Please Help!

Unknown · June 2007

I've been struggeling with this "Freewebs" Pop up thingy that runs whenever I open the internet. It's causing my computer to run super slow.
I downloaded Hijack This v1.99.1 Here's the log. Any suggestions or solutions will be GREATLY appreciated.

Logfile of HijackThis v1.99.1
Scan saved at 3:43:07 PM, on 6/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\Program Files\Common Files\AOL\1140824390\ee\AOLSoftware.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\ed.exe
C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Corel\WordPerfect Office 2000\Register\Remind32.exe
C:\Program Files\Corel\WordPerfect Office 2000\programs\dad9.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Verizon Online\Support Center\bin\mpbtn.exe
c:\program files\common files\aol\1140824390\ee\services\antiSpywareApp\ver2_0_26_1\AOLSP Scheduler.exe
c:\program files\common files\aol\1140824390\ee\aolsoftware.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10MT1.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_DPPE03.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\America Online 9.0b\waol.exe
C:\Program Files\America Online 9.0b\shellmon.exe
C:\Program Files\Corel\WordPerfect Office 2000\programs\wpwin9.exe
C:\DOCUME~1\admin\LOCALS~1\Temp\Temporary Directory 1 for hijackthis_199.zip\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer powered by Verizon Broadband
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1140824390\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [Antivirus Installer] C:\ed.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\2.bin\MWSBAR.DLL,S
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [j1231336] rundll32 C:\WINDOWS\system32\j1231336.dll sook
O4 - HKLM\..\Run: [GPLv3] rundll32.exe "C:\WINDOWS\system32\adxqsgdy.dll",realset
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SysProtect] C:\Program Files\SysProtect Free\USYP.exe /scan
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0b\AOL.EXE" -b
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Broadband Support Center.lnk = C:\Program Files\Verizon Online\Support Center\bin\matcli.exe
O4 - Global Startup: Corel Registration.lnk = C:\Program Files\Corel\WordPerfect Office 2000\Register\Remind32.exe
O4 - Global Startup: Desktop Application Director 9.LNK = C:\Program Files\Corel\WordPerfect Office 2000\programs\dad9.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZUxdm080YYUS
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.mmohsix.com
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/MyFunCardsFWBInitialSetup1.0.0.15.cab
O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://www.drivecleaner.com/.freeware/installdrivecleanerstart.cab
O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://download.cdn.winsoftware.com/files/installers/cab/WinAntiVirusPro2006FreeInstall.cab
O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - http://cdn.downloadcontrol.com/files/installers/cab/Install-Errorprotector-Free.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

QCH · June 2007

Welcome, Natalie. Some from our Virus and Spyware area will be by soon to help you. Hang tight.....

Trogan · June 2007

Hi Natalie,

A few things I need you to do please...

1. You currently have HijackThis running from the Temp folder, where we do not want it.

Click here to download HJTsetup.exe. Save it to your Desktop!

Double click on the HJTsetup.exe icon on your desktop.
By default it will install to C:\Program Files\Hijack This.
Continue to click Next in the setup dialogue boxes until you get to the "Select Addition Tasks" dialogue.
Put a check by Create a desktop icon then click Next again.
Continue to follow the rest of the prompts from there.
At the final dialogue box click Finish and it will launch Hijack This.
Close HijackThis for now

DO NOT have HijackThis fix anything yet. Most of what it finds will be harmless or even required.

2. Locate HijackThis.exe at C:\Program Files\Hijack This. Right-click on HijackThis.exe and select "Rename". Name HijackThis.exe to Scanner.exe

3. I'd like some files scanned please

Go to VirusTotal
Copy and paste the following file path into the Search Box at the top of the page:
C:\ed.exe
Click on the Send button
Please post the results in your next reply.

Do the same for the following files
C:\WINDOWS\system32\j1231336.dll

4. I now need to see another log from HijackThis (Scanner.exe).

Run Hijackthis.
Click on Open the Misc Tools section.
Next click on Open uninstall manager.
Press the Save list button.
Save the file to your desktop, with the default name of uninstall_list
Copy & Paste the entire contents of that file in your in your next post.

5. Please post the following...

Scan results for the two files
The Uninstall list
A new HijackThis log (Scanner.exe)

Natalie · June 2007

I'm stuck. I ran the two scans, and I will post my results, but when I go to "Save list" after "Open Uninstall Manager" I click it and absolutely nothing happens. How do I save the file to my desktop so I can copy and paste it to you?

I am so greatful for your help, if it seems like I am completely technologically challenged, it's because I am.

Trogan · June 2007

Hi Natalie,

Don't worry about the Uninstall list for now; the infection is preventing it from working.

Just post the other logs please.

Natalie · June 2007

STATUS: FINISHED
Complete scanning result of "ed.exe", received in VirusTotal at 06.14.2007, 23:43:05 (CET).

Antivirus
Version
Update
Result
AhnLab-V3
2007.6.12.2
06.14.2007
Win-Trojan/Agent.179712.B
AntiVir
7.4.0.32
06.14.2007
TR/Drop.Agent.MM.9
Authentium
4.93.8
06.14.2007
no virus found
Avast
4.7.997.0
06.14.2007
Win32:Trojan-gen. {Other}
AVG
7.5.0.467
06.14.2007
Dropper.Agent.BP
BitDefender
7.2
06.14.2007
Trojan.Dropper.Agent.MM
CAT-QuickHeal
9.00
06.14.2007
TrojanDropper.Agent.mm
ClamAV
devel-20070416
06.14.2007
Trojan.Delf-48
DrWeb
4.33
06.14.2007
Trojan.DownLoader.2282
eSafe
7.0.15.0
06.14.2007
Suspicious Trojan/Worm
eTrust-Vet
30.7.3719
06.14.2007
Win32/Secdrop.KB
Ewido
4.0
06.14.2007
Dropper.Agent.mm
FileAdvisor
1
06.15.2007
no virus found
Fortinet
2.85.0.0
06.14.2007
W32/Agent.MM!tr
F-Prot
4.3.2.48
06.14.2007
W32/TrojanX.DAO
F-Secure
6.70.13030.0
06.14.2007
Trojan-Dropper.Win32.Agent.mm
Ikarus
T3.1.1.8
06.14.2007
Trojan-Dropper.Win32.Agent.MM
Kaspersky
4.0.2.24
06.14.2007
Trojan-Dropper.Win32.Agent.mm
McAfee
5053
06.14.2007
QLowZones-21
Microsoft
1.2503
06.14.2007
TrojanDropper:Win32/Agent!3280
NOD32v2
2329
06.14.2007
Win32/TrojanDropper.Agent.MM
Norman
5.80.02
06.14.2007
W32/Agent.ENZ
Panda
9.0.0.4
06.14.2007
Adware/MediaTickets
Prevx1
V2
06.15.2007
Blended.Threats
Sophos
4.18.0
06.12.2007
Troj/Badgent-A
Sunbelt
2.2.907.0
06.14.2007
VIPRE.Suspicious
Symantec
10
06.14.2007
Adware.MediaTicket
TheHacker
6.1.6.133
06.14.2007
Trojan/Dropper.Agent.mm
VBA32
3.12.0.2
06.14.2007
Trojan-Dropper.Win32.Agent.mm
VirusBuster
4.3.23:9
06.14.2007
no virus found
Webwasher-Gateway
6.0.1
06.14.2007
Trojan.Drop.Agent.MM.9

Aditional Information
File size: 179712 bytes
MD5: 48bb940b1ca8616edae8f6282fd6e468
SHA1: 02af7665640a34542ed403a56e02455d29a49e27
Prevx info: http://fileinfo.prevx.com/fileinfo.asp?PXC=a1eb1662344
Sunbelt info: VIPRE.Suspicious is a generic detection for potential threats that are deemed suspicious through heuristics.

STATUS: FINISHED
Complete scanning result of "j1231336.dll", received in VirusTotal at 06.14.2007, 23:53:27 (CET).

Antivirus
Version
Update
Result
AhnLab-V3
2007.5.9.0
05.09.2007
no virus found
AntiVir
7.4.0.32
06.14.2007
TR/Click.Small.MW
Authentium
4.93.8
06.14.2007
no virus found
Avast
4.7.997.0
06.14.2007
Win32:Zlob-ZL
AVG
7.5.0.467
05.08.2007
no virus found
BitDefender
7.2
06.14.2007
Trojan.Clicker.Small.YB
CAT-QuickHeal
9.00
06.14.2007
TrojanClicker.Small.mw
ClamAV
devel-20070416
05.09.2007
no virus found
DrWeb
4.33
06.14.2007
Trojan.Click.2485
eSafe
7.0.15.0
05.08.2007
no virus found
eTrust-Vet
30.7.3719
06.14.2007
no virus found
FileAdvisor
1
06.14.2007
no virus found
Fortinet
2.85.0.0
06.14.2007
Adware/Small
F-Prot
4.3.2.48
05.08.2007
no virus found
F-Secure
6.70.13030.0
05.09.2007
no virus found
Ikarus
T3.1.1.7
05.09.2007
no virus found
Kaspersky
4.0.2.24
06.14.2007
Trojan-Clicker.Win32.Small.mw
McAfee
5053
06.14.2007
Generic AdClicker.b.dll
Microsoft
1.2503
06.14.2007
no virus found
NOD32v2
2329
06.14.2007
no virus found
Norman
5.80.02
06.14.2007
W32/Smalltroj.BHUO
Panda
9.0.0.4
06.14.2007
Trj/Clicker.ACO
Prevx1
V2
06.15.2007
Polynomial.Code.Exploit
Sophos
4.18.0
06.12.2007
Troj/Small-EJD
Sunbelt
2.2.907.0
05.05.2007
no virus found
Symantec
10
05.09.2007
no virus found
TheHacker
6.1.6.133
06.14.2007
Trojan/Clicker.Small.mw
VBA32
3.12.0.2
06.14.2007
Trojan-Clicker.Win32.Small.mw
VirusBuster
4.3.23:9
06.14.2007
Trojan.CL.Small.UCG
Webwasher-Gateway
6.0.1
05.09.2007
no virus found

Aditional Information
File size: 10752 bytes
MD5: 6f64522ae031e1ae9c9fcace271b03b2
SHA1: 61ff31b7e2a7ce3c99fcecbc6e04577f8332c53b
Prevx info: http://fileinfo.prevx.com/fileinfo.asp?PXC=f13099719855

And

Logfile of HijackThis v1.99.1
Scan saved at 6:26:17 PM, on 6/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\Program Files\Common Files\AOL\1140824390\ee\AOLSoftware.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\ed.exe
C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Corel\WordPerfect Office 2000\Register\Remind32.exe
C:\Program Files\Corel\WordPerfect Office 2000\programs\dad9.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Verizon Online\Support Center\bin\mpbtn.exe
c:\program files\common files\aol\1140824390\ee\services\antiSpywareApp\ver2_0_26_1\AOLSP Scheduler.exe
c:\program files\common files\aol\1140824390\ee\aolsoftware.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10MT1.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_DPPE03.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\America Online 9.0b\waol.exe
C:\Program Files\America Online 9.0b\shellmon.exe
C:\Program Files\Corel\WordPerfect Office 2000\programs\wpwin9.exe
C:\Program Files\scanner.exe\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer powered by Verizon Broadband
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1140824390\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [Antivirus Installer] C:\ed.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\2.bin\MWSBAR.DLL,S
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [j1231336] rundll32 C:\WINDOWS\system32\j1231336.dll sook
O4 - HKLM\..\Run: [GPLv3] rundll32.exe "C:\WINDOWS\system32\adxqsgdy.dll",realset
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SysProtect] C:\Program Files\SysProtect Free\USYP.exe /scan
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0b\AOL.EXE" -b
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Broadband Support Center.lnk = C:\Program Files\Verizon Online\Support Center\bin\matcli.exe
O4 - Global Startup: Corel Registration.lnk = C:\Program Files\Corel\WordPerfect Office 2000\Register\Remind32.exe
O4 - Global Startup: Desktop Application Director 9.LNK = C:\Program Files\Corel\WordPerfect Office 2000\programs\dad9.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZUxdm080YYUS
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.mmohsix.com
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/MyFunCardsFWBInitialSetup1.0.0.15.cab
O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://www.drivecleaner.com/.freeware/installdrivecleanerstart.cab
O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://download.cdn.winsoftware.com/files/installers/cab/WinAntiVirusPro2006FreeInstall.cab
O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - http://cdn.downloadcontrol.com/files/installers/cab/Install-Errorprotector-Free.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Trogan · June 2007

Hi Natalie, thanks for the logs...

Please do the following...

1. I don't see any indication of a Firewall in your HijackThis log. This may be because:

(1.) You are using Windows Firewall or a hardware Firewall.
(2.) You are using a Firewall of an unknown vendor.
(3.) You are using a Firewall, but it is disabled for unknown reasons
(4.) You don't use any firewall at all.

In the case you don't have a Firewall, please download one from the list below - They are Free!

Comodo <-- I recommend this
Zone Alarm
Sunbelt Kerio PF

2. Please download VundoFix.exe to your desktop.

Double-click VundoFix.exe to run it.
Click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will reboot your computer, click OK.
Please post the contents of C:\vundofix.txt in your next reply.

Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.

3. Please try getting an Uninstall list following the same instructions from my first post.

4. Please post the following...

VundoFix log
Uninstall list
New HijackThis log

Natalie · June 2007

VundoFix V6.5.0:
Checking Java version...
Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.
Scan started at 6:44:56 PM 6/14/2007
Listing files found while scanning....
C:\windows\system32\ahietofe.dll
C:\windows\system32\akcjxare.dll
C:\windows\system32\alngvfel.dll
C:\WINDOWS\system32\cbxxv.dll
C:\windows\system32\ccxooxoo.dll
C:\windows\system32\ceqraiwu.dll
C:\WINDOWS\system32\cjaavccb.dll
C:\windows\system32\dkevrngm.dll
C:\windows\system32\dmvuyyel.dll
C:\WINDOWS\system32\dyuvowra.dll
C:\WINDOWS\system32\eefumpdi.dll
C:\windows\system32\elhfkrvm.dll
C:\windows\system32\faimgrym.dll
C:\windows\system32\fdnjblpe.dll
C:\windows\system32\fxwxqhna.dll
C:\windows\system32\gvxvdtxs.dll
C:\WINDOWS\system32\hdhhnxvi.dll
C:\windows\system32\icpnricu.dll
C:\WINDOWS\system32\ipluumqd.dll
C:\windows\system32\iuflkang.dll
C:\WINDOWS\system32\iwlbqiko.dll
C:\WINDOWS\system32\iwlubdkk.dll
C:\windows\system32\ixggrdgj.dll
C:\windows\system32\j1231336.dll
C:\windows\system32\jcrkpyng.dll
C:\windows\system32\jgsblyxc.dll
C:\windows\system32\kjajonve.dll
C:\WINDOWS\system32\lhypfvxo.dll
C:\windows\system32\ljqvcuig.exe
C:\WINDOWS\system32\llssfsek.dll
C:\windows\system32\maagsekf.dll
C:\windows\system32\mggydujb.dll
C:\windows\system32\mswnfgcm.exe
C:\windows\system32\nmxgphfp.dll
C:\windows\system32\oaqloaxi.dll
C:\windows\system32\ofrcwuon.dll
C:\windows\system32\olsptklc.dll
C:\windows\system32\oncwmxyx.dll
C:\windows\system32\osqvwolb.dll
C:\windows\system32\pjrpjyci.dll
C:\windows\system32\pxexlodj.dll
C:\windows\system32\qcpkplgf.dll
C:\WINDOWS\system32\qjrasmnu.dll
C:\windows\system32\rcmvfmax.dll
C:\windows\system32\rgcxrgfu.dll
C:\windows\system32\rsmxtbdc.dll
C:\windows\system32\rxrptghw.dll
C:\WINDOWS\system32\ryeysgwt.dll
C:\windows\system32\sbvvhgbi.dll
C:\windows\system32\slqrgnuc.dll
C:\windows\system32\soqauboq.dll
C:\windows\system32\srhnlrjp.dll
C:\windows\system32\tfvhhqmk.exe
C:\windows\system32\tnqsahcg.dll
C:\windows\system32\tubjrpro.dll
C:\windows\system32\ulnkpinu.dll
C:\windows\system32\uukjxbxw.dll
C:\windows\system32\vbivvitg.dll
C:\windows\system32\vchwdtrj.dll
C:\windows\system32\vdemvnyb.dll
C:\windows\system32\vgoxemhi.dll
C:\windows\system32\vhlajiiv.dll
C:\windows\system32\vmgryawl.dll
C:\windows\system32\wariaogr.dll
C:\windows\system32\wdoynyba.dll
C:\WINDOWS\system32\wins\daniet.dll
C:\windows\system32\wins\teinad.bak1
C:\WINDOWS\system32\wins\teinad.bak2
C:\WINDOWS\system32\wins\teinad.ini
C:\windows\system32\wins\teinad.ini2
C:\windows\system32\wins\teinad.tmp
C:\windows\system32\wqtxdjqb.dll
C:\windows\system32\xejjpgdf.dll
C:\windows\system32\xiuwchuj.exe
C:\windows\system32\xoprythu.dll
C:\windows\system32\xswyhddo.dll
C:\WINDOWS\system32\yutbnfgx.dll
Beginning removal...
Attempting to delete C:\windows\system32\ahietofe.dll
C:\windows\system32\ahietofe.dll Has been deleted!
Attempting to delete C:\windows\system32\akcjxare.dll
C:\windows\system32\akcjxare.dll Has been deleted!
Attempting to delete C:\windows\system32\alngvfel.dll
C:\windows\system32\alngvfel.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\cbxxv.dll
C:\WINDOWS\system32\cbxxv.dll Could not be deleted.
Attempting to delete C:\windows\system32\ccxooxoo.dll
C:\windows\system32\ccxooxoo.dll Has been deleted!
Attempting to delete C:\windows\system32\ceqraiwu.dll
C:\windows\system32\ceqraiwu.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\cjaavccb.dll
C:\WINDOWS\system32\cjaavccb.dll Has been deleted!
Attempting to delete C:\windows\system32\dkevrngm.dll
C:\windows\system32\dkevrngm.dll Has been deleted!
Attempting to delete C:\windows\system32\dmvuyyel.dll
C:\windows\system32\dmvuyyel.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\dyuvowra.dll
C:\WINDOWS\system32\dyuvowra.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\eefumpdi.dll
C:\WINDOWS\system32\eefumpdi.dll Has been deleted!
Attempting to delete C:\windows\system32\elhfkrvm.dll
C:\windows\system32\elhfkrvm.dll Has been deleted!
Attempting to delete C:\windows\system32\faimgrym.dll
C:\windows\system32\faimgrym.dll Has been deleted!
Attempting to delete C:\windows\system32\fdnjblpe.dll
C:\windows\system32\fdnjblpe.dll Has been deleted!
Attempting to delete C:\windows\system32\fxwxqhna.dll
C:\windows\system32\fxwxqhna.dll Has been deleted!
Attempting to delete C:\windows\system32\gvxvdtxs.dll
C:\windows\system32\gvxvdtxs.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\hdhhnxvi.dll
C:\WINDOWS\system32\hdhhnxvi.dll Has been deleted!
Attempting to delete C:\windows\system32\icpnricu.dll
C:\windows\system32\icpnricu.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\ipluumqd.dll
C:\WINDOWS\system32\ipluumqd.dll Has been deleted!
Attempting to delete C:\windows\system32\iuflkang.dll
C:\windows\system32\iuflkang.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\iwlbqiko.dll
C:\WINDOWS\system32\iwlbqiko.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\iwlubdkk.dll
C:\WINDOWS\system32\iwlubdkk.dll Has been deleted!
Attempting to delete C:\windows\system32\ixggrdgj.dll
C:\windows\system32\ixggrdgj.dll Has been deleted!
Attempting to delete C:\windows\system32\j1231336.dll
C:\windows\system32\j1231336.dll Could not be deleted.
Attempting to delete C:\windows\system32\jcrkpyng.dll
C:\windows\system32\jcrkpyng.dll Has been deleted!
Attempting to delete C:\windows\system32\jgsblyxc.dll
C:\windows\system32\jgsblyxc.dll Has been deleted!
Attempting to delete C:\windows\system32\kjajonve.dll
C:\windows\system32\kjajonve.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\lhypfvxo.dll
C:\WINDOWS\system32\lhypfvxo.dll Has been deleted!
Attempting to delete C:\windows\system32\ljqvcuig.exe
C:\windows\system32\ljqvcuig.exe Has been deleted!
Attempting to delete C:\WINDOWS\system32\llssfsek.dll
C:\WINDOWS\system32\llssfsek.dll Has been deleted!
Attempting to delete C:\windows\system32\maagsekf.dll
C:\windows\system32\maagsekf.dll Has been deleted!
Attempting to delete C:\windows\system32\mggydujb.dll
C:\windows\system32\mggydujb.dll Has been deleted!
Attempting to delete C:\windows\system32\mswnfgcm.exe
C:\windows\system32\mswnfgcm.exe Has been deleted!
Attempting to delete C:\windows\system32\nmxgphfp.dll
C:\windows\system32\nmxgphfp.dll Has been deleted!
Attempting to delete C:\windows\system32\oaqloaxi.dll
C:\windows\system32\oaqloaxi.dll Has been deleted!
Attempting to delete C:\windows\system32\ofrcwuon.dll
C:\windows\system32\ofrcwuon.dll Has been deleted!
Attempting to delete C:\windows\system32\olsptklc.dll
C:\windows\system32\olsptklc.dll Has been deleted!
Attempting to delete C:\windows\system32\oncwmxyx.dll
C:\windows\system32\oncwmxyx.dll Has been deleted!
Attempting to delete C:\windows\system32\osqvwolb.dll
C:\windows\system32\osqvwolb.dll Has been deleted!
Attempting to delete C:\windows\system32\pjrpjyci.dll
C:\windows\system32\pjrpjyci.dll Has been deleted!
Attempting to delete C:\windows\system32\pxexlodj.dll
C:\windows\system32\pxexlodj.dll Has been deleted!
Attempting to delete C:\windows\system32\qcpkplgf.dll
C:\windows\system32\qcpkplgf.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\qjrasmnu.dll
C:\WINDOWS\system32\qjrasmnu.dll Has been deleted!
Attempting to delete C:\windows\system32\rcmvfmax.dll
C:\windows\system32\rcmvfmax.dll Has been deleted!
Attempting to delete C:\windows\system32\rgcxrgfu.dll
C:\windows\system32\rgcxrgfu.dll Has been deleted!
Attempting to delete C:\windows\system32\rsmxtbdc.dll
C:\windows\system32\rsmxtbdc.dll Has been deleted!
Attempting to delete C:\windows\system32\rxrptghw.dll
C:\windows\system32\rxrptghw.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\ryeysgwt.dll
C:\WINDOWS\system32\ryeysgwt.dll Has been deleted!
Attempting to delete C:\windows\system32\sbvvhgbi.dll
C:\windows\system32\sbvvhgbi.dll Has been deleted!
Attempting to delete C:\windows\system32\slqrgnuc.dll
C:\windows\system32\slqrgnuc.dll Has been deleted!
Attempting to delete C:\windows\system32\soqauboq.dll
C:\windows\system32\soqauboq.dll Has been deleted!
Attempting to delete C:\windows\system32\srhnlrjp.dll
C:\windows\system32\srhnlrjp.dll Has been deleted!
Attempting to delete C:\windows\system32\tfvhhqmk.exe
C:\windows\system32\tfvhhqmk.exe Has been deleted!
Attempting to delete C:\windows\system32\tnqsahcg.dll
C:\windows\system32\tnqsahcg.dll Has been deleted!
Attempting to delete C:\windows\system32\tubjrpro.dll
C:\windows\system32\tubjrpro.dll Has been deleted!
Attempting to delete C:\windows\system32\ulnkpinu.dll
C:\windows\system32\ulnkpinu.dll Has been deleted!
Attempting to delete C:\windows\system32\uukjxbxw.dll
C:\windows\system32\uukjxbxw.dll Has been deleted!
Attempting to delete C:\windows\system32\vbivvitg.dll
C:\windows\system32\vbivvitg.dll Has been deleted!
Attempting to delete C:\windows\system32\vchwdtrj.dll
C:\windows\system32\vchwdtrj.dll Has been deleted!
Attempting to delete C:\windows\system32\vdemvnyb.dll
C:\windows\system32\vdemvnyb.dll Has been deleted!
Attempting to delete C:\windows\system32\vgoxemhi.dll
C:\windows\system32\vgoxemhi.dll Has been deleted!
Attempting to delete C:\windows\system32\vhlajiiv.dll
C:\windows\system32\vhlajiiv.dll Has been deleted!
Attempting to delete C:\windows\system32\vmgryawl.dll
C:\windows\system32\vmgryawl.dll Has been deleted!
Attempting to delete C:\windows\system32\wariaogr.dll
C:\windows\system32\wariaogr.dll Has been deleted!
Attempting to delete C:\windows\system32\wdoynyba.dll
C:\windows\system32\wdoynyba.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\wins\daniet.dll
C:\WINDOWS\system32\wins\daniet.dll Has been deleted!
Attempting to delete C:\windows\system32\wins\teinad.bak1
C:\windows\system32\wins\teinad.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\system32\wins\teinad.bak2
C:\WINDOWS\system32\wins\teinad.bak2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\wins\teinad.ini
C:\WINDOWS\system32\wins\teinad.ini Has been deleted!
Attempting to delete C:\windows\system32\wins\teinad.ini2
C:\windows\system32\wins\teinad.ini2 Has been deleted!
Attempting to delete C:\windows\system32\wins\teinad.tmp
C:\windows\system32\wins\teinad.tmp Has been deleted!
Attempting to delete C:\windows\system32\wqtxdjqb.dll
C:\windows\system32\wqtxdjqb.dll Has been deleted!
Attempting to delete C:\windows\system32\xejjpgdf.dll
C:\windows\system32\xejjpgdf.dll Has been deleted!
Attempting to delete C:\windows\system32\xiuwchuj.exe
C:\windows\system32\xiuwchuj.exe Has been deleted!
Attempting to delete C:\windows\system32\xoprythu.dll
C:\windows\system32\xoprythu.dll Has been deleted!
Attempting to delete C:\windows\system32\xswyhddo.dll
C:\windows\system32\xswyhddo.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\yutbnfgx.dll
C:\WINDOWS\system32\yutbnfgx.dll Has been deleted!
Performing Repairs to the registry.
Done!
Beginning removal...
Attempting to delete C:\WINDOWS\system32\cbxxv.dll
C:\WINDOWS\system32\cbxxv.dll Has been deleted!
Attempting to delete C:\windows\system32\j1231336.dll
C:\windows\system32\j1231336.dll Has been deleted!
Performing Repairs to the registry.
Done!
VundoFix V6.5.0
Checking Java version...
Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.
Scan started at 6:55:46 PM 6/14/2007
Listing files found while scanning....
No infected files were found.

The Uninstall List:
Adobe Flash Player 9 ActiveX
Adobe Reader 8
Adobe Shockwave Player
AnswerWorks Runtime
AOL Coach Version 2.0(Build:20041026.5 en)
AOL Deskbar
AOL Toolbar
AOL Uninstaller (Choose which Products to Remove)
AOL You've Got Pictures Screensaver
Apple Software Update
ArcSoft Funhouse
ArcSoft PhotoBase 3
ArcSoft PhotoImpression
avast! Antivirus
Broadband Support Center
Canon Camera Access Library
Canon Camera Support Core Library
Canon Camera Window DC_DV 5 for ZoomBrowser EX
Canon Camera Window DC_DV 6 for ZoomBrowser EX
Canon Camera Window MC 6 for ZoomBrowser EX
Canon G.726 WMP_Decoder
Canon MovieEdit Task for ZoomBrowser EX
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities EOS Utility
Canon Utilities PhotoStitch
Canon Utilities ZoomBrowser EX
Corel Applications
Dual Mode Digital Camera 3.0M
EPSON C86 User's Guide
EPSON PhotoCenter
EPSON Printer Software
EPSON Web_To_Page
Google Toolbar for Internet Explorer
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
Hijackthis 1.99.1
HijackThis 1.99.1
iPod for Windows 2005_02_07
KhalSetup
Lexmark X74_X75
Logitech SetPoint
Microsoft .NET Framework 1.1
Microsoft Visual C++ 2005 Redistributable
Microsoft Windows Journal Viewer
MSN
My Web Search (My Fun Cards)
Nero Suite
PowerDVD
Print Lab Series
Pure Networks Port Magic
QuickTime
RealPlayer Basic
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Spybot _ Search & Destroy 1.3
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Verizon Online
Verizon Online Consumer DSL 6.1
Viewpoint Media Player
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix _ KB867282
Windows XP Hotfix _ KB873333
Windows XP Hotfix _ KB873339
Windows XP Hotfix _ KB885250
Windows XP Hotfix _ KB885835
Windows XP Hotfix _ KB885836
Windows XP Hotfix _ KB886185
Windows XP Hotfix _ KB887472
Windows XP Hotfix _ KB887742
Windows XP Hotfix _ KB887797
Windows XP Hotfix _ KB888113
Windows XP Hotfix _ KB888302
Windows XP Hotfix _ KB890047
Windows XP Hotfix _ KB890175
Windows XP Hotfix _ KB890859
Windows XP Hotfix _ KB890923
Windows XP Hotfix _ KB891781
Windows XP Hotfix _ KB893066
Windows XP Hotfix _ KB893086

Logfile of HijackThis v1.99.1
Scan saved at 7:01:31 PM, on 6/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Lexmark X74_X75\lxbbbmgr.exe
C:\Program Files\Common Files\AOL\1140824390\ee\AOLSoftware.exe
C:\Program Files\Lexmark X74_X75\lxbbbmon.exe
C:\ed.exe
C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\America Online 9.0b\waol.exe
C:\Program Files\Corel\WordPerfect Office 2000\Register\Remind32.exe
C:\Program Files\Corel\WordPerfect Office 2000\programs\dad9.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Verizon Online\Support Center\bin\mpbtn.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
c:\program files\common files\aol\1140824390\ee\services\antiSpywareApp\ver2_0_26_1\AOLSP Scheduler.exe
c:\program files\common files\aol\1140824390\ee\aolsoftware.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\America Online 9.0b\shellmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Corel\WordPerfect Office 2000\programs\wpwin9.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\scanner.exe\HijackThis.exe
R1 _ HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer powered by Verizon Broadband
R1 _ HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 _ HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 _ URLSearchHook: (no name) _ {00A6FAF6_072E_44cf_8957_5838F569A31D} _ C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL
O2 _ BHO: MyWebSearch Search Assistant BHO _ {00A6FAF1_072E_44cf_8957_5838F569A31D} _ C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL
O2 _ BHO: Adobe PDF Reader Link Helper _ {06849E9F_C8D7_4D59_B87D_784B7D6BE0B3} _ C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 _ BHO: mwsBar BHO _ {07B18EA1_A523_4961_B6BB_170DE4475CCA} _ C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL
O2 _ BHO: (no name) _ {412FF991_81D1_4C68_9A0A_98F9E7DC32FE} _ C:\WINDOWS\system32\wins\daniet.dll (file missing)
O2 _ BHO: (no name) _ {53707962_6F74_2D53_2644_206D7942484F} _ C:\Program Files\Spybot _ Search & Destroy\SDHelper.dll
O2 _ BHO: (no name) _ {5ADF3862_9E2E_4ad3_86F7_4510E6550CD0} _ C:\WINDOWS\system32\fljoxlxm.dll
O2 _ BHO: (no name) _ {781E95FC_8FA4_44DF_952C_E07C55398978} _ C:\WINDOWS\system32\ccxooxoo.dll (file missing)
O2 _ BHO: Google Toolbar Helper _ {AA58ED58_01DD_4d91_8333_CF10577473F7} _ c:\program files\google\googletoolbar3.dll
O2 _ BHO: EpsonToolBandKicker Class _ {E99421FB_68DD_40F0_B4AC_B7027CAE2F1A} _ C:\Program Files\EPSON\EPSON Web_To_Page\EPSON Web_To_Page.dll
O3 _ Toolbar: AOL Toolbar _ {4982D40A_C53B_4615_B15B_B5B5E98D167C} _ C:\Program Files\AOL Toolbar\toolbar.dll
O3 _ Toolbar: EPSON Web_To_Page _ {EE5D279F_081B_4404_994D_C6B60AAEBA6D} _ C:\Program Files\EPSON\EPSON Web_To_Page\EPSON Web_To_Page.dll
O3 _ Toolbar: &Google _ {2318C2B1_4965_11d4_9B18_009027A5CD4F} _ c:\program files\google\googletoolbar3.dll
O4 _ HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 _ HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 _ HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 _ HKLM\..\Run: [Lexmark X74_X75] "C:\Program Files\Lexmark X74_X75\lxbbbmgr.exe"
O4 _ HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1140824390\ee\AOLSoftware.exe
O4 _ HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 _ HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" _Run
O4 _ HKLM\..\Run: [Antivirus Installer] C:\ed.exe
O4 _ HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
O4 _ HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\2.bin\MWSBAR.DLL,S
O4 _ HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
O4 _ HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 _ HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 _ HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" _atboottime
O4 _ HKLM\..\Run: [j1231336] rundll32 C:\WINDOWS\system32\j1231336.dll sook
O4 _ HKLM\..\Run: [GPLv3] rundll32.exe "C:\WINDOWS\system32\adxqsgdy.dll",realset
O4 _ HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 _ HKCU\..\Run: [SysProtect] C:\Program Files\SysProtect Free\USYP.exe /scan
O4 _ HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
O4 _ HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 _ HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0b\AOL.EXE" _b
O4 _ HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 _ Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 _ Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 _ Global Startup: Broadband Support Center.lnk = C:\Program Files\Verizon Online\Support Center\bin\matcli.exe
O4 _ Global Startup: Corel Registration.lnk = C:\Program Files\Corel\WordPerfect Office 2000\Register\Remind32.exe
O4 _ Global Startup: Desktop Application Director 9.LNK = C:\Program Files\Corel\WordPerfect Office 2000\programs\dad9.exe
O4 _ Global Startup: Logitech SetPoint.lnk = ?
O8 _ Extra context menu item: &AOL Toolbar search _ res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 _ Extra context menu item: &Search _ http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZUxdm080YYUS
O9 _ Extra button: AOL Toolbar _ {4982D40A_C53B_4615_B15B_B5B5E98D167C} _ C:\Program Files\AOL Toolbar\toolbar.dll
O9 _ Extra 'Tools' menuitem: AOL Toolbar _ {4982D40A_C53B_4615_B15B_B5B5E98D167C} _ C:\Program Files\AOL Toolbar\toolbar.dll
O9 _ Extra button: Real.com _ {CD67F990_D8E9_11d2_98FE_00C0F0318AFE} _ C:\WINDOWS\system32\Shdocvw.dll
O9 _ Extra button: Messenger _ {FB5F1910_F110_11d2_BB9E_00C04F795683} _ C:\Program Files\Messenger\msmsgs.exe
O9 _ Extra 'Tools' menuitem: Windows Messenger _ {FB5F1910_F110_11d2_BB9E_00C04F795683} _ C:\Program Files\Messenger\msmsgs.exe
O15 _ Trusted Zone: *.media_motor.net
O15 _ Trusted Zone: *.mmohsix.com
O16 _ DPF: {1D4DB7D2_6EC9_47A3_BD87_1E41684E07BB} _ http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/MyFunCardsFWBInitialSetup1.0.0.15.cab
O16 _ DPF: {2D2BEE6E_3C9A_4D58_B9EC_458EDB28D0F6} _ http://www.drivecleaner.com/.freeware/installdrivecleanerstart.cab
O16 _ DPF: {B64F4A7C_97C9_11DA_8BDE_F66BAD1E3F3A} _ http://download.cdn.winsoftware.com/files/installers/cab/WinAntiVirusPro2006FreeInstall.cab
O16 _ DPF: {F919FBD3_A96B_4679_AF26_F551439BB5FD} _ http://cdn.downloadcontrol.com/files/installers/cab/Install_Errorprotector_Free.cab
O20 _ Winlogon Notify: icfkofhy _ C:\WINDOWS\SYSTEM32\icfkofhy.dll
O20 _ Winlogon Notify: WgaLogon _ C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 _ Service: AOL Connectivity Service (AOL ACS) _ AOL LLC _ C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 _ Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) _ America Online, Inc _ C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 _ Service: avast! iAVS4 Control Service (aswUpdSv) _ Unknown owner _ C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 _ Service: avast! Antivirus _ Unknown owner _ C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 _ Service: avast! Mail Scanner _ Unknown owner _ C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 _ Service: avast! Web Scanner _ Unknown owner _ C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 _ Service: Canon Camera Access Library 8 (CCALib8) _ Canon Inc. _ C:\Program Files\Canon\CAL\CALMAIN.exe
O23 _ Service: Google Updater Service (gusvc) _ Google _ C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 _ Service: InstallDriver Table Manager (IDriverT) _ Macrovision Corporation _ C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 _ Service: iPod Service _ Unknown owner _ C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 _ Service: LexBce Server (LexBceS) _ Lexmark International, Inc. _ C:\WINDOWS\system32\LEXBCES.EXE
O23 _ Service: WAN Miniport (ATW) Service (WANMiniportService) _ America Online, Inc. _ C:\WINDOWS\wanmpsvc.exe

Trogan wrote:

Hi Natalie, thanks for the logs...

Please do the following...

1. I don't see any indication of a Firewall in your HijackThis log. This may be because:

(1.) You are using Windows Firewall or a hardware Firewall.
(2.) You are using a Firewall of an unknown vendor.
(3.) You are using a Firewall, but it is disabled for unknown reasons
(4.) You don't use any firewall at all.

In the case you don't have a Firewall, please download one from the list below - They are Free!

Comodo <-- I recommend this
Zone Alarm
Sunbelt Kerio PF

2. Please download VundoFix.exe to your desktop.
Double-click VundoFix.exe to run it.

Click the Scan for Vundo button.

Once it's done scanning, click the Remove Vundo button.

You will receive a prompt asking if you want to remove the files, click YES

Once you click yes, your desktop will go blank as it starts removing Vundo.

When completed, it will prompt that it will reboot your computer, click OK.

Please post the contents of C:\vundofix.txt in your next reply.

Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.

3. Please try getting an Uninstall list following the same instructions from my first post.

4. Please post the following...

VundoFix log
Uninstall list
New HijackThis log

Trogan · June 2007

Hi Natalie,

You didn't download a Firewall, so are you using Windows Firewall? Let me know. There is still a lot of work to do.

Before we begin, open "Notepad". In Notepad, click the Format tab and make sure "WordWrap" is unchecked.

Please do the following...

1. Click Start > Run > type in appwiz.cpl and hit enter. From the list uninstall the following, if present:

My Web Search (My Fun Cards)
Spybot _ Search & Destroy 1.3 <-- old version

2. Another file to scan...

Go to VirusTotal
Copy and paste the following file path into the Search Box at the top of the page:
C:\WINDOWS\SYSTEM32\icfkofhy.dll
Click on the Send button
Please post the results in your next reply.

3. Open HijackThis
- Click the Do a system scan only button
- Check the following entries (below)

O2 _ BHO: (no name) _ {412FF991_81D1_4C68_9A0A_98F9E7DC32FE} _ C:\WINDOWS\system32\wins\daniet.dll (file missing)
O2 _ BHO: (no name) _ {5ADF3862_9E2E_4ad3_86F7_4510E6550CD0} _ C:\WINDOWS\system32\fljoxlxm.dll
O2 _ BHO: (no name) _ {781E95FC_8FA4_44DF_952C_E07C55398978} _ C:\WINDOWS\system32\ccxooxoo.dll (file missing)

O4 _ HKLM\..\Run: [Antivirus Installer] C:\ed.exe
O4 _ HKLM\..\Run: [j1231336] rundll32 C:\WINDOWS\system32\j1231336.dll sook
O4 _ HKLM\..\Run: [GPLv3] rundll32.exe "C:\WINDOWS\system32\adxqsgdy.dll",realset
O4 _ HKCU\..\Run: [SysProtect] C:\Program Files\SysProtect Free\USYP.exe /scan

O15 _ Trusted Zone: *.media_motor.net
O15 _ Trusted Zone: *.mmohsix.com
If you didn't add the above to your Trusted Zone, check them for removal.

O16 _ DPF: {1D4DB7D2_6EC9_47A3_BD87_1E41684E07BB} _ http://ak.exe.imgfarm.com/images/noc...up1.0.0.15.cab
O16 _ DPF: {2D2BEE6E_3C9A_4D58_B9EC_458EDB28D0F6} _ http://www.drivecleaner.com/.freewar...eanerstart.cab
O16 _ DPF: {B64F4A7C_97C9_11DA_8BDE_F66BAD1E3F3A} _ http://download.cdn.winsoftware.com/...reeInstall.cab
O16 _ DPF: {F919FBD3_A96B_4679_AF26_F551439BB5FD} _ http://cdn.downloadcontrol.com/files...ector_Free.cab

- Close ALL open windows (especially Internet Explorer!)
- Click Fix Checked
Close HiajckThis

4. Need to delete some files and folders...

Download OTMoveIt by OldTimer from here
Double click on OTMoveIt to start OTMoveIt
Untick the option to Unregister Dll's and Ocx's (1)

Select the contents of the below codebox, then press Ctrl+C to copy it to the clipboard

C:\ed.exe
C:\WINDOWS\system32\j1231336.dll
C:\WINDOWS\system32\adxqsgdy.dll
C:\Program Files\SysProtect Free

In OTMoveIt Right click on the box labelled Paste List of Files/Folders to be Moved
Click Paste (2)
Click MoveIt! (3)
Copy and paste the contents of the results box (4) as a reply to this topic

5. Download SmitfraudFix (by S!Ri) to your Desktop.
http://siri.urz.free.fr/Fix/SmitfraudFix.zip
Extract all the files to your Destop. A folder named SmitfraudFix will be created on your Desktop.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press Enter
This program will scan large amounts of files on your computer for known patterns so please be patient while it works. When it is done, the results of the scan will be displayed and it will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.

IMPORTANT: Do NOT run any other options until you are asked to do so!

6. Please post the following...

Scan results
OTMoveIt results
SmitfruadFix log
New HijackThis log

Natalie · June 2007

I forgot to mention that I am running the windows xp firewall. I just tried to remove Spybot - Search & Destroy and an error message comes up that says C:\\prgramfiles\spybot-search&destroy\unins000.dat does not exist and cannot uninstall. Should I go on to virustotal and run the scan? or do I need to do something else first?

Trogan · June 2007

Yeah, just carry on. Not sure what that error means - will have to look into it.

Natalie · June 2007

STATUS: FINISHEDComplete scanning result of "icfkofhy.dll_", received in VirusTotal at 06.15.2007, 01:43:21 (CET).
Antivirus Version Update Result
AhnLab-V3 2007.5.9.0 05.09.2007 Win-Trojan/Agent.188436
AntiVir 7.4.0.32 06.14.2007 TR/Proxy.Agent.JZ.2
Authentium 4.93.8 06.15.2007 W32/Trojan.JNX
Avast 4.7.997.0 06.14.2007 Win32:Agent-CBA
AVG 7.5.0.467 05.08.2007 Proxy.FRP
BitDefender 7.2 06.15.2007 Trojan.Proxy.Agent.JZ
CAT-QuickHeal 9.00 06.14.2007 TrojanProxy.Agent.jz
ClamAV devel-20070416 05.09.2007 Trojan.Proxy-254
DrWeb 4.33 06.14.2007 Trojan.Spambot
eSafe 7.0.15.0 05.08.2007 Suspicious Trojan/Worm
eTrust-Vet 30.7.3719 06.14.2007 no virus found
FileAdvisor 1 06.15.2007 no virus found
Fortinet 2.85.0.0 06.15.2007 no virus found
F-Prot 4.3.2.48 05.08.2007 W32/Trojan.JNX
F-Secure 6.70.13030.0 05.09.2007 Trojan-Proxy.Win32.Agent.jz
Ikarus T3.1.1.7 05.09.2007 Packed.Win32.Klone.j
Kaspersky 4.0.2.24 06.15.2007 Trojan-Proxy.Win32.Agent.jz
McAfee 5053 06.14.2007 Proxy-Agent.as
Microsoft 1.2503 06.14.2007 TrojanProxy:Win32/Agent!8F48
NOD32v2 2329 06.14.2007 Win32/TrojanProxy.Agent.JZ
Norman 5.80.02 06.14.2007 W32/Agent.ALNF
Panda 9.0.0.4 06.15.2007 Suspicious file
Prevx1 V2 06.15.2007 no virus found
Sophos 4.18.0 06.12.2007 no virus found
Sunbelt 2.2.907.0 05.05.2007 no virus found
Symantec 10 05.09.2007 Hacktool.Spammer
TheHacker 6.1.6.133 06.14.2007 Trojan/Proxy.Agent.jz
VBA32 3.12.0.2 06.14.2007 suspected of Malware.Agent.18
VirusBuster 4.3.23:9 06.14.2007 no virus found
Webwasher-Gateway 6.0.1 05.09.2007 Trojan.Proxy.Agent.JZ.2

Aditional Information
File size: 188436 bytes
MD5: 5a9c76250983a533c5f3753bf7dc9fd2
SHA1: 80db06405bc5891d7d64ef7083749ee2443fb606
packers: MORPHINE

C:\ed.exe moved successfully.
File/Folder C:\WINDOWS\system32\j1231336.dll not found.
C:\WINDOWS\system32\adxqsgdy.dll moved successfully.
File/Folder C:\Program Files\SysProtect Free not found.

Created on 06/14/2007 20:00:35
SmitFraudFix v2.195
Scan done at 20:04:24.89, Thu 06/14/2007
Run from C:\Documents and Settings\admin\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\Program Files\Common Files\AOL\1140824390\ee\AOLSoftware.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\America Online 9.0b\waol.exe
C:\Program Files\Corel\WordPerfect Office 2000\Register\Remind32.exe
C:\Program Files\Corel\WordPerfect Office 2000\programs\dad9.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Verizon Online\Support Center\bin\mpbtn.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
c:\program files\common files\aol\1140824390\ee\services\antiSpywareApp\ver2_0_26_1\AOLSP Scheduler.exe
c:\program files\common files\aol\1140824390\ee\aolsoftware.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\America Online 9.0b\shellmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\admin\Desktop\OTMoveIt.exe
C:\WINDOWS\system32\cmd.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts

»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
C:\WINDOWS\Tasks\At?.job FOUND !
C:\WINDOWS\Tasks\At??.job FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\admin

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\admin\Application Data
C:\Documents and Settings\admin\Application Data\Install.dat FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\admin\FAVORI~1

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» Rustock

»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: Westell WireSpeed Dual Connect Modem - Packet Scheduler Miniport
DNS Server Search Order: 192.168.1.1
DNS Server Search Order: 192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{51BAA496-A686-4E4F-AD7E-6DBCAB237A2E}: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{51BAA496-A686-4E4F-AD7E-6DBCAB237A2E}: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{51BAA496-A686-4E4F-AD7E-6DBCAB237A2E}: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 192.168.1.1

»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection

»»»»»»»»»»»»»»»»»»»»»»»» End

Logfile of HijackThis v1.99.1
Scan saved at 8:06:01 PM, on 6/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\Program Files\Common Files\AOL\1140824390\ee\AOLSoftware.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\America Online 9.0b\waol.exe
C:\Program Files\Corel\WordPerfect Office 2000\Register\Remind32.exe
C:\Program Files\Corel\WordPerfect Office 2000\programs\dad9.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Verizon Online\Support Center\bin\mpbtn.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
c:\program files\common files\aol\1140824390\ee\services\antiSpywareApp\ver2_0_26_1\AOLSP Scheduler.exe
c:\program files\common files\aol\1140824390\ee\aolsoftware.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\America Online 9.0b\shellmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\NOTEPAD.EXE
C:\Program Files\scanner.exe\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer powered by Verizon Broadband
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1140824390\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\RunOnce: [MyWebSearch bar Uninstall] rundll32 C:\PROGRA~1\UNINST~1.DLL,O -2
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0b\AOL.EXE" -b
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Broadband Support Center.lnk = C:\Program Files\Verizon Online\Support Center\bin\matcli.exe
O4 - Global Startup: Corel Registration.lnk = C:\Program Files\Corel\WordPerfect Office 2000\Register\Remind32.exe
O4 - Global Startup: Desktop Application Director 9.LNK = C:\Program Files\Corel\WordPerfect Office 2000\programs\dad9.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZUxdm080YYUS
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: icfkofhy - C:\WINDOWS\SYSTEM32\icfkofhy.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Trogan · June 2007

H Natalie! Thanks for logs. We're almost there.

Its late here and I need some sleep. I'll give you the next steps and check back in the morning.

Please do the following...

1. Open HijackThis
- Click the Do a system scan only button
- Check the following entries (below)

O20 - Winlogon Notify: icfkofhy - C:\WINDOWS\SYSTEM32\icfkofhy.dll

- Close ALL open windows (especially Internet Explorer!)
- Click Fix Checked
Close HiajckThis

2. Using OTMoveIt, like you did previously, input the following line and remove it:

C:\WINDOWS\SYSTEM32\icfkofhy.dll

3. Please print out or copy these instructions/tutorial to Notepad as the internet will not be (while in Safe Mode) available to you at certain points of the removal process. Make sure to work through all the Steps in the exact order in which they are listed below. If there's anything that you don't understand, ask your question(s) before moving on with the fixes.

Download the trial version of AVG Anti-Spyware from here and install it. When the program has been installed, and you click the Finish button, AVG Anti-Spyware will open. Do not run a scan yet.

If the program does not automatically update itself during installation, or you are unsure whether it has done so, please do the following:

Click the Update icon at the top and under Manual Update click the Start update button.
The program will either update or inform you that no update was available.
It is essential that you get the update - keep trying until successful. (Note: If you have problems getting the update, you can download an installer for the full database from here (save it on your desktop). Once you have downloaded the installer, make sure that AVG Anti-Spyware is closed and then double-click on avgas-signatures-full-current.exe to install the database).

______________________________

Reboot your computer in Safe Mode.

If the computer is running, shut down Windows, and then turn off the power.
Wait 30 seconds, and then turn the computer on.
Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
Ensure that the Safe Mode option is selected.
Press Enter. The computer then begins to start in Safe mode.
Login on your usual account.

______________________________

Open the SmitfraudFix Folder, then double-click smitfraudfix.cmd file to start the tool.
Select option #2 - Clean by typing 2 and press Enter.
Wait for the tool to complete and disk cleanup to finish.
You will be prompted : "Registry cleaning - Do you want to clean the registry ?" answer Yes by typing Y and hit Enter.
The tool will also check if wininet.dll is infected. If a clean version is found, you will be prompted to replace wininet.dll. Answer Yes to the question "Replace infected file ?" by typing Y and hit Enter.

A reboot may be needed to finish the cleaning process, if you computer does not restart automatically please do it yourself manually. Reboot in Safe Mode.

The tool will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.
______________________________

Navigate to C:\Windows\Temp
Click Edit, click Select All, press the DELETE key, and then click Yes to confirm that you want to send all the items to the Recycle Bin.

Navigate to C:\Documents and Settings\(EVERY LISTED USER)\Local Settings\Temp
Click Edit, click Select All, press the DELETE key, and then click Yes to confirm that you want to send all the items to the Recycle Bin.

Clean out your Temporary Internet files. Proceed like this:

Quit Internet Explorer and quit any instances of Windows Explorer.
Click Start, click Control Panel, and then double-click Internet Options.
On the General tab, click Delete Files under Temporary Internet Files.
In the Delete Files dialog box, tick the Delete all offline content check box , and then click OK.
On the General tab, click Delete Cookies under Temporary Internet Files, and then click OK.
Click on the Programs tab then click the Reset Web Settings button. Click Apply then OK.
Click OK.

Next Click Start, click Control Panel and then double-click Display. Click on the Desktop tab, then click the Customize Desktop button. Click on the Web tab. Under Web Pages you should see a checked entry called Security info or something similar. If it is there, select that entry and click the Delete button. Click Ok then Apply and Ok.

Empty the Recycle Bin by right-clicking the Recycle Bin icon on your Desktop, and then clicking Empty Recycle Bin.
______________________________

Close ALL open Windows / Programs / Folders. Please start AVG Anti-Spyware.

Please set up the program as follows:

Click the Shield icon at the top and under Resident shield is... click active. This should now change to inactive.
Click the Update icon and untick the automatic update option.
Click on Scanner on the toolbar.
Click on the Settings tab.
- Under How to act? - make sure that Quarantine is selected.
- Under How to scan? - All checkboxes should be ticked.
- Under Possibly unwanted software - All checkboxes should be ticked.
- Under Reports - Select Do not automatically generate reports.
- Under What to scan? - Select Scan every file.

Close all open windows.

Click on Scanner on the toolbar.
Click on Complete System Scan to start the scan process.
Let the program scan your computer.
When the scan has finished, follow the instructions below:
- Make sure that Set all elements to: shows Quarantine
- Important: Click on the Apply all Actions button (*** This must done before saving the report ***)
- When the program has finished, it will display the message All actions have been applied.
- Then click the Save Scan Report button.
- Click the Save Report as button.
- Save the report to your Desktop.
Right-click the AVG Tray Icon and select Exit.

Reboot in Normal Mode.
______________________________

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #3 - Delete Trusted zone by typing 3 and press Enter.
Answer Yes to the question "Restore Trusted Zone ?" by typing Y and hit Enter.

Note, if you use SpywareBlaster and/or IE-SPYAD, it will be necessary to re-install the protection both afford. For SpywareBlaster, run the program and re-protect all items. For IE-SPYAD, run the batch file and reinstall the protection.
______________________________

Please post:

c:\rapport.txt
AVG Anti-Spyware log
A new HijackThis log

You may need several replies to post the requested logs, otherwise they might get cut off.

Natalie · June 2007

I will get right on this. :-D I cannot thank you enough for your help. Have a good night.

Natalie · June 2007

SmitFraudFix v2.195
Scan done at 21:28:09.81, Thu 06/14/2007
Run from C:\Documents and Settings\admin\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Killing process

»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
C:\WINDOWS\Tasks\At?.job Deleted
C:\WINDOWS\Tasks\At??.job Deleted
C:\Documents and Settings\admin\Application Data\Install.dat Deleted
»»»»»»»»»»»»»»»»»»»»»»»» DNS
HKLM\SYSTEM\CCS\Services\Tcpip\..\{51BAA496-A686-4E4F-AD7E-6DBCAB237A2E}: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{51BAA496-A686-4E4F-AD7E-6DBCAB237A2E}: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{51BAA496-A686-4E4F-AD7E-6DBCAB237A2E}: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 192.168.1.1

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» End

Natalie · June 2007

AVG Anti-Spyware - Scan Report

+ Created at: 11:15:36 PM 6/14/2007
+ Scan result:

C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll -> Adware.Aws : Cleaned with backup (quarantined).
C:\WINDOWS\system32\abiktfug.dll -> Adware.BHO : Cleaned with backup (quarantined).
C:\WINDOWS\system32\icjbxwlj.dll -> Adware.BHO : Cleaned with backup (quarantined).
C:\WINDOWS\system32\kmjjnjdi.dll -> Adware.BHO : Cleaned with backup (quarantined).
C:\WINDOWS\system32\ocxbpwee.dll -> Adware.BHO : Cleaned with backup (quarantined).
C:\WINDOWS\system32\rdipymqk.dll -> Adware.BHO : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8BCAB69F-B9B9-49D7-916C-8AAF6A2D1DDC}\RP357\A0156647.dll -> Adware.Companion : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8BCAB69F-B9B9-49D7-916C-8AAF6A2D1DDC}\RP358\A0156868.dll -> Adware.Companion : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ToolbarBestToolbarsToolbar.BestToolbarsToolbarObject -> Adware.FizzleBar : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ToolbarBestToolbarsToolbar.BestToolbarsToolbarObject.1 -> Adware.FizzleBar : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ToolbarBestToolbarsToolbar.BestToolbarsToolbarObject\CLSID -> Adware.FizzleBar : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\amm06.ocx -> Adware.MediaMotor : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\Activeinstaller.AInst -> Adware.RapidBlaster : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\Activeinstaller.AInst.1 -> Adware.RapidBlaster : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\Activeinstaller.AInst\CLSID -> Adware.RapidBlaster : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\Activeinstaller.AInst\CurVer -> Adware.RapidBlaster : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users\Application Data\WinAntiVirus Pro 2006 -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\Program Files\SpyAway -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\Program Files\SpyAway\stat.bin -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\Program Files\SpyAway\uninstall.log -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\WINDOWS\system32\stera.job -> Adware.RogueSuspect : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\TypeLib\{7EACF70B-302F-4049-AC68-2D62EB43E473} -> Adware.RogueSuspect : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\TypeLib\{7FA4EC26-6A28-4474-857D-BB05B001C84A} -> Adware.RogueSuspect : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\TypeLib\{96D58666-8F00-4A9D-9389-C17AAA2407C9} -> Adware.RogueSuspect : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\TypeLib\{E79D5E54-81C9-41AE-9D7B-03F1E5A7733D} -> Adware.RogueSuspect : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Sys_Protect Free -> Adware.RogueSuspect : Cleaned with backup (quarantined).
HKU\S-1-5-21-2025429265-113007714-854245398-1004\Software\Sys_Protect Free -> Adware.RogueSuspect : Cleaned with backup (quarantined).
HKU\S-1-5-21-2025429265-113007714-854245398-1004\Software\Sys_Protect Free\Settings -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8BCAB69F-B9B9-49D7-916C-8AAF6A2D1DDC}\RP385\A0171367.exe -> Adware.Searchcolor : Cleaned with backup (quarantined).
C:\VundoFix Backups\mswnfgcm.exe.bad -> Adware.Searchcolor : Cleaned with backup (quarantined).
C:\WINDOWS\system32\mbbjjldt.exe -> Adware.Searchcolor : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8BCAB69F-B9B9-49D7-916C-8AAF6A2D1DDC}\RP357\A0156667.dll -> Adware.Spyaway : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8BCAB69F-B9B9-49D7-916C-8AAF6A2D1DDC}\RP357\A0156649.exe -> Adware.SystemDoctor : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8BCAB69F-B9B9-49D7-916C-8AAF6A2D1DDC}\RP324\A0143482.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
HKU\S-1-5-21-2025429265-113007714-854245398-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EA32FB3B-21C9-42CC-B8EF-01A9B28EDB0D} -> Adware.Virtumonde : Cleaned with backup (quarantined).
HKLM\SYSTEM\CurrentControlSet\Services\vspf -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
HKLM\SYSTEM\CurrentControlSet\Services\vspf\Enum -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
HKLM\SYSTEM\CurrentControlSet\Services\vspf\Security -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
HKLM\SYSTEM\CurrentControlSet\Services\vspf_hk -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
HKLM\SYSTEM\CurrentControlSet\Services\vspf_hk\Enum -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
HKLM\SYSTEM\CurrentControlSet\Services\vspf_hk\Security -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8BCAB69F-B9B9-49D7-916C-8AAF6A2D1DDC}\RP302\A0141335.EXE -> Backdoor.IRCBot.gs : Cleaned with backup (quarantined).
C:\fhjirhj.exe -> Backdoor.IRCBot.gs : Cleaned with backup (quarantined).
C:\fjij4444.exe -> Backdoor.IRCBot.gs : Cleaned with backup (quarantined).
C:\WINDOWS\system32\CdROM Drivers -> Backdoor.SdBot.ago : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\USYP_0001_N85M2606NetInstaller.exe -> Downloader.Agent.alr : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\activeinstaller.dll -> Downloader.IstBar.s : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\USYP_0001_N76M1005NetInstaller.exe -> Downloader.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system.dat -> Downloader.Small.aka : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8BCAB69F-B9B9-49D7-916C-8AAF6A2D1DDC}\RP358\A0156933.dll -> Downloader.VB.apq : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8BCAB69F-B9B9-49D7-916C-8AAF6A2D1DDC}\RP358\A0156939.dll -> Downloader.VB.asx : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8BCAB69F-B9B9-49D7-916C-8AAF6A2D1DDC}\RP358\A0156940.exe -> Downloader.VB.att : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8BCAB69F-B9B9-49D7-916C-8AAF6A2D1DDC}\RP358\A0156934.exe -> Downloader.VB.avl : Cleaned with backup (quarantined).
C:\_OTMoveIt\MovedFiles\ed.exe -> Dropper.Agent.mm : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8BCAB69F-B9B9-49D7-916C-8AAF6A2D1DDC}\RP385\A0171363.exe -> Hijacker.Small.mw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8BCAB69F-B9B9-49D7-916C-8AAF6A2D1DDC}\RP385\A0171414.dll -> Hijacker.Small.mw : Cleaned with backup (quarantined).
C:\VundoFix Backups\j1231336.dll.bad -> Hijacker.Small.mw : Cleaned with backup (quarantined).
C:\VundoFix Backups\ljqvcuig.exe.bad -> Hijacker.Small.mw : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\UWFX5_0001_N57M2811NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.b : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UWA6P_0001_N68M2301NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.d : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\UWA6P_0001_N68M2301NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.d : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UWA6P_0001_N822M1605NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.j : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.2\UWA6P_0001_N822M1605NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.j : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.3\UWA6P_0001_N822M1605NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.j : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\UWA6P_0001_N822M1605NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.j : Cleaned with backup (quarantined).
C:\Documents and Settings\admin\Local Settings\Temp\ICD13.tmp\UERT_0001_D19M2109NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.l : Cleaned with backup (quarantined).
C:\Documents and Settings\admin\Local Settings\Temp\ICD3.tmp\UERT_0001_D19M2109NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.l : Cleaned with backup (quarantined).
C:\Documents and Settings\admin\Local Settings\Temp\ICD5.tmp\UERT_0001_D19M2109NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.l : Cleaned with backup (quarantined).
C:\Documents and Settings\admin\Local Settings\Temp\ICD8.tmp\UERT_0001_D19M2109NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.l : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UERT_0001_D19M2109NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.l : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.2\UERT_0001_D19M2109NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.l : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.3\UERT_0001_D19M2109NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.l : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.4\UERT_0001_D19M2109NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.l : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.5\UERT_0001_D19M2109NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.l : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.6\UERT_0001_D19M2109NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.l : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.7\UERT_0001_D19M2109NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.l : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.8\UERT_0001_D19M2109NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.l : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\UERT_0001_D19M2109NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.l : Cleaned with backup (quarantined).
C:\Documents and Settings\admin\Local Settings\Temp\ICD2.tmp\UDC6_0001_D19M1908NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.m : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.10\UDC6_0001_D19M1908NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.m : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.11\UDC6_0001_D19M1908NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.m : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.12\UDC6_0001_D19M1908NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.m : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.13\UDC6_0001_D19M1908NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.m : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.14\UDC6_0001_D19M1908NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.m : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.15\UDC6_0001_D19M1908NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.m : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.16\UDC6_0001_D19M1908NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.m : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.17\UDC6_0001_D19M1908NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.m : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.18\UDC6_0001_D19M1908NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.m : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.19\UDC6_0001_D19M1908NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.m : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UDC6_0001_D19M1908NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.m : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.20\UDC6_0001_D19M1908NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.m : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.21\UDC6_0001_D19M1908NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.m : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.22\UDC6_0001_D19M1908NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.m : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.23\UDC6_0001_D19M1908NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.m : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.24\UDC6_0001_D19M1908NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.m : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.25\UDC6_0001_D19M1908NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.m : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.26\UDC6_0001_D19M1908NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.m : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.27\UDC6_0001_D19M1908NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.m : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.28\UDC6_0001_D19M1908NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.m : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.29\UDC6_0001_D19M1908NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.m : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.2\UDC6_0001_D19M1908NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.m : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.30\UDC6_0001_D19M1908NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.m : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.31\UDC6_0001_D19M1908NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.m : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.32\UDC6_0001_D19M1908NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.m : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.33\UDC6_0001_D19M1908NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.m : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.34\UDC6_0001_D19M1908NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.m : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.35\UDC6_0001_D19M1908NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.m : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.36\UDC6_0001_D19M1908NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.m : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.37\UDC6_0001_D19M1908NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.m : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.38\UDC6_0001_D19M1908NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.m : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.39\UDC6_0001_D19M1908NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.m : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.3\UDC6_0001_D19M1908NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.m : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.40\UDC6_0001_D19M1908NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.m : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.41\UDC6_0001_D19M1908NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.m : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.42\UDC6_0001_D19M1908NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.m : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.43\UDC6_0001_D19M1908NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.m : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.44\UDC6_0001_D19M1908NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.m : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.4\UDC6_0001_D19M1908NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.m : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.5\UDC6_0001_D19M1908NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.m : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.6\UDC6_0001_D19M1908NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.m : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.7\UDC6_0001_D19M1908NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.m : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.8\UDC6_0001_D19M1908NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.m : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.9\UDC6_0001_D19M1908NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.m : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\UDC6_0001_D19M1908NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.m : Cleaned with backup (quarantined).
C:\Documents and Settings\admin\Local Settings\Temp\ICD1.tmp\UWAS7_0001_N91M1112NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\Documents and Settings\admin\Local Settings\Temp\ICD10.tmp\UWA7P_0001_N91M0809NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\Documents and Settings\admin\Local Settings\Temp\ICD11.tmp\WinAntiSpyware2007FreeInstall.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\Documents and Settings\admin\Local Settings\Temp\ICD12.tmp\UWA7P_0001_N91M0809NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\Documents and Settings\admin\Local Settings\Temp\ICD14.tmp\UWA7P_0001_N91M0809NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\Documents and Settings\admin\Local Settings\Temp\ICD4.tmp\UWA7P_0001_N91M0809NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\Documents and Settings\admin\Local Settings\Temp\ICD9.tmp\UWA7P_0001_N91M0809NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8BCAB69F-B9B9-49D7-916C-8AAF6A2D1DDC}\RP357\A0156659.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8BCAB69F-B9B9-49D7-916C-8AAF6A2D1DDC}\RP358\A0156888.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.10\UERS_0001_N91M2007NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.10\UWA7P_0001_N91M0809NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.11\UERS_0001_N91M2007NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.11\UWA7P_0001_N91M0809NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.12\UWA7P_0001_N91M0809NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.13\UWA7P_0001_N91M0809NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.14\UWA7P_0001_N91M0809NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.15\UWA7P_0001_N91M0809NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UERS_0001_N91M2007NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UERS_9999_N91S1502NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UWA7P_0001_N91M0809NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UWAS6_0001_N91M1508NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UWAS7_0001_N91M1112NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.2\UERS_0001_N91M2007NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.2\UERS_9999_N91S1502NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.2\UWA7P_0001_N91M0809NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.2\UWAS6_0001_N91M1508NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.2\UWAS7_0001_N91M1112NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.3\UERS_0001_N91M2007NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.3\UWA7P_0001_N91M0809NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.3\UWAS6_0001_N91M1508NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.3\UWAS7_0001_N91M1112NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.4\UERS_0001_N91M2007NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.4\UWA7P_0001_N91M0809NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.4\UWAS6_0001_N91M1508NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.4\UWAS7_0001_N91M1112NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.5\UERS_0001_N91M2007NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.5\UWA7P_0001_N91M0809NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.5\UWAS6_0001_N91M1508NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.6\UERS_0001_N91M2007NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.6\UWA7P_0001_N91M0809NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.6\UWAS6_0001_N91M1508NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.7\UERS_0001_N91M2007NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.7\UWA7P_0001_N91M0809NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.8\UERS_0001_N91M2007NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.8\UWA7P_0001_N91M0809NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.9\UERS_0001_N91M2007NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.9\UWA7P_0001_N91M0809NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\UERS_0001_N91M2007NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\UERS_9999_N91S1502NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\USYP_0002_N91M1708NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\UWA7P_0001_N91M0809NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\UWAS6_0001_N91M1508NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\UWAS7_0001_N91M1112NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\WinAntiSpyware2007FreeInstall.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\USDR6_0001_D19M2108NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.q : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.2\USDR6_0001_D19M2108NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.q : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.3\USDR6_0001_D19M2108NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.q : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\USDR6_0001_D19M2108NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.q : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\USDR6_7777_BHLP0611NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.q : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8BCAB69F-B9B9-49D7-916C-8AAF6A2D1DDC}\RP357\A0156722.exe -> Not-A-Virus.Downloader.Win32.WinFixer.x : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8BCAB69F-B9B9-49D7-916C-8AAF6A2D1DDC}\RP358\A0156938.exe -> Not-A-Virus.Hoax.Win32.Renos.fn : Cleaned with backup (quarantined).
C:\Documents and Settings\admin\Cookies\admin@247realmedia[2].txt -> TrackingCookie.247realmedia : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@112.2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@2o7[10].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@2o7[11].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@2o7[13].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@2o7[3].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@2o7[4].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@2o7[5].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@2o7[6].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@2o7[7].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@2o7[8].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@2o7[9].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@brightcove.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@bzresults.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@charmingshoppes.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@cnn.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@dminsite.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@ecnext.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@entrepreneur.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@epson.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@examinercom.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@geosign.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@gmditech.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@heavycom.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@homestore.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@incredimailltd.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@journalregistercompany.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@livedealcom.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@livenation.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@microsofteup.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@monstercom.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@naa.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@pch.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@phillyburbscom.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@poweronemedia.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@resume-templates.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@scrippshgtv.112.2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@shopping.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@snagajob.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@snapfish.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@ulta.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@viamtvcom.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@waterfrontmedia.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@wegmansfoods.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@aavalue[2].txt -> TrackingCookie.Aavalue : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@mrsupergames.aavalue[1].txt -> TrackingCookie.Aavalue : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@www.abcsearch[1].txt -> TrackingCookie.Abcsearch : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@3.adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@4.adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@ads.adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@ads.addynamix[1].txt -> TrackingCookie.Addynamix : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@ad.adition[2].txt -> TrackingCookie.Adition : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@adjuggler[1].txt -> TrackingCookie.Adjuggler : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@rotator.adjuggler[2].txt -> TrackingCookie.Adjuggler : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@admarketplace[2].txt -> TrackingCookie.Admarketplace : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@www.adobe[1].txt -> TrackingCookie.Adobe : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@adrenaline[1].txt -> TrackingCookie.Adrenaline : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@adrevolver[3].txt -> TrackingCookie.Adrevolver : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@media.adrevolver[1].txt -> TrackingCookie.Adrevolver : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@z1.adserver[1].txt -> TrackingCookie.Adserver : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@adtech[1].txt -> TrackingCookie.Adtech : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@advertising[1].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@advertising[2].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@adviva[2].txt -> TrackingCookie.Adviva : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@atdmt[1].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@bfast[1].txt -> TrackingCookie.Bfast : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@bluemountain[2].txt -> TrackingCookie.Bluemountain : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@citi.bridgetrack[2].txt -> TrackingCookie.Bridgetrack : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@centrport[1].txt -> TrackingCookie.Centrport : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@clickbank[2].txt -> TrackingCookie.Clickbank : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@ad1.clickhype[1].txt -> TrackingCookie.Clickhype : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@cz6.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@cz7.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@ads.cnn[1].txt -> TrackingCookie.Cnn : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@ads.guardian.co[2].txt -> TrackingCookie.Co : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@com[1].txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@techrepublic.com[1].txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@commission-junction[2].txt -> TrackingCookie.Commission-junction : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@data.coremetrics[1].txt -> TrackingCookie.Coremetrics : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@test.coremetrics[1].txt -> TrackingCookie.Coremetrics : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@twci.coremetrics[1].txt -> TrackingCookie.Coremetrics : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@dealtime[2].txt -> TrackingCookie.Dealtime : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@stat.dealtime[2].txt -> TrackingCookie.Dealtime : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@c.enhance[1].txt -> TrackingCookie.Enhance : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@e-2dj6wfkikoajiao.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@e-2dj6wfkywoazedq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@e-2dj6wfliqkdzibo.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@e-2dj6wfmiolcpccq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@e-2dj6wjkoonczcdp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@e-2dj6wjkyghdzwlq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@e-2dj6wjkykicjado.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@e-2dj6wjkyonajaho.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@e-2dj6wjl4cpdjgdq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@e-2dj6wjny-1gajsh.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@e-2dj6wjnyojcjkgq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@as-us.falkag[2].txt -> TrackingCookie.Falkag : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@as1.falkag[2].txt -> TrackingCookie.Falkag : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@fortunecity[1].txt -> TrackingCookie.Fortunecity : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@hit.gemius[1].txt -> TrackingCookie.Gemius : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@c.goclick[2].txt -> TrackingCookie.Goclick : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@goclick[2].txt -> TrackingCookie.Goclick : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@ehg-aha.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@ehg-allegisgroup.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@ehg-autozone.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@ehg-bestbuy.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@ehg-bizjournals.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@ehg-cardomain.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@ehg-channelwave.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@ehg-classified.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@ehg-comcast.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@ehg-console.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@ehg-dig.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@ehg-digg.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.

Natalie · June 2007

C:\Documents and Settings\admin\Cookies\admin@ehg-electricbusiness.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@ehg-elisabeth.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@ehg-equifax.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@ehg-etoys.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@ehg-findlaw.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@ehg-gameshownet.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@ehg-gatehousemedia.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@ehg-glam.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@ehg-groupernetworks.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@ehg-hollywoodmedia.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@ehg-housevaluesinc.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@ehg-hyundaiusa.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@ehg-inforspaceinc.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@ehg-interlifeform.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@ehg-jobster.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@ehg-knightridder.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@ehg-laptops.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@ehg-lowermybills.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@ehg-maniatv.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@ehg-mjtrim.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@ehg-nestleusainc.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@ehg-oreilly.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@ehg-pcsecurityshield.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@ehg-phe.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@ehg-philipsvheusen.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@ehg-randomhouse.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@ehg-realtytrac.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@ehg-rodale.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@ehg-salliemae.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@ehg-sharpelectronic.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@ehg-skinmedica.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@ehg-techtarget.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@ehg-traderelectronicmedia.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@ehg-traderpublishing.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@ehg-tsvgroup.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@ehg-verizon.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@ehg-verizoncommunications.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@ehg-viacom.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@ehg-wabiseek.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@ehg-wachovia.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@ehg-warnerbrothers.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@ehg-y2m.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@hg1.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@phg.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@counter.hitslink[2].txt -> TrackingCookie.Hitslink : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@counter2.hitslink[2].txt -> TrackingCookie.Hitslink : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@hotlog[2].txt -> TrackingCookie.Hotlog : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@hypertracker[2].txt -> TrackingCookie.Hypertracker : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@infinite-ads[2].txt -> TrackingCookie.Infinite-ads : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@info[2].txt -> TrackingCookie.Info : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@searchportal.information[1].txt -> TrackingCookie.Information : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@intelli-direct[1].txt -> TrackingCookie.Intelli-direct : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@linksynergy[1].txt -> TrackingCookie.Linksynergy : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@beta.search.live[1].txt -> TrackingCookie.Live : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@search.live[2].txt -> TrackingCookie.Live : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@sales.liveperson[1].txt -> TrackingCookie.Liveperson : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@server.iad.liveperson[1].txt -> TrackingCookie.Liveperson : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@image.masterstats[1].txt -> TrackingCookie.Masterstats : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@search.msn[2].txt -> TrackingCookie.Msn : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@www.myaffiliateprogram[2].txt -> TrackingCookie.Myaffiliateprogram : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@ssl-hints.netflame[1].txt -> TrackingCookie.Netflame : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@stat.onestat[1].txt -> TrackingCookie.Onestat : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@data1.perf.overture[2].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@data2.perf.overture[2].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@data3.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@data4.perf.overture[2].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@overture[2].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@paycounter[2].txt -> TrackingCookie.Paycounter : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@www.paypal[1].txt -> TrackingCookie.Paypal : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@paypopup[2].txt -> TrackingCookie.Paypopup : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@ads.pointroll[1].txt -> TrackingCookie.Pointroll : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@ads.pointroll[4].txt -> TrackingCookie.Pointroll : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@pro-market[2].txt -> TrackingCookie.Pro-market : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@qksrv[2].txt -> TrackingCookie.Qksrv : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@rhaplinkslegacy.real[1].txt -> TrackingCookie.Real : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@ads.realcastmedia[2].txt -> TrackingCookie.Realcastmedia : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@realmedia[1].txt -> TrackingCookie.Realmedia : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@web4.realtracker[2].txt -> TrackingCookie.Realtracker : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@stats2.reliablestats[1].txt -> TrackingCookie.Reliablestats : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@revenue[2].txt -> TrackingCookie.Revenue : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@revsci[2].txt -> TrackingCookie.Revsci : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@edge.ru4[2].txt -> TrackingCookie.Ru4 : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@cs.sexcounter[2].txt -> TrackingCookie.Sexcounter : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@sexlist[2].txt -> TrackingCookie.Sexlist : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@counter1.sextracker[2].txt -> TrackingCookie.Sextracker : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@counter11.sextracker[1].txt -> TrackingCookie.Sextracker : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@counter12.sextracker[1].txt -> TrackingCookie.Sextracker : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@counter13.sextracker[1].txt -> TrackingCookie.Sextracker : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@counter14.sextracker[1].txt -> TrackingCookie.Sextracker : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@counter15.sextracker[1].txt -> TrackingCookie.Sextracker : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@counter4.sextracker[1].txt -> TrackingCookie.Sextracker : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@counter6.sextracker[1].txt -> TrackingCookie.Sextracker : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@counter8.sextracker[2].txt -> TrackingCookie.Sextracker : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@counter9.sextracker[1].txt -> TrackingCookie.Sextracker : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@sextracker[2].txt -> TrackingCookie.Sextracker : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@www.smartadserver[2].txt -> TrackingCookie.Smartadserver : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@specificclick[1].txt -> TrackingCookie.Specificclick : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@spylog[2].txt -> TrackingCookie.Spylog : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@h.starware[1].txt -> TrackingCookie.Starware : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@try.starware[2].txt -> TrackingCookie.Starware : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@statcounter[2].txt -> TrackingCookie.Statcounter : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@anad.tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@anat.tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@targetnet[1].txt -> TrackingCookie.Targetnet : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@toplist[1].txt -> TrackingCookie.Toplist : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@login.tracking101[2].txt -> TrackingCookie.Tracking101 : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@trafficmp[2].txt -> TrackingCookie.Trafficmp : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@reduxads.valuead[1].txt -> TrackingCookie.Valuead : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@valueclick[1].txt -> TrackingCookie.Valueclick : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@valueclick[3].txt -> TrackingCookie.Valueclick : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@web-stat[1].txt -> TrackingCookie.Web-stat : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@webstat[3].txt -> TrackingCookie.Web-stat : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@m.webtrends[1].txt -> TrackingCookie.Webtrends : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@statse.webtrendslive[2].txt -> TrackingCookie.Webtrendslive : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@free.wegcash[1].txt -> TrackingCookie.Wegcash : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@programs.wegcash[2].txt -> TrackingCookie.Wegcash : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@xxxcounter[2].txt -> TrackingCookie.Xxxcounter : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@yadro[2].txt -> TrackingCookie.Yadro : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\admin\Cookies\admin@zedo[1].txt -> TrackingCookie.Zedo : Cleaned.
C:\System Volume Information\_restore{8BCAB69F-B9B9-49D7-916C-8AAF6A2D1DDC}\RP358\A0156969.exe -> Trojan.Agent.amk : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8BCAB69F-B9B9-49D7-916C-8AAF6A2D1DDC}\RP385\A0171404.exe -> Trojan.Agent.anr : Cleaned with backup (quarantined).
C:\VundoFix Backups\xiuwchuj.exe.bad -> Trojan.Agent.anr : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8BCAB69F-B9B9-49D7-916C-8AAF6A2D1DDC}\RP385\A0171342.dll -> Trojan.BHO.g : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8BCAB69F-B9B9-49D7-916C-8AAF6A2D1DDC}\RP385\A0171345.dll -> Trojan.BHO.g : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8BCAB69F-B9B9-49D7-916C-8AAF6A2D1DDC}\RP385\A0171352.dll -> Trojan.BHO.g : Cleaned with backup (quarantined).
C:\VundoFix Backups\cjaavccb.dll.bad -> Trojan.BHO.g : Cleaned with backup (quarantined).
C:\VundoFix Backups\dyuvowra.dll.bad -> Trojan.BHO.g : Cleaned with backup (quarantined).
C:\VundoFix Backups\hdhhnxvi.dll.bad -> Trojan.BHO.g : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\UWFX6_0001_N69M1503NetInstaller.exe -> Trojan.Fakealert : Cleaned with backup (quarantined).
C:\Installs.exe/kans.reg -> Trojan.LowZones.f : Cleaned with backup (quarantined).
C:\Installs.exe/kansup.reg -> Trojan.LowZones.f : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8BCAB69F-B9B9-49D7-916C-8AAF6A2D1DDC}\RP356\A0156557.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8BCAB69F-B9B9-49D7-916C-8AAF6A2D1DDC}\RP356\A0156583.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8BCAB69F-B9B9-49D7-916C-8AAF6A2D1DDC}\RP357\A0156668.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8BCAB69F-B9B9-49D7-916C-8AAF6A2D1DDC}\RP357\A0156788.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8BCAB69F-B9B9-49D7-916C-8AAF6A2D1DDC}\RP358\A0156797.exe -> Trojan.Small : Cleaned with backup (quarantined).

::Report end

Natalie · June 2007

Logfile of HijackThis v1.99.1
Scan saved at 11:35:56 PM, on 6/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\Program Files\Common Files\AOL\1140824390\ee\AOLSoftware.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\America Online 9.0b\waol.exe
C:\Program Files\Corel\WordPerfect Office 2000\Register\Remind32.exe
C:\Program Files\Corel\WordPerfect Office 2000\programs\dad9.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
c:\program files\common files\aol\1140824390\ee\services\antiSpywareApp\ver2_0_26_1\AOLSP Scheduler.exe
c:\program files\common files\aol\1140824390\ee\aolsoftware.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Verizon Online\Support Center\bin\mpbtn.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\America Online 9.0b\shellmon.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\scanner.exe\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer powered by Verizon Broadband
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1140824390\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0b\AOL.EXE" -b
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Broadband Support Center.lnk = C:\Program Files\Verizon Online\Support Center\bin\matcli.exe
O4 - Global Startup: Corel Registration.lnk = C:\Program Files\Corel\WordPerfect Office 2000\Register\Remind32.exe
O4 - Global Startup: Desktop Application Director 9.LNK = C:\Program Files\Corel\WordPerfect Office 2000\programs\dad9.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZUxdm080YYUS
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: icfkofhy - C:\WINDOWS\SYSTEM32\icfkofhy.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Trogan · June 2007

Hi Natalie, good job!

1. Another file that needs uploaded for analysis please.

Go here to Upload Malware
Fill out the information, and post a link to this thread.
In the File(s) To Submit: box 1. copy and paste the following:
- C:\WINDOWS\SYSTEM32\icfkofhy.dll
Click on Send File and close the page

2. Open HijackThis
- Click the Do a system scan only button
- Check the following entries (below)

O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...p=ZUxdm080YYUS

O20 - Winlogon Notify: icfkofhy - C:\WINDOWS\SYSTEM32\icfkofhy.dll

- Close ALL open windows (especially Internet Explorer!)
- Click Fix Checked
Close HiajckThis

3. Run HijackThis again and click on Open the Misc Tools section.
Click on Delete a file on reboot...
Copy and paste the following into the "File name:" text box and then click Open:

C:\WINDOWS\SYSTEM32\icfkofhy.dll

When you are asked "Do you want to restart your computer now?", click OK.

Your PC MUST reboot to delete the file!

4. Please post a new HijackThis log, and let me know how things are.

Also, I strongly suggest that you download one of the software Firewalls I mentioned earlier. I would go for Comodo. They wil loffer better protection than Windows Firewall. Remember to only have one Firewall running and to disable Windows Firewall.

Natalie · June 2007

Hey Trogan!
I went ahead and submitted the file you asked me to, and downloaded Comodo. Things seem GREAT. I started my computer up flawlessly, no pop ups, no annoying freewebs window... AND it seems to be working faster.

Here's the log you asked for
Logfile of HijackThis v1.99.1
Scan saved at 5:32:24 PM, on 6/15/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\Program Files\Common Files\AOL\1140824390\ee\AOLSoftware.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\America Online 9.0b\waol.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Corel\WordPerfect Office 2000\Register\Remind32.exe
C:\Program Files\Corel\WordPerfect Office 2000\programs\dad9.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Verizon Online\Support Center\bin\mpbtn.exe
c:\program files\common files\aol\1140824390\ee\services\antiSpywareApp\ver2_0_26_1\AOLSP Scheduler.exe
c:\program files\common files\aol\1140824390\ee\aolsoftware.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\America Online 9.0b\shellmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\scanner.exe\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer powered by Verizon Broadband
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1140824390\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0b\AOL.EXE" -b
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Broadband Support Center.lnk = C:\Program Files\Verizon Online\Support Center\bin\matcli.exe
O4 - Global Startup: Corel Registration.lnk = C:\Program Files\Corel\WordPerfect Office 2000\Register\Remind32.exe
O4 - Global Startup: Desktop Application Director 9.LNK = C:\Program Files\Corel\WordPerfect Office 2000\programs\dad9.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: icfkofhy - icfkofhy.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

One more question though... is it ok to remove all of the things that I added to my desktop now? Or do you recommend leaving them?

Thank you so much, you have NO idea how much I appreciate your help. You're my hero!

Trogan · June 2007

Hi Natalie! Glad to hear the good news.

Please remove this entry with HijackThis:

O20 - Winlogon Notify: icfkofhy - icfkofhy.dll (file missing)

Yes, you can delete the tools from your Desktop.

Do you have any more questions, or can we mark this resolved?

Natalie · June 2007

Mark it resolved! Thank you! Thank you! Thank you!

Trogan · June 2007

You're welcome!

Please Help!

Comments