i think it may be dead

Unknown
edited February 2006 in Spyware & Virus Removal
I've been having some big problems with my computer, for starters i keep getting a message telling me that IE has caused errors and will close and to clear the cache, cookie, and history files and restart IE, if that doesn't work reinstall IE...I did that and it didn't work, so i tried to reinstall IE, my computer won't let me, it errors out. When i look at my task manager it has something called drwatson on there like 5 times. My IE, Maxthon, and Netscape no longer work at all. After much trial and failure i found out that firefox would. My yahoo messenger allows me to sign in but errors out as soon as i'm signed in. if anyone could offer any help it would be greatly appreciated, and if you could help in layman's terms that would be nice, i'm computer illiterate.
«13

Comments

  • profdlpprofdlp The Holy City Of Westlake, Ohio
    edited February 2006
    The fact that Firefox works but IE doesn't leads me to believe that you may have a spyware infection. Post a HijackThis log here. If I spot anything which looks fishy I'll refer you to our resident experts in the Spyware/Virus/Trojan Discussion Forum. :)
  • monica_beach
    edited February 2006
    Logfile of HijackThis v1.99.1
    Scan saved at 3:01:08 AM, on 2/18/2006
    Platform: Windows 2000 (WinNT 5.00.2195)
    MSIE: Internet Explorer v5.50 SP1 (5.50.4134.0100)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\system32\regsvc.exe
    C:\WINNT\system32\MSTask.exe
    C:\WINNT\system32\stisvc.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\System32\mspmspsv.exe
    C:\WINNT\System32\wwSecure.exe
    C:\WINNT\explorer.exe
    C:\WINNT\inet20003\winlogon.exe
    C:\WINNT\System32\RUNDLL32.EXE
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\Winamp\winampa.exe
    C:\ld.exe
    C:\ld.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINNT\inet20003\mm4.exe
    C:\PROGRA~1\WINZIP\wzqkpick.exe
    C:\WINNT\explorer.exe
    C:\unzipped\hijackthis_199\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
    F2 - REG:system.ini: Shell=explorer.exe "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"
    F3 - REG:win.ini: run=C:\WINNT\inet20003\winlogon.exe
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: PaltalkWebLogin - {502C3BA4-2C3E-4317-BC29-C0445E82B1F9} - C:\Program Files\Common Files\Paltalk\PaltalkWebLogin.dll
    O2 - BHO: (no name) - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - (no file)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
    O3 - Toolbar: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [WinHound] C:\Program Files\WinHound\WinHound.exe
    O4 - HKLM\..\Run: [winsysupd] C:\windows\winsysupd7.exe
    O4 - HKLM\..\Run: [xp_system] C:\WINNT\inet20003\winlogon.exe
    O4 - HKLM\..\Run: [0g640iv8.dll] RUNDLL32.EXE 0g640iv8.dll,b 13606144
    O4 - HKLM\..\Run: [E-nrgyPlus] C:\Program Files\E-nrgyPlus\E-nrgyPlus.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
    O4 - HKCU\..\Run: [xp_system] C:\WINNT\inet20003\winlogon.exe
    O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
    O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
    O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Monica Renee Beasley\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
    O16 - DPF: {01111F00-3E00-11D2-8470-0060089874ED} (Support.com Installer) - http://supportsoft.adelphia.net/sdccommon/download/tgctlins.cab
    O20 - AppInit_DLLs: C:\WINNT\System32\win_76.dll
    O20 - Winlogon Notify: htproc - htproc32.dll (file missing)
    O20 - Winlogon Notify: ssldr - ssldr32.dll (file missing)
    O21 - SSODL: SysTray.Exbr - {6368D1FC-6F5C-4f1b-B164-E67214F678E9} - C:\WINNT\System32\gjcfmbdm.dll (file missing)
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
    O23 - Service: WMDM PMSP Service - Unknown owner - C:\WINNT\System32\mspmspsv.exe
    O23 - Service: Washer Security Access (wwSecSvc) - Webroot Software, Inc. - C:\WINNT\System32\wwSecure.exe
  • profdlpprofdlp The Holy City Of Westlake, Ohio
    edited February 2006
    There may be more, but I stopped looking after I spotted this one:
    monica_beach wrote:
    ...F2 - REG:system.ini: Shell=explorer.exe "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"...
    The bad news is that your computer is infected by a Trojan.

    The good news is that you came to the right place to have it removed. I'm sending this thread off to the experts. They are busy, as I'm sure you can imagine, but someone will be along soon to help you get things straightened out. :)
  • TroganTrogan London, UK
    edited February 2006
    Hi,

    Please read these instructions carefully and print them out! Be sure to follow ALL instructions!

    Download smitRem.exe and save the file to your desktop.
    Right click on the file and extract it to it's own folder on the desktop.

    Please download the trial version of Ewido Security Suite here:
    http://www.ewido.net/en/download/
    • Install Ewido
    • During the installation, you will see "Additional Options." When you do, uncheck "Install background guard" and "Install scan via context menu".
    • Once installed, open ewido
    • It will prompt you to update, click the OK button and it will go to the main screen
    • On the left side of the main screen click update
    • Click Start and let it update.
    • DO NOT run a scan yet. You will do that later in safe mode.


    Next, please reboot your computer in SafeMode by doing the following:
    1. Restart your computer
    2. After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
    3. Instead of Windows loading as normal, a menu should appear
    4. Select the first option, to run Windows in Safe Mode.
    Further intructions can be found here


    Once in Safe Mode, open the smitRem folder, then double click the RunThis.bat file to start the tool. When the tool starts you will see a series of screens with information on them. Read each screen, and when you are finished reading it, simply press any key on your keyboard. After reading the various screens that appear, the program will start the removal process.

    If there is an uninstaller present for the infection you are removing, smitRem will start this uninstaller. Simply click on the Uninstall button and allow the uninstaller to finish. When it has completed uninstalling, press the Finish button and smitRem will prompt you to continue. Now you should press any key to continue.

    Wait for the tool to complete and disk cleanup to finish.
    When the tool is finished, it will create a log named smitfiles.txt in the root of your drive, eg; Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.


    Run Ewido:
    (Do not use the computer while Ewido is scanning)
    • Click on scanner
    • Click Complete System Scan and the scan will begin.
    • NOTE: During some scans with ewido it is finding cases of false positives.
    • You will need to step through the process of cleaning files one-by-one.
    • If ewido detects a file you KNOW to be legitimate, select none as the action.
    • DO NOT select "Perform action on all infections"
    • If you are unsure of any entry found select none for now.
    • When the scan is finished, click the Save report button at the bottom of the screen.
    • Save the report to your desktop
    Close Ewido


    Reboot back into Normal Mode and post a new HijackThis Log, along with the contents of smitfiles.txt and the Ewido Log.
  • monica_beach
    edited February 2006
    here are the files you requested.
    smitRem.exe

    smitRem © log file
    version 2.8

    by noahdfear


    Microsoft Windows 2000 [Version 5.00.2195]
    The current date is: Sat 02/18/2006
    The current time is: 14:53:58.86

    Running from
    C:\Documents and Settings\Monica Renee Beasley\Desktop\smitRem

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Pre-run SharedTask Export

    (GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler)
    Copyright(C) 2006 BleepingComputer.com

    Registry Pseudo-Format Mode (Not a valid reg file):

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
    "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
    @="%SystemRoot%\System32\browseui.dll"


    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]
    @="%SystemRoot%\System32\browseui.dll"


    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    checking for ShudderLTD key

    ShudderLTD key not present!

    checking for PSGuard.com key


    PSGuard.com key not present!


    checking for WinHound.com key


    WinHound.com key not present!

    spyaxe uninstaller NOT present
    Winhound uninstaller NOT present
    SpywareStrike uninstaller NOT present

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Existing Pre-run Files


    ~~~ Program Files ~~~



    ~~~ Shortcuts ~~~



    ~~~ Favorites ~~~



    ~~~ system32 folder ~~~



    ~~~ Icons in System32 ~~~



    ~~~ Windows directory ~~~



    ~~~ Drive root ~~~


    ~~~ Miscellaneous Files/folders ~~~




    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
    Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
    Killing PID 480 'explorer.exe'
    Killing PID 480 'explorer.exe'
    Error 0x5 : Access is denied.


    Starting registry repairs

    Registry repairs complete

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    SharedTask Export after registry fix

    (GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler)
    Copyright(C) 2006 BleepingComputer.com

    Registry Pseudo-Format Mode (Not a valid reg file):

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
    "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
    @="%SystemRoot%\System32\browseui.dll"


    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]
    @="%SystemRoot%\System32\browseui.dll"


    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Deleting files

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


    Remaining Post-run Files


    ~~~ Program Files ~~~



    ~~~ Shortcuts ~~~



    ~~~ Favorites ~~~



    ~~~ system32 folder ~~~



    ~~~ Icons in System32 ~~~



    ~~~ Windows directory ~~~



    ~~~ Drive root ~~~


    ~~~ Miscellaneous Files/folders ~~~


    ~~~ Wininet.dll ~~~

    wininet.dll is missing!!

    Hijack This
    Logfile of HijackThis v1.99.1
    Scan saved at 3:02:05 PM, on 2/18/2006
    Platform: Windows 2000 (WinNT 5.00.2195)
    MSIE: Internet Explorer v5.50 SP1 (5.50.4134.0100)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\WINNT\System32\svchost.exe
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\WINNT\system32\regsvc.exe
    C:\WINNT\system32\MSTask.exe
    C:\WINNT\system32\stisvc.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\System32\mspmspsv.exe
    C:\WINNT\System32\wwSecure.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\WINNT\explorer.exe
    C:\WINNT\explorer.exe
    C:\WINNT\System32\drwtsn32.exe
    C:\unzipped\hijackthis_199\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
    F2 - REG:system.ini: Shell=explorer.exe "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"
    F3 - REG:win.ini: run=C:\WINNT\inet20003\winlogon.exe
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: PaltalkWebLogin - {502C3BA4-2C3E-4317-BC29-C0445E82B1F9} - C:\Program Files\Common Files\Paltalk\PaltalkWebLogin.dll
    O2 - BHO: (no name) - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - (no file)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
    O3 - Toolbar: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [0g640iv8.dll] RUNDLL32.EXE 0g640iv8.dll,b 13606144
    O4 - HKLM\..\Run: [E-nrgyPlus] C:\Program Files\E-nrgyPlus\E-nrgyPlus.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
    O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
    O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
    O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Monica Renee Beasley\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
    O16 - DPF: {01111F00-3E00-11D2-8470-0060089874ED} (Support.com Installer) - http://supportsoft.adelphia.net/sdccommon/download/tgctlins.cab
    O20 - AppInit_DLLs: C:\WINNT\System32\win_76.dll
    O20 - Winlogon Notify: htproc - htproc32.dll (file missing)
    O20 - Winlogon Notify: ssldr - ssldr32.dll (file missing)
    O21 - SSODL: SysTray.Exbr - {6368D1FC-6F5C-4f1b-B164-E67214F678E9} - C:\WINNT\System32\gjcfmbdm.dll (file missing)
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: WMDM PMSP Service - Unknown owner - C:\WINNT\System32\mspmspsv.exe
    O23 - Service: Washer Security Access (wwSecSvc) - Webroot Software, Inc. - C:\WINNT\System32\wwSecure.exe

    And Ewido

    ewido anti-malware - Scan report

    + Created on: 2:53:23 PM, 2/18/2006
    + Report-Checksum: 94B57354

    + Scan result:

    :mozilla.6:C:\Documents and Settings\Monica Renee Beasley\Application Data\Mozilla\Firefox\Profiles\ehj63yp7.default\cookies.txt -> TrackingCookie.Advertising : Ignored
    HKU\S-1-5-21-1844237615-1078145449-842925246-1000\Software\Microsoft\Internet Explorer\Keywords -> Adware.CoolWebSearch : Cleaned with backup
    [128] C:\WINNT\System32\win_76.dll -> Downloader.Agent.aef : Cleaned with backup
    [204] C:\WINNT\System32\win_76.dll -> Downloader.Agent.aef : Error during cleaning
    [216] C:\WINNT\System32\win_76.dll -> Downloader.Agent.aef : Error during cleaning
    [480] C:\WINNT\System32\win_76.dll -> Downloader.Agent.aef : Error during cleaning
    C:\WINDOWS\winsysupd7.exe -> Downloader.VB.wg : Cleaned with backup
    C:\d.exe -> Downloader.Agent.xz : Cleaned with backup
    C:\Program Files\whInstall -> Adware.Webhancer : Cleaned with backup
    C:\Program Files\whInstall\license.txt -> Adware.Webhancer : Cleaned with backup
    C:\Program Files\whInstall\readme.txt -> Adware.Webhancer : Cleaned with backup
    C:\Program Files\whInstall\whAgent.ini -> Adware.Webhancer : Cleaned with backup
    C:\d.exe.bak -> Downloader.Agent.xz : Cleaned with backup
    C:\drsmartload1.exe -> Downloader.VB.wj : Cleaned with backup
    C:\ld.exe -> Downloader.Small.cke : Cleaned with backup
    C:\WINNT\system32\drivers\sysbus32.sys -> Not-A-Virus.SpamTool.Win32.Mailbot.al : Cleaned with backup
    C:\WINNT\system32\tmp_5xf.exe -> Downloader.Agent.aef : Cleaned with backup
    C:\WINNT\system32\win_76.dll -> Downloader.Agent.aef : Cleaned with backup
    C:\WINNT\system32\0g640iv8.dll -> Adware.Sud : Cleaned with backup
    C:\WINNT\system32\PreInstaller_p1.exe -> Downloader.Keenval.o : Cleaned with backup
    C:\WINNT\system32\HyperLinker3.exe -> Adware.MDH : Cleaned with backup
    C:\WINNT\system32\whCC-CLICK.exe/whAgent.exe -> Adware.WebHancer : Error during cleaning
    C:\WINNT\t1j5zzxv.exe -> Downloader.Small.cjg : Cleaned with backup
    C:\WINNT\loadnew.exe -> Downloader.Small.cjg : Cleaned with backup
    C:\WINNT\toolbar.exe -> Downloader.VB.vz : Cleaned with backup
    C:\WINNT\tool5.exe -> Downloader.Agent.aef : Cleaned with backup
    C:\WINNT\inet20003\winlogon.exe -> Downloader.CWS.s : Cleaned with backup
    C:\WINNT\inet20003\services.exe -> Downloader.CWS.s : Cleaned with backup
    C:\WINNT\inet20003\3.01.00.dll -> Adware.Ihbo : Cleaned with backup
    C:\WINNT\inet20003\alg.exe -> Worm.Delf.i : Cleaned with backup
    C:\Documents and Settings\Monica Renee Beasley\Application Data\WinHound.com -> Adware.WinHound : Cleaned with backup
    C:\Documents and Settings\Monica Renee Beasley\Application Data\WinHound.com\WinHound -> Adware.WinHound : Cleaned with backup
    C:\Documents and Settings\Monica Renee Beasley\Application Data\WinHound.com\WinHound\Autorun -> Adware.WinHound : Cleaned with backup
    C:\Documents and Settings\Monica Renee Beasley\Application Data\WinHound.com\WinHound\Autorun\StartMenuAllUsers -> Adware.WinHound : Cleaned with backup
    C:\Documents and Settings\Monica Renee Beasley\Application Data\WinHound.com\WinHound\Autorun\StartMenuCurrentUser -> Adware.WinHound : Cleaned with backup
    C:\Documents and Settings\Monica Renee Beasley\Application Data\WinHound.com\WinHound\Autorun\HKCURun -> Adware.WinHound : Cleaned with backup
    C:\Documents and Settings\Monica Renee Beasley\Application Data\WinHound.com\WinHound\Autorun\HKCURun\RunOnce -> Adware.WinHound : Cleaned with backup
    C:\Documents and Settings\Monica Renee Beasley\Application Data\WinHound.com\WinHound\Autorun\HKCURun\RunOnceEx -> Adware.WinHound : Cleaned with backup
    C:\Documents and Settings\Monica Renee Beasley\Application Data\WinHound.com\WinHound\Autorun\HKLMRun -> Adware.WinHound : Cleaned with backup
    C:\Documents and Settings\Monica Renee Beasley\Application Data\WinHound.com\WinHound\Autorun\HKLMRun\RunOnce -> Adware.WinHound : Cleaned with backup
    C:\Documents and Settings\Monica Renee Beasley\Application Data\WinHound.com\WinHound\Autorun\HKLMRun\RunOnceEx -> Adware.WinHound : Cleaned with backup
    C:\Documents and Settings\Monica Renee Beasley\Application Data\WinHound.com\WinHound\BrowserObjects -> Adware.WinHound : Cleaned with backup
    :mozilla.7:C:\Documents and Settings\Monica Renee Beasley\Application Data\Mozilla\Firefox\Profiles\ehj63yp7.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
    :mozilla.8:C:\Documents and Settings\Monica Renee Beasley\Application Data\Mozilla\Firefox\Profiles\ehj63yp7.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
    :mozilla.9:C:\Documents and Settings\Monica Renee Beasley\Application Data\Mozilla\Firefox\Profiles\ehj63yp7.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
    :mozilla.10:C:\Documents and Settings\Monica Renee Beasley\Application Data\Mozilla\Firefox\Profiles\ehj63yp7.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
    :mozilla.17:C:\Documents and Settings\Monica Renee Beasley\Application Data\Mozilla\Firefox\Profiles\ehj63yp7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
    :mozilla.18:C:\Documents and Settings\Monica Renee Beasley\Application Data\Mozilla\Firefox\Profiles\ehj63yp7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
    :mozilla.19:C:\Documents and Settings\Monica Renee Beasley\Application Data\Mozilla\Firefox\Profiles\ehj63yp7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
    :mozilla.21:C:\Documents and Settings\Monica Renee Beasley\Application Data\Mozilla\Firefox\Profiles\ehj63yp7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
    :mozilla.22:C:\Documents and Settings\Monica Renee Beasley\Application Data\Mozilla\Firefox\Profiles\ehj63yp7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
    :mozilla.23:C:\Documents and Settings\Monica Renee Beasley\Application Data\Mozilla\Firefox\Profiles\ehj63yp7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
    :mozilla.24:C:\Documents and Settings\Monica Renee Beasley\Application Data\Mozilla\Firefox\Profiles\ehj63yp7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
    :mozilla.25:C:\Documents and Settings\Monica Renee Beasley\Application Data\Mozilla\Firefox\Profiles\ehj63yp7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
    :mozilla.26:C:\Documents and Settings\Monica Renee Beasley\Application Data\Mozilla\Firefox\Profiles\ehj63yp7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
    :mozilla.27:C:\Documents and Settings\Monica Renee Beasley\Application Data\Mozilla\Firefox\Profiles\ehj63yp7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
    :mozilla.28:C:\Documents and Settings\Monica Renee Beasley\Application Data\Mozilla\Firefox\Profiles\ehj63yp7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
    :mozilla.29:C:\Documents and Settings\Monica Renee Beasley\Application Data\Mozilla\Firefox\Profiles\ehj63yp7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
    :mozilla.44:C:\Documents and Settings\Monica Renee Beasley\Application Data\Mozilla\Firefox\Profiles\ehj63yp7.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
    :mozilla.45:C:\Documents and Settings\Monica Renee Beasley\Application Data\Mozilla\Firefox\Profiles\ehj63yp7.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
    :mozilla.46:C:\Documents and Settings\Monica Renee Beasley\Application Data\Mozilla\Firefox\Profiles\ehj63yp7.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
    :mozilla.77:C:\Documents and Settings\Monica Renee Beasley\Application Data\Mozilla\Firefox\Profiles\ehj63yp7.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
    :mozilla.78:C:\Documents and Settings\Monica Renee Beasley\Application Data\Mozilla\Firefox\Profiles\ehj63yp7.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
    :mozilla.79:C:\Documents and Settings\Monica Renee Beasley\Application Data\Mozilla\Firefox\Profiles\ehj63yp7.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
    :mozilla.80:C:\Documents and Settings\Monica Renee Beasley\Application Data\Mozilla\Firefox\Profiles\ehj63yp7.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
    :mozilla.81:C:\Documents and Settings\Monica Renee Beasley\Application Data\Mozilla\Firefox\Profiles\ehj63yp7.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
    :mozilla.82:C:\Documents and Settings\Monica Renee Beasley\Application Data\Mozilla\Firefox\Profiles\ehj63yp7.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
    :mozilla.83:C:\Documents and Settings\Monica Renee Beasley\Application Data\Mozilla\Firefox\Profiles\ehj63yp7.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
    :mozilla.84:C:\Documents and Settings\Monica Renee Beasley\Application Data\Mozilla\Firefox\Profiles\ehj63yp7.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
    :mozilla.85:C:\Documents and Settings\Monica Renee Beasley\Application Data\Mozilla\Firefox\Profiles\ehj63yp7.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
    :mozilla.86:C:\Documents and Settings\Monica Renee Beasley\Application Data\Mozilla\Firefox\Profiles\ehj63yp7.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
    :mozilla.87:C:\Documents and Settings\Monica Renee Beasley\Application Data\Mozilla\Firefox\Profiles\ehj63yp7.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
    :mozilla.88:C:\Documents and Settings\Monica Renee Beasley\Application Data\Mozilla\Firefox\Profiles\ehj63yp7.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
    :mozilla.89:C:\Documents and Settings\Monica Renee Beasley\Application Data\Mozilla\Firefox\Profiles\ehj63yp7.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
    :mozilla.90:C:\Documents and Settings\Monica Renee Beasley\Application Data\Mozilla\Firefox\Profiles\ehj63yp7.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
    :mozilla.110:C:\Documents and Settings\Monica Renee Beasley\Application Data\Mozilla\Firefox\Profiles\ehj63yp7.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
    :mozilla.111:C:\Documents and Settings\Monica Renee Beasley\Application Data\Mozilla\Firefox\Profiles\ehj63yp7.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
    :mozilla.112:C:\Documents and Settings\Monica Renee Beasley\Application Data\Mozilla\Firefox\Profiles\ehj63yp7.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
    :mozilla.113:C:\Documents and Settings\Monica Renee Beasley\Application Data\Mozilla\Firefox\Profiles\ehj63yp7.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
    :mozilla.114:C:\Documents and Settings\Monica Renee Beasley\Application Data\Mozilla\Firefox\Profiles\ehj63yp7.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
    :mozilla.115:C:\Documents and Settings\Monica Renee Beasley\Application Data\Mozilla\Firefox\Profiles\ehj63yp7.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
    :mozilla.116:C:\Documents and Settings\Monica Renee Beasley\Application Data\Mozilla\Firefox\Profiles\ehj63yp7.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
    :mozilla.117:C:\Documents and Settings\Monica Renee Beasley\Application Data\Mozilla\Firefox\Profiles\ehj63yp7.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
    :mozilla.118:C:\Documents and Settings\Monica Renee Beasley\Application Data\Mozilla\Firefox\Profiles\ehj63yp7.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
    :mozilla.119:C:\Documents and Settings\Monica Renee Beasley\Application Data\Mozilla\Firefox\Profiles\ehj63yp7.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
    :mozilla.120:C:\Documents and Settings\Monica Renee Beasley\Application Data\Mozilla\Firefox\Profiles\ehj63yp7.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
    :mozilla.121:C:\Documents and Settings\Monica Renee Beasley\Application Data\Mozilla\Firefox\Profiles\ehj63yp7.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
    :mozilla.122:C:\Documents and Settings\Monica Renee Beasley\Application Data\Mozilla\Firefox\Profiles\ehj63yp7.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
    :mozilla.125:C:\Documents and Settings\Monica Renee Beasley\Application Data\Mozilla\Firefox\Profiles\ehj63yp7.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
    :mozilla.126:C:\Documents and Settings\Monica Renee Beasley\Application Data\Mozilla\Firefox\Profiles\ehj63yp7.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
    :mozilla.127:C:\Documents and Settings\Monica Renee Beasley\Application Data\Mozilla\Firefox\Profiles\ehj63yp7.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
    :mozilla.128:C:\Documents and Settings\Monica Renee Beasley\Application Data\Mozilla\Firefox\Profiles\ehj63yp7.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
    :mozilla.129:C:\Documents and Settings\Monica Renee Beasley\Application Data\Mozilla\Firefox\Profiles\ehj63yp7.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
    :mozilla.130:C:\Documents and Settings\Monica Renee Beasley\Application Data\Mozilla\Firefox\Profiles\ehj63yp7.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
    :mozilla.131:C:\Documents and Settings\Monica Renee Beasley\Application Data\Mozilla\Firefox\Profiles\ehj63yp7.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
    :mozilla.133:C:\Documents and Settings\Monica Renee Beasley\Application Data\Mozilla\Firefox\Profiles\ehj63yp7.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
    :mozilla.134:C:\Documents and Settings\Monica Renee Beasley\Application Data\Mozilla\Firefox\Profiles\ehj63yp7.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
    :mozilla.135:C:\Documents and Settings\Monica Renee Beasley\Application Data\Mozilla\Firefox\Profiles\ehj63yp7.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
    :mozilla.139:C:\Documents and Settings\Monica Renee Beasley\Application Data\Mozilla\Firefox\Profiles\ehj63yp7.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned with backup
    :mozilla.142:C:\Documents and Settings\Monica Renee Beasley\Application Data\Mozilla\Firefox\Profiles\ehj63yp7.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
    :mozilla.143:C:\Documents and Settings\Monica Renee Beasley\Application Data\Mozilla\Firefox\Profiles\ehj63yp7.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
    :mozilla.144:C:\Documents and Settings\Monica Renee Beasley\Application Data\Mozilla\Firefox\Profiles\ehj63yp7.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
    :mozilla.145:C:\Documents and Settings\Monica Renee Beasley\Application Data\Mozilla\Firefox\Profiles\ehj63yp7.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
    :mozilla.146:C:\Documents and Settings\Monica Renee Beasley\Application Data\Mozilla\Firefox\Profiles\ehj63yp7.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
    :mozilla.147:C:\Documents and Settings\Monica Renee Beasley\Application Data\Mozilla\Firefox\Profiles\ehj63yp7.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
    :mozilla.148:C:\Documents and Settings\Monica Renee Beasley\Application Data\Mozilla\Firefox\Profiles\ehj63yp7.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
    :mozilla.149:C:\Documents and Settings\Monica Renee Beasley\Application Data\Mozilla\Firefox\Profiles\ehj63yp7.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
    :mozilla.150:C:\Documents and Settings\Monica Renee Beasley\Application Data\Mozilla\Firefox\Profiles\ehj63yp7.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
    :mozilla.151:C:\Documents and Settings\Monica Renee Beasley\Application Data\Mozilla\Firefox\Profiles\ehj63yp7.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
    :mozilla.152:C:\Documents and Settings\Monica Renee Beasley\Application Data\Mozilla\Firefox\Profiles\ehj63yp7.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
    :mozilla.153:C:\Documents and Settings\Monica Renee Beasley\Application Data\Mozilla\Firefox\Profiles\ehj63yp7.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
    :mozilla.154:C:\Documents and Settings\Monica Renee Beasley\Application Data\Mozilla\Firefox\Profiles\ehj63yp7.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
    :mozilla.155:C:\Documents and Settings\Monica Renee Beasley\Application Data\Mozilla\Firefox\Profiles\ehj63yp7.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
    :mozilla.156:C:\Documents and Settings\Monica Renee Beasley\Application Data\Mozilla\Firefox\Profiles\ehj63yp7.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
    :mozilla.157:C:\Documents and Settings\Monica Renee Beasley\Application Data\Mozilla\Firefox\Profiles\ehj63yp7.default\cookies.txt -> TrackingCookie.Targetnet : Cleaned with backup
    :mozilla.158:C:\Documents and Settings\Monica Renee Beasley\Application Data\Mozilla\Firefox\Profiles\ehj63yp7.default\cookies.txt -> TrackingCookie.Targetnet : Cleaned with backup
    :mozilla.159:C:\Documents and Settings\Monica Renee Beasley\Application Data\Mozilla\Firefox\Profiles\ehj63yp7.default\cookies.txt -> TrackingCookie.Targetnet : Cleaned with backup
    :mozilla.163:C:\Documents and Settings\Monica Renee Beasley\Application Data\Mozilla\Firefox\Profiles\ehj63yp7.default\cookies.txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
    :mozilla.164:C:\Documents and Settings\Monica Renee Beasley\Application Data\Mozilla\Firefox\Profiles\ehj63yp7.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
    :mozilla.165:C:\Documents and Settings\Monica Renee Beasley\Application Data\Mozilla\Firefox\Profiles\ehj63yp7.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
    :mozilla.166:C:\Documents and Settings\Monica Renee Beasley\Application Data\Mozilla\Firefox\Profiles\ehj63yp7.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
    :mozilla.167:C:\Documents and Settings\Monica Renee Beasley\Application Data\Mozilla\Firefox\Profiles\ehj63yp7.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
    :mozilla.168:C:\Documents and Settings\Monica Renee Beasley\Application Data\Mozilla\Firefox\Profiles\ehj63yp7.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
    :mozilla.169:C:\Documents and Settings\Monica Renee Beasley\Application Data\Mozilla\Firefox\Profiles\ehj63yp7.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
    :mozilla.174:C:\Documents and Settings\Monica Renee Beasley\Application Data\Mozilla\Firefox\Profiles\ehj63yp7.default\cookies.txt -> TrackingCookie.Addynamix : Cleaned with backup
    :mozilla.178:C:\Documents and Settings\Monica Renee Beasley\Application Data\Mozilla\Firefox\Profiles\ehj63yp7.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
    :mozilla.182:C:\Documents and Settings\Monica Renee Beasley\Application Data\Mozilla\Firefox\Profiles\ehj63yp7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
    :mozilla.187:C:\Documents and Settings\Monica Renee Beasley\Application Data\Mozilla\Firefox\Profiles\ehj63yp7.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
    :mozilla.190:C:\Documents and Settings\Monica Renee Beasley\Application Data\Mozilla\Firefox\Profiles\ehj63yp7.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
    :mozilla.191:C:\Documents and Settings\Monica Renee Beasley\Application Data\Mozilla\Firefox\Profiles\ehj63yp7.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
    :mozilla.192:C:\Documents and Settings\Monica Renee Beasley\Application Data\Mozilla\Firefox\Profiles\ehj63yp7.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
    :mozilla.193:C:\Documents and Settings\Monica Renee Beasley\Application Data\Mozilla\Firefox\Profiles\ehj63yp7.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
    :mozilla.194:C:\Documents and Settings\Monica Renee Beasley\Application Data\Mozilla\Firefox\Profiles\ehj63yp7.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
    :mozilla.195:C:\Documents and Settings\Monica Renee Beasley\Application Data\Mozilla\Firefox\Profiles\ehj63yp7.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
    :mozilla.196:C:\Documents and Settings\Monica Renee Beasley\Application Data\Mozilla\Firefox\Profiles\ehj63yp7.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
    :mozilla.197:C:\Documents and Settings\Monica Renee Beasley\Application Data\Mozilla\Firefox\Profiles\ehj63yp7.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
    :mozilla.198:C:\Documents and Settings\Monica Renee Beasley\Application Data\Mozilla\Firefox\Profiles\ehj63yp7.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
    :mozilla.199:C:\Documents and Settings\Monica Renee Beasley\Application Data\Mozilla\Firefox\Profiles\ehj63yp7.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
    :mozilla.200:C:\Documents and Settings\Monica Renee Beasley\Application Data\Mozilla\Firefox\Profiles\ehj63yp7.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
    :mozilla.229:C:\Documents and Settings\Monica Renee Beasley\Application Data\Mozilla\Firefox\Profiles\ehj63yp7.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup
    :mozilla.231:C:\Documents and Settings\Monica Renee Beasley\Application Data\Mozilla\Firefox\Profiles\ehj63yp7.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
    :mozilla.241:C:\Documents and Settings\Monica Renee Beasley\Application Data\Mozilla\Firefox\Profiles\ehj63yp7.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned with backup
    :mozilla.242:C:\Documents and Settings\Monica Renee Beasley\Application Data\Mozilla\Firefox\Profiles\ehj63yp7.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup
    :mozilla.243:C:\Documents and Settings\Monica Renee Beasley\Application Data\Mozilla\Firefox\Profiles\ehj63yp7.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup
    :mozilla.244:C:\Documents and Settings\Monica Renee Beasley\Application Data\Mozilla\Firefox\Profiles\ehj63yp7.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
    :mozilla.245:C:\Documents and Settings\Monica Renee Beasley\Application Data\Mozilla\Firefox\Profiles\ehj63yp7.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
    :mozilla.247:C:\Documents and Settings\Monica Renee Beasley\Application Data\Mozilla\Firefox\Profiles\ehj63yp7.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
    :mozilla.248:C:\Documents and Settings\Monica Renee Beasley\Application Data\Mozilla\Firefox\Profiles\ehj63yp7.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
    :mozilla.249:C:\Documents and Settings\Monica Renee Beasley\Application Data\Mozilla\Firefox\Profiles\ehj63yp7.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
    :mozilla.250:C:\Documents and Settings\Monica Renee Beasley\Application Data\Mozilla\Firefox\Profiles\ehj63yp7.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
    :mozilla.251:C:\Documents and Settings\Monica Renee Beasley\Application Data\Mozilla\Firefox\Profiles\ehj63yp7.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
    :mozilla.253:C:\Documents and Settings\Monica Renee Beasley\Application Data\Mozilla\Firefox\Profiles\ehj63yp7.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
    :mozilla.265:C:\Documents and Settings\Monica Renee Beasley\Application Data\Mozilla\Firefox\Profiles\ehj63yp7.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
    :mozilla.266:C:\Documents and Settings\Monica Renee Beasley\Application Data\Mozilla\Firefox\Profiles\ehj63yp7.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
    :mozilla.277:C:\Documents and Settings\Monica Renee Beasley\Application Data\Mozilla\Firefox\Profiles\ehj63yp7.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
    :mozilla.278:C:\Documents and Settings\Monica Renee Beasley\Application Data\Mozilla\Firefox\Profiles\ehj63yp7.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
    :mozilla.290:C:\Documents and Settings\Monica Renee Beasley\Application Data\Mozilla\Firefox\Profiles\ehj63yp7.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
    :mozilla.291:C:\Documents and Settings\Monica Renee Beasley\Application Data\Mozilla\Firefox\Profiles\ehj63yp7.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
    :mozilla.292:C:\Documents and Settings\Monica Renee Beasley\Application Data\Mozilla\Firefox\Profiles\ehj63yp7.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
    :mozilla.293:C:\Documents and Settings\Monica Renee Beasley\Application Data\Mozilla\Firefox\Profiles\ehj63yp7.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
    :mozilla.296:C:\Documents and Settings\Monica Renee Beasley\Application Data\Mozilla\Firefox\Profiles\ehj63yp7.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
    :mozilla.297:C:\Documents and Settings\Monica Renee Beasley\Application Data\Mozilla\Firefox\Profiles\ehj63yp7.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
    :mozilla.298:C:\Documents and Settings\Monica Renee Beasley\Application Data\Mozilla\Firefox\Profiles\ehj63yp7.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
    :mozilla.300:C:\Documents and Settings\Monica Renee Beasley\Application Data\Mozilla\Firefox\Profiles\ehj63yp7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
    :mozilla.301:C:\Documents and Settings\Monica Renee Beasley\Application Data\Mozilla\Firefox\Profiles\ehj63yp7.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
    :mozilla.317:C:\Documents and Settings\Monica Renee Beasley\Application Data\Mozilla\Firefox\Profiles\ehj63yp7.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup
    :mozilla.318:C:\Documents and Settings\Monica Renee Beasley\Application Data\Mozilla\Firefox\Profiles\ehj63yp7.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup
    :mozilla.325:C:\Documents and Settings\Monica Renee Beasley\Application Data\Mozilla\Firefox\Profiles\ehj63yp7.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
    :mozilla.326:C:\Documents and Settings\Monica Renee Beasley\Application Data\Mozilla\Firefox\Profiles\ehj63yp7.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
    :mozilla.327:C:\Documents and Settings\Monica Renee Beasley\Application Data\Mozilla\Firefox\Profiles\ehj63yp7.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
    :mozilla.328:C:\Documents and Settings\Monica Renee Beasley\Application Data\Mozilla\Firefox\Profiles\ehj63yp7.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
    :mozilla.336:C:\Documents and Settings\Monica Renee Beasley\Application Data\Mozilla\Firefox\Profiles\ehj63yp7.default\cookies.txt -> TrackingCookie.Hypertracker : Cleaned with backup
    :mozilla.362:C:\Documents and Settings\Monica Renee Beasley\Application Data\Mozilla\Firefox\Profiles\ehj63yp7.default\cookies.txt -> TrackingCookie.Tracking101 : Cleaned with backup
    :mozilla.371:C:\Documents and Settings\Monica Renee Beasley\Application Data\Mozilla\Firefox\Profiles\ehj63yp7.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
    C:\ld.exe.bak -> Downloader.Small.cke : Cleaned with backup


    ::Report End
  • monica_beach
    edited February 2006
    p.s. it's performing much better already, it's so much faster than it has been in a long time! thank you!
  • TroganTrogan London, UK
    edited February 2006
    Excellent! Just a little bit left to do :)

    Open HijackThis
    - Click the Do a system scan only button
    - Check the following entries (below)

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank

    F2 - REG:system.ini: Shell=explorer.exe "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"

    F3 - REG:win.ini: run=C:\WINNT\inet20003\winlogon.exe

    O2 - BHO: (no name) - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - (no file)

    O4 - HKLM\..\Run: [0g640iv8.dll] RUNDLL32.EXE 0g640iv8.dll,b 13606144

    O20 - Winlogon Notify: htproc - htproc32.dll (file missing)
    O20 - Winlogon Notify: ssldr - ssldr32.dll (file missing)

    - Close ALL open windows
    Click Fix Checked
    =====

    View hidden files and folders – explained here

    =====


    Find and Delete the following, if found:

    C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe << this file
    C:\WINNT\inet20003 << this folder


    We need to do a search. Click Start > Search > All Files and Folders.
    Expand Search Options, check Advanced Options, check Search system folders, Search hidden files and folders, and Search Subfolders.
    Paste this into the Search for files and folders named box:

    htproc32.dll

    If any of these files are found please delete them.

    Do the same for this file: ssldr32.dll
    =====


    Reboot and post a new HJT log please :)

    • Please go to Jotti's malware scan
    • Copy and paste the following file path into the "File to upload & scan" box on the top of the page:
    • C:\WINNT\System32\win_76.dll
    • Click on the submit button
    • Please post the results in your next reply.

    Can you do the same for this file: C:\Program Files\E-nrgyPlus\E-nrgyPlus.exe
  • monica_beach
    edited February 2006
    Logfile of HijackThis v1.99.1
    Scan saved at 7:01:49 PM, on 2/18/2006
    Platform: Windows 2000 (WinNT 5.00.2195)
    MSIE: Internet Explorer v5.50 SP1 (5.50.4134.0100)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\WINNT\System32\svchost.exe
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\WINNT\system32\regsvc.exe
    C:\WINNT\system32\MSTask.exe
    C:\WINNT\system32\stisvc.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\System32\mspmspsv.exe
    C:\WINNT\System32\wwSecure.exe
    C:\WINNT\explorer.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\unzipped\hijackthis_199\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: PaltalkWebLogin - {502C3BA4-2C3E-4317-BC29-C0445E82B1F9} - C:\Program Files\Common Files\Paltalk\PaltalkWebLogin.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
    O3 - Toolbar: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [E-nrgyPlus] C:\Program Files\E-nrgyPlus\E-nrgyPlus.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
    O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
    O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
    O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Monica Renee Beasley\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
    O16 - DPF: {01111F00-3E00-11D2-8470-0060089874ED} (Support.com Installer) - http://supportsoft.adelphia.net/sdccommon/download/tgctlins.cab
    O20 - AppInit_DLLs: C:\WINNT\System32\win_76.dll
    O21 - SSODL: SysTray.Exbr - {6368D1FC-6F5C-4f1b-B164-E67214F678E9} - C:\WINNT\System32\gjcfmbdm.dll (file missing)
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: WMDM PMSP Service - Unknown owner - C:\WINNT\System32\mspmspsv.exe
    O23 - Service: Washer Security Access (wwSecSvc) - Webroot Software, Inc. - C:\WINNT\System32\wwSecure.exe
  • monica_beach
    edited February 2006
    I went to the websit and tried to do Jotti's malware scan, however, when i tried to submit the files to be scanned it told me that the files could not be uploaded and scanned because of either a firewall (I don't know if I even have one) or possibly Malware.
  • TroganTrogan London, UK
    edited February 2006
    Did you enter the whole path for both files?

    Could you try scanning them with Kaspersky File Scanner and post the results.
  • monica_beach
    edited February 2006
    Kaspersky File Scanner i used it and nothing came up at all, does that mean it worked or did i do something wrong??
  • TroganTrogan London, UK
    edited February 2006
    Sorry about this. I need to make sure that the files are 100% bad before we remove them.

    Could you upload them both here and post the results if possible :)
  • monica_beach
    edited February 2006
    i'm sorry, it says they are both over 10 meg so the can't be uploaded
  • monica_beach
    edited February 2006
    i'm not sure i'm entering the right thing are C:\WINNT\System32\win_76.dll
    and C:\ProgramFiles\E-nrgyPlus\E-nrgyPlus.exe correct?
  • TroganTrogan London, UK
    edited February 2006
    Thats correct! Enter them one at a time.

    I think we should remove them because from what I gather, they are not legit.

    Could you post a new HJT log please :)
  • monica_beach
    edited February 2006
    Logfile of HijackThis v1.99.1
    Scan saved at 7:45:07 PM, on 2/18/2006
    Platform: Windows 2000 (WinNT 5.00.2195)
    MSIE: Internet Explorer v5.50 SP1 (5.50.4134.0100)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\WINNT\System32\svchost.exe
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\WINNT\system32\regsvc.exe
    C:\WINNT\system32\MSTask.exe
    C:\WINNT\system32\stisvc.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\System32\mspmspsv.exe
    C:\WINNT\System32\wwSecure.exe
    C:\WINNT\explorer.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\unzipped\hijackthis_199\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: PaltalkWebLogin - {502C3BA4-2C3E-4317-BC29-C0445E82B1F9} - C:\Program Files\Common Files\Paltalk\PaltalkWebLogin.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
    O3 - Toolbar: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [E-nrgyPlus] C:\Program Files\E-nrgyPlus\E-nrgyPlus.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
    O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
    O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
    O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Monica Renee Beasley\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
    O16 - DPF: {01111F00-3E00-11D2-8470-0060089874ED} (Support.com Installer) - http://supportsoft.adelphia.net/sdccommon/download/tgctlins.cab
    O20 - AppInit_DLLs: C:\WINNT\System32\win_76.dll
    O21 - SSODL: SysTray.Exbr - {6368D1FC-6F5C-4f1b-B164-E67214F678E9} - C:\WINNT\System32\gjcfmbdm.dll (file missing)
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: WMDM PMSP Service - Unknown owner - C:\WINNT\System32\mspmspsv.exe
    O23 - Service: Washer Security Access (wwSecSvc) - Webroot Software, Inc. - C:\WINNT\System32\wwSecure.exe
  • TroganTrogan London, UK
    edited February 2006
    Remove the following from Add/Remove Programs in Control Panel

    E-nrgyPlus
    =====


    Open HijackThis
    - Click the Do a system scan only button
    - Check the following entries (below)

    O4 - HKLM\..\Run: [E-nrgyPlus] C:\Program Files\E-nrgyPlus\E-nrgyPlus.exe

    O20 - AppInit_DLLs: C:\WINNT\System32\win_76.dll

    - Close ALL open windows
    Click Fix Checked
    =====


    Find and Delete the following, if found:

    C:\WINNT\System32\win_76.dll << this file
    C:\Program Files\E-nrgyPlus << this folder
    =====


    Reboot and post a new HJT log :)

    How are things now?
  • monica_beach
    edited February 2006
    it's not listed in my add/remove programs window, shall i proceed with the other instruction?
  • TroganTrogan London, UK
    edited February 2006
    Yes please :)
  • monica_beach
    edited February 2006
    Logfile of HijackThis v1.99.1
    Scan saved at 8:08:55 PM, on 2/18/2006
    Platform: Windows 2000 (WinNT 5.00.2195)
    MSIE: Internet Explorer v5.50 SP1 (5.50.4134.0100)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\WINNT\System32\svchost.exe
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\WINNT\system32\regsvc.exe
    C:\WINNT\system32\MSTask.exe
    C:\WINNT\system32\stisvc.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\System32\mspmspsv.exe
    C:\WINNT\System32\wwSecure.exe
    C:\WINNT\explorer.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
    C:\unzipped\hijackthis_199\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: PaltalkWebLogin - {502C3BA4-2C3E-4317-BC29-C0445E82B1F9} - C:\Program Files\Common Files\Paltalk\PaltalkWebLogin.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
    O3 - Toolbar: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
    O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
    O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
    O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Monica Renee Beasley\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
    O16 - DPF: {01111F00-3E00-11D2-8470-0060089874ED} (Support.com Installer) - http://supportsoft.adelphia.net/sdccommon/download/tgctlins.cab
    O21 - SSODL: SysTray.Exbr - {6368D1FC-6F5C-4f1b-B164-E67214F678E9} - C:\WINNT\System32\gjcfmbdm.dll (file missing)
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: WMDM PMSP Service - Unknown owner - C:\WINNT\System32\mspmspsv.exe
    O23 - Service: Washer Security Access (wwSecSvc) - Webroot Software, Inc. - C:\WINNT\System32\wwSecure.exe
  • TroganTrogan London, UK
    edited February 2006
    Remove this entry with HJT:

    O21 - SSODL: SysTray.Exbr - {6368D1FC-6F5C-4f1b-B164-E67214F678E9} - C:\WINNT\System32\gjcfmbdm.dll (file missing)

    Find and delete the following, if found:

    C:\WINNT\System32\gjcfmbdm.dll << this file


    Do you have a Firewall on your computer? If not, I can recommend you some free ones. It is important to have a Firewall on your computer.

    Please visit Windows Update. Make sure you download the latest version of Internet Explorer, along with any important updates.


    Reboot and let me know how things go :)
  • monica_beach
    edited February 2006
    i'm attempting to dl IE, i haven't been able to since this thing went haywire, so hopefully it will work, so far i've had no error pop up, with the exception of my yahoo messenger, it still errors out and closes... and in response to the firewall question, no i have none. but i would like to thank you so much for taking the time to help me, i appreciate it so much!
  • monica_beach
    edited February 2006
    It's not working. I keep getting an error popup telling me that 1e6wzd.exe has generated errors and will need to be restarted. i've restarted it 3 times.
  • TroganTrogan London, UK
    edited February 2006
    Your welcome :)

    Uninstall Yahoo Messenger and download it again. Check if it works now.


    After you have downloaded IE, reboot the computer. Then, download ONE of these Free Software Firewalls.

    Zone Alarm: http://www.zonelabs.com/store/content/company/products/znalm/freeDownload.jsp
    Sygate: http://filehippo.com/download_sygate_personal_firewall/
    Sunbelt Kerio PF: http://www.sunbelt-software.com/Kerio-Download.cfm

    You can test them out to see which you like the best but make sure, you do it one by one.


    Let me know when you have done all that, so I can provide you a list on how to stay secure :)
  • monica_beach
    edited February 2006
    removed and reinstalled ym, still not working, and the ie download still errors out. shall i proceed with the firewall install?
  • TroganTrogan London, UK
    edited February 2006
    monica_beach wrote:
    It's not working. I keep getting an error popup telling me that 1e6wzd.exe has generated errors and will need to be restarted. i've restarted it 3 times.
    I can't find a solution for that error :(

    Try downloading Internet Explorer 6 Service Pack 1 from here.

    The file is 77.5MB.


    Good Luck :)
  • monica_beach
    edited February 2006
    the internet explorer dl worked, finally!
  • TroganTrogan London, UK
    edited February 2006
    Excellent :thumbsup:

    Get yourself a Firewall and post one final HJT log please.

    How is the computer?
  • monica_beach
    edited February 2006
    computer is fast and problem free, aside from yahoo messenger, but hey, i like aim better anyway!
  • profdlpprofdlp The Holy City Of Westlake, Ohio
    edited February 2006
    Congratulations, Monica - nice work, Trogan_1000! :cheers:
This discussion has been closed.