Spysheriff infection along with other spyware

Unknown · December 2005

Hello,

And bless you all for having this forum for us to find the help we so desperately need.
I have been using Foxfire as a browser for a bit over a year now with no problems. My Son is now home from the military and he went on line using IE and of course to a porn site. I am now so infested with I believe multiple infestations. I have run Ad-aware and Spybot (updated both) and then got a HJT file log to post here. Any help would surely be appreciated.

Thank you so very much,
Judy

P.S. I pray I have done this right. please forgive me if I have not. let me know what I need to change if any. Thank you again.

Logfile of HijackThis v1.99.0
Scan saved at 9:21:35 AM, on 12/29/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\popcorn72.exe
C:\winstall.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Messenger\msmsgs.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\ScsiAccess.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\J. McKown\Start Menu\Programs\HJT\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\SpySheriff\SpySheriff.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr6/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = C:\WINDOWS\system32\msblank.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr6/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr6/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr6/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr6/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: (no name) - {0DCDBA21-DB11-2AD1-9533-E28FFCB3202C} - dePloy.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\Scansoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [sound64] xxtoolbar.exe
O4 - HKLM\..\Run: [EXE32EXE] Testimonials.exe
O4 - HKLM\..\Run: [ControlPanel] C:\WINDOWS\system32\popcorn72.exe rundll.dll,LoadMouseProfile
O4 - HKLM\..\Run: [McRegWiz] c:\PROGRA~1\mcafee.com\agent\mcregwiz.exe /autorun
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5
O4 - HKCU\..\Run: [Narnia ScreenMate] "C:\Program Files\Narnia ScreenMate\Narnia ScreenMate.exe" -r
O4 - HKCU\..\Run: [UnSpyPC] "C:\Program Files\UnSpyPC\UnSpyPC.exe"
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - HKCU\..\Run: [SpySheriff] C:\Program Files\SpySheriff\SpySheriff.exe
O4 - HKCU\..\Run: [panel_its] WinInitDll.exe
O4 - HKCU\..\Run: [stuffmon] keybdll.exe
O4 - HKCU\..\Run: [FLKPT] DTOURS.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Scan and protect your PC - {BF69DF00-4734-477F-8257-27CD04F88779} - C:\Program Files\UnSpyPC\UnSpyPC.exe (HKCU)
O9 - Extra 'Tools' menuitem: Scan and protect your PC - {BF69DF00-4734-477F-8257-27CD04F88779} - C:\Program Files\UnSpyPC\UnSpyPC.exe (HKCU)
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{800F89A7-80B6-44A8-83DC-980C538FFC41}: NameServer = 85.255.114.5,85.255.112.110
O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AOL Connectivity Service - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield - Unknown - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Intel NCS NetService - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ScsiAccess - Unknown - C:\WINDOWS\system32\ScsiAccess.EXE
O23 - Service: WAN Miniport (ATW) Service - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Thank you so very much for your quick response. Here is the file I got from FixWareout.
Check for missing files
.....
C:\WINDOWS\system32\AUTOEXEC.NT not there
.....
End check for missing files
.....
VXD Check
REGEDIT4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\VirtualDeviceDrivers]
"VDD"=hex(7):00
.....
End vxd check
.....
please post this at the forum

this is the new HJT file log

Logfile of HijackThis v1.99.0
Scan saved at 12:49:15 PM, on 12/29/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\popcorn72.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
C:\WINDOWS\system32\dial32.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\ScsiAccess.EXE
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Documents and Settings\J. McKown\Start Menu\Programs\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr6/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = C:\WINDOWS\system32\msblank.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr6/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr6/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr6/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr6/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\Scansoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [ControlPanel] C:\WINDOWS\system32\popcorn72.exe rundll.dll,LoadMouseProfile
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5
O4 - HKCU\..\Run: [Narnia ScreenMate] "C:\Program Files\Narnia ScreenMate\Narnia ScreenMate.exe" -r
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AOL Connectivity Service - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Intel NCS NetService - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ScsiAccess - Unknown - C:\WINDOWS\system32\ScsiAccess.EXE
O23 - Service: WAN Miniport (ATW) Service - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

SpywareShooter · December 2005

[STEP 1] Fix HijackThis Entries:

Fix the following entries with HijackThis by placing checkmarks in the boxes next to them and clicking "Fix Checked".

R3 - URLSearchHook: (no name) - {0DCDBA21-DB11-2AD1-9533-E28FFCB3202C} - dePloy.dll (file missing)
O4 - HKLM\..\Run: [sound64] xxtoolbar.exe
O4 - HKLM\..\Run: [EXE32EXE] Testimonials.exe
O4 - HKLM\..\Run: [ControlPanel] C:\WINDOWS\system32\popcorn72.exe rundll.dll,LoadMouseProfile
O4 - HKCU\..\Run: [UnSpyPC] "C:\Program Files\UnSpyPC\UnSpyPC.exe"
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - HKCU\..\Run: [SpySheriff] C:\Program Files\SpySheriff\SpySheriff.exe
O4 - HKCU\..\Run: [panel_its] WinInitDll.exe
O4 - HKCU\..\Run: [stuffmon] keybdll.exe
O4 - HKCU\..\Run: [FLKPT] DTOURS.exe
O9 - Extra button: Scan and protect your PC - {BF69DF00-4734-477F-8257-27CD04F88779} - C:\Program Files\UnSpyPC\UnSpyPC.exe (HKCU)
O9 - Extra 'Tools' menuitem: Scan and protect your PC - {BF69DF00-4734-477F-8257-27CD04F88779} - C:\Program Files\UnSpyPC\UnSpyPC.exe (HKCU)
O17 - HKLM\System\CCS\Services\Tcpip\..\{800F89A7-80B6-44A8-83DC-980C538FFC41}: NameServer = 85.255.114.5,85.255.112.110

[STEP 2] Remove Malicious Files:

Locate the following files using Windows Explorer (the My Computer icon or shortcut) and delete them from your computer.

xxtoolbar.exe
Testimonials.exe
C:\WINDOWS\system32\popcorn72.exe
C:\winstall.exe
WinInitDll.exe
keybdll.exe
DTOURS.exe

[STEP 3] Remove Malicious Folders:

Locate the following folders using Windows Explorer (the My Computer icon or shortcut) and delete them from your computer.

C:\Program Files\UnSpyPC\
C:\Program Files\SpySheriff\

[STEP 4]Run Additional Tools:

Your computer is infected with a malicious piece of software known as "WareOut". Removal of this software is much easier with a tool created just for WareOut removal. Please download FixWareout from the link below to your desktop and post the log it gives.:

http://downloads.subratam.org/Fixwareout.exe

[STEP 5]Report Back to us:

Once you have followed all of the steps above please reboot your computer and post a new HijackThis log.

Nsuchneed · December 2005

Thank you for such a quick reply. I printed and followed your instructions.

Thank you so very much for your quick response. Here is the file I got from FixWareout.
Check for missing files
.....
C:\WINDOWS\system32\AUTOEXEC.NT not there
.....
End check for missing files
.....
VXD Check
REGEDIT4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\VirtualDeviceDrivers]
"VDD"=hex(7):00
.....
End vxd check
.....
please post this at the forum

this is the new HJT file log

Logfile of HijackThis v1.99.0
Scan saved at 12:49:15 PM, on 12/29/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\popcorn72.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
C:\WINDOWS\system32\dial32.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\ScsiAccess.EXE
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Documents and Settings\J. McKown\Start Menu\Programs\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = C:\WINDOWS\system32\msblank.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...ch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\Scansoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [ControlPanel] C:\WINDOWS\system32\popcorn72.exe rundll.dll,LoadMouseProfile
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5
O4 - HKCU\..\Run: [Narnia ScreenMate] "C:\Program Files\Narnia ScreenMate\Narnia ScreenMate.exe" -r
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AOL Connectivity Service - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Intel NCS NetService - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ScsiAccess - Unknown - C:\WINDOWS\system32\ScsiAccess.EXE
O23 - Service: WAN Miniport (ATW) Service - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Nsuchneed · January 2006

I want to thank you very much for the help you have given me. I was able to get rid of all the constant pop ups. I still had a problem with the inability to change my desktop image, it was as though I it was locked. I did get that fixed this morning after running Ad-aware and spybot once again. I restarted my computer and noticed I still have one popup to the right of the screen, it has 6 boxes to it, when putting your cursor over any of the boxes you get a drop down menu, here are the selections from that drop down menu from each box. I sure hope you can help me get rid of this.

XXX Pics&Video

"Find singles, couple and group action
Free Adult Chat Room. Meet horny girls
Live XXX video chat with naked girls
Girls who want to chat do naughty things
XXX video and pictures.
Dirty teens who want to **** now!
Sex Toys only for over 18 years old
Young girls waiting for sex with you
Thousands of sexy member photos "

"Casino

Largest online casino. High payout
Play and chat with live people
Get welcome $1000 bonus now
The best casino on the web
Blackjack, Roulette, Slots and more
Play for real or for Free. 100% Bonus
Play poker with thousands of others
Most popular poker room on the net
Enjoy all your favorite games!

Pharmacy

Link to low cost pills. No hidden fees
Tramadol no prior prescription needed
Viagra, free consultation & bonus pills!
Cialis online for affordable prices
New Super VIAGRA at half price
Powerful Diet Drug At Half Price!
Phentermine is the best diet pills!
Discount Prices on Cialis
Order pills without leaving home!

Spyware

Instantly detect, remove & prevent
PC protection in under 2 minutes!
Rid your computer of spyware/adware
Search and destroy annoying adware
Check your computer for dangerous Spyware
Stop Popups, protect your homepage
Protect your computer from spy soft
Remove all viruses from your PC
Easy detect & uninstall malicious software

Insurance

Save big money on insurance!
Cheap insurance in 3 simple steps
Get insurance rates and quotes
Quickly compare rates online. FREE!
Cheap & affordable auto insurance
Save time & money. Get quotes now
Get auto insurance quotes online
Save money on online car insurance
Car Insurance: Very Cheap

Meet Sexy Girls

XXX photos of real sexy girls
Millions singles looking for sex
Adult dating with video chat
SexDating - girls looking for sex
Sign up today & get laid tonight!
Chat with horny girls right now
Read profiles and chat for free
No Fees, Free adult dating site
Meet girls who want to get laid

I created another HJT log and here it is, if anyone can find what this is and help me to rid my computer of it, I would surely be appreciative. Anything else that should not be on my computer I will be happy to get rid of also. Thank you again for your time and efforts on my behalf.

Judy

Logfile of HijackThis v1.99.0
Scan saved at 1:57:58 PM, on 1/1/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\ScsiAccess.EXE
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\J. McKown\Start Menu\Programs\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr6/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr6/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr6/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr6/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\Scansoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Narnia ScreenMate] "C:\Program Files\Narnia ScreenMate\Narnia ScreenMate.exe" -r
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AOL Connectivity Service - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Intel NCS NetService - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ScsiAccess - Unknown - C:\WINDOWS\system32\ScsiAccess.EXE
O23 - Service: WAN Miniport (ATW) Service - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Crunchie · January 2006

I have merged your threads together. Please respond in this thread only

.

Please read these instructions carefully and print them out! Be sure to follow ALL instructions!

Download smitRem.zip and save the file to your desktop.
Can also be downloaded from here; http://www.downloads.subratam.org/smitRem.exe
Right click on the file and extract it to it's own folder on the desktop.

Place a shortcut to Panda ActiveScan on your desktop.

Please download the trial version of Ewido Security Suite here:
http://www.ewido.net/en/download/

Please read Ewido Setup Instructions
Install it, and update the definitions to the newest files. Do NOT run a scan yet.

If you have not already installed Ad-Aware SE 1.06, follow these download and setup instructions, otherwise, check for updates:
Ad-Aware SE Setup
Don't run it yet!

Next, please reboot your computer in SafeMode by doing the following:

Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
Instead of Windows loading as normal, a menu should appear
Select the first option, to run Windows in Safe Mode.

Now scan with HJT and place a checkmark next to each of the following items:

===================================================
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
===================================================

Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.
Wait for the tool to complete and disk cleanup to finish.

The tool will create a log named smitfiles.txt in the root of your drive, eg; Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.

Open Ad-aware and do a full scan. Remove all it finds.

Run Ewido:

Click on scanner
Click Complete System Scan and the scan will begin.
During the scan it will prompt you to clean files, click OK
When it asks if you want to clean the first file, put a check in the lower left corner of the box that says "Perform action on all infections" then choose clean and click OK.
When the scan is finished, click the Save report button at the bottom of the screen.
Save the report to your desktop

Close Ewido

Next go to Control Panel click Display > Desktop > Customize Desktop > Website > Uncheck "Security Info" if present.

Reboot back into Windows and click the Panda ActiveScan shortcut, then do a full system scan. Make sure the autoclean box is checked!
Save the scan log and post it along with a new HijackThis Log, the contents of the smitfiles.txt log and the Ewido Log by using Add Reply.
Let us know if any problems persist.

Nsuchneed · January 2006

Wow, you guys are amazing. Thank you again for such a speedy response. Thank you so much, I no longer have that pop up at startup. I do not use IE for a browser and was unable to get the Panda ActiveScan program as requested. I got a message that my browser was incompatible. I did however do all other steps and here are the log files.

Logfile of HijackThis v1.99.0
Scan saved at 8:57:00 PM, on 1/1/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\ScsiAccess.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Documents and Settings\J. McKown\Start Menu\Programs\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\Scansoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Narnia ScreenMate] "C:\Program Files\Narnia ScreenMate\Narnia ScreenMate.exe" -r
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AOL Connectivity Service - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: Intel NCS NetService - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ScsiAccess - Unknown - C:\WINDOWS\system32\ScsiAccess.EXE
O23 - Service: WAN Miniport (ATW) Service - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

ewido anti-malware - Scan report

+ Created on: 8:51:08 PM, 1/1/2006
+ Report-Checksum: CC359867

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA} -> Spyware.MyWebSearch : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{6C8DBEC0-8052-11d5-A9D5-00500413153C} -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\SearchRelevancy -> Spyware.SearchRelevancy : Cleaned with backup
HKU\S-1-5-21-2234343254-1250956537-3829951050-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000EF1-0786-4633-87C6-1AA7A44296DA} -> Spyware.FavoriteMan : Cleaned with backup
HKU\S-1-5-21-2234343254-1250956537-3829951050-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} -> Spyware.MyWebSearch : Cleaned with backup
HKU\S-1-5-21-2234343254-1250956537-3829951050-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA} -> Spyware.MyWebSearch : Cleaned with backup
HKU\S-1-5-21-2234343254-1250956537-3829951050-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{08BEC6AA-49FC-4379-3587-4B21E286C19E} -> Spyware.SBSoft : Cleaned with backup
HKU\S-1-5-21-2234343254-1250956537-3829951050-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -> Spyware.PopularScreensavers : Cleaned with backup
[188] VM_00D60000 -> Downloader.Agent.uj : Error during cleaning
[212] VM_00BF0000 -> Downloader.Agent.uj : Error during cleaning
[1584] VM_009D0000 -> Downloader.Agent.uj : Error during cleaning
:mozilla.11:C:\Documents and Settings\J. McKown\Application Data\Mozilla\Firefox\Profiles\w70acos5.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.12:C:\Documents and Settings\J. McKown\Application Data\Mozilla\Firefox\Profiles\w70acos5.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.13:C:\Documents and Settings\J. McKown\Application Data\Mozilla\Firefox\Profiles\w70acos5.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.14:C:\Documents and Settings\J. McKown\Application Data\Mozilla\Firefox\Profiles\w70acos5.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.15:C:\Documents and Settings\J. McKown\Application Data\Mozilla\Firefox\Profiles\w70acos5.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.16:C:\Documents and Settings\J. McKown\Application Data\Mozilla\Firefox\Profiles\w70acos5.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.17:C:\Documents and Settings\J. McKown\Application Data\Mozilla\Firefox\Profiles\w70acos5.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.18:C:\Documents and Settings\J. McKown\Application Data\Mozilla\Firefox\Profiles\w70acos5.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.19:C:\Documents and Settings\J. McKown\Application Data\Mozilla\Firefox\Profiles\w70acos5.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.20:C:\Documents and Settings\J. McKown\Application Data\Mozilla\Firefox\Profiles\w70acos5.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.21:C:\Documents and Settings\J. McKown\Application Data\Mozilla\Firefox\Profiles\w70acos5.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.22:C:\Documents and Settings\J. McKown\Application Data\Mozilla\Firefox\Profiles\w70acos5.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.23:C:\Documents and Settings\J. McKown\Application Data\Mozilla\Firefox\Profiles\w70acos5.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.24:C:\Documents and Settings\J. McKown\Application Data\Mozilla\Firefox\Profiles\w70acos5.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.25:C:\Documents and Settings\J. McKown\Application Data\Mozilla\Firefox\Profiles\w70acos5.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.26:C:\Documents and Settings\J. McKown\Application Data\Mozilla\Firefox\Profiles\w70acos5.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.27:C:\Documents and Settings\J. McKown\Application Data\Mozilla\Firefox\Profiles\w70acos5.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.28:C:\Documents and Settings\J. McKown\Application Data\Mozilla\Firefox\Profiles\w70acos5.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.29:C:\Documents and Settings\J. McKown\Application Data\Mozilla\Firefox\Profiles\w70acos5.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.30:C:\Documents and Settings\J. McKown\Application Data\Mozilla\Firefox\Profiles\w70acos5.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.31:C:\Documents and Settings\J. McKown\Application Data\Mozilla\Firefox\Profiles\w70acos5.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.32:C:\Documents and Settings\J. McKown\Application Data\Mozilla\Firefox\Profiles\w70acos5.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.33:C:\Documents and Settings\J. McKown\Application Data\Mozilla\Firefox\Profiles\w70acos5.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.34:C:\Documents and Settings\J. McKown\Application Data\Mozilla\Firefox\Profiles\w70acos5.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.35:C:\Documents and Settings\J. McKown\Application Data\Mozilla\Firefox\Profiles\w70acos5.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.36:C:\Documents and Settings\J. McKown\Application Data\Mozilla\Firefox\Profiles\w70acos5.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.37:C:\Documents and Settings\J. McKown\Application Data\Mozilla\Firefox\Profiles\w70acos5.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.38:C:\Documents and Settings\J. McKown\Application Data\Mozilla\Firefox\Profiles\w70acos5.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.39:C:\Documents and Settings\J. McKown\Application Data\Mozilla\Firefox\Profiles\w70acos5.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.40:C:\Documents and Settings\J. McKown\Application Data\Mozilla\Firefox\Profiles\w70acos5.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.41:C:\Documents and Settings\J. McKown\Application Data\Mozilla\Firefox\Profiles\w70acos5.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.42:C:\Documents and Settings\J. McKown\Application Data\Mozilla\Firefox\Profiles\w70acos5.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.43:C:\Documents and Settings\J. McKown\Application Data\Mozilla\Firefox\Profiles\w70acos5.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.44:C:\Documents and Settings\J. McKown\Application Data\Mozilla\Firefox\Profiles\w70acos5.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.45:C:\Documents and Settings\J. McKown\Application Data\Mozilla\Firefox\Profiles\w70acos5.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.46:C:\Documents and Settings\J. McKown\Application Data\Mozilla\Firefox\Profiles\w70acos5.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.47:C:\Documents and Settings\J. McKown\Application Data\Mozilla\Firefox\Profiles\w70acos5.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.48:C:\Documents and Settings\J. McKown\Application Data\Mozilla\Firefox\Profiles\w70acos5.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.49:C:\Documents and Settings\J. McKown\Application Data\Mozilla\Firefox\Profiles\w70acos5.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.50:C:\Documents and Settings\J. McKown\Application Data\Mozilla\Firefox\Profiles\w70acos5.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.51:C:\Documents and Settings\J. McKown\Application Data\Mozilla\Firefox\Profiles\w70acos5.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.52:C:\Documents and Settings\J. McKown\Application Data\Mozilla\Firefox\Profiles\w70acos5.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.53:C:\Documents and Settings\J. McKown\Application Data\Mozilla\Firefox\Profiles\w70acos5.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.54:C:\Documents and Settings\J. McKown\Application Data\Mozilla\Firefox\Profiles\w70acos5.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.55:C:\Documents and Settings\J. McKown\Application Data\Mozilla\Firefox\Profiles\w70acos5.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.56:C:\Documents and Settings\J. McKown\Application Data\Mozilla\Firefox\Profiles\w70acos5.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.57:C:\Documents and Settings\J. McKown\Application Data\Mozilla\Firefox\Profiles\w70acos5.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.58:C:\Documents and Settings\J. McKown\Application Data\Mozilla\Firefox\Profiles\w70acos5.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.59:C:\Documents and Settings\J. McKown\Application Data\Mozilla\Firefox\Profiles\w70acos5.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.60:C:\Documents and Settings\J. McKown\Application Data\Mozilla\Firefox\Profiles\w70acos5.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.73:C:\Documents and Settings\J. McKown\Application Data\Mozilla\Firefox\Profiles\w70acos5.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.77:C:\Documents and Settings\J. McKown\Application Data\Mozilla\Firefox\Profiles\w70acos5.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.78:C:\Documents and Settings\J. McKown\Application Data\Mozilla\Firefox\Profiles\w70acos5.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.79:C:\Documents and Settings\J. McKown\Application Data\Mozilla\Firefox\Profiles\w70acos5.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.80:C:\Documents and Settings\J. McKown\Application Data\Mozilla\Firefox\Profiles\w70acos5.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.81:C:\Documents and Settings\J. McKown\Application Data\Mozilla\Firefox\Profiles\w70acos5.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.82:C:\Documents and Settings\J. McKown\Application Data\Mozilla\Firefox\Profiles\w70acos5.default\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup
:mozilla.83:C:\Documents and Settings\J. McKown\Application Data\Mozilla\Firefox\Profiles\w70acos5.default\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup
:mozilla.115:C:\Documents and Settings\J. McKown\Application Data\Mozilla\Firefox\Profiles\w70acos5.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.116:C:\Documents and Settings\J. McKown\Application Data\Mozilla\Firefox\Profiles\w70acos5.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.117:C:\Documents and Settings\J. McKown\Application Data\Mozilla\Firefox\Profiles\w70acos5.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.118:C:\Documents and Settings\J. McKown\Application Data\Mozilla\Firefox\Profiles\w70acos5.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.119:C:\Documents and Settings\J. McKown\Application Data\Mozilla\Firefox\Profiles\w70acos5.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.120:C:\Documents and Settings\J. McKown\Application Data\Mozilla\Firefox\Profiles\w70acos5.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.137:C:\Documents and Settings\J. McKown\Application Data\Mozilla\Firefox\Profiles\w70acos5.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.138:C:\Documents and Settings\J. McKown\Application Data\Mozilla\Firefox\Profiles\w70acos5.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.142:C:\Documents and Settings\J. McKown\Application Data\Mozilla\Firefox\Profiles\w70acos5.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.143:C:\Documents and Settings\J. McKown\Application Data\Mozilla\Firefox\Profiles\w70acos5.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.144:C:\Documents and Settings\J. McKown\Application Data\Mozilla\Firefox\Profiles\w70acos5.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.145:C:\Documents and Settings\J. McKown\Application Data\Mozilla\Firefox\Profiles\w70acos5.default\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.146:C:\Documents and Settings\J. McKown\Application Data\Mozilla\Firefox\Profiles\w70acos5.default\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.147:C:\Documents and Settings\J. McKown\Application Data\Mozilla\Firefox\Profiles\w70acos5.default\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.156:C:\Documents and Settings\J. McKown\Application Data\Mozilla\Firefox\Profiles\w70acos5.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.163:C:\Documents and Settings\J. McKown\Application Data\Mozilla\Firefox\Profiles\w70acos5.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.164:C:\Documents and Settings\J. McKown\Application Data\Mozilla\Firefox\Profiles\w70acos5.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.174:C:\Documents and Settings\J. McKown\Application Data\Mozilla\Firefox\Profiles\w70acos5.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.175:C:\Documents and Settings\J. McKown\Application Data\Mozilla\Firefox\Profiles\w70acos5.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.176:C:\Documents and Settings\J. McKown\Application Data\Mozilla\Firefox\Profiles\w70acos5.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.177:C:\Documents and Settings\J. McKown\Application Data\Mozilla\Firefox\Profiles\w70acos5.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.178:C:\Documents and Settings\J. McKown\Application Data\Mozilla\Firefox\Profiles\w70acos5.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.179:C:\Documents and Settings\J. McKown\Application Data\Mozilla\Firefox\Profiles\w70acos5.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.208:C:\Documents and Settings\J. McKown\Application Data\Mozilla\Firefox\Profiles\w70acos5.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.209:C:\Documents and Settings\J. McKown\Application Data\Mozilla\Firefox\Profiles\w70acos5.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.210:C:\Documents and Settings\J. McKown\Application Data\Mozilla\Firefox\Profiles\w70acos5.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.211:C:\Documents and Settings\J. McKown\Application Data\Mozilla\Firefox\Profiles\w70acos5.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.212:C:\Documents and Settings\J. McKown\Application Data\Mozilla\Firefox\Profiles\w70acos5.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.213:C:\Documents and Settings\J. McKown\Application Data\Mozilla\Firefox\Profiles\w70acos5.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.214:C:\Documents and Settings\J. McKown\Application Data\Mozilla\Firefox\Profiles\w70acos5.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.215:C:\Documents and Settings\J. McKown\Application Data\Mozilla\Firefox\Profiles\w70acos5.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.228:C:\Documents and Settings\J. McKown\Application Data\Mozilla\Firefox\Profiles\w70acos5.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.229:C:\Documents and Settings\J. McKown\Application Data\Mozilla\Firefox\Profiles\w70acos5.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.360:C:\Documents and Settings\J. McKown\Application Data\Mozilla\Firefox\Profiles\w70acos5.default\cookies.txt -> Spyware.Cookie.Ivwbox : Cleaned with backup
:mozilla.411:C:\Documents and Settings\J. McKown\Application Data\Mozilla\Firefox\Profiles\w70acos5.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.439:C:\Documents and Settings\J. McKown\Application Data\Mozilla\Firefox\Profiles\w70acos5.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.440:C:\Documents and Settings\J. McKown\Application Data\Mozilla\Firefox\Profiles\w70acos5.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.446:C:\Documents and Settings\J. McKown\Application Data\Mozilla\Firefox\Profiles\w70acos5.default\cookies.txt -> Spyware.Cookie.Paycounter : Cleaned with backup
:mozilla.457:C:\Documents and Settings\J. McKown\Application Data\Mozilla\Firefox\Profiles\w70acos5.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.460:C:\Documents and Settings\J. McKown\Application Data\Mozilla\Firefox\Profiles\w70acos5.default\cookies.txt -> Spyware.Cookie.Qksrv : Cleaned with backup
:mozilla.461:C:\Documents and Settings\J. McKown\Application Data\Mozilla\Firefox\Profiles\w70acos5.default\cookies.txt -> Spyware.Cookie.Qksrv : Cleaned with backup
:mozilla.464:C:\Documents and Settings\J. McKown\Application Data\Mozilla\Firefox\Profiles\w70acos5.default\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.478:C:\Documents and Settings\J. McKown\Application Data\Mozilla\Firefox\Profiles\w70acos5.default\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
:mozilla.496:C:\Documents and Settings\J. McKown\Application Data\Mozilla\Firefox\Profiles\w70acos5.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.497:C:\Documents and Settings\J. McKown\Application Data\Mozilla\Firefox\Profiles\w70acos5.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.498:C:\Documents and Settings\J. McKown\Application Data\Mozilla\Firefox\Profiles\w70acos5.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.499:C:\Documents and Settings\J. McKown\Application Data\Mozilla\Firefox\Profiles\w70acos5.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.500:C:\Documents and Settings\J. McKown\Application Data\Mozilla\Firefox\Profiles\w70acos5.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.501:C:\Documents and Settings\J. McKown\Application Data\Mozilla\Firefox\Profiles\w70acos5.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.518:C:\Documents and Settings\J. McKown\Application Data\Mozilla\Firefox\Profiles\w70acos5.default\cookies.txt -> Spyware.Cookie.Spinbox : Cleaned with backup
:mozilla.521:C:\Documents and Settings\J. McKown\Application Data\Mozilla\Firefox\Profiles\w70acos5.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.522:C:\Documents and Settings\J. McKown\Application Data\Mozilla\Firefox\Profiles\w70acos5.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.523:C:\Documents and Settings\J. McKown\Application Data\Mozilla\Firefox\Profiles\w70acos5.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.524:C:\Documents and Settings\J. McKown\Application Data\Mozilla\Firefox\Profiles\w70acos5.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.551:C:\Documents and Settings\J. McKown\Application Data\Mozilla\Firefox\Profiles\w70acos5.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
:mozilla.552:C:\Documents and Settings\J. McKown\Application Data\Mozilla\Firefox\Profiles\w70acos5.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
:mozilla.553:C:\Documents and Settings\J. McKown\Application Data\Mozilla\Firefox\Profiles\w70acos5.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.557:C:\Documents and Settings\J. McKown\Application Data\Mozilla\Firefox\Profiles\w70acos5.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.564:C:\Documents and Settings\J. McKown\Application Data\Mozilla\Firefox\Profiles\w70acos5.default\cookies.txt -> Spyware.Cookie.Clickzs : Cleaned with backup
:mozilla.565:C:\Documents and Settings\J. McKown\Application Data\Mozilla\Firefox\Profiles\w70acos5.default\cookies.txt -> Spyware.Cookie.Clickzs : Cleaned with backup
:mozilla.604:C:\Documents and Settings\J. McKown\Application Data\Mozilla\Firefox\Profiles\w70acos5.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.605:C:\Documents and Settings\J. McKown\Application Data\Mozilla\Firefox\Profiles\w70acos5.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.606:C:\Documents and Settings\J. McKown\Application Data\Mozilla\Firefox\Profiles\w70acos5.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.607:C:\Documents and Settings\J. McKown\Application Data\Mozilla\Firefox\Profiles\w70acos5.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.608:C:\Documents and Settings\J. McKown\Application Data\Mozilla\Firefox\Profiles\w70acos5.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.609:C:\Documents and Settings\J. McKown\Application Data\Mozilla\Firefox\Profiles\w70acos5.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.625:C:\Documents and Settings\J. McKown\Application Data\Mozilla\Firefox\Profiles\w70acos5.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.626:C:\Documents and Settings\J. McKown\Application Data\Mozilla\Firefox\Profiles\w70acos5.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.627:C:\Documents and Settings\J. McKown\Application Data\Mozilla\Firefox\Profiles\w70acos5.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.628:C:\Documents and Settings\J. McKown\Application Data\Mozilla\Firefox\Profiles\w70acos5.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.629:C:\Documents and Settings\J. McKown\Application Data\Mozilla\Firefox\Profiles\w70acos5.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.648:C:\Documents and Settings\J. McKown\Application Data\Mozilla\Firefox\Profiles\w70acos5.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.649:C:\Documents and Settings\J. McKown\Application Data\Mozilla\Firefox\Profiles\w70acos5.default\cookies.txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
:mozilla.650:C:\Documents and Settings\J. McKown\Application Data\Mozilla\Firefox\Profiles\w70acos5.default\cookies.txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
:mozilla.728:C:\Documents and Settings\J. McKown\Application Data\Mozilla\Firefox\Profiles\w70acos5.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.729:C:\Documents and Settings\J. McKown\Application Data\Mozilla\Firefox\Profiles\w70acos5.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.730:C:\Documents and Settings\J. McKown\Application Data\Mozilla\Firefox\Profiles\w70acos5.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.731:C:\Documents and Settings\J. McKown\Application Data\Mozilla\Firefox\Profiles\w70acos5.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.732:C:\Documents and Settings\J. McKown\Application Data\Mozilla\Firefox\Profiles\w70acos5.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.736:C:\Documents and Settings\J. McKown\Application Data\Mozilla\Firefox\Profiles\w70acos5.default\cookies.txt -> Spyware.Cookie.Adjuggler : Cleaned with backup
:mozilla.766:C:\Documents and Settings\J. McKown\Application Data\Mozilla\Firefox\Profiles\w70acos5.default\cookies.txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
:mozilla.782:C:\Documents and Settings\J. McKown\Application Data\Mozilla\Firefox\Profiles\w70acos5.default\cookies.txt -> Spyware.Cookie.Directnetadvertising : Cleaned with backup
:mozilla.805:C:\Documents and Settings\J. McKown\Application Data\Mozilla\Firefox\Profiles\w70acos5.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.806:C:\Documents and Settings\J. McKown\Application Data\Mozilla\Firefox\Profiles\w70acos5.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.807:C:\Documents and Settings\J. McKown\Application Data\Mozilla\Firefox\Profiles\w70acos5.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.808:C:\Documents and Settings\J. McKown\Application Data\Mozilla\Firefox\Profiles\w70acos5.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.820:C:\Documents and Settings\J. McKown\Application Data\Mozilla\Firefox\Profiles\w70acos5.default\cookies.txt -> Spyware.Cookie.Myaffiliateprogram : Cleaned with backup
C:\Documents and Settings\J. McKown\Cookies\j. [email]mckown@ad.yieldmanager[1].txt[/email] -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\J. McKown\Cookies\j. [email]mckown@adopt.specificclick[2].txt[/email] -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\Documents and Settings\J. McKown\Cookies\j. [email]mckown@atdmt[2].txt[/email] -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\J. McKown\Cookies\j. [email]mckown@burstnet[2].txt[/email] -> Spyware.Cookie.Burstnet : Cleaned with backup
C:\Documents and Settings\J. McKown\Cookies\j. [email]mckown@com[1].txt[/email] -> Spyware.Cookie.Com : Cleaned with backup
C:\Documents and Settings\J. McKown\Cookies\j. [email]mckown@cz11.clickzs[1].txt[/email] -> Spyware.Cookie.Clickzs : Cleaned with backup
C:\Documents and Settings\J. McKown\Cookies\j. [email]mckown@e-2dj6wfkiqndjagp.stats.esomniture[1].txt[/email] -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\J. McKown\Cookies\j. [email]mckown@e-2dj6wfloqlc5ibo.stats.esomniture[2].txt[/email] -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\J. McKown\Cookies\j. [email]mckown@e-2dj6wfmyslcpwgp.stats.esomniture[1].txt[/email] -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\J. McKown\Cookies\j. [email]mckown@e-2dj6wgkyoldpgbo.stats.esomniture[2].txt[/email] -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\J. McKown\Cookies\j. [email]mckown@e-2dj6wjk4kgdjkgp.stats.esomniture[2].txt[/email] -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\J. McKown\Cookies\j. [email]mckown@e-2dj6wjk4qlazelp.stats.esomniture[2].txt[/email] -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\J. McKown\Cookies\j. [email]mckown@e-2dj6wjkogld5igq.stats.esomniture[2].txt[/email] -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\J. McKown\Cookies\j. [email]mckown@e-2dj6wjkoomcpsfo.stats.esomniture[2].txt[/email] -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\J. McKown\Cookies\j. [email]mckown@e-2dj6wjkougcpwcp.stats.esomniture[2].txt[/email] -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\J. McKown\Cookies\j. [email]mckown@e-2dj6wjl4qiazaeo.stats.esomniture[2].txt[/email] -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\J. McKown\Cookies\j. [email]mckown@e-2dj6wjliwgcjieo.stats.esomniture[2].txt[/email] -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\J. McKown\Cookies\j. [email]mckown@e-2dj6wjloaoazeeq.stats.esomniture[1].txt[/email] -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\J. McKown\Cookies\j. [email]mckown@e-2dj6wjmishajako.stats.esomniture[2].txt[/email] -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\J. McKown\Cookies\j. [email]mckown@e-2dj6wjny-1ndpah.stats.esomniture[2].txt[/email] -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\J. McKown\Cookies\j. [email]mckown@e-2dj6wjnyandzwfo.stats.esomniture[1].txt[/email] -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\J. McKown\Cookies\j. [email]mckown@e-2dj6wjnycldpieo.stats.esomniture[1].txt[/email] -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\J. McKown\Cookies\j. [email]mckown@e-2dj6wjnyemajkdo.stats.esomniture[1].txt[/email] -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\J. McKown\Cookies\j. [email]mckown@e-2dj6wjnyencpkeq.stats.esomniture[1].txt[/email] -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\J. McKown\Cookies\j. [email]mckown@e-2dj6wjnyeocpsfp.stats.esomniture[2].txt[/email] -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\J. McKown\Cookies\j. [email]mckown@e-2dj6wjnyepcpiho.stats.esomniture[2].txt[/email] -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\J. McKown\Cookies\j. [email]mckown@e-2dj6wjnygkajeco.stats.esomniture[2].txt[/email] -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\J. McKown\Cookies\j. [email]mckown@e-2dj6wjnyunazmdo.stats.esomniture[1].txt[/email] -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\J. McKown\Cookies\j. [email]mckown@e-2dj6wjnywpajwaq.stats.esomniture[2].txt[/email] -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\J. McKown\Cookies\j. [email]mckown@image.masterstats[1].txt[/email] -> Spyware.Cookie.Masterstats : Cleaned with backup
C:\Documents and Settings\J. McKown\Cookies\j. [email]mckown@msnportal.112.2o7[1].txt[/email] -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\J. McKown\Cookies\j. [email]mckown@paypopup[2].txt[/email] -> Spyware.Cookie.Paypopup : Cleaned with backup
C:\Documents and Settings\J. McKown\Cookies\j. [email]mckown@www.burstbeacon[1].txt[/email] -> Spyware.Cookie.Burstbeacon : Cleaned with backup
C:\Documents and Settings\J. McKown\Start Menu\Programs\HJT\backups\backup-20050129-101024-899.dll -> Downloader.Agent.bc : Cleaned with backup
C:\found.000\dir0001.chk\SmileyCentralFWBInitialSetup1.0.0.8-2[1].cab/f3Setup1.exe -> Dropper.FunWeb.a : Cleaned with backup
C:\ntdetect.hta -> Dropper.Inor.cj : Cleaned with backup
C:\Program Files\Common Files\lathleln\acflrphl\djdpbplr.exe -> Adware.Gator : Cleaned with backup
C:\Program Files\Common Files\lathleln\ldaltcchcp\lldnbljej.exe -> Adware.Gator : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000058.dll -> Spyware.SpywareNo : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000059.dll -> Adware.SpySheriff : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000060.exe -> Adware.SpySheriff : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0001014.dll -> Adware.SpySheriff : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP5\A0007629.exe -> Backdoor.Small.dc : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP5\A0007630.exe -> Backdoor.Small.dc : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP5\A0007631.exe -> Backdoor.Small.dc : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP5\A0007632.exe -> Backdoor.Small.dc : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP5\A0007633.exe -> Backdoor.Small.dc : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP5\A0007634.exe -> Backdoor.Small.dc : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP5\A0007635.exe -> Backdoor.Small.dc : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP5\A0007636.exe -> Backdoor.Small.dc : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP5\A0007637.exe -> Backdoor.Small.dc : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP5\A0007638.exe -> Backdoor.Small.dc : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP5\A0007639.exe -> Backdoor.Small.dc : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP5\A0007640.exe -> Backdoor.Small.dc : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP5\A0007641.exe -> Backdoor.Small.dc : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP5\A0007642.exe -> Backdoor.Small.dc : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP5\A0007643.exe -> Backdoor.Small.dc : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP5\A0007644.exe -> Backdoor.Small.dc : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP5\A0007646.DLL -> Spyware.MyWebSearch : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP5\A0007647.DLL -> Spyware.MyWebSearch : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP5\A0007648.DLL -> Spyware.FunWeb : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP5\A0007649.DLL -> Spyware.MyWebSearch : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP5\A0007650.DLL -> Spyware.MyWebSearch : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP5\A0007651.DLL -> Spyware.MyWebSearch : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP5\A0007652.SCR -> Spyware.MyWebSearch : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP5\A0007654.DLL -> Spyware.MyWebSearch : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP5\A0007655.EXE -> Spyware.MyWebSearch : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP5\A0007657.DLL -> Spyware.Wesbar : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP5\A0007658.DLL -> Spyware.MyWebSearch : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP5\A0007659.DLL -> Spyware.MyWebSearch : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP5\A0007660.EXE -> Spyware.Wesbar : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP5\A0007662.DLL -> Spyware.MyWebSearch : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP6\A0007721.exe -> Hijacker.Small : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP6\A0007755.exe -> Downloader.Small.bgv : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP6\A0007756.exe -> Not-A-Virus.Hoax.Win32.Renos.aj : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP6\A0007814.exe -> Adware.SpySheriff : Cleaned with backup
C:\WINDOWS\SYSTEM32\dgprpsetup.exe -> Downloader.Small.bgv : Cleaned with backup
C:\WINDOWS\SYSTEM32\dial32.exe -> Trojan.Dialer.ay : Cleaned with backup
C:\WINDOWS\SYSTEM32\winctrl32.exe -> Not-A-Virus.Hoax.Win32.Renos.aj : Cleaned with backup
C:\WINDOWS\SYSTEM32\winctrl64.exe -> Downloader.Small.awa : Cleaned with backup

::Report End

smitRem © log file
version 2.8

by noahdfear

Microsoft Windows XP [Version 5.1.2600]
The current date is: Sun 01/01/2006
The current time is: 19:02:29.20

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

checking for ShudderLTD key

ShudderLTD key not present!

checking for PSGuard.com key

PSGuard.com key not present!

checking for WinHound.com key

WinHound.com key not present!

spyaxe uninstaller NOT present
Winhound uninstaller NOT present
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Existing Pre-run Files

~~~ Program Files ~~~

~~~ Shortcuts ~~~

Install.dat

~~~ Favorites ~~~

~~~ system32 folder ~~~

logfiles

~~~ Icons in System32 ~~~

~~~ Windows directory ~~~

~~~ Drive root ~~~

~~~ Miscellaneous Files/folders ~~~

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 780 'explorer.exe'

Starting registry repairs

Deleting files

Remaining Post-run Files

~~~ Program Files ~~~

~~~ Shortcuts ~~~

~~~ Favorites ~~~

~~~ system32 folder ~~~

~~~ Icons in System32 ~~~

~~~ Windows directory ~~~

~~~ Drive root ~~~

~~~ Miscellaneous Files/folders ~~~

~~~ Wininet.dll ~~~

CLEAN!

It is mind bogling that it takes so many programs to clean up a system from this stuff. I sure wish I could find just one of the jerks that puts this stuff out there. But I am so very thankful there are wonderful people such as yourself to help folks like myself with these virus' and such. Thank you very much once again. You guys are my hero's.

Judy

Crunchie · January 2006

Congratulations! Your log looks clean - good work!

===============

Now that your PC is clean you need to follow these easy steps to keeping it this way:

Secure your Internet Explorer by going here and following the instructions there.

Better yet, use an alternative browser! Download FireFox and give it a run. It is far more secure than Internet Explorer. Or, you can get Opera which in my opinion, is better still.

Use a firewall to help prevent your PC's control being usurped by undesireables. There is a link to a good, free firewall in my signature.

Install and keep updated, Ad-Aware SE, and Spybot S&D.
Run them both on a regular basis, following the manufacturer's recommendations.

Install an anti-virus. There are some good, free AV's available today. Make sure that it is updated regularly and have it scan your system often.

Check for Windows Updates. Microsoft regularly post updates for your systems safe running. Make sure to take advantage of this. Reboot when installed and return to make sure there are no others.

Clear your Temp folders.
Clear out your Temporary internet files and other temp files.
Go to Start > Settings > Control Panel >Internet Options.
Under the General tab click the Delete temporary internet files,
delete all Offline content as well. Clear out Cookies.

Also, go to Start > Find/search > Files or folders > in the named box, type: *.tmp and choose Edit > select all -> File > delete.

Empty/delete the entire contents of the C:\Windows\temp folder and C:\temp folder, if you have one. (Contents but not the folder itself.)

C:\Documents and Settings\username\Local Settings\Temp\

In order to view these files you may have to select 'show hidden files/folders.' Instructions on how to here.

Empty the Recycle Bin.

For XP users.
After something like this it is a good idea to Flush the Restore Points and start fresh.
To flush the XP system Restore Points.

Go to Start>Run and type msconfig. Press enter.

When msconfig opens, click the Launch System Restore Button.
On the next page, click the System Restore Settings link on the left.

Check the box labelled 'Turn off System restore'.

Reboot. Go back in and Turn System Restore Back on. A new Restore Point will be created.

Note that all previous restore points will be lost.

===============

If you have any more problems, post back.

-

Happy surfing,

crunchie.

Nsuchneed · January 2006

I want to thank you for your help, my system apears to be clean but I am having issues with a program I use everyday, when starting the program I sucks up all the CPU resources, then not responding, then when I does load again, goes into not responding for minutes again. I have tried everything even talked to tech support for that program, they had me delete some files, repatch to no avail, they even had me update my chipset for the motherboard. I guess I am at the point I have to format the HD after all. I really hate having to do this after so much effort and time was put in cleaning it out. I do not know how to do this. I have windows XP home edition and am aware there is a partition set aside to hold all the OS and drivers and such but I dont know the commands to format and put this information back to the HD I am able to use. If anyone knows and/or has the instructions I can follow I would surely appreciate this information. I do have all the CD's from the manufacturer if that is helpful.

Thank you again for any help you can give,
Judy

Crunchie · January 2006

Have you tried completely uninstalling the problem program, then re-installing it? Worth a shot I would say

.

Nsuchneed · January 2006

Yes, I have uninstalled and reinstalled the program, I still have the problem. Something on my computer is now sucking up CPU resources when I use that program. Tech support and I just cannot figure out what is going on. At this point I need to just wipe out the system and reinstall but I dont know how to do that. I have been reading up on formatting but I have not found any commands I am to use. My manual just says to use the CD, not quite clear of instructions and a bit scarey. I thought maybe there was a problem in the registry keys for that program, but there are no registry keys for the program (boggled at that one) at least that is what I was told by the tech support for the program. I am aware that formatting a computer is the last thing anyone should do, but I am stuck at this point. Those nasty boogars did something to the system that cannot be repaired. Should I try just installing windows again, without formatting? Would that work maybe? I have already backed up all files and .exe's I have on the computer.

Thank you very much for your time on my behalf,

Judy

Crunchie · January 2006

Yes, try inserting your XP CD and do a repair of the system.

Spysheriff infection along with other spyware

Comments