3FAAAAAG8QAAANlwAAawcAAAABAAAAAP8AAP8CFAEABAO2EAAAlgMAAGYPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKTbpEIAAAAA%2C%25c%2C;rid=1191;tid=1;ev=1;dt=1;ac=60;c=537;;nc=1 (WARNING: not scanned, path to long)
C:\Documents and Settings\Sonya\Local Settings\Temp\Temporary Internet Files\Content.IE5\4XEVC1EN\adstracking[1].gif: (deleted)
C:\Documents and Settings\Sonya\Local Settings\Temp\Temporary Internet Files\Content.IE5\4XEVC1EN\adstracking[2].gif: (deleted)
C:\Documents and Settings\Sonya\Local Settings\Temp\Temporary Internet Files\Content.IE5\4XEVC1EN\adstracking[3].gif: (deleted)
C:\Documents and Settings\Sonya\Local Settings\Temp\Temporary Internet Files\Content.IE5\4XEVC1EN\b[1].gif: (deleted)
C:\Documents and Settings\Sonya\Local Settings\Temp\Temporary Internet Files\Content.IE5\4XEVC1EN\CA41MVOD.gif: (deleted)
C:\Documents and Settings\Sonya\Local Settings\Temp\Temporary Internet Files\Content.IE5\4XEVC1EN\CAAB8XI3.gif: (deleted)
C:\Documents and Settings\Sonya\Local Settings\Temp\Temporary Internet Files\Content.IE5\4XEVC1EN\CAWPMNCP.gif: (deleted)
C:\Documents and Settings\Sonya\Local Settings\Temp\Temporary Internet Files\Content.IE5\852N41IV\%3D0%26sid%3D0%26cat%3D26%26scat%3D0%26sub%3D0%26pop%3D%26cpc%3DTrue%26ref%3D81939389352424969696238698928974767823768886%26frq%3D%26ccb%3D73826445%26typ%3D2%26src%3Dredir%26url%3D (WARNING: not scanned, path to long)
C:\Documents and Settings\Sonya\Local Settings\Temp\Temporary Internet Files\Content.IE5\852N41IV\adstracking[1].gif: (deleted)
C:\Documents and Settings\Sonya\Local Settings\Temp\Temporary Internet Files\Content.IE5\852N41IV\adstracking[2].gif: (deleted)
C:\Documents and Settings\Sonya\Local Settings\Temp\Temporary Internet Files\Content.IE5\852N41IV\adstracking[3].gif: (deleted)
C:\Documents and Settings\Sonya\Local Settings\Temp\Temporary Internet Files\Content.IE5\852N41IV\CA2JODEZ.gif: (deleted)
C:\Documents and Settings\Sonya\Local Settings\Temp\Temporary Internet Files\Content.IE5\852N41IV\CA3ITO51.gif: (deleted)
C:\Documents and Settings\Sonya\Local Settings\Temp\Temporary Internet Files\Content.IE5\852N41IV\CAEJG50T.gif: (deleted)
C:\Documents and Settings\Sonya\Local Settings\Temp\Temporary Internet Files\Content.IE5\852N41IV\CAEVCDWH.gif: (deleted)
C:\Documents and Settings\Sonya\Local Settings\Temp\Temporary Internet Files\Content.IE5\852N41IV\CAPC0Z5H.gif: (deleted)
C:\Documents and Settings\Sonya\Local Settings\Temp\Temporary Internet Files\Content.IE5\852N41IV\CAVE2LNV.gif: (deleted)
C:\Documents and Settings\Sonya\Local Settings\Temp\Temporary Internet Files\Content.IE5\852N41IV\p[1].gif: (deleted)
C:\Documents and Settings\Sonya\Local Settings\Temp\Temporary Internet Files\Content.IE5\852N41IV\serv[1].gif: (deleted)
C:\Documents and Settings\Sonya\Local Settings\Temp\Temporary Internet Files\Content.IE5\852N41IV\serv[2].gif: (deleted)
C:\Documents and Settings\Sonya\Local Settings\Temp\Temporary Internet Files\Content.IE5\89AFCDEZ\CAVUGNRT.gif: (deleted)
C:\Documents and Settings\Sonya\Local Settings\Temp\Temporary Internet Files\Content.IE5\89AFCDEZ\spacer[1].gif: (deleted)
C:\Documents and Settings\Sonya\Local Settings\Temp\Temporary Internet Files\Content.IE5\8T2JSD6Z\CADSWR9P.gif: (deleted)
C:\Documents and Settings\Sonya\Local Settings\Temp\Temporary Internet Files\Content.IE5\8T2JSD6Z\CATWF6FZ.gif: (deleted)
C:\Documents and Settings\Sonya\Local Settings\Temp\Temporary Internet Files\Content.IE5\8T2JSD6Z\Type=click&FlightID=1901&AdID=2687&TargetID=286&Segments=4,7,11,23,26,43,48,60,64,85,86,119,130,133,154,249,278&Targets=5,353,151,203,99,234,223,393,177,286,297,51,235,225,[1].htm (WARNING: not scanned, path to long)
C:\Documents and Settings\Sonya\Local Settings\Temp\Temporary Internet Files\Content.IE5\8T2JSD6Z\Type=click&FlightID=717&AdID=1023&TargetID=133&Segments=3,7,21,26,36,42,43,48,60,85,86,119,130,133,154,249&Targets=4,351,151,157,24,222,133,134,252,328,417,12,32&Values=25,[1].htm (WARNING: not scanned, path to long)
C:\Documents and Settings\Sonya\Local Settings\Temp\Temporary Internet Files\Content.IE5\9RFJ1LCE\1x1[1].gif: (deleted)
C:\Documents and Settings\Sonya\Local Settings\Temp\Temporary Internet Files\Content.IE5\9RFJ1LCE\adstracking[1].gif: (deleted)
C:\Documents and Settings\Sonya\Local Settings\Temp\Temporary Internet Files\Content.IE5\9RFJ1LCE\CAQJOLYP.gif: (deleted)
C:\Documents and Settings\Sonya\Local Settings\Temp\Temporary Internet Files\Content.IE5\9RFJ1LCE\CASDQ70Z.gif: (deleted)
C:\Documents and Settings\Sonya\Local Settings\Temp\Temporary Internet Files\Content.IE5\AS9G18HP\20050604062007%26ifid%3DMGIGCSsGAQQBgjdYA6BVMFMGCisGAQQBgjdYAwGgRTBDAgMCAAECAmYDAgIAwAQIXbmDPUTNJzUEEEhqgCHW4VqA0R%252Bus%252BAaPgoEGJtyAufLkIKnuB5BYsVTSkvURojpb%252F1Gqg%253D%253D (WARNING: not scanned, path to long)
C:\Documents and Settings\Sonya\Local Settings\Temp\Temporary Internet Files\Content.IE5\AS9G18HP\26Mytoken%3D20050604095742%26ifid%3DMGIGCSsGAQQBgjdYA6BVMFMGCisGAQQBgjdYAwGgRTBDAgMCAAECAmYDAgIAwAQIl9HDinkhS1IEECfQG2roW1XBK9Vaza81qzUEGCPAFa7aUhG0YX5yUeRDDC8Gb3H508eBXA%253D%253D (WARNING: not scanned, path to long)
C:\Documents and Settings\Sonya\Local Settings\Temp\Temporary Internet Files\Content.IE5\AS9G18HP\993%26Mytoken%3D20050604074159%26ifid%3DMFoGCSsGAQQBgjdYA6BNMEsGCisGAQQBgjdYAwGgPTA7AgMCAAECAmYDAgIAwAQIu5KT%252FSCrod0EEIInia85p9UgABet5GvsN%252FgEEOU3PG6k2%252BsHHtA5dD9dSUU%253D (WARNING: not scanned, path to long)
C:\Documents and Settings\Sonya\Local Settings\Temp\Temporary Internet Files\Content.IE5\AS9G18HP\adstracking[1].gif: (deleted)
C:\Documents and Settings\Sonya\Local Settings\Temp\Temporary Internet Files\Content.IE5\AS9G18HP\adstracking[2].gif: (deleted)
C:\Documents and Settings\Sonya\Local Settings\Temp\Temporary Internet Files\Content.IE5\AS9G18HP\adstracking[3].gif: (deleted)
C:\Documents and Settings\Sonya\Local Settings\Temp\Temporary Internet Files\Content.IE5\AS9G18HP\adstracking[4].gif: (deleted)
C:\Documents and Settings\Sonya\Local Settings\Temp\Temporary Internet Files\Content.IE5\AS9G18HP\adstracking[5].gif: (deleted)
C:\Documents and Settings\Sonya\Local Settings\Temp\Temporary Internet Files\Content.IE5\AS9G18HP\adstracking[6].gif: (deleted)
C:\Documents and Settings\Sonya\Local Settings\Temp\Temporary Internet Files\Content.IE5\AS9G18HP\adstracking[7].gif: (deleted)
C:\Documents and Settings\Sonya\Local Settings\Temp\Temporary Internet Files\Content.IE5\AS9G18HP\CAT7PLOI.gif: (deleted)
C:\Documents and Settings\Sonya\Local Settings\Temp\Temporary Internet Files\Content.IE5\AS9G18HP\D%3D2833469%26Mytoken%3D20050604111553%26ifid%3DMFoGCSsGAQQBgjdYA6BNMEsGCisGAQQBgjdYAwGgPTA7AgMCAAECAmYDAgIAwAQInPfPD2y9vecEEA2O29Ods6ObJA8XjjD4o3EEEDJQkV0BDj0SYNmsy5bO%252BD4%253D (WARNING: not scanned, path to long)
C:\Documents and Settings\Sonya\Local Settings\Temp\Temporary Internet Files\Content.IE5\AS9G18HP\D%3D6094677%26Mytoken%3D20050604203513%26ifid%3DMFoGCSsGAQQBgjdYA6BNMEsGCisGAQQBgjdYAwGgPTA7AgMCAAECAmYDAgIAwAQIpjkn3U5s4YoEED34TBbnC7t2smPMO6ZtLMwEECNF8K1Jg%252B2k67PTGSBJ2fg%253D (WARNING: not scanned, path to long)
C:\Documents and Settings\Sonya\Local Settings\Temp\Temporary Internet Files\Content.IE5\AS9G18HP\D%3D9412993%26Mytoken%3D20050604074803%26ifid%3DMFoGCSsGAQQBgjdYA6BNMEsGCisGAQQBgjdYAwGgPTA7AgMCAAECAmYDAgIAwAQIxHANrFhsLBEEEE8BQSbfoUxRxy8j9cyAxJYEEIK%252BGZjP4m5C9g05AC0TEus%253D (WARNING: not scanned, path to long)
C:\Documents and Settings\Sonya\Local Settings\Temp\Temporary Internet Files\Content.IE5\AS9G18HP\n%3D20050604064833%26ifid%3DMGIGCSsGAQQBgjdYA6BVMFMGCisGAQQBgjdYAwGgRTBDAgMCAAECAmYDAgIAwAQI9t2NPbHDceMEEOdSK0nVjK%252FvCjdfqRPkA20EGE68zTjGfidrf4u2d2IfD0K%252FjFUryeFoyQ%253D%253D (WARNING: not scanned, path to long)
C:\Documents and Settings\Sonya\Local Settings\Temp\Temporary Internet Files\Content.IE5\AS9G18HP\p[3].gif: (deleted)
C:\Documents and Settings\Sonya\Local Settings\Temp\Temporary Internet Files\Content.IE5\AS9G18HP\token%3D20050604111433%26ifid%3DMGIGCSsGAQQBgjdYA6BVMFMGCisGAQQBgjdYAwGgRTBDAgMCAAECAmYDAgIAwAQIDfIHqa90ucMEEFDDa4amK2aMx2ZK4ZFAwSgEGAWlDHkwQJmVQiJOi7XDC7WP%252ByemRNi1Zg%253D%253D (WARNING: not scanned, path to long)
C:\Documents and Settings\Sonya\Local Settings\Temp\Temporary Internet Files\Content.IE5\AS9G18HP\Type%3dclick%26FlightID%3d48449%26AdID%3d76499%26TargetID%3d14652%26Segments%3d%26Targets%3d%26Values%3d25,31,43,51,60,72,86,101,110,150,152,198,210,214,529,596,638,695,732[1].htm (WARNING: not scanned, path to long)
C:\Documents and Settings\Sonya\Local Settings\Temp\Temporary Internet Files\Content.IE5\AS9G18HP\Type=click&FlightID=1408&AdID=2088&TargetID=393&Segments=4,7,11,23,26,43,48,60,64,85,86,119,130,133,154,249,278,295,296,299&Targets=5,353,151,203,99,234,223,393,177,286,297[1].htm (WARNING: not scanned, path to long)
C:\Documents and Settings\Sonya\Local Settings\Temp\Temporary Internet Files\Content.IE5\C9AV0HMZ\adstracking[1].gif: (deleted)
C:\Documents and Settings\Sonya\Local Settings\Temp\Temporary Internet Files\Content.IE5\C9AV0HMZ\D%3D6094677%26Mytoken%3D20050604203513%26ifid%3DMFoGCSsGAQQBgjdYA6BNMEsGCisGAQQBgjdYAwGgPTA7AgMCAAECAmYDAgIAwAQIpjkn3U5s4YoEED34TBbnC7t2smPMO6ZtLMwEECNF8K1Jg%252B2k67PTGSBJ2fg%253D (WARNING: not scanned, path to long)
C:\Documents and Settings\Sonya\Local Settings\Temp\Temporary Internet Files\Content.IE5\C9AV0HMZ\n%3D20050604203440%26ifid%3DMGIGCSsGAQQBgjdYA6BVMFMGCisGAQQBgjdYAwGgRTBDAgMCAAECAmYDAgIAwAQI25p9Lh8TJ24EEAsaJnAm4OFI4Njw8%252Bigqh8EGGgNyKVCAFRBmp1NxNqBBkFkbY6n45EA%252Bw%253D%253D (WARNING: not scanned, path to long)
C:\Documents and Settings\Sonya\Local Settings\Temp\Temporary Internet Files\Content.IE5\C9AV0HMZ\spacer[5].gif: (deleted)
C:\Documents and Settings\Sonya\Local Settings\Temp\Temporary Internet Files\Content.IE5\C9AV0HMZ\Type=click&FlightID=1901&AdID=2687&TargetID=286&Segments=4,7,11,23,26,43,48,60,64,85,86,119,130,133,154,249,278&Targets=5,353,151,203,99,234,223,393,177,286,297,51,235,225,[1].htm (WARNING: not scanned, path to long)
C:\Documents and Settings\Sonya\Local Settings\Temp\Temporary Internet Files\Content.IE5\CLY701M3\1x1[1].gif: (deleted)
C:\Documents and Settings\Sonya\Local Settings\Temp\Temporary Internet Files\Content.IE5\CLY701M3\8290489%26Mytoken%3D20050606163800%26ifid%3DMFoGCSsGAQQBgjdYA6BNMEsGCisGAQQBgjdYAwGgPTA7AgMCAAECAmYDAgIAwAQIxEYEj7loVl8EEKw4V9%252F2RXLbLN1ozy6yOOoEEG93gyHrVrKJHXh5qrL%252F8Nc%253D (WARNING: not scanned, path to long)
C:\Documents and Settings\Sonya\Local Settings\Temp\Temporary Internet Files\Content.IE5\CLY701M3\adstracking[1].gif: (deleted)
C:\Documents and Settings\Sonya\Local Settings\Temp\Temporary Internet Files\Content.IE5\CLY701M3\adstracking[2].gif: (deleted)
C:\Documents and Settings\Sonya\Local Settings\Temp\Temporary Internet Files\Content.IE5\CLY701M3\adstracking[3].gif: (deleted)
C:\Documents and Settings\Sonya\Local Settings\Temp\Temporary Internet Files\Content.IE5\CLY701M3\adstracking[4].gif: (deleted)
C:\Documents and Settings\Sonya\Local Settings\Temp\Temporary Internet Files\Content.IE5\CLY701M3\CAJU9WL3.gif: (deleted)
C:\Documents and Settings\Sonya\Local Settings\Temp\Temporary Internet Files\Content.IE5\CLY701M3\CAO5Y3G9.gif: (deleted)
C:\Documents and Settings\Sonya\Local Settings\Temp\Temporary Internet Files\Content.IE5\CLY701M3\CAQJKJTY.gif: (deleted)
C:\Documents and Settings\Sonya\Local Settings\Temp\Temporary Internet Files\Content.IE5\CLY701M3\p[3].gif: (deleted)
C:\Documents and Settings\Sonya\Local Settings\Temp\Temporary Internet Files\Content.IE5\CLY701M3\serv[1].gif: (deleted)
C:\Documents and Settings\Sonya\Local Settings\Temp\Temporary Internet Files\Content.IE5\CTMV0XAR\clear[1].gif: (deleted)
C:\Documents and Settings\Sonya\Local Settings\Temp\Temporary Internet Files\Content.IE5\CTMV0XAR\clear[3].gif: (deleted)
C:\Documents and Settings\Sonya\Local Settings\Temp\Temporary Internet Files\Content.IE5\CTMV0XAR\spacer[2].gif: (deleted)
C:\Documents and Settings\Sonya\Local Settings\Temp\Temporary Internet Files\Content.IE5\CTMV0XAR\spacer[3].gif: (deleted)
C:\Documents and Settings\Sonya\Local Settings\Temp\Temporary Internet Files\Content.IE5\CTMV0XAR\Type=click&FlightID=1901&AdID=2687&TargetID=286&Segments=4,7,11,23,26,43,48,60,64,85,86,119,130,132,133,154,249,278&Targets=353,5,151,203,286,99,297,223,393,177,51,235,225,[1].htm (WARNING: not scanned, path to long)
C:\Documents and Settings\Sonya\Local Settings\Temp\Temporary Internet Files\Content.IE5\G5S3X968\adstracking[1].gif: (deleted)
C:\Documents and Settings\Sonya\Local Settings\Temp\Temporary Internet Files\Content.IE5\G5S3X968\adstracking[2].gif: (deleted)
C:\Documents and Settings\Sonya\Local Settings\Temp\Temporary Internet Files\Content.IE5\G5S3X968\CAENMJEP.gif: (deleted)
C:\Documents and Settings\Sonya\Local Settings\Temp\Temporary Internet Files\Content.IE5\G5S3X968\on[1].gif: (deleted)
C:\Documents and Settings\Sonya\Local Settings\Temp\Temporary Internet Files\Content.IE5\G5S3X968\p[3].gif: (deleted)
C:\Documents and Settings\Sonya\Local Settings\Temp\Temporary Internet Files\Content.IE5\GAC5GFE9\26Mytoken%3D20050604065023%26ifid%3DMGIGCSsGAQQBgjdYA6BVMFMGCisGAQQBgjdYAwGgRTBDAgMCAAECAmYDAgIAwAQINuYniqLWUhsEEBr6cwoscK38saZNYAXIC8sEGCOUsw6BvwFEwlFK0R4i6LqDgMOP1Yz4qg%253D%253D (WARNING: not scanned, path to long)
C:\Documents and Settings\Sonya\Local Settings\Temp\Temporary Internet Files\Content.IE5\GAC5GFE9\4229483%26Mytoken%3D20050604111223%26ifid%3DMFoGCSsGAQQBgjdYA6BNMEsGCisGAQQBgjdYAwGgPTA7AgMCAAECAmYDAgIAwAQIcYdy%252B2CuZ0AEEHZLCWS4wOpAWfczigJJJ4YEEE8nNn8qtKtf3jU4DQ8j%252FNY%253D (WARNING: not scanned, path to long)
C:\Documents and Settings\Sonya\Local Settings\Temp\Temporary Internet Files\Content.IE5\GAC5GFE9\adstracking[1].gif: (deleted)
C:\Documents and Settings\Sonya\Local Settings\Temp\Temporary Internet Files\Content.IE5\GAC5GFE9\adstracking[2].gif: (deleted)
C:\Documents and Settings\Sonya\Local Settings\Temp\Temporary Internet Files\Content.IE5\GAC5GFE9\adstracking[3].gif: (deleted)
C:\Documents and Settings\Sonya\Local Settings\Temp\Temporary Internet Files\Content.IE5\GAC5GFE9\adstracking[4].gif: (deleted)
C:\Documents and Settings\Sonya\Local Settings\Temp\Temporary Internet Files\Content.IE5\GAC5GFE9\adstracking[5].gif: (deleted)
C:\Documents and Settings\Sonya\Local Settings\Temp\Temporary Internet Files\Content.IE5\GAC5GFE9\adstracking[6].gif: (deleted)
C:\Documents and Settings\Sonya\Local Settings\Temp\Temporary Internet Files\Content.IE5\GAC5GFE9\adstracking[7].gif: (deleted)
C:\Documents and Settings\Sonya\Local Settings\Temp\Temporary Internet Files\Content.IE5\GAC5GFE9\adstracking[8].gif: (deleted)
C:\Documents and Settings\Sonya\Local Settings\Temp\Temporary Internet Files\Content.IE5\GAC5GFE9\adstracking[9].gif: (deleted)
C:\Documents and Settings\Sonya\Local Settings\Temp\Temporary Internet Files\Content.IE5\GAC5GFE9\CA6V8XMV.gif: (deleted)
C:\Documents and Settings\Sonya\Local Settings\Temp\Temporary Internet Files\Content.IE5\GAC5GFE9\CAID83CV.gif: (deleted)
C:\Documents and Settings\Sonya\Local Settings\Temp\Temporary Internet Files\Content.IE5\GAC5GFE9\CAMZ4LUV.gif: (deleted)
C:\Documents and Settings\Sonya\Local Settings\Temp\Temporary Internet Files\Content.IE5\GAC5GFE9\CAQNG167.gif: (deleted)
C:\Documents and Settings\Sonya\Local Settings\Temp\Temporary Internet Files\Content.IE5\GAC5GFE9\n%3D20050530185852%26ifid%3DMGIGCSsGAQQBgjdYA6BVMFMGCisGAQQBgjdYAwGgRTBDAgMCAAECAmYDAgIAwAQI6TW337NTVQoEEMyPxUZbRHZlph53%252BWCSXp8EGOON5KPWhO7LHelfec%252F8yRAovBygIL3YiA%253D%253D (WARNING: not scanned, path to long)
C:\Documents and Settings\Sonya\Local Settings\Temp\Temporary Internet Files\Content.IE5\GAC5GFE9\n%3D20050604061454%26ifid%3DMGIGCSsGAQQBgjdYA6BVMFMGCisGAQQBgjdYAwGgRTBDAgMCAAECAmYDAgIAwAQIp8%252FLi9llW7cEEFvanZS8WcDVu0HgcnJsAKsEGOpBglv1rpUXVvSfWSWc%252BqyeQKR7SC97YQ%253D%253D (WARNING: not scanned, path to long)
C:\Documents and Settings\Sonya\Local Settings\Temp\Temporary Internet Files\Content.IE5\GAC5GFE9\pixy[1].gif: (deleted)
C:\Documents and Settings\Sonya\Local Settings\Temp\Temporary Internet Files\Content.IE5\GAC5GFE9\Type=click&FlightID=713&AdID=1018&TargetID=236&Segments=4,7,11,23,26,43,48,60,64,85,86,119,130,133,154,249,278,295,296,299&Targets=5,353,151,203,99,234,223,393,177,286,297,[1].htm (WARNING: not scanned, path to long)
C:\Documents and Settings\Sonya\Local Settings\Temp\Temporary Internet Files\Content.IE5\GAC5GFE9\Type=click&FlightID=717&AdID=1023&TargetID=133&Segments=3,7,21,26,36,42,43,48,60,85,86,119,130,133,154,249,296,299&Targets=4,351,151,157,24,222,133,134,252,328,417,12,32&Va[1].htm (WARNING: not scanned, path to long)
C:\Documents and Settings\Sonya\Local Settings\Temp\Temporary Internet Files\Content.IE5\GLAVWHMB\1x1[1].gif: (deleted)
C:\Documents and Settings\Sonya\Local Settings\Temp\Temporary Internet Files\Content.IE5\GLAVWHMB\CAIVSPA7.gif: (deleted)
C:\Documents and Settings\Sonya\Local Settings\Temp\Temporary Internet Files\Content.IE5\GLAVWHMB\CAODIZWH.gif: (deleted)
C:\Documents and Settings\Sonya\Local Settings\Temp\Temporary Internet Files\Content.IE5\GLAVWHMB\invisible[1].gif: (deleted)
C:\Documents and Settings\Sonya\Local Settings\Temp\Temporary Internet Files\Content.IE5\GLAVWHMB\n%3D20050604204024%26ifid%3DMGIGCSsGAQQBgjdYA6BVMFMGCisGAQQBgjdYAwGgRTBDAgMCAAECAmYDAgIAwAQIuhL3cRKVyqIEEGxJbQ%252B9qmHoXyR%252FP6kEj2sEGGRPOHoA65kTC6uBLTtITW87nLVenizA7Q%253D%253D (WARNING: not scanned, path to long)
C:\Documents and Settings\Sonya\Local Settings\Temp\Temporary Internet Files\Content.IE5\GLAVWHMB\spacer[2].gif: (deleted)
C:\Documents and Settings\Sonya\Local Settings\Temp\Temporary Internet Files\Content.IE5\K5AJKX27\9752549%26Mytoken%3D20050607153859%26ifid%3DMFoGCSsGAQQBgjdYA6BNMEsGCisGAQQBgjdYAwGgPTA7AgMCAAECAmYDAgIAwAQIuFoWg011M9EEELeS%252FYWbdhKfnw90tW%252FkkEkEENFDd5IBMlKeqMMZjygSb4c%253D (WARNING: not scanned, path to long)
C:\Documents and Settings\Sonya\Local Settings\Temp\Temporary Internet Files\Content.IE5\K5AJKX27\endID%3D6094677%26Mytoken%3D20050604203532%26ifid%3DMFoGCSsGAQQBgjdYA6BNMEsGCisGAQQBgjdYAwGgPTA7AgMCAAECAmYDAgIAwAQIj3K4Sf5WoAQEEGhVUqwzFOBTuS8WwVnf078EELynk0UyA5lEmgZPWQXRJcc%253D (WARNING: not scanned, path to long)
C:\Documents and Settings\Sonya\Local Settings\Temp\Temporary Internet Files\Content.IE5\K5AJKX27\Type=click&FlightID=1008&AdID=1724&TargetID=288&Segments=4,7,11,23,26,43,48,60,64,85,86,119,130,133,154,249,278,295,296,299&Targets=5,353,151,203,99,234,223,393,177,286,297[1].htm (WARNING: not scanned, path to long)
C:\Documents and Settings\Sonya\Local Settings\Temp\Temporary Internet Files\Content.IE5\K5AJKX27\Type=click&FlightID=1901&AdID=2687&TargetID=286&Segments=4,7,11,23,26,43,48,60,64,85,86,119,130,133,154,249,278,295&Targets=5,353,151,203,99,234,223,393,177,286,297,51,235,[1].htm (WARNING: not scanned, path to long)
C:\Documents and Settings\Sonya\Local Settings\Temp\Temporary Internet Files\Content.IE5\K5AJKX27\Type=click&FlightID=1901&AdID=2687&TargetID=286&Segments=4,7,11,23,26,43,48,60,64,85,86,119,130,133,154,249,278,295&Targets=5,353,151,203,99,234,223,393,177,286,297,51,235,[2].htm (WARNING: not scanned, path to long)
C:\Documents and Settings\Sonya\Local Settings\Temp\Temporary Internet Files\Content.IE5\KNH3MIRH\26Mytoken%3D20050609141240%26ifid%3DMGIGCSsGAQQBgjdYA6BVMFMGCisGAQQBgjdYAwGgRTBDAgMCAAECAmYDAgIAwAQIENcLDTprpOgEEOOjZs0Nb7RxdgTeDOfd4UwEGGSdeQKIidTzjKv6m7fzrmiRIjRrtTVgNg%253D%253D (WARNING: not scanned, path to long)
C:\Documents and Settings\Sonya\Local Settings\Temp\Temporary Internet Files\Content.IE5\KNH3MIRH\adstracking[1].gif: (deleted)
C:\Documents and Settings\Sonya\Local Settings\Temp\Temporary Internet Files\Content.IE5\KNH3MIRH\pixel[1].gif: (deleted)
C:\Documents and Settings\Sonya\Local Settings\Temp\Temporary Internet Files\Content.IE5\LOWF1109\CA2RS5OX.gif: (deleted)
C:\Documents and Settings\Sonya\Local Settings\Temp\Temporary Internet Files\Content.IE5\LOWF1109\endID%3D6094677%26Mytoken%3D20050609134751%26ifid%3DMFoGCSsGAQQBgjdYA6BNMEsGCisGAQQBgjdYAwGgPTA7AgMCAAECAmYDAgIAwAQIWW28E0hGCMQEELOPZW3XL4HvqkMJL13qzbYEEHhWFrVajRWHoXroTosfRUY%253D (WARNING: not scanned, path to long)
C:\Documents and Settings\Sonya\Local Settings\Temp\Temporary Internet Files\Content.IE5\LOWF1109\n%3D20050609134817%26ifid%3DMGIGCSsGAQQBgjdYA6BVMFMGCisGAQQBgjdYAwGgRTBDAgMCAAECAmYDAgIAwAQIVxOD%252FDovr60EEB9PtVrybq6bMKGrhh7PrEwEGM4oONi63q3wv5mG8oQHk4z62I%252BLmVsyNg%253D%253D (WARNING: not scanned, path to long)
C:\Documents and Settings\Sonya\Local Settings\Temp\Temporary Internet Files\Content.IE5\LOWF1109\n%3D20050609135850%26ifid%3DMGIGCSsGAQQBgjdYA6BVMFMGCisGAQQBgjdYAwGgRTBDAgMCAAECAmYDAgIAwAQIfzSygBxP%252FKMEEEVgSp7l4az1kuYGEgFIrJMEGIRPYemkjaDiEhG4CvJWnXYHZtsH%252FWENIw%253D%253D (WARNING: not scanned, path to long)
C:\Documents and Settings\Sonya\Local Settings\Temp\Temporary Internet Files\Content.IE5\OOETIZ76\CA3QHC9V.gif: (deleted)
C:\Documents and Settings\Sonya\Local Settings\Temp\Temporary Internet Files\Content.IE5\OOETIZ76\dotclear[1].gif: (deleted)
C:\Documents and Settings\Sonya\Local Settings\Temp\Temporary Internet Files\Content.IE5\SDMZKHUF\54%26ifid%3DMGIGCSsGAQQBgjdYA6BVMFMGCisGAQQBgjdYAwGgRTBDAgMCAAECAmYDAgIAwAQIdIKUufLLj2AEEPfR%252Bgi0N7ZfDA7Su2hbsrMEGMWJ%252FQMvV%252B%252BleKptKsCsmN%252FbdU7agAdz%252Bg%253D%253D (WARNING: not scanned, path to long)
C:\Documents and Settings\Sonya\Local Settings\Temp\Temporary Internet Files\Content.IE5\SDMZKHUF\adstracking[1].gif: (deleted)
C:\Documents and Settings\Sonya\Local Settings\Temp\Temporary Internet Files\Content.IE5\SDMZKHUF\CA0PIF4L.gif: (deleted)
C:\Documents and Settings\Sonya\Local Settings\Temp\Temporary Internet Files\Content.IE5\SDMZKHUF\CAFEH497.gif: (deleted)
C:\Documents and Settings\Sonya\Local Settings\Temp\Temporary Internet Files\Content.IE5\SDMZKHUF\CAY7OXA7.gif: (deleted)
C:\Documents and Settings\Sonya\Local Settings\Temp\Temporary Internet Files\Content.IE5\SDMZKHUF\Type=click&FlightID=1901&AdID=2687&TargetID=286&Segments=4,7,11,23,26,43,48,60,64,85,86,119,130,132,133,154,249,278&Targets=353,5,151,203,393,177,223,99,234,286,297,51,235,[1].htm (WARNING: not scanned, path to long)
C:\Documents and Settings\Sonya\Local Settings\Temp\Temporary Internet Files\Content.IE5\SDMZKHUF\Type=click&FlightID=1901&AdID=2687&TargetID=286&Segments=4,7,11,23,26,43,48,60,64,85,86,119,130,132,133,154,249,278&Targets=353,5,151,203,393,177,223,99,234,286,297,51,235,[2].htm (WARNING: not scanned, path to long)
C:\Documents and Settings\Sonya\Local Settings\Temp\Temporary Internet Files\Content.IE5\SDMZKHUF\Type=click&FlightID=1901&AdID=2687&TargetID=286&Segments=4,7,11,23,26,43,48,60,64,85,86,119,130,133,154,249,278&Targets=5,353,151,203,99,234,223,393,177,286,297,51,235,225,[1].htm (WARNING: not scanned, path to long)
C:\Documents and Settings\Sonya\Local Settings\Temp\Temporary Internet Files\Content.IE5\SHA7G5Q7\CATFBL8O.gif: (deleted)
C:\Documents and Settings\Sonya\Local Settings\Temp\Temporary Internet Files\Content.IE5\SHA7G5Q7\CAYJGXE3.gif: (deleted)
C:\Documents and Settings\Sonya\Local Settings\Temp\Temporary Internet Files\Content.IE5\SHA7G5Q7\Type=click&FlightID=1901&AdID=2687&TargetID=286&Segments=4,7,11,23,26,43,48,60,64,85,86,119,130,133,154,249,278,295&Targets=5,353,151,203,99,234,223,393,177,286,297,51,235,[1].htm (WARNING: not scanned, path to long)
C:\Documents and Settings\Sonya\Local Settings\Temp\Temporary Internet Files\Content.IE5\SHA7G5Q7\Type=click&FlightID=1901&AdID=2687&TargetID=286&Segments=4,7,11,23,26,43,48,60,64,85,86,119,130,133,154,249,278,295&Targets=5,353,151,203,99,234,223,393,177,286,297,51,235,[2].htm (WARNING: not scanned, path to long)
C:\Documents and Settings\Sonya\Local Settings\Temp\Temporary Internet Files\Content.IE5\STMV0PEN\clear[1].gif: (deleted)
C:\Documents and Settings\Sonya\Local Settings\Temp\Temporary Internet Files\Content.IE5\STMV0PEN\clear[2].gif: (deleted)
C:\Documents and Settings\Sonya\Local Settings\Temp\Temporary Internet Files\Content.IE5\STMV0PEN\shim[1].gif: (deleted)
C:\Documents and Settings\Sonya\Local Settings\Temp\Temporary Internet Files\Content.IE5\W92V89QJ\20050612090310%26ifid%3DMGIGCSsGAQQBgjdYA6BVMFMGCisGAQQBgjdYAwGgRTBDAgMCAAECAmYDAgIAwAQI0kkA4%252Fj11L4EEAtEJTMoPvOIa0PQwcZXz30EGA5XXDnJRni%252Bif9kcAn5qtKj%252FcJFgUcSpg%253D%253D (WARNING: not scanned, path to long)
C:\Documents and Settings\Sonya\Local Settings\Temp\Temporary Internet Files\Content.IE5\W92V89QJ\adstracking[1].gif: (deleted)
C:\Documents and Settings\Sonya\Local Settings\Temp\Temporary Internet Files\Content.IE5\W92V89QJ\CATGGNPX.gif: (deleted)
C:\Documents and Settings\Sonya\Local Settings\Temp\Temporary Internet Files\Content.IE5\W92V89QJ\spacer[1].gif: (deleted)
C:\Documents and Settings\Sonya\Local Settings\Temp\Temporary Internet Files\Content.IE5\WLEJODI7\n%3D20050603124620%26ifid%3DMGIGCSsGAQQBgjdYA6BVMFMGCisGAQQBgjdYAwGgRTBDAgMCAAECAmYDAgIAwAQIpSRlrJWY7HYEED6SeAYqRbhC14%252BmGEWpVj4EGMDM6x5XoYU0UO%252BZkxum3xy57GMArziFFQ%253D%253D (WARNING: not scanned, path to long)
C:\Documents and Settings\Sonya\Local Settings\Temp\Temporary Internet Files\Content.IE5\WT6FOT2R\adstracking[1].gif: (deleted)
C:\Documents and Settings\Sonya\Local Settings\Temp\Temporary Internet Files\Content.IE5\WT6FOT2R\adstracking[2].gif: (deleted)
C:\Documents and Settings\Sonya\Local Settings\Temp\Temporary Internet Files\Content.IE5\WT6FOT2R\CANMOBV1.gif: (deleted)
C:\Documents and Settings\Sonya\Local Settings\Temp\Temporary Internet Files\Content.IE5\WT6FOT2R\CAO5C9W3.gif: (deleted)
C:\Documents and Settings\Sonya\Local Settings\Temp\Temporary Internet Files\Content.IE5\WT6FOT2R\CAVRLDHD.gif: (deleted)
C:\Documents and Settings\Sonya\Local Settings\Temp\Temporary Internet Files\Content.IE5\WT6FOT2R\n%3D20050605175404%26ifid%3DMGIGCSsGAQQBgjdYA6BVMFMGCisGAQQBgjdYAwGgRTBDAgMCAAECAmYDAgIAwAQIPlJkkk2I7KgEEAFEw%252BeQ9%252FjXelHlAhfX8NUEGBqjKi2LTR5P3De3sBfQmmLzBpRmOWjApQ%253D%253D (WARNING: not scanned, path to long)
C:\Documents and Settings\Sonya\Local Settings\Temp\Temporary Internet Files\Content.IE5\WT6FOT2R\trans[2].gif: (deleted)
C:\Documents and Settings\Sonya\Local Settings\Temp\Temporary Internet Files\Content.IE5\YT52VML0\adstracking[1].gif: (deleted)
C:\Documents and Settings\Sonya\Local Settings\Temp\Temporary Internet Files\Content.IE5\YT52VML0\adstracking[2].gif: (deleted)
C:\Documents and Settings\Sonya\Local Settings\Temp\Temporary Internet Files\Content.IE5\YT52VML0\CA2R4B3G.gif: (deleted)
C:\Documents and Settings\Sonya\Local Settings\Temp\Temporary Internet Files\Content.IE5\YT52VML0\CA8L21ZO.gif: (deleted)
C:\Documents and Settings\Sonya\Local Settings\Temp\Temporary Internet Files\Content.IE5\YT52VML0\D%3D9412993%26Mytoken%3D20050609162216%26ifid%3DMFoGCSsGAQQBgjdYA6BNMEsGCisGAQQBgjdYAwGgPTA7AgMCAAECAmYDAgIAwAQI%252B2StjUEBJgUEEK1DkDDUYObjE2UpVeZx1DkEEMLNko1dOIqy79B3YPGHPu0%253D (WARNING: not scanned, path to long)
C:\Documents and Settings\Sonya\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZH14BTVV\0603213004%26ifid%3DMGIGCSsGAQQBgjdYA6BVMFMGCisGAQQBgjdYAwGgRTBDAgMCAAECAmYDAgIAwAQI9f0T2IZfpeYEEEh%252FbRBHR0B7mqYaT2aQH%252B4EGPUQeRCzzakWdbODgJw%252BY%252FDDYnc4PpvtUg%253D%253D (WARNING: not scanned, path to long)
C:\Documents and Settings\Sonya\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZH14BTVV\9112599%26Mytoken%3D20050604111659%26ifid%3DMFoGCSsGAQQBgjdYA6BNMEsGCisGAQQBgjdYAwGgPTA7AgMCAAECAmYDAgIAwAQIrUcee13X2aMEEJ1kQ%252BABCjYkplYN4i9IPW8EEM5o6%252FYxONEqL2rNmCTMA7Y%253D (WARNING: not scanned, path to long)
C:\Documents and Settings\Sonya\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZH14BTVV\adstracking[1].gif: (deleted)
C:\Documents and Settings\Sonya\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZH14BTVV\adstracking[2].gif: (deleted)
C:\Documents and Settings\Sonya\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZH14BTVV\adstracking[3].gif: (deleted)
C:\Documents and Settings\Sonya\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZH14BTVV\adstracking[4].gif: (deleted)
C:\Documents and Settings\Sonya\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZH14BTVV\adstracking[5].gif: (deleted)
C:\Documents and Settings\Sonya\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZH14BTVV\adstracking[6].gif: (deleted)
C:\Documents and Settings\Sonya\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZH14BTVV\adstracking[7].gif: (deleted)
C:\Documents and Settings\Sonya\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZH14BTVV\adstracking[8].gif: (deleted)
C:\Documents and Settings\Sonya\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZH14BTVV\adstracking[9].gif: (deleted)
C:\Documents and Settings\Sonya\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZH14BTVV\CAC9YNWH.gif: (deleted)
C:\Documents and Settings\Sonya\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZH14BTVV\CAH2N1PQ.gif: (deleted)
C:\Documents and Settings\Sonya\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZH14BTVV\CAP07ENH.gif: (deleted)
C:\Documents and Settings\Sonya\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZH14BTVV\token%3D20050604064852%26ifid%3DMGIGCSsGAQQBgjdYA6BVMFMGCisGAQQBgjdYAwGgRTBDAgMCAAECAmYDAgIAwAQIWSZ8m44ArHAEECeWG498TQrmkjB058UrDLUEGIzNHayaWGoyH%252FwAZX3yrTHmpjKEYw2TEA%253D%253D (WARNING: not scanned, path to long)
C:\Documents and Settings\Sonya\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZH14BTVV\Type=click&FlightID=1008&AdID=1724&TargetID=288&Segments=4,7,11,23,26,43,48,60,64,85,86,119,130,133,154,249,278,295,296,299&Targets=5,353,151,203,99,234,223,393,177,286,297[1].htm (WARNING: not scanned, path to long)
C:\Documents and Settings\Sonya\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZH14BTVV\Type=click&FlightID=1009&AdID=1725&TargetID=286&Segments=4,7,11,23,26,43,48,60,64,85,86,119,130,133,154,249,278,295,296,299&Targets=5,353,151,203,99,234,223,393,177,286,297[1].htm (WARNING: not scanned, path to long)
C:\Documents and Settings\Sonya\Local Settings\Temporary Internet Files\Content.IE5\I1Q31W3S\b[1].gif: (deleted)
C:\Documents and Settings\Sonya\Local Settings\Temporary Internet Files\Content.IE5\I1Q31W3S\CAK1YXLQ.gif: (deleted)
C:\Documents and Settings\Sonya\Local Settings\Temporary Internet Files\Content.IE5\I1Q31W3S\CAW5IZ8T.gif: (deleted)
C:\Documents and Settings\Sonya\Local Settings\Temporary Internet Files\Content.IE5\JV9LJUDR\CAXCEPXV.gif: (deleted)
C:\Documents and Settings\Sonya\Local Settings\Temporary Internet Files\Content.IE5\JV9LJUDR\clear[1].gif: (deleted)
C:\Documents and Settings\Sonya\Local Settings\Temporary Internet Files\Content.IE5\NREPK9HJ\CA8HUBK5.gif: (deleted)
C:\Documents and Settings\Sonya\Local Settings\Temporary Internet Files\Content.IE5\NREPK9HJ\CAI3YB2P.gif: (deleted)
C:\Documents and Settings\Sonya\Local Settings\Temporary Internet Files\Content.IE5\RL66Q2U5\clearpixel[1].gif: (deleted)
C:\Documents and Settings\Sonya\Local Settings\Temporary Internet Files\Content.IE5\RL66Q2U5\clear[1].gif: (deleted)
C:\Documents and Settings\Sonya\My Documents\My Music\iTunes\iTunes Music\Beyonce & Sean Paul: (not scanned)
C:\System Volume Information: (not scanned)

registry: HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main: Search Bar (value deleted)
registry: HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main: Use Search Asst (value deleted)
registry: HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components: GeneralFlags (value set to 0x00000004 (4))
registry: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main: Search Page (value set to "http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch")
registry: HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main: Search Page (value set to "http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch")
registry: HKEY_USERS\S-1-5-21-2048788630-1870829006-1353650736-1006\Software\Microsoft\Internet Explorer\Main: Search Page (value set to "http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch")

Adware.IEPlugin has been successfully removed from your computer!

Logfile of HijackThis v1.99.1
Scan saved at 10:32:10 PM, on 12/7/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\WINDOWS\system32\ctfmon.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Messenger\msmsgs.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Sonya\My Documents\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [adtech2006] C:\windows\adtech2006.exe
O4 - HKLM\..\Run: [lspins] "C:\WINDOWS\system32\igps.exe"
O4 - HKLM\..\Run: [04ug0i7k.dll] RUNDLL32.EXE 04ug0i7k.dll,b 242820484
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\RunOnce: [InnoSetupRegFile.0000000001] "C:\WINDOWS\is-RC7P0.exe" /REG
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar Search - res://c:\program files\aol\aol toolbar 2.0\aoltbhtml.dll/search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01118400-3E00-11D2-8470-0060089874ED} (SdcNetCheckCtl Class) - http://activex.microsoft.com/objects/ocget.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {78AEEDE8-7345-4FB5-A8FE-4BFF16EF25FC} (McAfee Virtual Technician Control Class) - http://us-download.mcafee.com/products/protected/mvt/mvt.cab
O16 - DPF: {9F6D8A59-DD92-499D-944A-38FDB2CE46FF} (Napster download control v2.0) - http://sms.napster.com/client/plugin/npdownload.cab
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.webshots.com/html/WSPhotoUploader.CAB
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_games/popcap/bejeweled2/popcaploader_v6.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4642/mcfscan.cab
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

jenya

Thank you for your help!

Trogan

Run HiJackThis then:

1. Click "Open the Misc Tools Section"
2. Click "Open Process manager"

-

Next, while holding down the CTRL key, locate (if present) and click on (highlight) each of the following:

C:\windows\adtech2006.exe
C:\WINDOWS\system32\igps.exe

Now double-check and make sure that only those item(s) above are highlighted, then click "Kill process". Now, click "Refresh", check again, and repeat this step if any remain.
--


Check the following in HJT and click 'Fix Checked' - Close ALL open Browsers first

O4 - HKLM\..\Run: [adtech2006] C:\windows\adtech2006.exe
O4 - HKLM\..\Run: [lspins] "C:\WINDOWS\system32\igps.exe"
O4 - HKLM\..\Run: [04ug0i7k.dll] RUNDLL32.EXE 04ug0i7k.dll,b 242820484
O4 - HKLM\..\RunOnce: [InnoSetupRegFile.0000000001] "C:\WINDOWS\is-RC7P0.exe" /REG
--


View hidden files and folders - explained here
--


Find and Delete the following:

C:\windows\adtech2006.exe << this file
C:\WINDOWS\system32\igps.exe << this file
C:\WINDOWS\is-RC7P0.exe << this file
--


Download Ewido Security Suite

• Install ewido security suite
• When installing, under "Additional Options" uncheck..
  • Install background guard
  • Install scan via context menu
• Launch ewido, there should be an icon on your desktop, double-click it.
• You will need to update ewido to the latest definition files.
  • On the left hand side of the main screen click update.
  • Then click on Start Update.
• The update will start and a progress bar will show the updates being installed.
  (the status bar at the bottom will display "Update successful")
• Now, scan with it by clicking 'Scanner' on the left and choosing 'Complete System Scan'

--


Post a new HJT log

jenya

Thank you!
I have
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RUNDLL22.exe
C:\WINDOWS\system32\ctfmon.exe
I also have:
C:\windows\astech2006.exe
I don't have:
C:\WINDOWS\system32\smss.exe

Trogan

What do you mean?


Did you do everything in my previous post? If so, post a new HJT log please.

jenya

Oops, sorry...
I mean, I don't have C:\WINDOWS\system32\igps.exe
To do the following:
1. Click "Open the Misc Tools Section"
2. Click "Open Process manager"
I had to go to Config in HijackThis, right?
The C:\WINDOWS\system32\igps.exe file shows in log, but not in process manager. I went into tools and uncheck to show hidden files....

Here is the log
Logfile of HijackThis v1.99.1
Scan saved at 6:06:26 PM, on 12/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\windows\adtech2006.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Sonya\My Documents\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [adtech2006] C:\windows\adtech2006.exe
O4 - HKLM\..\Run: [lspins] "C:\WINDOWS\system32\igps.exe"
O4 - HKLM\..\Run: [04ug0i7k.dll] RUNDLL32.EXE 04ug0i7k.dll,b 242820484
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar Search - res://c:\program files\aol\aol toolbar 2.0\aoltbhtml.dll/search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01118400-3E00-11D2-8470-0060089874ED} (SdcNetCheckCtl Class) - http://activex.microsoft.com/objects/ocget.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {78AEEDE8-7345-4FB5-A8FE-4BFF16EF25FC} (McAfee Virtual Technician Control Class) - http://us-download.mcafee.com/products/protected/mvt/mvt.cab
O16 - DPF: {9F6D8A59-DD92-499D-944A-38FDB2CE46FF} (Napster download control v2.0) - http://sms.napster.com/client/plugin/npdownload.cab
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.webshots.com/html/WSPhotoUploader.CAB
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_games/popcap/bejeweled2/popcaploader_v6.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4642/mcfscan.cab
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

jenya

if I don't see the other file, should I only do the whole thing for
C:\windows\adtech2006.exe?

Trogan

Lets try it again


Please DISABLE McAfee Temporarly as it can interfere with the fix.
--


Check the following in HJT and click 'Fix Checked' - Close ALL open Browsers first

O4 - HKLM\..\Run: [adtech2006] C:\windows\adtech2006.exe
O4 - HKLM\..\Run: [lspins] "C:\WINDOWS\system32\igps.exe"
O4 - HKLM\..\Run: [04ug0i7k.dll] RUNDLL32.EXE 04ug0i7k.dll,b 242820484

O16 - DPF: {9F6D8A59-DD92-499D-944A-38FDB2CE46FF} (Napster download control v2.0) - http://sms.napster.com/client/plugin/npdownload.cab
---


View hidden files and folders - explained here
---


Find and delete the following:

C:\windows\adtech2006.exe << this file
C:\WINDOWS\system32\igps.exe << this file
---


Reboot and post a new HJT log

jenya

I can actually see and check this file on the first window of HijackThis.

jenya

my child will kill me if I kill napster

Trogan

OK....just leave that line.

jenya

When I look for these two files, should I look through search? or with hijack?

jenya

I have ADTECH2006.EXE-15971ADA.pf

Trogan

You can use SEARCH to find the file or use Windows Explorer (Windows Key + E)

Not ALL files will be present so don't be concerned if you don't find them.


Post back if you still need help


Don't forget to post a new HJT log after


EDIT: Delete that file

jenya

doing it
thank you!

jenya

ewido log

---

ewido security suite - Scan report

---

+ Created on: 7:37:17 PM, 12/11/2005
+ Report-Checksum: 967856D4

+ Scan result:

HKLM\SOFTWARE\Classes\Common.Buttons -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{49DB48FF-02B5-4645-B676-94A4DF1AA026} -> Spyware.SecondThought : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{6CDC3337-01F7-4A79-A4AF-0B19303CC0BE} -> Spyware.AdDestroyer : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{6E0ED53C-9908-49ED-B055-7CB31B162577} -> Spyware.SecondThought : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{830D3AED-2FA9-454F-B266-D931862BBF34} -> Spyware.SecondThought : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{8C505A6B-124B-4768-8FD3-1A066C839848} -> Spyware.BlazeFind : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{8C53BD8E-B12D-4C8F-AD0E-C9DDC39D1273} -> Spyware.SecondThought : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{9BCDD51B-4A7B-446C-8452-D32D38004582} -> Spyware.SecondThought : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{A986F4DB-792E-4571-8974-0BB6E024766F} -> Spyware.SecondThought : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{AA4939C3-DECA-4A48-A454-97CD587C0EF5} -> Spyware.ISTBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{B288F21C-A144-4CA2-9B70-8AFA1FAE4B06} -> Spyware.AdDestroyer : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{BCCAB53D-0895-40C3-A942-A03538CE227A} -> Spyware.SecondThought : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{C0F88E9E-DCEB-4655-968A-AE508A677C39} -> Spyware.SecondThought : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{D7EAC2D8-2D52-4010-A4AD-DFDF60C1706C} -> Spyware.SecondThought : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{EEE4A2E5-9F56-432F-A6ED-F6F625B551E0} -> Dialer.Generic : Cleaned with backup
HKLM\SOFTWARE\Classes\PROTOCOLS\Name-Space Handler\res -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\SWLAD1.SWLAD -> Spyware.AdDestroyer : Cleaned with backup
HKLM\SOFTWARE\Classes\SWLAD1.SWLAD\Clsid -> Spyware.AdDestroyer : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{E0D3B292-A0B0-4640-975C-2F882E039F52} -> Spyware.AdDestroyer : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Spyware.WebRebates : Cleaned with backup
HKLM\SOFTWARE\msbb -> Spyware.180Solutions : Cleaned with backup
HKU\S-1-5-21-2048788630-1870829006-1353650736-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000010-6F7D-442C-93E3-4A4827C2E4C8} -> Spyware.InternetOptimizer : Cleaned with backup
HKU\S-1-5-21-2048788630-1870829006-1353650736-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0000607D-D204-42C7-8E46-216055BF9918} -> Spyware.TwainTech : Cleaned with backup
HKU\S-1-5-21-2048788630-1870829006-1353650736-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{01F44A8A-8C97-4325-A378-76E68DC4AB2E} -> Spyware.IEPlugin : Cleaned with backup
HKU\S-1-5-21-2048788630-1870829006-1353650736-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{13197ACE-6851-45C3-A7FF-C281324D5489} -> Spyware.2nsSearch : Cleaned with backup
HKU\S-1-5-21-2048788630-1870829006-1353650736-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} -> Spyware.WinFavorites : Cleaned with backup
HKU\S-1-5-21-2048788630-1870829006-1353650736-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{339BB23F-A864-48C0-A59F-29EA915965EC} -> Spyware.HuntBar : Cleaned with backup
HKU\S-1-5-21-2048788630-1870829006-1353650736-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{36A59337-6EEF-40AE-94B1-ED443A0C4740} -> Spyware.BetterInternet : Cleaned with backup
HKU\S-1-5-21-2048788630-1870829006-1353650736-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{60261C06-81B0-4DE0-9313-E5BA203A64E9} -> Spyware.NauPointBar : Cleaned with backup
HKU\S-1-5-21-2048788630-1870829006-1353650736-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{771A1334-6B08-4A6B-AEDC-CF994BA2CEBE} -> Spyware.YourSiteBar : Cleaned with backup
HKU\S-1-5-21-2048788630-1870829006-1353650736-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{79849612-A98F-45B8-95E9-4D13C7B6B35C} -> Spyware.Crazywinnings : Cleaned with backup
HKU\S-1-5-21-2048788630-1870829006-1353650736-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{87067F04-DE4C-4688-BC3C-4FCF39D609E7} -> Spyware.WebSearch : Cleaned with backup
HKU\S-1-5-21-2048788630-1870829006-1353650736-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{87766247-311C-43B4-8499-3D5FEC94A183} -> Spyware.HuntBar : Cleaned with backup
HKU\S-1-5-21-2048788630-1870829006-1353650736-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8952A998-1E7E-4716-B23D-3DBE03910972} -> Spyware.HuntBar : Cleaned with backup
HKU\S-1-5-21-2048788630-1870829006-1353650736-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} -> Spyware.MoneyTree : Cleaned with backup
HKU\S-1-5-21-2048788630-1870829006-1353650736-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} -> Spyware.BargainBuddy : Cleaned with backup
HKU\S-1-5-21-2048788630-1870829006-1353650736-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CE188402-6EE7-4022-8868-AB25173A3E14} -> Spyware.BargainBuddy : Cleaned with backup
HKU\S-1-5-21-2048788630-1870829006-1353650736-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DDFFA75A-E81D-4454-89FC-B9FD0631E726} -> Spyware.VX2 : Cleaned with backup
HKU\S-1-5-21-2048788630-1870829006-1353650736-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F4E04583-354E-4076-BE7D-ED6A80FD66DA} -> Spyware.BargainBuddy : Cleaned with backup
HKU\S-1-5-21-2048788630-1870829006-1353650736-1006\Software\msbb -> Spyware.180Solutions : Cleaned with backup
C:\Documents and Settings\Sonya\Cookies\sonya@2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Sonya\Cookies\sonya@a.tribalfusion[1].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\Sonya\Cookies\sonya@ad.yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Sonya\Cookies\sonya@ad1.clickhype[1].txt -> Spyware.Cookie.Clickhype : Cleaned with backup
C:\Documents and Settings\Sonya\Cookies\sonya@adopt.specificclick[2].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Sonya\Cookies\sonya@adorigin[2].txt -> Spyware.Cookie.Adorigin : Cleaned with backup
C:\Documents and Settings\Sonya\Cookies\sonya@ads.addynamix[2].txt -> Spyware.Cookie.Addynamix : Cleaned with backup
C:\Documents and Settings\Sonya\Cookies\sonya@as-us.falkag[2].txt -> Spyware.Cookie.Falkag : Cleaned with backup
C:\Documents and Settings\Sonya\Cookies\sonya@bs.serving-sys[2].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\Sonya\Cookies\sonya@burstnet[2].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Sonya\Cookies\sonya@casalemedia[1].txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\Sonya\Cookies\sonya@centrport[1].txt -> Spyware.Cookie.Centrport : Cleaned with backup
C:\Documents and Settings\Sonya\Cookies\sonya@citi.bridgetrack[2].txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
C:\Documents and Settings\Sonya\Cookies\sonya@com[1].txt -> Spyware.Cookie.Com : Cleaned with backup
C:\Documents and Settings\Sonya\Cookies\sonya@e-2dj6wfkyanajgfq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Sonya\Cookies\sonya@edge.ru4[2].txt -> Spyware.Cookie.Ru4 : Cleaned with backup
C:\Documents and Settings\Sonya\Cookies\sonya@entrepreneur.122.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Sonya\Cookies\sonya@hypertracker[1].txt -> Spyware.Cookie.Hypertracker : Cleaned with backup
C:\Documents and Settings\Sonya\Cookies\sonya@image.masterstats[1].txt -> Spyware.Cookie.Masterstats : Cleaned with backup
C:\Documents and Settings\Sonya\Cookies\sonya@microsofteup.112.2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Sonya\Cookies\sonya@overture[2].txt -> Spyware.Cookie.Overture : Cleaned with backup
C:\Documents and Settings\Sonya\Cookies\sonya@perf.overture[1].txt -> Spyware.Cookie.Overture : Cleaned with backup
C:\Documents and Settings\Sonya\Cookies\sonya@qksrv[2].txt -> Spyware.Cookie.Qksrv : Cleaned with backup
C:\Documents and Settings\Sonya\Cookies\sonya@questionmarket[1].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Sonya\Cookies\sonya@sento.122.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Sonya\Cookies\sonya@server.iad.liveperson[1].txt -> Spyware.Cookie.Liveperson : Cleaned with backup
C:\Documents and Settings\Sonya\Cookies\sonya@serving-sys[1].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\Sonya\Cookies\sonya@site.x10[1].txt -> Spyware.Cookie.X10 : Cleaned with backup
C:\Documents and Settings\Sonya\Cookies\sonya@statcounter[2].txt -> Spyware.Cookie.Statcounter : Cleaned with backup
C:\Documents and Settings\Sonya\Cookies\sonya@tradedoubler[1].txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
C:\Documents and Settings\Sonya\Cookies\sonya@trafficmp[1].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\Sonya\Cookies\sonya@tribalfusion[1].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\Sonya\Cookies\sonya@www.burstbeacon[2].txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
C:\Documents and Settings\Sonya\Cookies\sonya@www.burstnet[1].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Sonya\Cookies\sonya@yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Sonya\Cookies\sonya@z1.adserver[1].txt -> Spyware.Cookie.Adserver : Cleaned with backup
C:\Documents and Settings\Sonya\Local Settings\Application Data\Wildtangent\Cdacache\00\00\0F.dat/files\wtvh.dll -> Spyware.WildTangent : Cleaned with backup
C:\Documents and Settings\Sonya\Local Settings\Application Data\Wildtangent\Cdacache\00\00\20.dat/files\wtvh.dll -> Spyware.WildTangent : Error during cleaning
C:\Documents and Settings\Sonya\Local Settings\Temp\Cookies\sonya@a.tribalfusion[2].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\Sonya\Local Settings\Temp\Cookies\sonya@ad.yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Sonya\Local Settings\Temp\Cookies\sonya@adopt.euroclick[1].txt -> Spyware.Cookie.Euroclick : Cleaned with backup
C:\Documents and Settings\Sonya\Local Settings\Temp\Cookies\sonya@adorigin[2].txt -> Spyware.Cookie.Adorigin : Cleaned with backup
C:\Documents and Settings\Sonya\Local Settings\Temp\Cookies\sonya@com[2].txt -> Spyware.Cookie.Com : Cleaned with backup
C:\Documents and Settings\Sonya\Local Settings\Temp\Cookies\sonya@hypertracker[1].txt -> Spyware.Cookie.Hypertracker : Cleaned with backup
C:\Documents and Settings\Sonya\Local Settings\Temp\Cookies\sonya@paypopup[1].txt -> Spyware.Cookie.Paypopup : Cleaned with backup
C:\Documents and Settings\Sonya\Local Settings\Temp\Cookies\sonya@sales.liveperson[2].txt -> Spyware.Cookie.Liveperson : Cleaned with backup
C:\Documents and Settings\Sonya\Local Settings\Temp\update_1.exe -> Spyware.WinFetcher.c : Cleaned with backup
C:\Program Files\Common Files\uufi\uufid\uufic.dll -> Downloader.Small : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\popcaploader.dll -> Not-A-Virus.PornWare.PopCap.b : Cleaned with backup
C:\WINDOWS\system32\b3s.dll -> Adware.eZula : Cleaned with backup
C:\WINDOWS\system32\BO2802040113.dll -> Spyware.BargainBuddy : Cleaned with backup
C:\WINDOWS\wt\wtvh.dll -> Spyware.WildTangent : Cleaned with backup


::Report End

websearch popups still come up

jenya

Logfile of HijackThis v1.99.1
Scan saved at 7:40:42 PM, on 12/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Sonya\My Documents\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar Search - res://c:\program files\aol\aol toolbar 2.0\aoltbhtml.dll/search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01118400-3E00-11D2-8470-0060089874ED} (SdcNetCheckCtl Class) - http://activex.microsoft.com/objects/ocget.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {78AEEDE8-7345-4FB5-A8FE-4BFF16EF25FC} (McAfee Virtual Technician Control Class) - http://us-download.mcafee.com/products/protected/mvt/mvt.cab
O16 - DPF: {9F6D8A59-DD92-499D-944A-38FDB2CE46FF} (Napster download control v2.0) - http://sms.napster.com/client/plugin/npdownload.cab
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.webshots.com/html/WSPhotoUploader.CAB
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_games/popcap/bejeweled2/popcaploader_v6.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4642/mcfscan.cab
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

Trogan

Your log is clean so there isn't anything malicious.


Have you got a popup blocker? Use SP2 popup blocker or use google's toolbar which is really good. Let me know if you need more help.


Please visit at least two of the following sites for an online virus scan: Post the results of any files that cannot be removed

BitDefender Free Online Virus Scan
http://www.bitdefender.com/scan/licence.php
Make sure you tick AutoClean under Scan Options.

Panda ActiveScan
http://www.pandasoftware.com/activescan/com/activescan_principal.htm
Make sure you tick Disinfect automatically under Scan Options.

Housecall at TrendMicro
http://housecall.trendmicro.com/housecall/start_corp.asp
Make sure you tick Auto Clean.

eTrust Antivirus Web Scanner
http://www3.ca.com/securityadvisor/virusinfo/scan.aspx

jenya

Wildtangent was not removed

jenya

BitDefender Online Scanner



Scan report generated at: Sun, Dec 11, 2005 - 21:43:09





Scan path: A:\;C:\;D:\;E:\;







Statistics

Time
01:27:39

Files
376939

Folders
3543

Boot Sectors
2

Archives
7402

Packed Files
44621




Results

Identified Viruses
5

Infected Files
8

Suspect Files
4

Warnings
0

Disinfected
0

Deleted Files
12




Engines Info

Virus Definitions
242852

Engine build
AVCORE v1.0 (build 2292) (i386) (Mar 3 2005 11:57:29)

Scan plugins
13

Archive plugins
39

Unpack plugins
4

E-mail plugins
6

System plugins
1




Scan Settings

First Action
Disinfect

Second Action
Delete

Heuristics
Yes

Enable Warnings
Yes

Scanned Extensions
*;

Exclude Extensions


Scan Emails
Yes

Scan Archives
Yes

Scan Packed
Yes

Scan Files
Yes

Scan Boot
Yes




Scanned File
Status

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\CG3E0K1O\adtech2006[1].exe
Infected with: Trojan.Clicker.VB.A

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\CG3E0K1O\adtech2006[1].exe
Disinfection failed

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\CG3E0K1O\adtech2006[1].exe
Deleted

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\O68A6S82\inst_0004[1].exe
Suspected of: Trojan.Downloader.Small.Gen

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\O68A6S82\inst_0004[1].exe
Disinfection failed

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\O68A6S82\inst_0004[1].exe
Deleted

C:\Documents and Settings\Sonya\Local Settings\Temp\Temporary Internet Files\Content.IE5\4XEVC1EN\script[1].htm
Infected with: Exploit.Html.MhtRedir.Gen

C:\Documents and Settings\Sonya\Local Settings\Temp\Temporary Internet Files\Content.IE5\4XEVC1EN\script[1].htm
Disinfection failed

C:\Documents and Settings\Sonya\Local Settings\Temp\Temporary Internet Files\Content.IE5\4XEVC1EN\script[1].htm
Deleted

C:\Documents and Settings\Sonya\Local Settings\Temp\Temporary Internet Files\Content.IE5\CLY701M3\download[1].htm
Infected with: Exploit.Html.Codebase.Exec.Gen

C:\Documents and Settings\Sonya\Local Settings\Temp\Temporary Internet Files\Content.IE5\CLY701M3\download[1].htm
Disinfection failed

C:\Documents and Settings\Sonya\Local Settings\Temp\Temporary Internet Files\Content.IE5\CLY701M3\download[1].htm
Deleted

C:\Documents and Settings\Sonya\Local Settings\Temp\Temporary Internet Files\Content.IE5\GLAVWHMB\download[1].htm
Infected with: Exploit.Html.Codebase.Exec.Gen

C:\Documents and Settings\Sonya\Local Settings\Temp\Temporary Internet Files\Content.IE5\GLAVWHMB\download[1].htm
Disinfection failed

C:\Documents and Settings\Sonya\Local Settings\Temp\Temporary Internet Files\Content.IE5\GLAVWHMB\download[1].htm
Deleted

C:\Documents and Settings\Sonya\Local Settings\Temp\Temporary Internet Files\Content.IE5\KNH3MIRH\download[1].htm
Infected with: Exploit.Html.Codebase.Exec.Gen

C:\Documents and Settings\Sonya\Local Settings\Temp\Temporary Internet Files\Content.IE5\KNH3MIRH\download[1].htm
Disinfection failed

C:\Documents and Settings\Sonya\Local Settings\Temp\Temporary Internet Files\Content.IE5\KNH3MIRH\download[1].htm
Deleted

C:\inst_0004.exe
Suspected of: Trojan.Downloader.Small.Gen

C:\inst_0004.exe
Disinfection failed

C:\inst_0004.exe
Deleted

C:\Program Files\AIM\Sysfiles\WxBug.EXE=>wise0008
Detected with: Adware.Wheaterbug.A

C:\Program Files\AIM\Sysfiles\WxBug.EXE=>wise0008
Disinfection failed

C:\Program Files\AIM\Sysfiles\WxBug.EXE=>wise0008
Deleted

C:\Program Files\AIM\Sysfiles\WxBug.EXE
Update failed

C:\System Volume Information\_restore{71B97C12-EC10-4894-8ED5-846F6C84364E}\RP582\A0030232.exe
Infected with: Trojan.Clicker.VB.A

C:\System Volume Information\_restore{71B97C12-EC10-4894-8ED5-846F6C84364E}\RP582\A0030232.exe
Disinfection failed

C:\System Volume Information\_restore{71B97C12-EC10-4894-8ED5-846F6C84364E}\RP582\A0030232.exe
Deleted

C:\System Volume Information\_restore{71B97C12-EC10-4894-8ED5-846F6C84364E}\RP582\A0030235.dll
Infected with: Trojan.Dropper.Small.GV

C:\System Volume Information\_restore{71B97C12-EC10-4894-8ED5-846F6C84364E}\RP582\A0030235.dll
Disinfection failed

C:\System Volume Information\_restore{71B97C12-EC10-4894-8ED5-846F6C84364E}\RP582\A0030235.dll
Deleted

C:\System Volume Information\_restore{71B97C12-EC10-4894-8ED5-846F6C84364E}\RP582\A0030241.exe
Suspected of: Trojan.Downloader.Small.Gen

C:\System Volume Information\_restore{71B97C12-EC10-4894-8ED5-846F6C84364E}\RP582\A0030241.exe
Disinfection failed

C:\System Volume Information\_restore{71B97C12-EC10-4894-8ED5-846F6C84364E}\RP582\A0030241.exe
Deleted

C:\WINDOWS\system32\Macromed\Shockwave 10\Download.exe
Suspected of: BehavesLike:Trojan.Downloader

C:\WINDOWS\system32\Macromed\Shockwave 10\Download.exe
Disinfection failed

C:\WINDOWS\system32\Macromed\Shockwave 10\Download.exe
Deleted

jenya

found
IS-RC7P0.EXE-02235F1B.pf

jenya

:shakehead
Also found
IS-RC7P0.EXE-02235F1B.pf
Thank you for your help

Trogan

You can delete that file


How are things now?

jenya

Hello,
I posted my results. Computer is slow as ever with websearch and Registry Cleaner

jenya

I have this report from Panda (it said that I have 4 viruses :shakehead :shakehead )


Incident Status Location

Adware:adware/sahagent Not disinfected C:\Documents and Settings\Sonya\Local Settings\Temp\bundletracking.asp
Adware:adware/virtualbouncer Not disinfected C:\WINDOWS\SYSTEM32\INNERADINSTALL.LOG
Adware:adware/sqwire Not disinfected C:\WINDOWS\SYSTEM32\tsuninst.exe
Spyware:spyware/betterinet Not disinfected C:\WINDOWS\INF\biini.inf
Adware:adware/dollarrevenue Not disinfected C:\WINDOWS\drsmartload.dat
Adware:adware/popupsandbannersNot disinfected C:\WINDOWS\teller2.chk
Adware:adware/addestroyer Not disinfected C:\Documents and Settings\Sonya\Start Menu\Programs\AdDestroyer
Adware:adware/sidesearch Not disinfected C:\PROGRAM FILES\Lycos
Adware:adware/searchresults Not disinfected C:\PROGRAM FILES\QL
Adware:adware/toprebates Not disinfected C:\PROGRAM FILES\WebSavingsfromEbates
Adware:adware/twain-tech Not disinfected C:\Documents and Settings\Sonya\Local Settings\Temp\THI14A4.tmp
Adware:adware/ncase Not disinfected C:\TEMP\FLEOK
Adware:adware/wintools Not disinfected C:\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PROGRAMS\Web Search Tools
Adware:adware/blazefind Not disinfected Windows Registry
Virus:Trj/Downloader.GRN Not disinfected C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\7L3TO967\ltndmain[1].dll
Virus:Trj/Moli.AX Not disinfected C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\CG3E0K1O\ltndload[1].dll
Adware:Adware/Transponder Not disinfected C:\Documents and Settings\Sonya\Local Settings\Temp\polmx2.inf
Virus:W32/Gaobot.batch Not disinfected C:\Documents and Settings\Sonya\Local Settings\Temp\r.bat
Adware:Adware/SAHAgent Not disinfected C:\Documents and Settings\Sonya\Local Settings\Temp\SahUpdate\xmltok_.dll
Adware:Adware/IST.YourSiteBar Not disinfected C:\Documents and Settings\Sonya\Local Settings\Temp\Temporary Internet Files\Content.IE5\SHA7G5Q7\CA4H2NK1.HTM
Spyware:Spyware/BetterInet Not disinfected C:\WINDOWS\inf\biini.inf
Adware:Adware/Transponder Not disinfected C:\WINDOWS\inf\polmx2.inf
Virus:Trj/Moli.AX Not disinfected C:\WINDOWS\system32\04ug0i7k.dll
Adware:Adware/Sqwire Not disinfected C:\WINDOWS\system32\tsuninst.exe

Trogan

Update Ad-Aware, SpyBot and Ewido...don't run any scan yet.
--


Clear out your Temporary internet files and other temp files.
Go to Start > Settings > Control Panel >Internet Options.
Under the General tab click the Delete temporary internet files,
delete all Offline content as well. Clear out Cookies.

Also, go to Start > Find/search > Files or folders > in the named box, type: *.tmp and choose Edit > select all -> File > delete.

Empty/delete the entire contents of the C:\Windows\temp folder and C:\temp folder, if you have one. (Contents but not the folder itself.)

C:\Documents and Settings\username\Local Settings\Temp\

In order to view these files you may have to select 'show hidden files/folders.' Instructions on how to here.

Empty the Recycle Bin.
--


Go into Safe Mode - explained here


When in Safe Mode, scan with Ad-Aware, SpyBot and Ewido.


Reboot back into Normal Mode and scan with Panda Again...post a new HJT log please

jenya

under
C:\Documents and Settings\username\Local Settings\Temp\

there are folders and files
should I delet folders as well, such as Temporary Internet Folders?
also under the C:\Windows\temp folder and C:\temp there are folders. Should I delet them?
Thank you for your help! Happy New Year!

Trogan

Yeah, you can delete everything inside the TEMP folders but don't delete the TEMP themselves.


Happy New Year!