add or remove programs help!!

kevdogkevdog
edited March 2006 in Spyware & Virus Removal
hey guys i just installed adobe reader 7 a few days ago and now when i click anything on my destop a box pups up really fast i cant read it. and when i tried to click my add and removed programs to uninstall it only microsoft.net framwork 1.1 and windows media connect show up? oh and i get a popup sayin preparing to install when i click on anything on my comp.

im running xp home sp2

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\VCOM\Fix-It\mxtask.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\PROGRA~1\VCOM\Fix-It\mxtask.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\mHotkey.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSBasic.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\DAP\DAP.EXE
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\kevdog\LOCALS~1\Temp\Rar$EX00.203\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp_adbe/defaults/sp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.emachines.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr7/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\ycomp5_5_7_0.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: CCHelper Class - {0CF0B8EE-6596-11D5-A98E-0003470BB48E} - C:\Program Files\Panicware\Pop-Up Stopper Basic\CCHelper.dll
O2 - BHO: URLLink Class - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet6_38.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: Pa&nicware Pop-Up Stopper Basic - {B1E741E7-1E77-40D4-9FD8-51949B9CCBD0} - C:\Program Files\Panicware\Pop-Up Stopper Basic\psbasic.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Fix-It AV] C:\PROGRA~1\VCOM\Fix-It\MemCheck.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [PopUpStopperBasic] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSBasic.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [Windows Registry Repair Pro] C:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe 4
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Exif Launcher.lnk = ?
O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\aim\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: ActiveGS.cab - http://www.virtualapple.com/activegs.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab28578.cab
O16 - DPF: {15589FA1-C456-11CE-BF01-00AA0055595A} - http://w4s.work4sure.com/c/ge/w4sgeen9.exe
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/DownloadAccess/ie/bridge-c11.cab
O16 - DPF: {22E5D91F-89E6-4405-AD9C-0AF27BA6F06B} (HidInputMonitorX Control) - file://D:\components\hidinputmonitorx.ocx
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} - http://www.miniclip.com/bestfriends/retro64_loader.dll
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {4F63D44B-6274-4D60-8AB1-CAA7116B8AF3} (A9Helper.A9) - file://D:\components\A9.ocx
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/056f4317b970e9cb3d05/netzip/RdxIE601.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart.com/photo/uploads/FujifilmUploadClient.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab28578.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/dim2/default/popcaploader_v6.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Fix-It Task Manager - Avanquest Publishing USA, Inc. - C:\PROGRA~1\VCOM\Fix-It\mxtask.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Comments

  • skywalker45skywalker45 Bloomington, IN. USA
    edited March 2006
    You are currently running Hijack This from here:

    C:\DOCUME~1\kevdog\LOCALS~1\Temp\Rar$EX00.203\Hija ckThis.exe

    This is a temp folder. Could you please make a new folder here:

    C:\HJT

    Move Hijack This to that folder or alternatively drag the file HijackThis.exe to your desktop. We need to get it out of the temp directory before we begin a fix. Post another log after you do this.
  • kevdogkevdog
    edited March 2006
    Logfile of HijackThis v1.99.1
    Scan saved at 12:17:44 PM, on 3/20/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\PROGRA~1\VCOM\Fix-It\mxtask.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\PROGRA~1\VCOM\Fix-It\mxtask.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\mHotkey.exe
    C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\PROGRA~1\PANICW~1\POP-UP~1\PSBasic.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\FinePixViewer\QuickDCF.exe
    C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\DAP\DAP.EXE
    C:\Program Files\hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp_adbe/defaults/sp/*http://www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.emachines.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr7/*http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - Default URLSearchHook is missing
    O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\ycomp5_5_7_0.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: CCHelper Class - {0CF0B8EE-6596-11D5-A98E-0003470BB48E} - C:\Program Files\Panicware\Pop-Up Stopper Basic\CCHelper.dll
    O2 - BHO: URLLink Class - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet6_38.dll
    O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
    O3 - Toolbar: Pa&nicware Pop-Up Stopper Basic - {B1E741E7-1E77-40D4-9FD8-51949B9CCBD0} - C:\Program Files\Panicware\Pop-Up Stopper Basic\psbasic.dll
    O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\ycomp5_5_7_0.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [Fix-It AV] C:\PROGRA~1\VCOM\Fix-It\MemCheck.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
    O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
    O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKCU\..\Run: [Windows Registry Repair Pro] C:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe 4
    O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
    O4 - HKCU\..\Run: [PopUpStopperBasic] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSBasic.exe"
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
    O4 - Global Startup: Exif Launcher.lnk = ?
    O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
    O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
    O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
    O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
    O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\aim\aim.exe
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by New.Net
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
    O16 - DPF: ActiveGS.cab - http://www.virtualapple.com/activegs.cab
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab28578.cab
    O16 - DPF: {15589FA1-C456-11CE-BF01-00AA0055595A} - http://w4s.work4sure.com/c/ge/w4sgeen9.exe
    O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/DownloadAccess/ie/bridge-c11.cab
    O16 - DPF: {22E5D91F-89E6-4405-AD9C-0AF27BA6F06B} (HidInputMonitorX Control) - file://D:\components\hidinputmonitorx.ocx
    O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} - http://www.miniclip.com/bestfriends/retro64_loader.dll
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
    O16 - DPF: {4F63D44B-6274-4D60-8AB1-CAA7116B8AF3} (A9Helper.A9) - file://D:\components\A9.ocx
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/056f4317b970e9cb3d05/netzip/RdxIE601.cab
    O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart.com/photo/uploads/FujifilmUploadClient.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
    O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
    O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab
    O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab28578.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/dim2/default/popcaploader_v6.cab
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Fix-It Task Manager - Avanquest Publishing USA, Inc. - C:\PROGRA~1\VCOM\Fix-It\mxtask.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

    sorry about that i fixed it.
  • skywalker45skywalker45 Bloomington, IN. USA
    edited March 2006
    Can you open Windows Explorer without getting the "preparing to install message"? I guess what I'm asking is can you open it at all? We need to uninstall the internet access hijacker new.net before we continue with the fix. Let me know if you can open Windows Explorer. If not there is a tool we can use to get rid of new.net.
  • kevdogkevdog
    edited March 2006
    i can open exploer
  • skywalker45skywalker45 Bloomington, IN. USA
    edited March 2006
    Sorry it took me so long to get back with you. I got booted off right in the middle of my response to you. Anyway, normally we would go to add/remove programs and uninstall the program new.net but since it doesn't show up in your add/remove programs list we'll try it a different way. We need to get rid of this before we do anything else or it will just keep coming back. We could use LSPFix to fix it but that program can be kind of dangerous when not used properly. I believe that Ewido Anti-Malware can remove the program so that's the route we'll take. Please download Ewido Anti-Malware from my signature below. Install the program and then set it up and run it according to the following instructions:

    You will need to update ewido to the latest definition files.
    • On the left hand side of the main screen click update
    • Click on Start

      The update will start and a progress bar will show the updates being installed. After the updates are installed, exit ewido.

      Once the updates are installed do the following:
    • If you have an "always on" connection to the internet, physically disconnect that connection until you are finished with Safe Mode and have rebooted back into normal mode.
    • Reboot into Safe Mode, you can do this by restarting your computer, then contiunally tapping F8 until a menu appears. Use your up arrow key to highlight Safe Mode, then hit enter. Then, run ewido.
    • Close all open windows/programs/folders. Have nothing else open while ewido performs its scan!
    • Click on scanner
    • Click on Settings
      • Under "How to scan" all boxes should be selected
      • Under "Possibly unwanted software" all boxes should be selected
      • Under "What to scan" select scan every file
      • Click OK
    • Click on Complete system scan
    • Let the program scan the machine
    • If ewido finds anything, it will pop up a notification. There will be an option that says Perform action with all infections. Please check that box.

      Once the scan has completed, there will be a button located on the bottom of the screen named Save report.
    • Click Save report
    • Save the report to your desktop
    • Exit ewido

    Reboot the PC into normal mode and post the log from Ewido as well as a fresh Hijack This log.
  • kevdogkevdog
    edited March 2006
    ewido anti-malware - Scan report

    + Created on: 5:54:21 AM, 3/21/2006
    + Report-Checksum: 8247EE05

    + Scan result:

    HKLM\SOFTWARE\Gator.com -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\AppInfo -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\AppInfo\GMT -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\dyn -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\dyn\AutoUpdate -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\dyn\BannerManager -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\dyn\EventLog -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\dyn\EventLog\Msgs -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\dyn\GCH -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\dyn\GCH\BD -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\dyn\GCH\EL -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\dyn\GCH\GBL -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\dyn\GCH\_bc2 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\dyn\GCH\_bg2 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\dyn\GCH\_gbs -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\dyn\GCH\_gi -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\dyn\GCH\_gs -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\dyn\GCH\_gt -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\dyn\GCH\_regserver -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\dyn\GCH\_rs -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\dyn\GCH\_search -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\dyn\GCH\_ss -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\dyn\GCH\_updateserver -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\dyn\GUS -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\dyn\GUS\HOL -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\dyn\NS -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\dyn\Settings -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\10647 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\11277 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\11278 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\11283 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\11287 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\11299 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\11300 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\11351 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\11364 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\11795 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\12062 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\28243 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\28249 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\28251 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\28257 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\28259 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\28260 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\28262 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\28266 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\28273 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\28277 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\28278 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\28280 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\28287 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\28289 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\28292 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\28293 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\28296 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\28303 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\28325 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\28327 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\28343 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\28348 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\28351 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\28353 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\28362 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\28366 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\28369 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\28380 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\28396 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\28398 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\28461 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\28573 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\28618 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\28682 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\28683 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\28696 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\28697 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\28752 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\28755 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\28756 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\28761 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\28762 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\28764 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\28774 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\28819 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\28820 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\28901 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\28965 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\28979 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\28980 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\28988 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\29024 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\29025 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\29026 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\29027 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\29029 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\29030 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\29034 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\29035 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\29036 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\29037 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\29038 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\29039 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\29040 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\29047 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\29050 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\29055 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\29056 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\29058 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\29066 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\29083 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\29176 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\29183 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\29184 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\29225 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\29234 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\29346 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\29408 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\29409 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\29457 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\29499 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\29501 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\29505 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\29510 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\29517 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\29519 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\29524 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\29531 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\29541 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\29543 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\29545 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\29547 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\29555 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\29578 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\29579 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\29582 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\29630 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\29739 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\29741 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\29762 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\29804 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\29805 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\29878 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\29907 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\29941 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\30023 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\30064 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\30067 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\30068 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\30081 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\30099 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\30123 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\30125 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\30130 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\30160 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\30179 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\30270 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\30367 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\30371 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\30494 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\30507 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\30509 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\30511 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\30513 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\30520 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\30524 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\30528 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\30530 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\30532 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\30540 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\30542 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\30545 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\30566 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\30592 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\30648 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\30650 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\30652 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\30654 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\30655 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\30658 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\30659 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\30660 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\30662 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\30663 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\30666 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\30667 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\30668 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\30669 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\30670 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\30671 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\30672 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\30677 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\30678 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\30679 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\30680 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\30683 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\30684 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\30685 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\30688 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\30691 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\30697 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\30705 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\30706 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\30707 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\30709 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\30715 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\30717 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\30722 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\30728 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\30729 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\30738 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\30740 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\30746 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\30751 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\30765 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\30772 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\30776 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\30778 -> Adware.Gator : Cleaned with backup
    Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\36076 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\36089 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\36090 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\36091 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\36103 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\36104 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\36105 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\36106 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\36108 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\36110 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\36111 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\36117 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\GA -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\GA\1 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\GA\1\ADS -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\GA\1\ADS\511 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\GA\1063 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\GA\1074 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\GA\1079 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\GA\1079\ADS -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\GA\1079\ADS\2576 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\GA\1095 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\GA\112 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\GA\1124 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\GA\1131 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\GA\1157 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\GA\116 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\GA\1173 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\GA\1197 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\GA\120 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\GA\1219 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\GA\1244 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\GA\1254 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\GA\1257 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\GA\1309 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\GA\1344 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\GA\1359 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\GA\1400 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\GA\1435 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\GA\1474 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\GA\1534 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\GA\1536 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\GA\1656 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\GA\167 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\GA\167\ADS -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\GA\167\ADS\1366 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\GA\1754 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\GA\1756 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\GA\1923 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\GA\1933 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\GA\1933\ADS -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\GA\1933\ADS\9511 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\GA\1943 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\GA\1943\ADS -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\GA\1943\ADS\9561 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\GA\1975 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\GA\20 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\GA\2008 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\GA\202 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\GA\202\ADS -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\GA\202\ADS\1271 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\GA\2021 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\GA\2062 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\GA\2207 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\GA\221 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\GA\2215 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\GA\2243 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\GA\226 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\GA\2286 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\GA\2350 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\GA\2444 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\GA\25 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\GA\2539 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\GA\2541 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\GA\2575 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\GA\2638 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\GA\2643 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\GA\2682 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\GA\2692 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\GA\2732 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\GA\2733 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\GA\2739 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\GA\2740 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\GA\2756 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\GA\2757 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\GA\276 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\GA\2766 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\GA\2767 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\GA\2773 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\GA\2774 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\GA\2779 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\GA\288 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\GA\329 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\GA\348 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\GA\374 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\GA\429 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\GA\440 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\GA\446 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\GA\493 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\GA\540 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\GA\549 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\GA\552 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\GA\574 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\GA\574\ADS -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\GA\574\ADS\96 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\GA\613 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\GA\613\ADS -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\GA\613\ADS\2301 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\GA\619 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\GA\627 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\GA\696 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\GA\698 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\GA\716 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\GA\763 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\GA\773 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\GA\779 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\GA\789 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\GA\799 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\GA\799\ADS -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\GA\799\ADS\276 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\GA\813 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\GA\822 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\GA\829 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\GA\83 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\GA\886 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\GA\889 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\GA\906 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\GA\917 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\GA\918 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\GA\919 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\GA\921 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\GA\927 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\GA\970 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\GA\980 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\GA\981 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\GA\984 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\GA\993 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\GD -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\GD\Q0QkqO04EQAAAEanQ0Q1mbs9A7qf4QFjBYUhnT-k2hxdoQ== -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\GD\Q0QmxeKwEQAAAB-YScCUZR5EARefv-R6tIwhnT-k2hxdoQ== -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\GD\Q0QNGyvdDQAAAGGdBlr0UEivpGrf7oCqV0k=== -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\GD\Q0QPyfCdDAAAAMFUZ30rVYgAYuLrinoGoVw=== -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\GD\Q0QUcwxiDwAAACWPEwesTElsqGsjmqDCb58=== -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\GD\Q0QYb4opEQAAAK6Gxz+B24NBnf0ocTAqtPIhnT-k2hxdoQ== -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\GD\Q0QZcZU8DgAAAK6Pydjg8FVDEL7ThZUShzQ=== -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\GD\Q0R2OzRpDAAAAFmpnng1PuHJYuLrinoGoVw=== -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\GD\Q0R80NVmCQAAAHI56GyTrejvIZ0-5NocXaE=== -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\GD\Q0RaaeNOEQAAAFOlcYX+JbS29SfPupQ0BSMhnT-k2hxdoQ== -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\GD\Q0RFfkOiEQAAAHLcvAyU4QlFSwqZ5JZ9+1chnT-k2hxdoQ== -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\GD\Q0RgAv8CFQAAAOC51Pedcp4jPBzEPOhmDU4L+2zZ7PEvOg== -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\GD\Q0RmkIppEQAAAI7K88pqqR4v2TL4oYyQeechnT-k2hxdoQ== -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\GD\Q0RTcZGXEwAAAHLcvAyU4QlF5BOmAF7KmFqX2r3lbh73AQ== -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\GD\Q0RUNCWGDgAAABNjj04sXQRy--YlYxqfDBI=== -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\GD\Q0RWKnnUEAAAAGisSAJTP2iR0rO4ikCQT5w=== -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\GD\Q0SFlI8dDwAAADvkLluv5RUQDRm+hlqvzAM=== -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\GD\Q0SG6QBdDQAAAC-hR0-Xuq2Rd5Jnwb+R-AE=== -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\GD\Q0Snvz9YDgAAAPoBjBvDQUorjUS4Pxmvqhk=== -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\GD\Q0SxBFCpDwAAAMZrvZCcydH001iYXwTCqNM=== -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\GD\Q0T+UCmpDAAAAA1m2bC8YNo3QIl64aNLRuY=== -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\GD\Q0T9GCtgEQAAAHLcvAyU4QlFEGMt7R6tUnkhnT-k2hxdoQ== -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\GD\Q0TASJbQBgAAALeq-toBgnpj -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\GD\Q0Tgfzn6CAAAAJ7wemcLHmWS -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\GD\Q0TNBhMSCQAAAGU2K3ifU7P2IZ0-5NocXaE=== -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\GD\Q0Tnc4lnCQAAAH1CavK-XUJKIZ0-5NocXaE=== -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\GD\Q0TnYQQ9DAAAADFn03E9spY8QIl64aNLRuY=== -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\GD\Q0Tpj-bJCgAAAOZzIEZzgQPp-I8FsxCtGBE=== -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\GD\Q0TS6ajaCQAAALVYfVF1hWp6PUg2Lov0Nhk=== -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\GD\Q0TU2MeXFQAAAL1kidDMhs-XiB3GujEuRJvr53hSGGuVjw== -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\GD\Q0TW+vDYFQAAACXSx9YJ24E3CglLFcykJ6aQuvsm3rRtwA== -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Groups -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\gtd -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Settings -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\Users -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat\Users\User1 -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\GInternet -> Adware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\GInternet\Proxy -> Adware.Gator : Cleaned with backup
    [472] C:\Program Files\NewDotNet\newdotnet6_38.dll -> Adware.NewDotNet : Cleaned with backup
    C:\Documents and Settings\anybody\Cookies\anybody@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
    C:\Documents and Settings\anybody\Cookies\anybody@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : Cleaned with backup
    C:\Documents and Settings\anybody\Cookies\anybody@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : Cleaned with backup
    C:\Program Files\Common Files\CMEII\GObjs.dll -> Adware.Gator : Cleaned with backup
    C:\Program Files\Common Files\CMEII\GStore.dll -> Adware.Gator : Cleaned with backup
    C:\Program Files\Common Files\CMEII\GStoreServer.dll -> Adware.Gator : Cleaned with backup
    C:\Program Files\Common Files\fjbdedle\dlpppncc\aanltnlb.exe -> Adware.Gator : Cleaned with backup
    C:\Program Files\Common Files\fjbdedle\fphpbfhlll\rcnatnena.exe -> Adware.Gator : Cleaned with backup
    C:\Program Files\Common Files\GMT\EGGCEngine.dll -> Adware.Gator : Cleaned with backup
    C:\Program Files\Common Files\GMT\egIEEngine.dll -> Adware.Gator : Cleaned with backup
    C:\Program Files\Common Files\GMT\EGIEProcess.dll -> Adware.Gator : Cleaned with backup
    C:\Program Files\Common Files\GMT\EGNSEngine.dll -> Adware.Gator : Cleaned with backup
    C:\Program Files\Common Files\GMT\GatorRes.dll -> Adware.Gator : Cleaned with backup
    C:\Program Files\Common Files\GMT\GatorStubSetup.exe -> Adware.Gator : Cleaned with backup
    C:\Program Files\Common Files\GMT\GMT.exe -> Adware.Gator : Cleaned with backup
    C:\Program Files\NewDotNet -> Adware.NewDotNet : Cleaned with backup
    C:\Program Files\NewDotNet\newdotnet6_38.dll -> Adware.NewDotNet : Cleaned with backup
    C:\Program Files\NewDotNet\readme.html -> Adware.NewDotNet : Cleaned with backup
    C:\Program Files\NewDotNet\uninstall6_38.exe -> Adware.NewDotNet : Cleaned with backup
    C:\WINDOWS\Downloaded Program Files\gdnUS2296.exe -> Downloader.Small.ayl : Cleaned with backup
    C:\WINDOWS\Downloaded Program Files\popcaploader.dll -> Not-A-Virus.Downloader.Win32.PopCap.b : Cleaned with backup
    C:\WINDOWS\NDNuninstall6_38.exe -> Adware.NewDotNet : Cleaned with backup
    C:\WINDOWS\system32\hpD68B.tmp -> Downloader.Zlob.hc : Cleaned with backup
    C:\WINDOWS\system32\hpFC29.tmp -> Downloader.Zlob.hc : Cleaned with backup
    C:\WINDOWS\system32\ld5216.tmp -> Downloader.Zlob.hf : Cleaned with backup
    C:\WINDOWS\system32\P2P Networking -> Adware.P2PNetworking : Cleaned with backup
    C:\WINDOWS\system32\P2P Networking\Cache -> Adware.P2PNetworking : Cleaned with backup
    C:\WINDOWS\system32\P2P Networking\Cache\Database -> Adware.P2PNetworking : Cleaned with backup
    C:\WINDOWS\system32\P2P Networking\Cache\Database\index256.dbb -> Adware.P2PNetworking : Cleaned with backup
    C:\WINDOWS\system32\P2P Networking\P2P Networking.exe -> Adware.P2PNetworking : Cleaned with backup


    ::Report end

    i couldnt post the whole thing it was to big so i took off some of the HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\ ones so it would fit. hjt log comming up.
  • kevdogkevdog
    edited March 2006
    Logfile of HijackThis v1.99.1
    Scan saved at 2:18:02 PM, on 3/21/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\PROGRA~1\VCOM\Fix-It\mxtask.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\PROGRA~1\VCOM\Fix-It\mxtask.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
    C:\WINDOWS\mHotkey.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\PROGRA~1\PANICW~1\POP-UP~1\PSBasic.exe
    C:\Program Files\FinePixViewer\QuickDCF.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\Program Files\hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp_adbe/defaults/sp/*http://www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.emachines.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr7/*http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - Default URLSearchHook is missing
    O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\ycomp5_5_7_0.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: CCHelper Class - {0CF0B8EE-6596-11D5-A98E-0003470BB48E} - C:\Program Files\Panicware\Pop-Up Stopper Basic\CCHelper.dll
    O2 - BHO: URLLink Class - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet6_38.dll (file missing)
    O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
    O3 - Toolbar: Pa&nicware Pop-Up Stopper Basic - {B1E741E7-1E77-40D4-9FD8-51949B9CCBD0} - C:\Program Files\Panicware\Pop-Up Stopper Basic\psbasic.dll
    O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\ycomp5_5_7_0.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [Fix-It AV] C:\PROGRA~1\VCOM\Fix-It\MemCheck.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
    O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
    O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKCU\..\Run: [Windows Registry Repair Pro] C:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe 4
    O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
    O4 - HKCU\..\Run: [PopUpStopperBasic] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSBasic.exe"
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
    O4 - Global Startup: Exif Launcher.lnk = ?
    O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
    O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
    O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
    O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
    O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\aim\aim.exe
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Broken Internet access because of LSP provider 'c:\program files\newdotnet\newdotnet6_38.dll' missing
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
    O16 - DPF: ActiveGS.cab - http://www.virtualapple.com/activegs.cab
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab28578.cab
    O16 - DPF: {15589FA1-C456-11CE-BF01-00AA0055595A} - http://w4s.work4sure.com/c/ge/w4sgeen9.exe
    O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/DownloadAccess/ie/bridge-c11.cab
    O16 - DPF: {22E5D91F-89E6-4405-AD9C-0AF27BA6F06B} (HidInputMonitorX Control) - file://D:\components\hidinputmonitorx.ocx
    O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} - http://www.miniclip.com/bestfriends/retro64_loader.dll
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
    O16 - DPF: {4F63D44B-6274-4D60-8AB1-CAA7116B8AF3} (A9Helper.A9) - file://D:\components\A9.ocx
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/056f4317b970e9cb3d05/netzip/RdxIE601.cab
    O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart.com/photo/uploads/FujifilmUploadClient.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
    O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
    O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab
    O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab28578.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/dim2/default/popcaploader_v6.cab
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
    O23 - Service: Fix-It Task Manager - Avanquest Publishing USA, Inc. - C:\PROGRA~1\VCOM\Fix-It\mxtask.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

    thanx for the help btw.:thumbsup:
  • skywalker45skywalker45 Bloomington, IN. USA
    edited March 2006
    OK. That is MUCH better. Now open Windows Explorer and navigate to the following folder:

    C:\Program Files\

    Find and delete the following folder if it exists:

    New.Net (might be called newdotnet)

    Next run Hijack This again and put a check (tick) next to the following entries:

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/yco.../www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
    R3 - Default URLSearchHook is missing

    O2 - BHO: URLLink Class - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet6_38.dll (file missing)

    O16 - DPF: {15589FA1-C456-11CE-BF01-00AA0055595A} - http://w4s.work4sure.com/c/ge/w4sgeen9.exe
    O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/Do...bridge-c11.cab
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/056f4317...p/RdxIE601.cab


    Close all other browsers/windows and click Fix Checked. Close Hijack This, reboot the PC and post a new log.
  • kevdogkevdog
    edited March 2006
    Logfile of HijackThis v1.99.1
    Scan saved at 7:39:50 PM, on 3/21/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\Program Files\ewido anti-malware\ewidoguard.exe
    C:\PROGRA~1\VCOM\Fix-It\mxtask.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\PROGRA~1\VCOM\Fix-It\mxtask.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
    C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
    C:\WINDOWS\mHotkey.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\PROGRA~1\PANICW~1\POP-UP~1\PSBasic.exe
    C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\Program Files\BigFix\BigFix.exe
    C:\Program Files\FinePixViewer\QuickDCF.exe
    C:\Program Files\hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.emachines.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\ycomp5_5_7_0.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: CCHelper Class - {0CF0B8EE-6596-11D5-A98E-0003470BB48E} - C:\Program Files\Panicware\Pop-Up Stopper Basic\CCHelper.dll
    O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
    O3 - Toolbar: Pa&nicware Pop-Up Stopper Basic - {B1E741E7-1E77-40D4-9FD8-51949B9CCBD0} - C:\Program Files\Panicware\Pop-Up Stopper Basic\psbasic.dll
    O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\ycomp5_5_7_0.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [Fix-It AV] C:\PROGRA~1\VCOM\Fix-It\MemCheck.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
    O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
    O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKCU\..\Run: [Windows Registry Repair Pro] C:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe 4
    O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
    O4 - HKCU\..\Run: [PopUpStopperBasic] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSBasic.exe"
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
    O4 - Global Startup: Exif Launcher.lnk = ?
    O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
    O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
    O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
    O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
    O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\aim\aim.exe
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Broken Internet access because of LSP provider 'c:\program files\newdotnet\newdotnet6_38.dll' missing
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
    O16 - DPF: ActiveGS.cab - http://www.virtualapple.com/activegs.cab
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab28578.cab
    O16 - DPF: {22E5D91F-89E6-4405-AD9C-0AF27BA6F06B} (HidInputMonitorX Control) - file://D:\components\hidinputmonitorx.ocx
    O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} - http://www.miniclip.com/bestfriends/retro64_loader.dll
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
    O16 - DPF: {4F63D44B-6274-4D60-8AB1-CAA7116B8AF3} (A9Helper.A9) - file://D:\components\A9.ocx
    O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart.com/photo/uploads/FujifilmUploadClient.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
    O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
    O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab
    O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab28578.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/dim2/default/popcaploader_v6.cab
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
    O23 - Service: Fix-It Task Manager - Avanquest Publishing USA, Inc. - C:\PROGRA~1\VCOM\Fix-It\mxtask.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
  • skywalker45skywalker45 Bloomington, IN. USA
    edited March 2006
    OK. Could you give me a report on your original problem? Are things better? There are just a couple of more things in your log that trouble me but we'll get to those after you let me know if you're problem has resolved.
  • kevdogkevdog
    edited March 2006
    the problems are still there every thing time i click on ie or anything on my comp it says preparing to install and my add or remove programs is only showing the net framwork, media connect and and now hjt and the other program you had my install show up. my download speeds are a little better though.
  • skywalker45skywalker45 Bloomington, IN. USA
    edited March 2006
    Could you please run a Panda Active Scan from my signature below. Allow the scan to delete whatever it finds. When it's finished it will generate a log. Please post that log along with a fresh Hijack This log.
  • kevdogkevdog
    edited March 2006
    how do i get it to delete stuff i couldnt figure it out?
  • skywalker45skywalker45 Bloomington, IN. USA
    edited March 2006
    What are you trying to delete? I haven't given you any items to delete yet. Are you having other problems I don't know about? Please post the results of the Panda Scan.
  • kevdogkevdog
    edited March 2006
    you said Allow the scan to delete whatever it finds.so i thought i had to click a delete button but i guess not anyways heres the report.

    Incident Status Location

    Adware:adware/gator Not disinfected C:\Documents and Settings\All Users\Start Menu\Programs\Startup\GStartup.lnk
    Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\anybody\Cookies\anybody@ath.belnk[2].txt
    Spyware:Cookie/Banner Not disinfected C:\Documents and Settings\anybody\Cookies\anybody@banner[1].txt
    Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\anybody\Cookies\anybody@belnk[1].txt
    Spyware:Cookie/Ccbill Not disinfected C:\Documents and Settings\anybody\Cookies\anybody@ccbill[1].txt
    Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\anybody\Cookies\anybody@dist.belnk[2].txt
    Spyware:Cookie/go Not disinfected C:\Documents and Settings\anybody\Cookies\anybody@go[2].txt
    Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\kevdog\Application Data\Mozilla\Firefox\Profiles\default.snv\cookies.txt[]
    Potentially unwanted tool:Application/Winfixer2005 Not disinfected C:\Documents and Settings\kevdog\Application Data\VCOM\Fix-It\Quarantine\df_kmd.sys
    Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\kevdog\Cookies\kevdog@2o7[2].txt
    Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\kevdog\Cookies\kevdog@ad.yieldmanager[2].txt
    Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\kevdog\Cookies\kevdog@adopt.hbmediapro[2].txt
    Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\kevdog\Cookies\kevdog@adrevolver[1].txt
    Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\kevdog\Cookies\kevdog@adrevolver[3].txt
    Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\kevdog\Cookies\kevdog@ads.pointroll[2].txt
    Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\kevdog\Cookies\kevdog@adultfriendfinder[2].txt
    Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\kevdog\Cookies\kevdog@advertising[2].txt
    Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\kevdog\Cookies\kevdog@as-us.falkag[1].txt
    Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\kevdog\Cookies\kevdog@as1.falkag[1].txt
    Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\kevdog\Cookies\kevdog@atdmt[2].txt
    Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\kevdog\Cookies\kevdog@belnk[1].txt
    Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\kevdog\Cookies\kevdog@casalemedia[2].txt
    Spyware:Cookie/Ccbill Not disinfected C:\Documents and Settings\kevdog\Cookies\kevdog@ccbill[1].txt
    Spyware:Cookie/cs.sexcounter Not disinfected C:\Documents and Settings\kevdog\Cookies\kevdog@cs.sexcounter[2].txt
    Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\kevdog\Cookies\kevdog@dist.belnk[2].txt
    Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\kevdog\Cookies\kevdog@doubleclick[1].txt
    Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\kevdog\Cookies\kevdog@fastclick[2].txt
    Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\kevdog\Cookies\kevdog@hitbox[2].txt
    Spyware:Cookie/Screensavers Not disinfected C:\Documents and Settings\kevdog\Cookies\kevdog@i.screensavers[2].txt
    Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\kevdog\Cookies\kevdog@maxserving[2].txt
    Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\kevdog\Cookies\kevdog@mediaplex[1].txt
    Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\kevdog\Cookies\kevdog@perf.overture[1].txt
    Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\kevdog\Cookies\kevdog@questionmarket[1].txt
    Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\kevdog\Cookies\kevdog@realmedia[1].txt
    Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\kevdog\Cookies\kevdog@servedby.advertising[1].txt
    Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\kevdog\Cookies\kevdog@serving-sys[2].txt
    Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\kevdog\Cookies\kevdog@sextracker[1].txt
    Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\kevdog\Cookies\kevdog@stats1.reliablestats[2].txt
    Spyware:Cookie/Mammamediasolutions Not disinfected C:\Documents and Settings\kevdog\Cookies\kevdog@targetnet[2].txt
    Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\kevdog\Cookies\kevdog@tradedoubler[1].txt
    Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\kevdog\Cookies\kevdog@trafficmp[2].txt
    Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\kevdog\Cookies\kevdog@tribalfusion[1].txt
    Spyware:Cookie/Valueclick Not disinfected C:\Documents and Settings\kevdog\Cookies\kevdog@valueclick[1].txt
    Spyware:Cookie/myaffiliateprogram Not disinfected C:\Documents and Settings\kevdog\Cookies\kevdog@www.myaffiliateprogram[1].txt
    Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\kevdog\Cookies\kevdog@zedo[2].txt
    Adware:adware/securityerror Not disinfected C:\Documents and Settings\kevdog\Favorites\Antivirus Test Online.url
    Adware:Adware/Gator Not disinfected C:\Program Files\Common Files\CMEII\Gtools.dll
    Spyware:application/bestoffer Not disinfected C:\WINDOWS\smdat32a.sys
    Adware:Adware/SpywareStrike Not disinfected C:\WINDOWS\system32\1024\ld1032.tmp
    Adware:Adware/SpywareStrike Not disinfected C:\WINDOWS\system32\1024\ldB46D.tmp
    Potentially unwanted tool:Application/P2PNetworking Not disinfected C:\WINDOWS\system32\P2P Networking v125.cpl
    Spyware:Spyware/LinkReplacer Not disinfected C:\WINDOWS\system32\PreUninstallQL.exe
  • skywalker45skywalker45 Bloomington, IN. USA
    edited March 2006
    Sorry about that Kevdog.
    :)
    The scans will "usually" delete or at least try to delete any malware. I'm doing some research on your log and haven't been able to get on much this weekend. I'll reply soon with the next steps. In the meantime please post a fresh Hijack This log. When you run the scan this time be sure not to have any other programs open except Hijack This.
  • kevdogkevdog
    edited March 2006
    Logfile of HijackThis v1.99.1
    Scan saved at 7:48:42 PM, on 3/27/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\PROGRA~1\VCOM\Fix-It\mxtask.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\PROGRA~1\VCOM\Fix-It\mxtask.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
    C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
    C:\WINDOWS\mHotkey.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\Program Files\hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.emachines.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\ycomp5_5_7_0.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: CCHelper Class - {0CF0B8EE-6596-11D5-A98E-0003470BB48E} - C:\Program Files\Panicware\Pop-Up Stopper Basic\CCHelper.dll
    O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
    O3 - Toolbar: Pa&nicware Pop-Up Stopper Basic - {B1E741E7-1E77-40D4-9FD8-51949B9CCBD0} - C:\Program Files\Panicware\Pop-Up Stopper Basic\psbasic.dll
    O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\ycomp5_5_7_0.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [Fix-It AV] C:\PROGRA~1\VCOM\Fix-It\MemCheck.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
    O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
    O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKCU\..\Run: [Windows Registry Repair Pro] C:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe 4
    O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
    O4 - HKCU\..\Run: [PopUpStopperBasic] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSBasic.exe"
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
    O4 - Global Startup: Exif Launcher.lnk = ?
    O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
    O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
    O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
    O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
    O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\aim\aim.exe
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Broken Internet access because of LSP provider 'c:\program files\newdotnet\newdotnet6_38.dll' missing
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
    O16 - DPF: ActiveGS.cab - http://www.virtualapple.com/activegs.cab
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab28578.cab
    O16 - DPF: {22E5D91F-89E6-4405-AD9C-0AF27BA6F06B} (HidInputMonitorX Control) - file://D:\components\hidinputmonitorx.ocx
    O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} - http://www.miniclip.com/bestfriends/retro64_loader.dll
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
    O16 - DPF: {4F63D44B-6274-4D60-8AB1-CAA7116B8AF3} (A9Helper.A9) - file://D:\components\A9.ocx
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart.com/photo/uploads/FujifilmUploadClient.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
    O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
    O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab
    O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab28578.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/dim2/default/popcaploader_v6.cab
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
    O23 - Service: Fix-It Task Manager - Avanquest Publishing USA, Inc. - C:\PROGRA~1\VCOM\Fix-It\mxtask.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
  • skywalker45skywalker45 Bloomington, IN. USA
    edited March 2006
    We'll get there eventually kevdog. I'm still trying to figure out what exactly is causing your problem. Do you know what is trying to install when you get the "preparing to install" message?

    Let me know. In the meantime, run Hijack This again and put a check (tick) next to the following entry:

    O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe

    Close all other browsers/windows and click Fix checked.

    Reboot into safe mode again and delete the following:

    C:\Program Files\Common Files\GMT<----This folder.

    Reboot the PC and post another log when finished.
  • kevdogkevdog
    edited March 2006
    i dont hace a clue what it is it started doing it after i installed adobe reader 7.
  • kevdogkevdog
    edited March 2006
    C:\Program Files\Common Files\GMT was not there. here is my new log

    Logfile of HijackThis v1.99.1
    Scan saved at 3:02:04 PM, on 3/28/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\Program Files\ewido anti-malware\ewidoguard.exe
    C:\PROGRA~1\VCOM\Fix-It\mxtask.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
    C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
    C:\PROGRA~1\VCOM\Fix-It\mxtask.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\mHotkey.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\PROGRA~1\PANICW~1\POP-UP~1\PSBasic.exe
    C:\Program Files\BigFix\BigFix.exe
    C:\Program Files\FinePixViewer\QuickDCF.exe
    C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
    C:\Program Files\hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.emachines.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\ycomp5_5_7_0.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: CCHelper Class - {0CF0B8EE-6596-11D5-A98E-0003470BB48E} - C:\Program Files\Panicware\Pop-Up Stopper Basic\CCHelper.dll
    O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
    O3 - Toolbar: Pa&nicware Pop-Up Stopper Basic - {B1E741E7-1E77-40D4-9FD8-51949B9CCBD0} - C:\Program Files\Panicware\Pop-Up Stopper Basic\psbasic.dll
    O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\ycomp5_5_7_0.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [Fix-It AV] C:\PROGRA~1\VCOM\Fix-It\MemCheck.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
    O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
    O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKCU\..\Run: [Windows Registry Repair Pro] C:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe 4
    O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
    O4 - HKCU\..\Run: [PopUpStopperBasic] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSBasic.exe"
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
    O4 - Global Startup: Exif Launcher.lnk = ?
    O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
    O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
    O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
    O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\aim\aim.exe
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Broken Internet access because of LSP provider 'c:\program files\newdotnet\newdotnet6_38.dll' missing
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
    O16 - DPF: ActiveGS.cab - http://www.virtualapple.com/activegs.cab
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab28578.cab
    O16 - DPF: {22E5D91F-89E6-4405-AD9C-0AF27BA6F06B} (HidInputMonitorX Control) - file://D:\components\hidinputmonitorx.ocx
    O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} - http://www.miniclip.com/bestfriends/retro64_loader.dll
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
    O16 - DPF: {4F63D44B-6274-4D60-8AB1-CAA7116B8AF3} (A9Helper.A9) - file://D:\components\A9.ocx
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart.com/photo/uploads/FujifilmUploadClient.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
    O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
    O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab
    O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab28578.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/dim2/default/popcaploader_v6.cab
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
    O23 - Service: Fix-It Task Manager - Avanquest Publishing USA, Inc. - C:\PROGRA~1\VCOM\Fix-It\mxtask.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
  • kevdogkevdog
    edited March 2006
    i have another ? do you know what this means

    Capture3-29-2006-10.jpg
  • skywalker45skywalker45 Bloomington, IN. USA
    edited March 2006
    I'm beginning to think that this problem is not related to malware but to a problem within the operating system itself. It could have been originally caused by malware but is now just lingering. I recommend you visit our Software Discussion board here. Show them the screenshot you posted and let them know of the problems you've been having since you installed Acrobat Reader 7. Your log looks good. I'll leave this thread open. Post back to let me know what you find out at the software board.
  • skywalker45skywalker45 Bloomington, IN. USA
    edited March 2006
    I forgot to add that once the Windows problem is worked out we have one more thing to fix. I just noticed that it is gone but the entry didn't go away. Come back to this thread and we'll fix it.
  • kevdogkevdog
    edited March 2006
    ok will do.
Sign In or Register to comment.