Hijack Log Please Review (Spyware Problems)
My computer takes about seven minutes to startup... and im running Windows XP.
Any program also takes a while to initalize. Any help in reviewing my file is greatly appreciated.
:Rocker:
Logfile of HijackThis v1.99.1
Scan saved at 11:26:50 PM, on 2/17/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\system32\cisvc.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\jgsxcl35.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\SpamBlockerUtility\Bin\4.6.1.0\SbOEAddOn.exe
C:\PROGRA~1\SPAMBL~1\Bin\461~1.0\SBInst.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\documents and settings\meaghan aman\local settings\temp\eALKVn.exe
C:\WINDOWS\System32\CEWMDM29.exe
C:\Program Files\AutoUpdate\AutoUpdate.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\System32\ASYCFILT.exe
C:\PROGRA~1\AWS\WEATHE~1\Weather.EXE
C:\PROGRA~1\REGIST~1\regclean.exe
C:\PROGRA~1\COMMON~1\AOL\110930~1\EE\AOLHOS~1.EXE
C:\PROGRA~1\SOFTWA~1\soproc.exe
C:\PROGRA~1\COMMON~1\AOL\110930~1\EE\AOLServiceHost.exe
C:\Program Files\Digital Line Detect\DLG.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\System32\JrarB2.exe
C:\WINDOWS\System32\JrarB2.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\America Online 9.0a\waol.exe
C:\Program Files\America Online 9.0a\shellmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\CxtPls\CxtPls.exe
C:\Program Files\SpamBlockerUtility\Bin\4.6.1.0\SbSrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\brennan101\Desktop\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr6/*http://www.yahoo.com/ext/search/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://resultsmaster.com/SmartOffers/Services/resultsmaster/ResultsMasterHomeLeftPane.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sandboxer.com/redirect.aspx?ID=10&MID=5JSAG5S2SGESDE2P8AZWC5N69BKM3GBET69459ZYGG
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: My Search BHO - {014DA6C1-189F-421a-88CD-07CFE51CFF10} - C:\Program Files\MySearch\bar\1.bin\S4BAR.DLL
O2 - BHO: (no name) - {016235BE-59D4-4CEB-ADD5-E2378282A1D9} - C:\Program Files\CxtPls\cxtpls.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O2 - BHO: ShprRprts - {2A8A997F-BB9F-48F6-AA2B-2762D50F9289} - C:\Program Files\ShopperReports\Bin\1.0.4.0\ShprRprt.dll
O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet7_22.dll
O2 - BHO: SpamBlockerUtility - {74CC49F7-EB32-4A08-B204-948962A6E3DB} - C:\Program Files\SpamBlockerUtility\Bin\4.6.1.0\SbHostIE.dll
O2 - BHO: (no name) - {8DA5457F-A8AA-4CCF-A842-70E6FD274094} - C:\PROGRA~1\COMMON~1\WinTools\WToolsT.dll (file missing)
O2 - BHO: (no name) - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - (no file)
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1601.0\en-us\msntb.dll (file missing)
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: SpamBlockerUtility - {74CC49F7-EB32-4A08-B204-948962A6E3DB} - C:\Program Files\SpamBlockerUtility\Bin\4.6.1.0\SbHostIE.dll
O3 - Toolbar: My Search Bar - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - C:\Program Files\MySearch\bar\1.bin\S4BAR.DLL
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s
O4 - HKLM\..\Run: [2ssk3nR] jgsxcl35.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [ymovpgmh] C:\WINDOWS\System32\gtnhrubq.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SpamBlocker] C:\Program Files\SpamBlockerUtility\Bin\4.6.1.0\SbOEAddOn.exe
O4 - HKLM\..\Run: [Spam Blocker for Outlook Express] C:\PROGRA~1\SPAMBL~1\Bin\461~1.0\SBInst.exe
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1109307531\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [eALKVn] C:\documents and settings\meaghan aman\local settings\temp\eALKVn.exe
O4 - HKLM\..\Run: [e60748dc3ef8] C:\WINDOWS\System32\CEWMDM29.exe
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [9e6a77b3c291] C:\WINDOWS\System32\ASYCFILT.exe
O4 - HKLM\..\Run: [2LRX2W83X2T3MQ] C:\WINDOWS\System32\Evem14V7.exe
O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.EXE 1
O4 - HKCU\..\Run: [SOProc_SoRefRegSoAlertWxLiteNnAj] rundll32 shell32.dll,ShellExec_RunDLL C:\PROGRA~1\SOFTWA~1\soproc.exe -pack SoRefRegSoAlertWxLiteNnAj
O4 - HKCU\..\Run: [Registry Cleaner] C:\PROGRA~1\REGIST~1\regclean.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe
O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: ShopperReports - Compare travel rates - {946B3E9E-E21A-49c8-9F63-900533FAFE14} - C:\Program Files\ShopperReports\Bin\1.0.4.0\ShprRprt.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: ShopperReports - Compare product prices - {E77EDA01-3C56-4a96-8D08-02B42891C169} - C:\Program Files\ShopperReports\Bin\1.0.4.0\ShprRprt.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/images/nocache/funwebproducts/SmileyCentralInitialSetup1.0.0.6.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} (CInstall Class) - http://www.spywarestormer.com/files2/Install.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540013} (CInstall Class) - http://adserver.sharewareonline.com/adserver/Install.cab
O16 - DPF: {8C875948-9C60-4381-9248-0DF180542D53} (SbInstObj) - http://installs.spamblockerutility.com/installs/spamblockerutility/programs/spamblockerutility.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{14EFB990-8013-4734-9400-B50D5167230C}: NameServer = 205.188.146.145
O17 - HKLM\System\CS1\Services\Tcpip\..\{14EFB990-8013-4734-9400-B50D5167230C}: NameServer = 205.188.146.145
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: ISEXEng - Unknown owner - C:\WINDOWS\System32\angelex.exe (file missing)
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Mcafee.com Corporation - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: ZESOFT - Unknown owner - C:\WINDOWS\zeta.exe (file missing)
Any program also takes a while to initalize. Any help in reviewing my file is greatly appreciated.
:Rocker:
Logfile of HijackThis v1.99.1
Scan saved at 11:26:50 PM, on 2/17/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\system32\cisvc.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\jgsxcl35.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\SpamBlockerUtility\Bin\4.6.1.0\SbOEAddOn.exe
C:\PROGRA~1\SPAMBL~1\Bin\461~1.0\SBInst.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\documents and settings\meaghan aman\local settings\temp\eALKVn.exe
C:\WINDOWS\System32\CEWMDM29.exe
C:\Program Files\AutoUpdate\AutoUpdate.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\System32\ASYCFILT.exe
C:\PROGRA~1\AWS\WEATHE~1\Weather.EXE
C:\PROGRA~1\REGIST~1\regclean.exe
C:\PROGRA~1\COMMON~1\AOL\110930~1\EE\AOLHOS~1.EXE
C:\PROGRA~1\SOFTWA~1\soproc.exe
C:\PROGRA~1\COMMON~1\AOL\110930~1\EE\AOLServiceHost.exe
C:\Program Files\Digital Line Detect\DLG.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\System32\JrarB2.exe
C:\WINDOWS\System32\JrarB2.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\America Online 9.0a\waol.exe
C:\Program Files\America Online 9.0a\shellmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\CxtPls\CxtPls.exe
C:\Program Files\SpamBlockerUtility\Bin\4.6.1.0\SbSrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\brennan101\Desktop\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr6/*http://www.yahoo.com/ext/search/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://resultsmaster.com/SmartOffers/Services/resultsmaster/ResultsMasterHomeLeftPane.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sandboxer.com/redirect.aspx?ID=10&MID=5JSAG5S2SGESDE2P8AZWC5N69BKM3GBET69459ZYGG
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: My Search BHO - {014DA6C1-189F-421a-88CD-07CFE51CFF10} - C:\Program Files\MySearch\bar\1.bin\S4BAR.DLL
O2 - BHO: (no name) - {016235BE-59D4-4CEB-ADD5-E2378282A1D9} - C:\Program Files\CxtPls\cxtpls.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O2 - BHO: ShprRprts - {2A8A997F-BB9F-48F6-AA2B-2762D50F9289} - C:\Program Files\ShopperReports\Bin\1.0.4.0\ShprRprt.dll
O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet7_22.dll
O2 - BHO: SpamBlockerUtility - {74CC49F7-EB32-4A08-B204-948962A6E3DB} - C:\Program Files\SpamBlockerUtility\Bin\4.6.1.0\SbHostIE.dll
O2 - BHO: (no name) - {8DA5457F-A8AA-4CCF-A842-70E6FD274094} - C:\PROGRA~1\COMMON~1\WinTools\WToolsT.dll (file missing)
O2 - BHO: (no name) - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - (no file)
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1601.0\en-us\msntb.dll (file missing)
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: SpamBlockerUtility - {74CC49F7-EB32-4A08-B204-948962A6E3DB} - C:\Program Files\SpamBlockerUtility\Bin\4.6.1.0\SbHostIE.dll
O3 - Toolbar: My Search Bar - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - C:\Program Files\MySearch\bar\1.bin\S4BAR.DLL
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s
O4 - HKLM\..\Run: [2ssk3nR] jgsxcl35.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [ymovpgmh] C:\WINDOWS\System32\gtnhrubq.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SpamBlocker] C:\Program Files\SpamBlockerUtility\Bin\4.6.1.0\SbOEAddOn.exe
O4 - HKLM\..\Run: [Spam Blocker for Outlook Express] C:\PROGRA~1\SPAMBL~1\Bin\461~1.0\SBInst.exe
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1109307531\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [eALKVn] C:\documents and settings\meaghan aman\local settings\temp\eALKVn.exe
O4 - HKLM\..\Run: [e60748dc3ef8] C:\WINDOWS\System32\CEWMDM29.exe
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [9e6a77b3c291] C:\WINDOWS\System32\ASYCFILT.exe
O4 - HKLM\..\Run: [2LRX2W83X2T3MQ] C:\WINDOWS\System32\Evem14V7.exe
O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.EXE 1
O4 - HKCU\..\Run: [SOProc_SoRefRegSoAlertWxLiteNnAj] rundll32 shell32.dll,ShellExec_RunDLL C:\PROGRA~1\SOFTWA~1\soproc.exe -pack SoRefRegSoAlertWxLiteNnAj
O4 - HKCU\..\Run: [Registry Cleaner] C:\PROGRA~1\REGIST~1\regclean.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe
O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: ShopperReports - Compare travel rates - {946B3E9E-E21A-49c8-9F63-900533FAFE14} - C:\Program Files\ShopperReports\Bin\1.0.4.0\ShprRprt.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: ShopperReports - Compare product prices - {E77EDA01-3C56-4a96-8D08-02B42891C169} - C:\Program Files\ShopperReports\Bin\1.0.4.0\ShprRprt.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/images/nocache/funwebproducts/SmileyCentralInitialSetup1.0.0.6.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} (CInstall Class) - http://www.spywarestormer.com/files2/Install.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540013} (CInstall Class) - http://adserver.sharewareonline.com/adserver/Install.cab
O16 - DPF: {8C875948-9C60-4381-9248-0DF180542D53} (SbInstObj) - http://installs.spamblockerutility.com/installs/spamblockerutility/programs/spamblockerutility.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{14EFB990-8013-4734-9400-B50D5167230C}: NameServer = 205.188.146.145
O17 - HKLM\System\CS1\Services\Tcpip\..\{14EFB990-8013-4734-9400-B50D5167230C}: NameServer = 205.188.146.145
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: ISEXEng - Unknown owner - C:\WINDOWS\System32\angelex.exe (file missing)
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Mcafee.com Corporation - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: ZESOFT - Unknown owner - C:\WINDOWS\zeta.exe (file missing)
0
This discussion has been closed.
Comments
Run the Peper fix tool. After you run the Peper fix please reboot and post another Hijack This log and we'll take care of the rest. This may take several posts. This log is very messy.
I don't think I am in the clear though... Thanks Again!
Logfile of HijackThis v1.99.1
Scan saved at 5:11:25 AM, on 2/20/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\wanmpsvc.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\America Online 9.0a\waol.exe
C:\PROGRA~1\COMMON~1\AOL\110930~1\EE\AOLHOS~1.EXE
C:\PROGRA~1\COMMON~1\AOL\110930~1\EE\AOLServiceHost.exe
C:\WINDOWS\system32\wuauclt.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\brennan101\Desktop\hijackthis\HijackThis.exe
C:\Documents and Settings\brennan101\Desktop\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr6/*http://www.yahoo.com/ext/search/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://resultsmaster.com/SmartOffers/Services/resultsmaster/ResultsMasterHomeLeftPane.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sandboxer.com/redirect.aspx?ID=10&MID=5JSAG5S2SGESDE2P8AZWC5N69BKM3GBET69459ZYGG
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: My Search BHO - {014DA6C1-189F-421a-88CD-07CFE51CFF10} - C:\Program Files\MySearch\bar\1.bin\S4BAR.DLL
O2 - BHO: (no name) - {016235BE-59D4-4CEB-ADD5-E2378282A1D9} - C:\Program Files\CxtPls\cxtpls.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O2 - BHO: ShprRprts - {2A8A997F-BB9F-48F6-AA2B-2762D50F9289} - C:\Program Files\ShopperReports\Bin\1.0.4.0\ShprRprt.dll (file missing)
O2 - BHO: SpamBlockerUtility - {74CC49F7-EB32-4A08-B204-948962A6E3DB} - C:\Program Files\SpamBlockerUtility\Bin\4.6.1.0\SbHostIE.dll
O2 - BHO: (no name) - {8DA5457F-A8AA-4CCF-A842-70E6FD274094} - C:\PROGRA~1\COMMON~1\WinTools\WToolsT.dll (file missing)
O2 - BHO: (no name) - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - (no file)
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1601.0\en-us\msntb.dll (file missing)
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: SpamBlockerUtility - {74CC49F7-EB32-4A08-B204-948962A6E3DB} - C:\Program Files\SpamBlockerUtility\Bin\4.6.1.0\SbHostIE.dll
O3 - Toolbar: My Search Bar - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - C:\Program Files\MySearch\bar\1.bin\S4BAR.DLL
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1109307531\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [2LRX2W83X2T3MQ] C:\WINDOWS\System32\Wryv.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0a\AOL.EXE" -b
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe (file missing)
O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe (file missing)
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: ShopperReports - Compare travel rates - {946B3E9E-E21A-49c8-9F63-900533FAFE14} - C:\Program Files\ShopperReports\Bin\1.0.4.0\ShprRprt.dll (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: ShopperReports - Compare product prices - {E77EDA01-3C56-4a96-8D08-02B42891C169} - C:\Program Files\ShopperReports\Bin\1.0.4.0\ShprRprt.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/images/nocache/funwebproducts/SmileyCentralInitialSetup1.0.0.6.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} (CInstall Class) - http://www.spywarestormer.com/files2/Install.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540013} (CInstall Class) - http://adserver.sharewareonline.com/adserver/Install.cab
O16 - DPF: {8C875948-9C60-4381-9248-0DF180542D53} (SbInstObj) - http://installs.spamblockerutility.com/installs/spamblockerutility/programs/spamblockerutility.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Mcafee.com Corporation - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O4 - HKLM\..\Run: [2LRX2W83X2T3MQ] C:\WINDOWS\System32\Wryv.exe
If you didn't go ahead and run it. I'll edit my reply to you for the rest of the cleanup. I'll get it posted later on in the day.
Click Start--->Control Panel--->Add/Remove programs. A window will appear with a list of installed programs. Find the programs below (please note that some of these might not exist, don't worry about that):
MyWebSearch
MySearch
Shopper reports
One at a time uninstall these programs if and when found. Note that these may or may not exist. Don't be alarmed if they don't.
Next run Hijack This again and place a check (tick) next to the following entries:
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...ch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://resultsmaster.com/SmartOffers...meLeftPane.htm
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sandboxer.com/redirect.as...3GBET69459ZYGG
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: My Search BHO - {014DA6C1-189F-421a-88CD-07CFE51CFF10} - C:\Program Files\MySearch\bar\1.bin\S4BAR.DLL
O2 - BHO: (no name) - {016235BE-59D4-4CEB-ADD5-E2378282A1D9} - C:\Program Files\CxtPls\cxtpls.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O2 - BHO: ShprRprts - {2A8A997F-BB9F-48F6-AA2B-2762D50F9289} - C:\Program Files\ShopperReports\Bin\1.0.4.0\ShprRprt.dll
O2 - BHO: (no name) - {8DA5457F-A8AA-4CCF-A842-70E6FD274094} - C:\PROGRA~1\COMMON~1\WinTools\WToolsT.dll (file missing)
O2 - BHO: (no name) - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - (no file)
O3 - Toolbar: My Search Bar - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - C:\Program Files\MySearch\bar\1.bin\S4BAR.DLL
O4 - HKLM\..\Run: [2LRX2W83X2T3MQ] C:\WINDOWS\System32\Wryv.exe
O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe
O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe
O9 - Extra button: ShopperReports - Compare travel rates - {946B3E9E-E21A-49c8-9F63-900533FAFE14} - C:\Program Files\ShopperReports\Bin\1.0.4.0\ShprRprt.dll
O9 - Extra button: ShopperReports - Compare product prices - {E77EDA01-3C56-4a96-8D08-02B42891C169} - C:\Program Files\ShopperReports\Bin\1.0.4.0\ShprRprt.dll
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540013} (CInstall Class) - http://adserver.sharewareonline.com/...er/Install.cab
Now close all other browsers/windows and click Fix Checked. Close Hijack This.
Please reboot the PC into safe mode now. You can do this by rebooting and then repeatedly tapping the F8 key until the advanced boot options menu appears. Select the top choice which is safe mode then press enter.
Please make sure you can view all hidden files and folders, explained below:
We need to manually look for and delete some files and folders. Please note that some of these may not exist and don't be alarmed if you can't find them. Open Windows Explorer. Please navigate to the folder C:\Program Files. Find and delete the folders listed below:
MySearch
cxtpls
MyWebSearch
Newdotnet
AutoUpdate
Shopper reports
Next go to C:\Program Files\common files. Find and delete the following folder:
wintools
Next navigate to C:\Documents and Settings\Meaghan Aman\Local Settings\temp. Find and delete the file listed below:
eALKVn.exe
Next go to this folder C:\Windows. Find and delete the following file:
zeta.exe
Now go to this folder C:\Windows\System32. Find and delete the following files:
angelex.exe
CEWMDM29.exe
ASYFILT.exe
jrarb2.exe
ms.exe
Wryv.exe
jgsxc135.exe
gtnhrubq.exe
Please use the Windows search feature to find this file: soproc.exe. Delete every instance of the file that is found.
Reboot your PC into normal mode. Run Hijack This again and post another log.
First: The Newest Hijack This Log
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\America Online 9.0a\waol.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\America Online 9.0a\shellmon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Documents and Settings\brennan101\Desktop\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O3 - Toolbar: My Search Bar - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - C:\Program Files\MySearch\bar\1.bin\S4BAR.DLL (file missing)
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0a\AOL.EXE" -b
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O9 - Extra button: ShopperReports - Compare travel rates - {946B3E9E-E21A-49c8-9F63-900533FAFE14} - C:\Program Files\ShopperReports\Bin\1.0.4.0\ShprRprt.dll (file missing)
O9 - Extra button: ShopperReports - Compare product prices - {E77EDA01-3C56-4a96-8D08-02B42891C169} - C:\Program Files\ShopperReports\Bin\1.0.4.0\ShprRprt.dll (file missing)
O17 - HKLM\System\CCS\Services\Tcpip\..\{14EFB990-8013-4734-9400-B50D5167230C}: NameServer = 205.188.146.145
O17 - HKLM\System\CS1\Services\Tcpip\..\{14EFB990-8013-4734-9400-B50D5167230C}: NameServer = 205.188.146.145
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Mcafee.com Corporation - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
Secondly: Ewido Malware report, ran before I followed your newest instructions
ewido anti-malware - Scan report
+ Created on: 5:02:16 AM, 2/20/2006
+ Report-Checksum: 7EFB592C
+ Scan result:
HKLM\SOFTWARE\180ax -> Adware.180Solutions : Cleaned with backup
HKLM\SOFTWARE\Apropos -> Adware.Apropos : Cleaned with backup
HKLM\SOFTWARE\Apropos\Client -> Adware.Apropos : Cleaned with backup
HKLM\SOFTWARE\AutoLoader -> Adware.Apropos : Cleaned with backup
HKLM\SOFTWARE\AutoLoader\2F321bMTNYad -> Adware.Apropos : Cleaned with backup
HKLM\SOFTWARE\AutoLoader\2F3K1bMTNYad -> Adware.Apropos : Cleaned with backup
HKLM\SOFTWARE\Classes\AppID\HbSrv.EXE -> Adware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Contact.Contacts -> Adware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Contact.Contacts\CLSID -> Adware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Contact.Contacts\CurVer -> Adware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Contact.Contacts.1 -> Adware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\HbCoreSrv.DynamicProp -> Adware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\HbCoreSrv.DynamicProp\CLSID -> Adware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\HbCoreSrv.DynamicProp\CurVer -> Adware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\HbCoreSrv.DynamicProp.1 -> Adware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\HbHostOL.HbElementFocus -> Adware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\HbHostOL.HbElementFocus\CLSID -> Adware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\HbHostOL.HbElementFocus\CurVer -> Adware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\HbHostOL.HbElementFocus.1 -> Adware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\PROTOCOLS\Name-Space Handler\res -> Adware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\RprtsPSClient.PSExecuter -> Adware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\RprtsPSClient.PSExecuter\CLSID -> Adware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\RprtsPSClient.PSExecuter\CurVer -> Adware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\RprtsPSClient.PSExecuter.1 -> Adware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\ShprRprts.HbAx -> Adware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\ShprRprts.HbAx\CLSID -> Adware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\ShprRprts.HbAx\CurVer -> Adware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\ShprRprts.HbAx.1 -> Adware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\ShprRprts.HbCommBand -> Adware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\ShprRprts.HbCommBand\CLSID -> Adware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\ShprRprts.HbCommBand\CurVer -> Adware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\ShprRprts.HbCommBand.1 -> Adware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\ShprRprts.HbInfoBand -> Adware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\ShprRprts.HbInfoBand\CLSID -> Adware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\ShprRprts.HbInfoBand\CurVer -> Adware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\ShprRprts.HbInfoBand.1 -> Adware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\ShprRprts.IEButton -> Adware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\ShprRprts.IEButton\CLSID -> Adware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\ShprRprts.IEButton\CurVer -> Adware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\ShprRprts.IEButton.1 -> Adware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\ShprRprts.IEButtonA -> Adware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\ShprRprts.IEButtonA\CLSID -> Adware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\ShprRprts.IEButtonA\CurVer -> Adware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\ShprRprts.IEButtonA.1 -> Adware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\ShprRprts.SmrtShprCtl -> Adware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\ShprRprts.SmrtShprCtl\CLSID -> Adware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\ShprRprts.SmrtShprCtl\CurVer -> Adware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\ShprRprts.SmrtShprCtl.1 -> Adware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\TBPS.PluginDown -> Adware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\TBPS.PluginDown\Clsid -> Adware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\TBPS.PluginInst -> Adware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\TBPS.PluginInst\Clsid -> Adware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\ToolbarBestToolbarsToolbar.BestToolbarsToolbarObject -> Adware.FizzleBar : Cleaned with backup
HKLM\SOFTWARE\Classes\ToolbarBestToolbarsToolbar.BestToolbarsToolbarObject\CLSID -> Adware.FizzleBar : Cleaned with backup
HKLM\SOFTWARE\Classes\ToolbarBestToolbarsToolbar.BestToolbarsToolbarObject\CurVer -> Adware.FizzleBar : Cleaned with backup
HKLM\SOFTWARE\Classes\ToolbarBestToolbarsToolbar.BestToolbarsToolbarObject.1 -> Adware.FizzleBar : Cleaned with backup
HKLM\SOFTWARE\Envolo -> Adware.Apropos : Cleaned with backup
HKLM\SOFTWARE\Envolo\AutoUpdate -> Adware.Apropos : Cleaned with backup
HKLM\SOFTWARE\Envolo\AutoUpdate\State -> Adware.Apropos : Cleaned with backup
HKLM\SOFTWARE\Envolo\AutoUpdate\Tasks -> Adware.Apropos : Cleaned with backup
HKLM\SOFTWARE\IEMenuExtension -> Adware.EffectiveBrandToolbar : Cleaned with backup
HKLM\SOFTWARE\IEMenuExtension\toolbar -> Adware.EffectiveBrandToolbar : Cleaned with backup
HKLM\SOFTWARE\IEMenuExtension\toolbar\IE5 -> Adware.EffectiveBrandToolbar : Cleaned with backup
HKLM\SOFTWARE\MaxSpeed -> Adware.Maxspeed : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\180ax -> Adware.180Solutions : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AproposClient -> Adware.Apropos : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AutoUpdate -> Adware.Apropos : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MirrorUnder -> Adware.ClearSearch : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SEP -> Adware.SEP : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpiderSidebar -> Adware.ClearSearch : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\UrlSidebar -> Adware.ClearSearch : Cleaned with backup
HKLM\SYSTEM\CurrentControlSet\Services\ISEXEng -> Adware.BargainBuddy : Cleaned with backup
HKLM\SYSTEM\CurrentControlSet\Services\ISEXEng\Security -> Adware.BargainBuddy : Cleaned with backup
HKLM\SYSTEM\CurrentControlSet\Services\ISEXEng\Enum -> Adware.BargainBuddy : Cleaned with backup
HKLM\SYSTEM\CurrentControlSet\Services\ZESOFT -> Adware.NaviSearch : Cleaned with backup
HKLM\SYSTEM\CurrentControlSet\Services\ZESOFT\Security -> Adware.NaviSearch : Cleaned with backup
HKLM\SYSTEM\CurrentControlSet\Services\ZESOFT\Enum -> Adware.NaviSearch : Cleaned with backup
C:\!PeperFix\Evem14V7.exe -> Downloader.VB.em : Cleaned with backup
C:\!PeperFix\JrarB2.exe -> Downloader.VB.em : Cleaned with backup
C:\!PeperFix\KrxH5g.exe -> Downloader.VB.em : Cleaned with backup
C:\!PeperFix\Nmashag.exe -> Downloader.VB.em : Cleaned with backup
C:\!PeperFix\Wryv.exe -> Downloader.VB.em : Cleaned with backup
C:\Documents and Settings\brennan101\Application Data\ShopperReports -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\brennan101\Application Data\ShopperReports\cs -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\brennan101\Application Data\ShopperReports\cs\Config.xml -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\brennan101\Application Data\ShopperReports\cs\db -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\brennan101\Application Data\ShopperReports\cs\db\Aliases.dbs -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\brennan101\Application Data\ShopperReports\cs\db\Sites.dbs -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\brennan101\Application Data\ShopperReports\cs\dwld -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\brennan101\Application Data\ShopperReports\cs\dwld\WhiteList.xip -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\brennan101\Application Data\ShopperReports\cs\persist.dbs -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\brennan101\Application Data\ShopperReports\cs\report -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\brennan101\Application Data\ShopperReports\cs\report\ag.xml -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\brennan101\Application Data\ShopperReports\cs\report\ag.xml.db -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\brennan101\Application Data\ShopperReports\cs\report\send.xml -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\brennan101\Application Data\ShopperReports\cs\report\send.xml.db -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\brennan101\Application Data\ShopperReports\cs\res2 -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\brennan101\Application Data\ShopperReports\cs\res2\WhiteList.dbs -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\brennan101\Application Data\ShopperReports\shprrprt.log -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\brennan101\Cookies\brennan101@2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\brennan101\Cookies\brennan101@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\brennan101\Cookies\brennan101@adopt.specificclick[1].txt -> TrackingCookie.Specificclick : Cleaned with backup
C:\Documents and Settings\brennan101\Cookies\brennan101@adrevolver[3].txt -> TrackingCookie.Adrevolver : Cleaned with backup
C:\Documents and Settings\brennan101\Cookies\brennan101@ads.addynamix[1].txt -> TrackingCookie.Addynamix : Cleaned with backup
C:\Documents and Settings\brennan101\Cookies\brennan101@ads.pointroll[1].txt -> TrackingCookie.Pointroll : Cleaned with backup
C:\Documents and Settings\brennan101\Cookies\brennan101@ads.realcastmedia[1].txt -> TrackingCookie.Realcastmedia : Cleaned with backup
C:\Documents and Settings\brennan101\Cookies\brennan101@advertising[2].txt -> TrackingCookie.Advertising : Cleaned with backup
C:\Documents and Settings\brennan101\Cookies\brennan101@as-us.falkag[2].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\Documents and Settings\brennan101\Cookies\brennan101@as1.falkag[1].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\Documents and Settings\brennan101\Cookies\brennan101@atdmt[1].txt -> TrackingCookie.Atdmt : Cleaned with backup
C:\Documents and Settings\brennan101\Cookies\brennan101@bluestreak[2].txt -> TrackingCookie.Bluestreak : Cleaned with backup
C:\Documents and Settings\brennan101\Cookies\brennan101@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\brennan101\Cookies\brennan101@c5.zedo[2].txt -> TrackingCookie.Zedo : Cleaned with backup
C:\Documents and Settings\brennan101\Cookies\brennan101@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\brennan101\Cookies\brennan101@centrport[1].txt -> TrackingCookie.Centrport : Cleaned with backup
C:\Documents and Settings\brennan101\Cookies\brennan101@citi.bridgetrack[1].txt -> TrackingCookie.Bridgetrack : Cleaned with backup
C:\Documents and Settings\brennan101\Cookies\brennan101@com[2].txt -> TrackingCookie.Com : Cleaned with backup
C:\Documents and Settings\brennan101\Cookies\brennan101@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned with backup
C:\Documents and Settings\brennan101\Cookies\brennan101@data.coremetrics[1].txt -> TrackingCookie.Coremetrics : Cleaned with backup
C:\Documents and Settings\brennan101\Cookies\brennan101@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\brennan101\Cookies\brennan101@edge.ru4[2].txt -> TrackingCookie.Ru4 : Cleaned with backup
C:\Documents and Settings\brennan101\Cookies\brennan101@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned with backup
C:\Documents and Settings\brennan101\Cookies\brennan101@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\brennan101\Cookies\brennan101@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\brennan101\Cookies\brennan101@paypopup[2].txt -> TrackingCookie.Paypopup : Cleaned with backup
C:\Documents and Settings\brennan101\Cookies\brennan101@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\brennan101\Cookies\brennan101@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\brennan101\Cookies\brennan101@reduxads.valuead[2].txt -> TrackingCookie.Valuead : Cleaned with backup
C:\Documents and Settings\brennan101\Cookies\brennan101@revenue[1].txt -> TrackingCookie.Revenue : Cleaned with backup
C:\Documents and Settings\brennan101\Cookies\brennan101@server.iad.liveperson[2].txt -> TrackingCookie.Liveperson : Cleaned with backup
C:\Documents and Settings\brennan101\Cookies\brennan101@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\brennan101\Cookies\brennan101@statcounter[2].txt -> TrackingCookie.Statcounter : Cleaned with backup
C:\Documents and Settings\brennan101\Cookies\brennan101@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup
C:\Documents and Settings\brennan101\Cookies\brennan101@targetnet[1].txt -> TrackingCookie.Targetnet : Cleaned with backup
C:\Documents and Settings\brennan101\Cookies\brennan101@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Cleaned with backup
C:\Documents and Settings\brennan101\Cookies\brennan101@trafficmp[1].txt -> TrackingCookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\brennan101\Cookies\brennan101@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\brennan101\Cookies\brennan101@valueclick[2].txt -> TrackingCookie.Valueclick : Cleaned with backup
C:\Documents and Settings\brennan101\Cookies\brennan101@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : Cleaned with backup
C:\Documents and Settings\brennan101\Cookies\brennan101@www.shopathomeselect[1].txt -> TrackingCookie.Shopathomeselect : Cleaned with backup
C:\Documents and Settings\brennan101\Cookies\brennan101@yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\brennan101\Cookies\brennan101@z1.adserver[1].txt -> TrackingCookie.Adserver : Cleaned with backup
C:\Documents and Settings\brennan101\Cookies\brennan101@zedo[2].txt -> TrackingCookie.Zedo : Cleaned with backup
C:\Documents and Settings\Meaghan Aman\Local Settings\Temp\eALKVn.exe -> Downloader.Small.tf : Cleaned with backup
C:\Documents and Settings\Peggy Aman\Cookies\peggy [email]aman@2o7[1].txt[/email] -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Peggy Aman\Cookies\peggy [email]aman@ad.yieldmanager[2].txt[/email] -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Peggy Aman\Cookies\peggy [email]aman@adrevolver[2].txt[/email] -> TrackingCookie.Adrevolver : Cleaned with backup
C:\Documents and Settings\Peggy Aman\Cookies\peggy [email]aman@ads.addynamix[1].txt[/email] -> TrackingCookie.Addynamix : Cleaned with backup
C:\Documents and Settings\Peggy Aman\Cookies\peggy [email]aman@ads.pointroll[1].txt[/email] -> TrackingCookie.Pointroll : Cleaned with backup
C:\Documents and Settings\Peggy Aman\Cookies\peggy [email]aman@ads.realcastmedia[1].txt[/email] -> TrackingCookie.Realcastmedia : Cleaned with backup
C:\Documents and Settings\Peggy Aman\Cookies\peggy [email]aman@advertising[1].txt[/email] -> TrackingCookie.Advertising : Cleaned with backup
C:\Documents and Settings\Peggy Aman\Cookies\peggy [email]aman@atdmt[1].txt[/email] -> TrackingCookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Peggy Aman\Cookies\peggy [email]aman@bluestreak[2].txt[/email] -> TrackingCookie.Bluestreak : Cleaned with backup
C:\Documents and Settings\Peggy Aman\Cookies\peggy [email]aman@casalemedia[2].txt[/email] -> TrackingCookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\Peggy Aman\Cookies\peggy [email]aman@citi.bridgetrack[1].txt[/email] -> TrackingCookie.Bridgetrack : Cleaned with backup
C:\Documents and Settings\Peggy Aman\Cookies\peggy [email]aman@doubleclick[1].txt[/email] -> TrackingCookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Peggy Aman\Cookies\peggy [email]aman@edge.ru4[2].txt[/email] -> TrackingCookie.Ru4 : Cleaned with backup
C:\Documents and Settings\Peggy Aman\Cookies\peggy [email]aman@fastclick[1].txt[/email] -> TrackingCookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Peggy Aman\Cookies\peggy [email]aman@perf.overture[1].txt[/email] -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\Peggy Aman\Cookies\peggy [email]aman@questionmarket[1].txt[/email] -> TrackingCookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Peggy Aman\Cookies\peggy [email]aman@starware[2].txt[/email] -> TrackingCookie.Starware : Cleaned with backup
C:\Documents and Settings\Peggy Aman\Cookies\peggy [email]aman@tradedoubler[1].txt[/email] -> TrackingCookie.Tradedoubler : Cleaned with backup
C:\Documents and Settings\Peggy Aman\Cookies\peggy [email]aman@trafficmp[2].txt[/email] -> TrackingCookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\Peggy Aman\Cookies\peggy [email]aman@tribalfusion[1].txt[/email] -> TrackingCookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\Peggy Aman\Cookies\peggy [email]aman@valueclick[1].txt[/email] -> TrackingCookie.Valueclick : Cleaned with backup
C:\Documents and Settings\Peggy Aman\Cookies\peggy [email]aman@z1.adserver[1].txt[/email] -> TrackingCookie.Adserver : Cleaned with backup
C:\Documents and Settings\Peggy Aman\Cookies\peggy [email]aman@zedo[1].txt[/email] -> TrackingCookie.Zedo : Cleaned with backup
C:\Program Files\AutoUpdate -> Adware.Apropos : Cleaned with backup
C:\Program Files\AutoUpdate\AutoUpdate.exe -> Adware.Apropos : Cleaned with backup
C:\Program Files\AutoUpdate\libexpat.dll -> Adware.Apropos : Cleaned with backup
C:\Program Files\Common Files\CMEII\apps\DashBar\dashbar2100.zip/InstallDashBar.exe -> Adware.DashBar : Cleaned with backup
C:\Program Files\Common Files\CMEII\apps\DashBar\InstallDashBar.exe -> Adware.DashBar : Cleaned with backup
C:\Program Files\Common Files\GMT\DashBar.dll -> Adware.DashBar : Cleaned with backup
C:\Program Files\Common Files\GMT\GatorRes.dll -> Adware.Gator : Cleaned with backup
C:\Program Files\Common Files\GMT\gtrawbm.fil -> Adware.Gator : Cleaned with backup
C:\Program Files\Common Files\qdradncm\bbsearuo\cpuformp.exe -> Adware.Gator : Cleaned with backup
C:\Program Files\Common Files\qdradncm\qanerlrsad\pnudoqsru.exe -> Adware.Gator : Cleaned with backup
C:\Program Files\CxtPls -> Adware.Apropos : Cleaned with backup
C:\Program Files\CxtPls\AI_15-02-2006.log -> Adware.Apropos : Cleaned with backup
C:\Program Files\CxtPls\AI_17-02-2006.log -> Adware.Apropos : Cleaned with backup
C:\Program Files\CxtPls\AI_19-02-2006.log -> Adware.Apropos : Cleaned with backup
C:\Program Files\CxtPls\AI_20-02-2006.log -> Adware.Apropos : Cleaned with backup
C:\Program Files\CxtPls\data.bin -> Adware.Apropos : Cleaned with backup
C:\Program Files\CxtPls\uninstaller.exe -> Adware.Apropos : Cleaned with backup
C:\Program Files\SEP -> Adware.SideFind : Cleaned with backup
C:\Program Files\SEP\Uninst.exe -> Adware.SideFind : Cleaned with backup
C:\Program Files\ShopperReports -> Adware.HotBar : Cleaned with backup
C:\Program Files\ShopperReports\Bin -> Adware.HotBar : Cleaned with backup
C:\Program Files\ShopperReports\Bin\1.0.4.0 -> Adware.HotBar : Cleaned with backup
C:\Program Files\ShopperReports\cs -> Adware.HotBar : Cleaned with backup
C:\Program Files\ShopperReports\cs\persist.dbs -> Adware.HotBar : Cleaned with backup
C:\Program Files\ShopperReports\uninst.exe -> Adware.HotBar : Cleaned with backup
C:\Program Files\SpamBlockerUtility\bin\4.6.1.0\Contact.dll -> Adware.HotBar : Cleaned with backup
C:\Program Files\SpamBlockerUtility\bin\4.6.1.0\SbGuard.exe -> Adware.HotBar : Cleaned with backup
C:\Program Files\SpamBlockerUtility\bin\4.6.1.0\SbHostOE.dll -> Adware.HotBar : Cleaned with backup
C:\Program Files\SpamBlockerUtility\bin\4.6.1.0\SbWallpaper.dll -> Adware.HotBar : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP4\A0000111.exe -> Downloader.VB.em : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP4\A0000112.exe -> Downloader.VB.em : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP4\A0000113.exe -> Downloader.VB.em : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP4\A0000114.exe -> Downloader.VB.em : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP4\A0000115.exe -> Downloader.VB.em : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP4\A0000142.exe -> Adware.NewDotNet : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP4\A0000143.exe -> Adware.NewDotNet : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP4\A0000145.dll -> Adware.NewDotNet : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP4\A0000180.dll -> Adware.Apropos : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP4\A0000184.dll -> Adware.Apropos : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP4\A0000186.dll -> Adware.Shopper : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP4\A0000187.exe -> Adware.Apropos : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\HbInstIE.dll -> Adware.HotBar : Cleaned with backup
C:\WINDOWS\EDow_AS2.exe -> Downloader.QDown.m : Cleaned with backup
C:\WINDOWS\NDNuninstall6_38.exe -> Adware.NewDotNet : Cleaned with backup
C:\WINDOWS\NDNuninstall6_98.exe -> Adware.NewDotNet : Cleaned with backup
C:\WINDOWS\NDNuninstall7_14.exe -> Adware.NewDotNet : Cleaned with backup
C:\WINDOWS\NDNuninstall7_22.exe -> Adware.NewDotNet : Cleaned with backup
C:\WINDOWS\SYSTEM32\ASYCFILT.exe -> Adware.UrlSpy : Cleaned with backup
C:\WINDOWS\SYSTEM32\AVIFIL32.exe -> Adware.UrlSpy : Cleaned with backup
C:\WINDOWS\SYSTEM32\AVWAV827.exe -> Adware.UrlSpy : Cleaned with backup
C:\WINDOWS\SYSTEM32\CDFVIEW2.exe -> Downloader.Agent.adz : Cleaned with backup
C:\WINDOWS\SYSTEM32\CEWMDM29.exe -> Adware.IEDriver : Cleaned with backup
C:\WINDOWS\SYSTEM32\gtnhrubq.exe -> Adware.HotBar : Cleaned with backup
C:\WINDOWS\SYSTEM32\jgsxcl35.exe -> Downloader.Apropo.t : Cleaned with backup
C:\WINDOWS\SYSTEM32\mac80ex.idf/C:/WINDOWS/System32/msbe.dll -> Adware.BargainBuddy : Cleaned with backup
C:\WINDOWS\SYSTEM32\mac80ex.idf/C:/Program Files/BullsEye Network/bin/bargains.exe -> Adware.BargainBuddy : Cleaned with backup
C:\WINDOWS\SYSTEM32\mac80ex.idf/C:/Program Files/BullsEye Network/bin/adv.exe -> Adware.BargainBuddy : Cleaned with backup
C:\WINDOWS\SYSTEM32\mac80ex.idf/C:/Program Files/BullsEye Network/bin/adx.exe -> Adware.BargainBuddy : Cleaned with backup
C:\WINDOWS\SYSTEM32\mqexdlm.srg -> Adware.BargainBuddy : Cleaned with backup
C:\WINDOWS\SYSTEM32\ms.exe -> Downloader.VB.cw : Cleaned with backup
C:\WINDOWS\SYSTEM32\netut80ex.vxd/C:/WINDOWS/System32/exdl.exe -> Adware.BargainBuddy : Cleaned with backup
C:\WINDOWS\SYSTEM32\netut80ex.vxd/C:/WINDOWS/System32/mqexdlm.srg -> Adware.BargainBuddy : Cleaned with backup
C:\WINDOWS\SYSTEM32\netut80ex.vxd/C:/WINDOWS/System32/exul.exe -> Adware.BargainBuddy : Cleaned with backup
C:\WINDOWS\SYSTEM32\netut80ex.vxd/C:/WINDOWS/System32/javexulm.vxd -> Adware.BargainBuddy : Cleaned with backup
C:\WINDOWS\SYSTEM32\sysatcha.exe -> Downloader.Agent.hc : Cleaned with backup
C:\WINDOWS\SYSTEM32\vfpgwrbk.exe -> Downloader.Apropo.t : Cleaned with backup
On a final Note, I followed your instructions but under the system32 folder I did not find any ".exe" instantces, only a couple of ".dll" files that matched.
Thanks again, for your awesome response time and sheer brillance
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O3 - Toolbar: My Search Bar - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - C:\Program Files\MySearch\bar\1.bin\S4BAR.DLL (file missing)
O9 - Extra button: ShopperReports - Compare travel rates - {946B3E9E-E21A-49c8-9F63-900533FAFE14} - C:\Program Files\ShopperReports\Bin\1.0.4.0\ShprRprt.dll (file missing)
O9 - Extra button: ShopperReports - Compare product prices - {E77EDA01-3C56-4a96-8D08-02B42891C169} - C:\Program Files\ShopperReports\Bin\1.0.4.0\ShprRprt.dll (file missing)
I'll be looking for you new log.
Here is the newest Hijack this log, it reflects the changes you instructed me to do last time :usflag:
Logfile of HijackThis v1.99.1
Scan saved at 9:22:19 PM, on 2/23/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Messenger\msmsgs.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\America Online 9.0a\waol.exe
C:\Program Files\America Online 9.0a\shellmon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Documents and Settings\brennan101\Desktop\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com/
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0a\AOL.EXE" -b
O9 - Extra button: ShopperReports - Compare travel rates - {946B3E9E-E21A-49c8-9F63-900533FAFE14} - C:\Program Files\ShopperReports\Bin\1.0.4.0\ShprRprt.dll (file missing)
O9 - Extra button: ShopperReports - Compare product prices - {E77EDA01-3C56-4a96-8D08-02B42891C169} - C:\Program Files\ShopperReports\Bin\1.0.4.0\ShprRprt.dll (file missing)
O17 - HKLM\System\CCS\Services\Tcpip\..\{14EFB990-8013-4734-9400-B50D5167230C}: NameServer = 205.188.146.145
O17 - HKLM\System\CS1\Services\Tcpip\..\{14EFB990-8013-4734-9400-B50D5167230C}: NameServer = 205.188.146.145
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Mcafee.com Corporation - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe